From aa027bd1f66e13a2316bb073a2b665388755434b Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Wed, 21 Dec 2022 14:13:13 +0530 Subject: [PATCH 1/2] docs: remove mention of DIS_BOOT_REMAP for chips other than ESP32-S2 Relevant: https://esp32.com/viewtopic.php?f=13&t=31188 --- .../system/inc/espefuse_summary_ESP32-S3.rst | 3 +-- docs/en/security/flash-encryption.rst | 10 +++++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/docs/en/api-reference/system/inc/espefuse_summary_ESP32-S3.rst b/docs/en/api-reference/system/inc/espefuse_summary_ESP32-S3.rst index ce5fcd06b5..81494ec8df 100644 --- a/docs/en/api-reference/system/inc/espefuse_summary_ESP32-S3.rst +++ b/docs/en/api-reference/system/inc/espefuse_summary_ESP32-S3.rst @@ -33,8 +33,7 @@ DIS_DOWNLOAD_DCACHE (BLOCK0) Disables Dcache when SoC is in Download mode = False R/W (0b0) DIS_FORCE_DOWNLOAD (BLOCK0) Disables forcing chip into Download mode = False R/W (0b0) DIS_CAN (BLOCK0) Disables the TWAI Controller hardware = False R/W (0b0) - DIS_BOOT_REMAP (BLOCK0) Disables capability to Remap RAM to ROM address sp = False R/W (0b0) - ace + DIS_APP_CPU (BLOCK0) Disables APP CPU = False R/W (0b0) FLASH_TPUW (BLOCK0) Configures flash startup delay after SoC power-up, = 0 R/W (0x0) unit is (ms/2). When the value is 15, delay is 7. 5 ms diff --git a/docs/en/security/flash-encryption.rst b/docs/en/security/flash-encryption.rst index 550b5a8083..fbcfcbff65 100644 --- a/docs/en/security/flash-encryption.rst +++ b/docs/en/security/flash-encryption.rst @@ -164,7 +164,15 @@ Assuming that the eFuse values are in their default states and the firmware boot 5. Firmware bootloader sets the first available bit in ``{IDF_TARGET_CRYPT_CNT}`` (0b001) to mark the flash contents as encrypted. Odd number of bits is set. - 6. For :ref:`flash-enc-development-mode`, the firmware bootloader allows the UART bootloader to re-flash encrypted binaries. Also, the ``{IDF_TARGET_CRYPT_CNT}`` eFuse bits are NOT write-protected. In addition, the firmware bootloader by default sets the eFuse bits ``DIS_BOOT_REMAP``, ``DIS_DOWNLOAD_ICACHE``, ``DIS_DOWNLOAD_DCACHE``, ``HARD_DIS_JTAG`` and ``DIS_LEGACY_SPI_BOOT``. + 6. For :ref:`flash-enc-development-mode`, the firmware bootloader allows the UART bootloader to re-flash encrypted binaries. Also, the ``{IDF_TARGET_CRYPT_CNT}`` eFuse bits are NOT write-protected. In addition, the firmware bootloader by default sets the following eFuse bits: + + .. list:: + + :esp32s2: - ``DIS_BOOT_REMAP`` + - ``DIS_DOWNLOAD_ICACHE`` + - ``DIS_DOWNLOAD_DCACHE`` + - ``HARD_DIS_JTAG`` + - ``DIS_LEGACY_SPI_BOOT`` 7. For :ref:`flash-enc-release-mode`, the firmware bootloader sets all the eFuse bits set under development mode as well as ``DIS_DOWNLOAD_MANUAL_ENCRYPT``. It also write-protects the ``{IDF_TARGET_CRYPT_CNT}`` eFuse bits. To modify this behavior, see :ref:`uart-bootloader-encryption`. From c95db8436508a3d0f865ba1ff9935ac0aee96f5b Mon Sep 17 00:00:00 2001 From: mofeifei Date: Wed, 28 Dec 2022 16:33:09 +0800 Subject: [PATCH 2/2] docs: update cn trans for flash-encryptions --- docs/en/security/flash-encryption.rst | 2 +- docs/zh_CN/security/flash-encryption.rst | 12 ++++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/docs/en/security/flash-encryption.rst b/docs/en/security/flash-encryption.rst index fbcfcbff65..8b9dd235f5 100644 --- a/docs/en/security/flash-encryption.rst +++ b/docs/en/security/flash-encryption.rst @@ -462,7 +462,7 @@ When using Flash Encryption in production: - Do not reuse the same flash encryption key between multiple devices. This means that an attacker who copies encrypted data from one device cannot transfer it to a second device. :esp32: - When using ESP32 V3, if the UART ROM Download Mode is not needed for a production device then it should be disabled to provide an extra level of protection. Do this by calling :cpp:func:`esp_efuse_disable_rom_download_mode` during