Merge branch 'fixes/secure_boot' into 'master'

secure_boot/esp32(s2,c3): Disable read protecting of efuses See merge request espressif/esp-idf!14769
2024-10-05 20:47:46 -04:00 · 2021-08-17 05:05:00 +00:00 · 2021-08-17 05:05:00 +00:00 · 012c9e26a4
commit 012c9e26a4
parent 75a1942d5c f430e86c0f
5 changed files with 53 additions and 3 deletions
--- a/components/bootloader/Kconfig.projbuild
+++ b/components/bootloader/Kconfig.projbuild
@ -764,9 +764,17 @@ menu "Security features"
                efuse when Secure Boot is enabled. This prevents any more efuses from being read protected.

                If this option is set, it will remain possible to write the EFUSE_RD_DIS efuse field after Secure
-                Boot is enabled. This may allow an attacker to read-protect the BLK2 efuse holding the public
-                key digest, causing an immediate denial of service and possibly allowing an additional fault
-                injection attack to bypass the signature protection.
+                Boot is enabled. This may allow an attacker to read-protect the BLK2 efuse (for ESP32) and
+                BLOCK4-BLOCK10 (i.e. BLOCK_KEY0-BLOCK_KEY5)(for other chips) holding the public key digest, causing an
+                immediate denial of service and possibly allowing an additional fault injection attack to
+                bypass the signature protection.
+
+                NOTE: Once a BLOCK is read-protected, the application will read all zeros from that block
+
+                NOTE: If "UART ROM download mode (Permanently disabled (recommended))" or
+                "UART ROM download mode (Permanently switch to Secure mode (recommended))" is set,
+                then it is __NOT__ possible to read/write efuses using espefuse.py utility.
+                However, efuse can be read/written from the application

        config SECURE_BOOT_ALLOW_UNUSED_DIGEST_SLOTS
            bool "Leave unused digest slots available (not revoke)"
--- a/components/bootloader_support/src/esp32c3/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32c3/flash_encryption_secure_features.c
@ -40,5 +40,11 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)

    esp_efuse_write_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT);

+#if defined(CONFIG_SECURE_BOOT_V2_ENABLED) && !defined(CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS)
+    // This bit is set when enabling Secure Boot V2, but we can't enable it until this later point in the first boot
+    // otherwise the Flash Encryption key cannot be read protected
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
+#endif
+
    return ESP_OK;
 }
--- a/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c
+++ b/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c
@ -40,5 +40,20 @@ esp_err_t esp_secure_boot_enable_secure_features(void)

    esp_efuse_write_field_bit(ESP_EFUSE_SECURE_BOOT_EN);

+#ifndef CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS
+    bool rd_dis_now = true;
+#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED
+    /* If flash encryption is not enabled yet then don't read-disable efuses yet, do it later in the boot
+       when Flash Encryption is being enabled */
+    rd_dis_now = esp_flash_encryption_enabled();
+#endif
+    if (rd_dis_now) {
+        ESP_LOGI(TAG, "Prevent read disabling of additional efuses...");
+        esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
+    }
+#else
+    ESP_LOGW(TAG, "Allowing read disabling of additional efuses - SECURITY COMPROMISED");
+#endif
+
    return ESP_OK;
 }
--- a/components/bootloader_support/src/esp32s2/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32s2/flash_encryption_secure_features.c
@ -41,5 +41,11 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
    esp_efuse_write_field_bit(ESP_EFUSE_DIS_BOOT_REMAP);
    esp_efuse_write_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT);

+#if defined(CONFIG_SECURE_BOOT_V2_ENABLED) && !defined(CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS)
+    // This bit is set when enabling Secure Boot V2, but we can't enable it until this later point in the first boot
+    // otherwise the Flash Encryption key cannot be read protected
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
+#endif
+
    return ESP_OK;
 }
--- a/components/bootloader_support/src/esp32s2/secure_boot_secure_features.c
+++ b/components/bootloader_support/src/esp32s2/secure_boot_secure_features.c
@ -40,5 +40,20 @@ esp_err_t esp_secure_boot_enable_secure_features(void)

    esp_efuse_write_field_bit(ESP_EFUSE_SECURE_BOOT_EN);

+#ifndef CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS
+    bool rd_dis_now = true;
+#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED
+    /* If flash encryption is not enabled yet then don't read-disable efuses yet, do it later in the boot
+       when Flash Encryption is being enabled */
+    rd_dis_now = esp_flash_encryption_enabled();
+#endif
+    if (rd_dis_now) {
+        ESP_LOGI(TAG, "Prevent read disabling of additional efuses...");
+        esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
+    }
+#else
+    ESP_LOGW(TAG, "Allowing read disabling of additional efuses - SECURITY COMPROMISED");
+#endif
+
    return ESP_OK;
 }