refactor (bootloader_support, efuse)!: remove target-specific rom includes

The following two functions in bootloader_support are private now: * esp_secure_boot_verify_sbv2_signature_block() * esp_secure_boot_verify_rsa_signature_block() They have been moved into private header files inside bootloader_private/ * Removed bootloader_reset_reason.h and bootloader_common_get_reset_reason() completely. Alternative in ROM component is available. * made esp_efuse.h independent of target-specific rom header
2024-10-05 20:47:46 -04:00 · 2022-05-23 12:36:02 +08:00 · 2022-05-23 12:36:02 +08:00 · 33a3616635
commit 33a3616635
parent 6291d6220a
25 changed files with 157 additions and 107 deletions
--- a/components/app_update/esp_ota_ops.c
+++ b/components/app_update/esp_ota_ops.c
@ -30,6 +30,20 @@
 #include "esp_efuse.h"
 #include "esp_attr.h"

+#if CONFIG_IDF_TARGET_ESP32
+#include "esp32/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32S2
+#include "esp32s2/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32C3
+#include "esp32c3/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32S3
+#include "esp32s3/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32H2
+#include "esp32h2/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32C2
+#include "esp32c2/rom/secure_boot.h"
+#endif
+
 #define SUB_TYPE_ID(i) (i & 0x0F)

 /* Partial_data is word aligned so no reallocation is necessary for encrypted flash write */
@ -898,7 +912,7 @@ esp_err_t esp_ota_revoke_secure_boot_public_key(esp_ota_secure_boot_public_key_i
    }

    esp_err_t ret;
-    ets_secure_boot_key_digests_t trusted_keys;
+    esp_secure_boot_key_digests_t trusted_keys;
    ret = esp_secure_boot_read_key_digests(&trusted_keys);
    if (ret != ESP_OK) {
        ESP_LOGE(TAG, "Could not read the secure boot key digests from efuse. Aborting..");
--- a/components/bootloader/subproject/main/bootloader_start.c
+++ b/components/bootloader/subproject/main/bootloader_start.c
@ -5,6 +5,7 @@
 */
 #include <stdbool.h>
 #include "esp_log.h"
+#include "esp_rom_sys.h"
 #include "bootloader_init.h"
 #include "bootloader_utility.h"
 #include "bootloader_common.h"
@ -79,7 +80,7 @@ static int selected_boot_partition(const bootloader_state_t *bs)
    if (boot_index == INVALID_INDEX) {
        return boot_index; // Unrecoverable failure (not due to corrupt ota data or bad partition contents)
    }
-    if (bootloader_common_get_reset_reason(0) != DEEPSLEEP_RESET) {
+    if (esp_rom_get_reset_reason(0) != RESET_REASON_CORE_DEEP_SLEEP) {
        // Factory firmware.
 #ifdef CONFIG_BOOTLOADER_FACTORY_RESET
        bool reset_level = false;
--- a/components/bootloader_support/include/bootloader_common.h
+++ b/components/bootloader_support/include/bootloader_common.h
@ -8,21 +8,6 @@
 #include "esp_flash_partitions.h"
 #include "esp_image_format.h"
 #include "esp_app_format.h"
-// [refactor-todo]: we shouldn't expose ROM header files in a public API header, remove them in v5.0
-// Tracked in IDF-1968
-#if CONFIG_IDF_TARGET_ESP32
-#include "esp32/rom/rtc.h"
-#elif CONFIG_IDF_TARGET_ESP32S2
-#include "esp32s2/rom/rtc.h"
-#elif CONFIG_IDF_TARGET_ESP32S3
-#include "esp32s3/rom/rtc.h"
-#elif CONFIG_IDF_TARGET_ESP32C3
-#include "esp32c3/rom/rtc.h"
-#elif CONFIG_IDF_TARGET_ESP32H2
-#include "esp32h2/rom/rtc.h"
-#elif CONFIG_IDF_TARGET_ESP32C2
-#include "esp32c2/rom/rtc.h"
-#endif

