diff --git a/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c b/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c index 0d48b1fd4e..aa8a464ef9 100644 --- a/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c +++ b/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c @@ -288,7 +288,7 @@ esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpo purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 || purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2 || #endif -#if SOC_ECDSA_SUPPORTED +#if SOC_EFUSE_ECDSA_KEY purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY || #endif purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY)) { @@ -303,7 +303,7 @@ esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpo purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 || purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2 || #endif //#ifdef SOC_EFUSE_SUPPORT_XTS_AES_256_KEYS -#if SOC_ECDSA_SUPPORTED +#if SOC_EFUSE_ECDSA_KEY purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY || #endif #if SOC_KEY_MANAGER_SUPPORTED diff --git a/components/efuse/test_apps/main/with_key_purposes/test_efuse_keys.c b/components/efuse/test_apps/main/with_key_purposes/test_efuse_keys.c index 13452f0989..f6a49cfa82 100644 --- a/components/efuse/test_apps/main/with_key_purposes/test_efuse_keys.c +++ b/components/efuse/test_apps/main/with_key_purposes/test_efuse_keys.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -63,7 +63,7 @@ TEST_CASE("Test efuse API blocks burning XTS and ECDSA keys into BLOCK9", "[efus purpose = ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2; TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_write_key(EFUSE_BLK9, purpose, &key, sizeof(key))); #endif -#if SOC_ECDSA_SUPPORTED +#if SOC_EFUSE_ECDSA_KEY purpose = ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY; TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_write_key(EFUSE_BLK9, purpose, &key, sizeof(key))); #endif @@ -90,7 +90,7 @@ static esp_err_t s_check_key(esp_efuse_block_t num_key, void* wr_key) purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 || purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2 || #endif -#if SOC_ECDSA_SUPPORTED +#if SOC_EFUSE_ECDSA_KEY purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY || #endif purpose == ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL || @@ -169,7 +169,7 @@ TEST_CASE("Test esp_efuse_write_key for virt mode", "[efuse]") purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 || purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2 || #endif //#ifdef SOC_EFUSE_SUPPORT_XTS_AES_256_KEYS -#if SOC_ECDSA_SUPPORTED +#if SOC_EFUSE_ECDSA_KEY purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY || #endif purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY)) { @@ -204,7 +204,7 @@ TEST_CASE("Test 1 esp_efuse_write_key for FPGA", "[efuse]") esp_efuse_purpose_t purpose [] = { ESP_EFUSE_KEY_PURPOSE_USER, -#if SOC_ECDSA_SUPPORTED +#if SOC_EFUSE_ECDSA_KEY ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY, #else ESP_EFUSE_KEY_PURPOSE_RESERVED, diff --git a/components/hal/efuse_hal.c b/components/hal/efuse_hal.c index 68e06d530a..8c15849d8f 100644 --- a/components/hal/efuse_hal.c +++ b/components/hal/efuse_hal.c @@ -47,7 +47,7 @@ IRAM_ATTR bool efuse_hal_flash_encryption_enabled(void) return enabled; } -#if SOC_ECDSA_SUPPORTED +#if SOC_EFUSE_ECDSA_KEY void efuse_hal_set_ecdsa_key(int efuse_blk) { efuse_ll_set_ecdsa_key_blk(efuse_blk); diff --git a/components/hal/esp32c61/include/hal/efuse_ll.h b/components/hal/esp32c61/include/hal/efuse_ll.h index 1c5238d2e6..c219dc2999 100644 --- a/components/hal/esp32c61/include/hal/efuse_ll.h +++ b/components/hal/esp32c61/include/hal/efuse_ll.h @@ -84,6 +84,16 @@ __attribute__((always_inline)) static inline uint32_t efuse_ll_get_chip_ver_pkg( return (uint32_t)0; } +__attribute__((always_inline)) static inline uint32_t efuse_ll_get_ecdsa_key_blk(void) +{ + return EFUSE0.conf.cfg_ecdsa_blk; +} + +__attribute__((always_inline)) static inline void efuse_ll_set_ecdsa_key_blk(int efuse_blk) +{ + EFUSE0.conf.cfg_ecdsa_blk = efuse_blk; +} + /******************* eFuse control functions *************************/ __attribute__((always_inline)) static inline bool efuse_ll_get_read_cmd(void) @@ -137,6 +147,11 @@ __attribute__((always_inline)) static inline void efuse_ll_set_pwr_off_num(uint1 EFUSE0.wr_tim_conf2.pwr_off_num = value; } +__attribute__((always_inline)) static inline void efuse_ll_rs_bypass_update(void) +{ + EFUSE0.wr_tim_conf0_rs_bypass.update = 1; +} + /******************* eFuse control functions *************************/ #ifdef __cplusplus diff --git a/components/hal/include/hal/efuse_hal.h b/components/hal/include/hal/efuse_hal.h index 240c1ab135..ce4aaf1eee 100644 --- a/components/hal/include/hal/efuse_hal.h +++ b/components/hal/include/hal/efuse_hal.h @@ -61,7 +61,7 @@ uint32_t efuse_hal_get_major_chip_version(void); */ uint32_t efuse_hal_get_minor_chip_version(void); -#if SOC_ECDSA_SUPPORTED +#if SOC_EFUSE_ECDSA_KEY /** * @brief Set the efuse block that should be used as ECDSA private key * diff --git a/components/soc/esp32c5/beta3/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c5/beta3/include/soc/Kconfig.soc_caps.in index fec9d4ad5d..51f555389b 100644 --- a/components/soc/esp32c5/beta3/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c5/beta3/include/soc/Kconfig.soc_caps.in @@ -571,6 +571,10 @@ config SOC_TIMER_GROUP_TOTAL_TIMERS int default 2 +config SOC_EFUSE_ECDSA_KEY + bool + default y + config SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS int default 3 diff --git a/components/soc/esp32c5/beta3/include/soc/soc_caps.h b/components/soc/esp32c5/beta3/include/soc/soc_caps.h index de65604530..4e8f3f99af 100644 --- a/components/soc/esp32c5/beta3/include/soc/soc_caps.h +++ b/components/soc/esp32c5/beta3/include/soc/soc_caps.h @@ -463,7 +463,7 @@ // #define SOC_EFUSE_DIS_DIRECT_BOOT 1 // #define SOC_EFUSE_SOFT_DIS_JTAG 1 // #define SOC_EFUSE_DIS_ICACHE 1 -// #define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1 // XTS-AES key purpose not supported for this block +#define SOC_EFUSE_ECDSA_KEY 1 /*-------------------------- Secure Boot CAPS----------------------------*/ // #define SOC_SECURE_BOOT_V2_RSA 1 diff --git a/components/soc/esp32c5/mp/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c5/mp/include/soc/Kconfig.soc_caps.in index e51199cc96..8b61d088e9 100644 --- a/components/soc/esp32c5/mp/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c5/mp/include/soc/Kconfig.soc_caps.in @@ -351,6 +351,10 @@ config SOC_TIMER_GROUP_TOTAL_TIMERS int default 2 +config SOC_EFUSE_ECDSA_KEY + bool + default y + config SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS int default 3 diff --git a/components/soc/esp32c5/mp/include/soc/soc_caps.h b/components/soc/esp32c5/mp/include/soc/soc_caps.h index 79223254a0..b49d69e530 100644 --- a/components/soc/esp32c5/mp/include/soc/soc_caps.h +++ b/components/soc/esp32c5/mp/include/soc/soc_caps.h @@ -458,7 +458,7 @@ // #define SOC_EFUSE_DIS_DIRECT_BOOT 1 // #define SOC_EFUSE_SOFT_DIS_JTAG 1 // #define SOC_EFUSE_DIS_ICACHE 1 -// #define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1 // XTS-AES key purpose not supported for this block +#define SOC_EFUSE_ECDSA_KEY 1 /*-------------------------- Secure Boot CAPS----------------------------*/ // #define SOC_SECURE_BOOT_V2_RSA 1 diff --git a/components/soc/esp32c61/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c61/include/soc/Kconfig.soc_caps.in index f77de6e2ff..3585115350 100644 --- a/components/soc/esp32c61/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c61/include/soc/Kconfig.soc_caps.in @@ -795,7 +795,7 @@ config SOC_EFUSE_DIS_ICACHE bool default y -config SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK +config SOC_EFUSE_ECDSA_KEY bool default y diff --git a/components/soc/esp32c61/include/soc/soc_caps.h b/components/soc/esp32c61/include/soc/soc_caps.h index 9ed294cbea..802b85fa28 100644 --- a/components/soc/esp32c61/include/soc/soc_caps.h +++ b/components/soc/esp32c61/include/soc/soc_caps.h @@ -452,7 +452,7 @@ #define SOC_EFUSE_DIS_DIRECT_BOOT 1 #define SOC_EFUSE_SOFT_DIS_JTAG 0 #define SOC_EFUSE_DIS_ICACHE 1 -#define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1 // XTS-AES key purpose not supported for this block +#define SOC_EFUSE_ECDSA_KEY 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_RSA 0 diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in index 9ebdecb32c..2a611faab3 100644 --- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in @@ -1171,6 +1171,10 @@ config SOC_EFUSE_ECDSA_USE_HARDWARE_K bool default y +config SOC_EFUSE_ECDSA_KEY + bool + default y + config SOC_SECURE_BOOT_V2_RSA bool default y diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index 8728e3f730..1ebfce9626 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -458,6 +458,7 @@ #define SOC_EFUSE_DIS_ICACHE 1 #define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1 // XTS-AES and ECDSA key purposes not supported for this block #define SOC_EFUSE_ECDSA_USE_HARDWARE_K 1 // Force use hardware TRNG supplied K for ECDSA +#define SOC_EFUSE_ECDSA_KEY 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_RSA 1 diff --git a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in index 7c9036b62b..bd69a4b750 100644 --- a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in @@ -1423,6 +1423,10 @@ config SOC_EFUSE_DIS_DOWNLOAD_MSPI bool default y +config SOC_EFUSE_ECDSA_KEY + bool + default y + config SOC_SECURE_BOOT_V2_RSA bool default y diff --git a/components/soc/esp32p4/include/soc/soc_caps.h b/components/soc/esp32p4/include/soc/soc_caps.h index 60f0faa36f..3072daf2ee 100644 --- a/components/soc/esp32p4/include/soc/soc_caps.h +++ b/components/soc/esp32p4/include/soc/soc_caps.h @@ -562,6 +562,7 @@ #define SOC_EFUSE_SOFT_DIS_JTAG 1 /* Capability to disable the MSPI access in download mode */ #define SOC_EFUSE_DIS_DOWNLOAD_MSPI 1 +#define SOC_EFUSE_ECDSA_KEY 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_RSA 1