From be2c59112941e59fee52bed92a4e385c4755d35f Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Thu, 28 Sep 2023 09:16:03 +0530 Subject: [PATCH] fix(startup): flip the security configuration check order For cases where the bootloader is not enabled with the security features ends up receiving an incorrect application with flash encryption enabled should not really program any security efuses. In the startup sequence, we first used to program the ROM DL mode configuration but now we check for the flash encryption related checks first. If the flash encryption related checks finds that flash encryption is not enabled on the device then it aborts the boot process. This is the case with `CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP` enabled. This would at-least ensure that accidental program of security enabled application does not really program any ROM DL mode efuses and there is chance to recover the device. --- components/esp_system/startup.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/components/esp_system/startup.c b/components/esp_system/startup.c index 6390954421..3d98a6e2fd 100644 --- a/components/esp_system/startup.c +++ b/components/esp_system/startup.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -355,6 +355,15 @@ static void do_core_init(void) #endif #endif +#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED + esp_flash_encryption_init_checks(); +#endif + +#if defined(CONFIG_SECURE_BOOT) || defined(CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT) + // Note: in some configs this may read flash, so placed after flash init + esp_secure_boot_init_checks(); +#endif + #if CONFIG_SECURE_DISABLE_ROM_DL_MODE err = esp_efuse_disable_rom_download_mode(); assert(err == ESP_OK && "Failed to disable ROM download mode"); @@ -369,15 +378,6 @@ static void do_core_init(void) esp_efuse_disable_basic_rom_console(); #endif -#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED - esp_flash_encryption_init_checks(); -#endif - -#if defined(CONFIG_SECURE_BOOT) || defined(CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT) - // Note: in some configs this may read flash, so placed after flash init - esp_secure_boot_init_checks(); -#endif - #ifdef ROM_LOG_MODE esp_efuse_set_rom_log_scheme(ROM_LOG_MODE); #endif