 #ifdef __cplusplus
 extern "C" {
@ -196,14 +181,6 @@ esp_err_t bootloader_common_get_partition_description(const esp_partition_pos_t
 */
 uint32_t bootloader_common_get_chip_ver_pkg(void);

-/**
- * @brief Query reset reason
- *
- * @param cpu_no CPU number
- * @return reset reason enumeration
- */
-RESET_REASON bootloader_common_get_reset_reason(int cpu_no);
-
 /**
 * @brief Check if the image (bootloader and application) has valid chip ID and revision
 *
--- a/components/bootloader_support/include/esp_secure_boot.h
+++ b/components/bootloader_support/include/esp_secure_boot.h
@ -8,32 +8,13 @@
 #include <stdbool.h>
 #include <esp_err.h>
 #include "soc/efuse_periph.h"
+#include "soc/soc_caps.h"
 #include "esp_image_format.h"
 #include "esp_rom_efuse.h"
 #include "sdkconfig.h"
 #include "esp_rom_crc.h"
 #include "hal/efuse_ll.h"

-#if CONFIG_IDF_TARGET_ESP32
-#include "esp32/rom/efuse.h"
-#include "esp32/rom/secure_boot.h"
-#elif CONFIG_IDF_TARGET_ESP32S2
-#include "esp32s2/rom/efuse.h"
-#include "esp32s2/rom/secure_boot.h"
-#elif CONFIG_IDF_TARGET_ESP32C3
-#include "esp32c3/rom/efuse.h"
-#include "esp32c3/rom/secure_boot.h"
-#elif CONFIG_IDF_TARGET_ESP32S3
-#include "esp32s3/rom/efuse.h"
-#include "esp32s3/rom/secure_boot.h"
-#elif CONFIG_IDF_TARGET_ESP32H2
-#include "esp32h2/rom/efuse.h"
-#include "esp32h2/rom/secure_boot.h"
-#elif CONFIG_IDF_TARGET_ESP32C2
-#include "esp32c2/rom/efuse.h"
-#include "esp32c2/rom/secure_boot.h"
-#endif
-
 #ifdef CONFIG_SECURE_BOOT_V1_ENABLED
 #if !defined(CONFIG_SECURE_SIGNED_ON_BOOT) || !defined(CONFIG_SECURE_SIGNED_ON_UPDATE) || !defined(CONFIG_SECURE_SIGNED_APPS)
 #error "internal sdkconfig error, secure boot should always enable all signature options"
@ -217,34 +198,10 @@ esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig
 * Each image can have one or more signature blocks (up to SECURE_BOOT_NUM_BLOCKS). Each signature block includes a public key.
 */
 typedef struct {
-    uint8_t key_digests[SECURE_BOOT_NUM_BLOCKS][ESP_SECURE_BOOT_DIGEST_LEN];    /* SHA of the public key components in the signature block */
+    uint8_t key_digests[SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS][ESP_SECURE_BOOT_DIGEST_LEN];    /* SHA of the public key components in the signature block */
    unsigned num_digests;                                       /* Number of valid digests, starting at index 0 */
 } esp_image_sig_public_key_digests_t;

-/** @brief Verify the secure boot signature block for Secure Boot V2.
- *
- *  Performs RSA-PSS or ECDSA verification of the SHA-256 image based on the public key
- *  in the signature block, compared against the public key digest stored in efuse.
- *
- * Similar to esp_secure_boot_verify_signature(), but can be used when the digest is precalculated.
- * @param sig_block Pointer to signature block data
- * @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
- * @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
- *
- */
-esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
-
-/** @brief Legacy function to verify RSA secure boot signature block for Secure Boot V2.
- *
- * @note This is kept for backward compatibility. It internally calls esp_secure_boot_verify_sbv2_signature_block.
- *
- * @param sig_block Pointer to RSA signature block data
- * @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
- * @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
- *
- */
-esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
-
 #endif // !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_3

