diff --git a/components/bootloader_support/src/flash_encrypt.c b/components/bootloader_support/src/flash_encrypt.c index c61094345b..ce5d2180ef 100644 --- a/components/bootloader_support/src/flash_encrypt.c +++ b/components/bootloader_support/src/flash_encrypt.c @@ -70,14 +70,23 @@ void esp_flash_write_protect_crypt_cnt(void) esp_flash_enc_mode_t esp_get_flash_encryption_mode(void) { - uint8_t efuse_flash_crypt_cnt_wr_protected = 0; + uint8_t flash_crypt_cnt_wr_dis = 0; uint8_t dis_dl_enc = 0, dis_dl_dec = 0, dis_dl_cache = 0; esp_flash_enc_mode_t mode = ESP_FLASH_ENC_MODE_DEVELOPMENT; if (esp_flash_encryption_enabled()) { /* Check if FLASH CRYPT CNT is write protected */ - esp_efuse_read_field_blob(ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT, &efuse_flash_crypt_cnt_wr_protected, 1); - if (efuse_flash_crypt_cnt_wr_protected) { + + esp_efuse_read_field_blob(ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT, &flash_crypt_cnt_wr_dis, 1); + if (!flash_crypt_cnt_wr_dis) { + uint8_t flash_crypt_cnt = 0; + esp_efuse_read_field_blob(ESP_EFUSE_FLASH_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count); + if (flash_crypt_cnt == (1 << (ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count)) - 1) { + flash_crypt_cnt_wr_dis = 1; + } + } + + if (flash_crypt_cnt_wr_dis) { esp_efuse_read_field_blob(ESP_EFUSE_DISABLE_DL_CACHE, &dis_dl_cache, 1); esp_efuse_read_field_blob(ESP_EFUSE_DISABLE_DL_ENCRYPT, &dis_dl_enc, 1); esp_efuse_read_field_blob(ESP_EFUSE_DISABLE_DL_DECRYPT, &dis_dl_dec, 1);