bootloader: Adds a check that app is run under FE

2024-10-05 20:47:46 -04:00 · 2021-02-11 21:19:29 +08:00 · 2021-02-11 21:19:29 +08:00 · 11a2f2acd3
commit 11a2f2acd3
parent 31e565c3d5
2 changed files with 19 additions and 7 deletions
--- a/components/bootloader/Kconfig.projbuild
+++ b/components/bootloader/Kconfig.projbuild
@ -794,5 +794,16 @@ menu "Security features"
            It is also possible to enable secure download mode at runtime by calling
            esp_efuse_enable_rom_secure_download_mode()

+    config SECURE_FLASH_CHECK_ENC_EN_IN_APP
+        bool "Check Flash Encryption enabled on app startup"
+        depends on SECURE_FLASH_ENC_ENABLED
+        default y
+        help
+            If set (default), in an app during startup code,
+            there is a check of the flash encryption eFuse bit is on
+            (as the bootloader should already have set it).
+            The app requires this bit is on to continue work otherwise abort.
+
+            If not set, the app does not care if the flash encryption eFuse bit is set or not.

 endmenu  # Security features
--- a/components/bootloader_support/src/flash_encrypt.c
+++ b/components/bootloader_support/src/flash_encrypt.c
@ -23,13 +23,7 @@
 #if CONFIG_IDF_TARGET_ESP32
 #define CRYPT_CNT ESP_EFUSE_FLASH_CRYPT_CNT
 #define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT
-#elif CONFIG_IDF_TARGET_ESP32S2
-#define CRYPT_CNT ESP_EFUSE_SPI_BOOT_CRYPT_CNT
-#define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT
-#elif CONFIG_IDF_TARGET_ESP32S3
-#define CRYPT_CNT ESP_EFUSE_SPI_BOOT_CRYPT_CNT
-#define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT
-#elif CONFIG_IDF_TARGET_ESP32C3
+#else
 #define CRYPT_CNT ESP_EFUSE_SPI_BOOT_CRYPT_CNT
 #define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT
 #endif
@ -41,6 +35,13 @@ void esp_flash_encryption_init_checks()
 {
    esp_flash_enc_mode_t mode;

+#ifdef CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP
+    if (!esp_flash_encryption_enabled()) {
+        ESP_LOGE(TAG, "Flash encryption eFuse bit was not enabled in bootloader but CONFIG_SECURE_FLASH_ENC_ENABLED is on");
+        abort();
+    }
+#endif
+
    // First check is: if Release mode flash encryption & secure boot are enabled then
    // FLASH_CRYPT_CNT *must* be write protected. This will have happened automatically
    // if bootloader is IDF V4.0 or newer but may not have happened for previous ESP-IDF bootloaders.