 /** @brief Legacy ECDSA verification function
--- a/components/bootloader_support/private_include/bootloader_signature.h
+++ b/components/bootloader_support/private_include/bootloader_signature.h
@ -0,0 +1,52 @@
+/*
+ * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#pragma once
+
+#include "sdkconfig.h"
+#include <esp_err.h>
+#include <stdint.h>
+
+#if CONFIG_IDF_TARGET_ESP32
+#include "esp32/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32S2
+#include "esp32s2/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32C3
+#include "esp32c3/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32S3
+#include "esp32s3/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32H2
+#include "esp32h2/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32C2
+#include "esp32c2/rom/secure_boot.h"
+#endif
+
+#if !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_3
+
+/** @brief Verify the secure boot signature block for Secure Boot V2.
+ *
+ *  Performs RSA-PSS or ECDSA verification of the SHA-256 image based on the public key
+ *  in the signature block, compared against the public key digest stored in efuse.
+ *
+ * Similar to esp_secure_boot_verify_signature(), but can be used when the digest is precalculated.
+ * @param sig_block Pointer to signature block data
+ * @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
+ * @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
+ *
+ */
+esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
+
+/** @brief Legacy function to verify RSA secure boot signature block for Secure Boot V2.
+ *
+ * @note This is kept for backward compatibility. It internally calls esp_secure_boot_verify_sbv2_signature_block.
+ *
+ * @param sig_block Pointer to RSA signature block data
+ * @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
+ * @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
+ *
+ */
+esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
+
+#endif
--- a/components/bootloader_support/src/bootloader_common.c
+++ b/components/bootloader_support/src/bootloader_common.c
@ -189,11 +189,6 @@ void bootloader_common_vddsdio_configure(void)
 #endif // CONFIG_BOOTLOADER_VDDSDIO_BOOST
 }

-RESET_REASON bootloader_common_get_reset_reason(int cpu_no)
-{
-    return (RESET_REASON)esp_rom_get_reset_reason(cpu_no);
-}
-
 uint8_t bootloader_flash_get_cs_io(void)
 {
 #if SOC_SPI_MEM_SUPPORT_CONFIG_GPIO_BY_EFUSE
--- a/components/bootloader_support/src/esp32c3/bootloader_esp32c3.c
+++ b/components/bootloader_support/src/esp32c3/bootloader_esp32c3.c
@ -20,6 +20,7 @@
 #include "soc/assist_debug_reg.h"
 #include "esp_cpu.h"
 #include "soc/rtc.h"
+#include "soc/rtc_cntl_reg.h"
 #include "soc/spi_periph.h"
 #include "soc/extmem_reg.h"
 #include "soc/io_mux_reg.h"
--- a/components/bootloader_support/src/esp32h2/bootloader_esp32h2.c
+++ b/components/bootloader_support/src/esp32h2/bootloader_esp32h2.c
@ -20,6 +20,7 @@
 #include "soc/assist_debug_reg.h"
 #include "esp_cpu.h"
 #include "soc/rtc.h"
+#include "soc/rtc_cntl_reg.h"
 #include "soc/spi_periph.h"
 #include "soc/extmem_reg.h"
 #include "soc/io_mux_reg.h"
--- a/components/bootloader_support/src/esp32s2/bootloader_esp32s2.c
+++ b/components/bootloader_support/src/esp32s2/bootloader_esp32s2.c
@ -33,6 +33,7 @@
 #include "soc/dport_reg.h"
 #include "soc/extmem_reg.h"
 #include "soc/rtc.h"
+#include "soc/rtc_cntl_reg.h"
 #include "soc/spi_periph.h"
 #include "esp_efuse.h"
 #include "hal/mmu_hal.h"
--- a/components/bootloader_support/src/esp_image_format.c
+++ b/components/bootloader_support/src/esp_image_format.c
@ -7,6 +7,7 @@
 #include <sys/param.h>
 #include <esp_cpu.h>
 #include <bootloader_utility.h>
+#include <bootloader_signature.h>
 #include <esp_secure_boot.h>
 #include <esp_fault.h>
 #include <esp_log.h>
--- a/components/bootloader_support/src/secure_boot_v1/secure_boot.c
+++ b/components/bootloader_support/src/secure_boot_v1/secure_boot.c
@ -11,6 +11,7 @@
 #include "esp_log.h"