application startup. Alternatively, configure the project :ref:`CONFIG_ESP32_REV_MIN` level to 3 (targeting ESP32 V3 only) and select the :ref:`CONFIG_SECURE_UART_ROM_DL_MODE` to "Permanently disable ROM Download Mode (recommended)". The ability to disable ROM Download Mode is not available on earlier ESP32 versions. - :not esp32: - The UART ROM Download Mode should be disabled entirely if it is not needed, or permanently set to "Secure Download Mode" otherwise. Secure Download Mode permanently limits the available commands to update SPI config, changing baud rate, basic flash write and a command to return a summary of currently enabled security features (`get_security_info`). The default behaviour is to set Secure Download Mode on first boot in Release mode. To disable Download Mode entirely select select the :ref:`CONFIG_SECURE_UART_ROM_DL_MODE` to "Permanently disable ROM Download Mode (recommended)" or call :cpp:func:`esp_efuse_disable_rom_download_mode` at runtime. + :not esp32: - The UART ROM Download Mode should be disabled entirely if it is not needed, or permanently set to "Secure Download Mode" otherwise. Secure Download Mode permanently limits the available commands to updating SPI config, changing baud rate, basic flash write, and returning a summary of the currently enabled security features with the `get_security_info` command. The default behaviour is to set Secure Download Mode on first boot in Release mode. To disable Download Mode entirely, select :ref:`CONFIG_SECURE_UART_ROM_DL_MODE` to "Permanently disable ROM Download Mode (recommended)" or call :cpp:func:`esp_efuse_disable_rom_download_mode` at runtime. - Enable :doc:`Secure Boot ` as an extra layer of protection, and to prevent an attacker from selectively corrupting any part of the flash before boot. Possible Failures diff --git a/docs/zh_CN/security/flash-encryption.rst b/docs/zh_CN/security/flash-encryption.rst index e47bc0a9cf..e98c95c74e 100644 --- a/docs/zh_CN/security/flash-encryption.rst +++ b/docs/zh_CN/security/flash-encryption.rst @@ -164,7 +164,15 @@ Flash 的加密过程 5. 固件引导加载程序将在 ``{IDF_TARGET_CRYPT_CNT}`` (0b001) 中设置第一个可用位来对已加密的 flash 内容进行标记。设置奇数位。 - 6. 对于 :ref:`flash-enc-development-mode`,固件引导加载程序允许 UART 引导加载程序重新烧录加密后的二进制文件。同时,``{IDF_TARGET_CRYPT_CNT}`` eFuse 位不受写入保护。此外,默认情况下,固件引导加载程序设置 ``DIS_BOOT_REMAP``、 ``DIS_DOWNLOAD_ICACHE``、 ``DIS_DOWNLOAD_DCACHE``、 ``HARD_DIS_JTAG`` 和 ``DIS_LEGACY_SPI_BOOT`` eFuse 位。 + 6. 对于 :ref:`flash-enc-development-mode`,固件引导加载程序允许 UART 引导加载程序重新烧录加密后的二进制文件。同时,``{IDF_TARGET_CRYPT_CNT}`` eFuse 位不受写入保护。此外,固件引导加载程序默认置位以下 eFuse 位: + + .. list:: + + :esp32s2: - ``DIS_BOOT_REMAP`` + - ``DIS_DOWNLOAD_ICACHE`` + - ``DIS_DOWNLOAD_DCACHE`` + - ``HARD_DIS_JTAG`` + - ``DIS_LEGACY_SPI_BOOT`` 7. 对于 :ref:`flash-enc-release-mode`,固件引导加载程序设置所有在开发模式下设置的 eFuse 位。它还写保护 ``{IDF_TARGET_CRYPT_CNT}`` eFuse 位。要修改此行为,请参阅 :ref:`uart-bootloader-encryption`。 @@ -452,7 +460,7 @@ Flash 加密设置 - 不要在多个设备之间重复使用同一个 flash 加密密钥,这样攻击者就无法从一台设备上复制加密数据后再将其转移到第二台设备上。 :esp32: - 在使用 ESP32 V3 时,如果生产设备不需要 UART ROM 下载模式,那么则该禁用该模式以增加设备安全性。这可以通过在应用程序启动时调用 :cpp:func:`esp_efuse_disable_rom_download_mode` 来实现。或者,可将项目 :ref:`CONFIG_ESP32_REV_MIN` 级别配置为 3(仅针对 ESP32 V3),然后选择 :ref:`CONFIG_SECURE_UART_ROM_DL_MODE` 为“永久性的禁用 ROM 下载模式(推荐)”。在早期的 ESP32 版本上无法禁用 ROM 下载模式。 - :not esp32: - 如果不需要 UART ROM 下载模式,则应完全禁用该模式,或者永久设置为“安全下载模式”。安全下载模式永久性地将可用的命令限制在基本的 flash 只读和只写。默认在发布模式下第一次启动时设置为安全下载模式。要完全禁用下载模式,请选择 :ref:`CONFIG_SECURE_UART_ROM_DL_MODE` 为“永久禁用 ROM 下载模式(推荐)”或在运行时调用 :cpp:func:`esp_efuse_disable_rom_download_mode`。 + :not esp32: - 如果不需要 UART ROM 下载模式,则应完全禁用该模式,或者永久设置为“安全下载模式”。安全下载模式永久性地将可用的命令限制在更新 SPI 配置、更改波特率、基本的 flash 写入和使用 `get_security_info` 命令返回当前启用的安全功能摘要。默认在发布模式下第一次启动时设置为安全下载模式。要完全禁用下载模式,请选择 :ref:`CONFIG_SECURE_UART_ROM_DL_MODE` 为“永久禁用 ROM 下载模式(推荐)”或在运行时调用 :cpp:func:`esp_efuse_disable_rom_download_mode`。 - 启用 :doc:`安全启动` 作为额外的保护层,防止攻击者在启动前有选择地破坏 flash 中某部分。 可能出现的错误