 #include "esp32/rom/cache.h"
+#include "esp32/rom/secure_boot.h"

 #include "soc/rtc_periph.h"
 #include "bootloader_utility.h"
--- a/components/bootloader_support/src/secure_boot_v2/secure_boot.c
+++ b/components/bootloader_support/src/secure_boot_v2/secure_boot.c
@ -15,6 +15,20 @@
 #include "esp_efuse.h"
 #include "esp_efuse_table.h"

+#if CONFIG_IDF_TARGET_ESP32
+#include "esp32/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32S2
+#include "esp32s2/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32C3
+#include "esp32c3/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32S3
+#include "esp32s3/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32H2
+#include "esp32h2/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32C2
+#include "esp32c2/rom/secure_boot.h"
+#endif
+
 /* The following API implementations are used only when called
 * from the bootloader code.
 */
--- a/components/bootloader_support/src/secure_boot_v2/secure_boot_ecdsa_signature.c
+++ b/components/bootloader_support/src/secure_boot_v2/secure_boot_ecdsa_signature.c
@ -14,6 +14,8 @@
 #include "mbedtls/ecp.h"
 #include "rom/ecdsa.h"

+#include "secure_boot_signature_priv.h"
+
 static const char *TAG = "secure_boot_v2_ecdsa";

 #define ECDSA_INTEGER_LEN 32
--- a/components/bootloader_support/src/secure_boot_v2/secure_boot_rsa_signature.c
+++ b/components/bootloader_support/src/secure_boot_v2/secure_boot_rsa_signature.c
@ -12,6 +12,8 @@
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"

+#include "secure_boot_signature_priv.h"
+
 static const char *TAG = "secure_boot_v2_rsa";

 esp_err_t verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block)
--- a/components/bootloader_support/src/secure_boot_v2/secure_boot_signature_priv.h
+++ b/components/bootloader_support/src/secure_boot_v2/secure_boot_signature_priv.h
@ -4,7 +4,20 @@
 * SPDX-License-Identifier: Apache-2.0
 */
 #include "esp_secure_boot.h"
-#include "esp_log.h"
+
+#if CONFIG_IDF_TARGET_ESP32
+#include "esp32/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32S2
+#include "esp32s2/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32C3
+#include "esp32c3/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32S3
+#include "esp32s3/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32H2
+#include "esp32h2/rom/secure_boot.h"
+#elif CONFIG_IDF_TARGET_ESP32C2
+#include "esp32c2/rom/secure_boot.h"
+#endif

 esp_err_t verify_ecdsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block);

--- a/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c
+++ b/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c
@ -8,6 +8,7 @@
 #include "bootloader_flash_priv.h"
 #include "bootloader_sha.h"
 #include "bootloader_utility.h"
+#include "bootloader_signature.h"
 #include "esp_log.h"
 #include "esp_image_format.h"
 #include "mbedtls/sha256.h"
@ -108,7 +109,7 @@ static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t
 #elif CONFIG_SECURE_BOOT_V2_ENABLED
    ESP_LOGI(TAG, "Take trusted digest key(s) from eFuse block(s)");
    // Read key digests from efuse
-    ets_secure_boot_key_digests_t efuse_trusted;
+    esp_secure_boot_key_digests_t efuse_trusted;
    if (esp_secure_boot_read_key_digests(&efuse_trusted) == ESP_OK) {
        for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
            if (efuse_trusted.key_digests[i] != NULL) {
--- a/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_bootloader.c
+++ b/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_bootloader.c
@ -10,6 +10,7 @@
 #include "bootloader_flash_priv.h"
 #include "bootloader_sha.h"
 #include "bootloader_utility.h"
+#include "bootloader_signature.h"
 #include "esp_log.h"
 #include "esp_image_format.h"
 #include "esp_secure_boot.h"
@ -66,19 +67,19 @@ static esp_err_t validate_signature_block(const ets_secure_boot_sig_block_t *blo
 static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t *public_key_digests)
 {
    // Read key digests from efuse
-    ets_secure_boot_key_digests_t trusted_keys;
-    ets_secure_boot_key_digests_t trusted_key_copies[2];
+    esp_secure_boot_key_digests_t trusted_keys;
+    esp_secure_boot_key_digests_t trusted_key_copies[2];

-    memset(&trusted_keys, 0, sizeof(ets_secure_boot_key_digests_t));
-    memset(trusted_key_copies, 0, 2 * sizeof(ets_secure_boot_key_digests_t));
+    memset(&trusted_keys, 0, sizeof(esp_secure_boot_key_digests_t));
+    memset(trusted_key_copies, 0, 2 * sizeof(esp_secure_boot_key_digests_t));

    esp_err_t err = esp_secure_boot_read_key_digests(&trusted_keys);

    // Create the copies for FI checks (assuming result is ETS_OK, if it's not then it'll fail the fault check anyhow)
    esp_secure_boot_read_key_digests(&trusted_key_copies[0]);
    esp_secure_boot_read_key_digests(&trusted_key_copies[1]);
-    ESP_FAULT_ASSERT(memcmp(&trusted_keys, &trusted_key_copies[0], sizeof(ets_secure_boot_key_digests_t)) == 0);
-    ESP_FAULT_ASSERT(memcmp(&trusted_keys, &trusted_key_copies[1], sizeof(ets_secure_boot_key_digests_t)) == 0);
+    ESP_FAULT_ASSERT(memcmp(&trusted_keys, &trusted_key_copies[0], sizeof(esp_secure_boot_key_digests_t)) == 0);
+    ESP_FAULT_ASSERT(memcmp(&trusted_keys, &trusted_key_copies[1], sizeof(esp_secure_boot_key_digests_t)) == 0);

    if (err == ESP_OK) {
        for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
--- a/components/efuse/include/esp_efuse.h
+++ b/components/efuse/include/esp_efuse.h
@ -15,20 +15,6 @@
 #include "sdkconfig.h"
 #include_next "esp_efuse.h"

-#if CONFIG_IDF_TARGET_ESP32
-#include "esp32/rom/secure_boot.h"
-#elif CONFIG_IDF_TARGET_ESP32S2
-#include "esp32s2/rom/secure_boot.h"
-#elif CONFIG_IDF_TARGET_ESP32C3
-#include "esp32c3/rom/secure_boot.h"
-#elif CONFIG_IDF_TARGET_ESP32S3
-#include "esp32s3/rom/secure_boot.h"
-#elif CONFIG_IDF_TARGET_ESP32H2
-#include "esp32h2/rom/secure_boot.h"
-#elif CONFIG_IDF_TARGET_ESP32C2
-#include "esp32c2/rom/secure_boot.h"
-#endif
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@ -60,6 +46,17 @@ typedef enum {
    ESP_EFUSE_ROM_LOG_ALWAYS_OFF    /**< Disable ROM logging permanently */
 } esp_efuse_rom_log_scheme_t;

+#if CONFIG_ESP32_REV_MIN_3 || !CONFIG_IDF_TARGET_ESP32
+/**
+ * @brief Pointers to the trusted key digests.
+ *
+ * The number of digests depends on the SOC's capabilities.
+ */
+typedef struct {
+    const void *key_digests[SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS]; /**< Pointers to the key digests */
+} esp_secure_boot_key_digests_t;
+#endif
+
 /**
 * @brief   Reads bits from EFUSE field and writes it into an array.
 *
@ -749,13 +746,15 @@ esp_err_t esp_efuse_write_keys(const esp_efuse_purpose_t purposes[], uint8_t key
 /**
 * @brief Read key digests from efuse. Any revoked/missing digests will be marked as NULL
 *
- * @param[out] trusted_keys The number of digest in range 0..2
+ * @param[out] trusted_key_digests Trusted keys digests, stored in this parameter after successfully
+ *                                 completing this function.
+ *                                 The number of digests depends on the SOC's capabilities.
 *
 * @return
 *    - ESP_OK: Successful.
 *    - ESP_FAIL: If trusted_keys is NULL or there is no valid digest.
 */
-esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys);
+esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_key_digests);
 #endif

 /**
--- a/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c
+++ b/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c
@ -365,7 +365,7 @@ esp_err_t esp_efuse_set_write_protect_of_digest_revoke(unsigned num_digest)
    return esp_efuse_write_field_bit(s_revoke_table[num_digest].revoke_wr_dis);
 }

-esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys)
+esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_keys)
 {
    bool found = false;
    esp_efuse_block_t key_block;
@ -374,7 +374,7 @@ esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *truste
        return ESP_FAIL;
    }

-    for (unsigned i = 0; i < MAX_KEY_DIGESTS; i++) {
+    for (unsigned i = 0; i < SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS; i++) {
        trusted_keys->key_digests[i] = NULL;
        if (esp_efuse_get_digest_revoke(i)) {
            continue;
@ -390,8 +390,6 @@ esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *truste
        found = found || (trusted_keys->key_digests[i] != NULL);
    }

-    trusted_keys->allow_key_revoke = false;
-
    if (!found) {
        return ESP_FAIL;
    }
--- a/components/efuse/src/efuse_controller/keys/without_key_purposes/one_key_block/esp_efuse_api_key.c
+++ b/components/efuse/src/efuse_controller/keys/without_key_purposes/one_key_block/esp_efuse_api_key.c
@ -238,7 +238,7 @@ err_exit:
    return err;
 }

-esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys)
+esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_keys)
 {
    if (trusted_keys == NULL) {
        return ESP_FAIL;
--- a/components/efuse/src/efuse_controller/keys/without_key_purposes/three_key_blocks/esp_efuse_api_key.c
+++ b/components/efuse/src/efuse_controller/keys/without_key_purposes/three_key_blocks/esp_efuse_api_key.c
@ -241,7 +241,7 @@ err_exit:
 }

 #if CONFIG_ESP32_REV_MIN_3
-esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys)
+esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_keys)
 {
    if (trusted_keys == NULL) {
        return ESP_FAIL;
--- a/components/esp_hw_support/port/esp32s2/esp_hmac.c
+++ b/components/esp_hw_support/port/esp32s2/esp_hmac.c
@ -5,6 +5,7 @@
 */

 #include <string.h>
+#include "esp32s2/rom/ets_sys.h"
 #include "esp32s2/rom/hmac.h"
 #include "esp_hmac.h"
 #include "esp_crypto_lock.h"
--- a/components/esp_system/port/cpu_start.c
+++ b/components/esp_system/port/cpu_start.c
@ -28,13 +28,16 @@
 #include "soc/dport_reg.h"
 #include "esp32/rtc.h"
 #include "esp32/rom/cache.h"
+#include "esp32/rom/secure_boot.h"
 #elif CONFIG_IDF_TARGET_ESP32S2
 #include "esp32s2/rtc.h"
 #include "esp32s2/rom/cache.h"
+#include "esp32s2/rom/secure_boot.h"
 #include "esp32s2/memprot.h"
 #elif CONFIG_IDF_TARGET_ESP32S3
 #include "esp32s3/rtc.h"
 #include "esp32s3/rom/cache.h"
+#include "esp32s3/rom/secure_boot.h"
 #include "esp_memprot.h"
 #include "soc/assist_debug_reg.h"
 #include "soc/system_reg.h"
@ -42,15 +45,18 @@
 #elif CONFIG_IDF_TARGET_ESP32C3
 #include "esp32c3/rtc.h"
 #include "esp32c3/rom/cache.h"
+#include "esp32c3/rom/secure_boot.h"
 #include "esp_memprot.h"
 #elif CONFIG_IDF_TARGET_ESP32H2
 #include "esp32h2/rtc.h"
 #include "esp32h2/rom/cache.h"
+#include "esp32h2/rom/secure_boot.h"
 #include "esp_memprot.h"
 #elif CONFIG_IDF_TARGET_ESP32C2
 #include "esp32c2/rtc.h"
 #include "esp32c2/rom/cache.h"
 #include "esp32c2/rom/rtc.h"
+#include "esp32c2/rom/secure_boot.h"
 #include "esp32c2/memprot.h"
 #endif

--- a/docs/en/migration-guides/system.rst
+++ b/docs/en/migration-guides/system.rst
@ -20,6 +20,12 @@ Cache Error Interrupt

 The old headers ``{IDF_TARGET_NAME}/cache_err_int.h`` have been removed. Please include ``esp_private/cache_err_int.h`` instead.

+Bootloader Support
+------------------
+
+* The function ``bootloader_common_get_reset_reason()`` has been removed. Please use the function ``esp_rom_get_reset_reason()`` in the ROM component.
+* The functions ``esp_secure_boot_verify_sbv2_signature_block()`` and ``esp_secure_boot_verify_rsa_signature_block()`` have been removed without replacement. We don't expect users to use these directly. If they are indeed still neccessary, please open a feature request on github explaining why these functions are necessary to you.
+
 Brownout
 --------

@ -49,6 +55,11 @@ PSRAM
 - The target specific header files ``spiram.h`` have been deleted. The header file ``esp_spiram.h`` has been deleted. A new component ``esp_psram`` is created, you should include ``esp_psram.h`` instead. Besides, you might need to add ``esp_psram`` component to the list of component requirements in CMakeLists.txt.
 - ``esp_spiram_get_chip_size`` and ``esp_spiram_get_size`` have been deleted. You should use ``esp_psram_get_size`` instead.

+Efuse
+----------
+
+The parameter type of function ``esp_secure_boot_read_key_digests()`` changed from ``ets_secure_boot_key_digests_t*`` to ``esp_secure_boot_key_digests_t*``. ``ets_secure_boot_key_digests_t*``. The new type is the same as the old one, except that the ``allow_key_revoke`` flag has been removed. The latter was always set to ``true`` in current code, hence, it didn't provide additional information.
+
 ESP Common
 ----------

--- a/tools/test_apps/security/secure_boot/main/secure_boot_main.c
+++ b/tools/test_apps/security/secure_boot/main/secure_boot_main.c
@ -7,6 +7,7 @@
   CONDITIONS OF ANY KIND, either express or implied.
 */
 #include <stdio.h>
+#include "sdkconfig.h"
 #include "freertos/FreeRTOS.h"
 #include "freertos/task.h"
 #include "soc/efuse_reg.h"
@ -54,7 +55,7 @@ static void example_print_chip_info(void)

 static void example_secure_boot_status(void)
 {
-    ets_secure_boot_key_digests_t trusted_keys = { 0};
+    esp_secure_boot_key_digests_t trusted_keys = { 0};

    ESP_LOGI(TAG, "Checking for Secure Boot..");
    if(esp_secure_boot_enabled()) {
@ -62,7 +63,7 @@ static void example_secure_boot_status(void)
        ESP_ERROR_CHECK( esp_secure_boot_read_key_digests(&trusted_keys) );

        unsigned total = 0;
-        for (int i = 0; i < MAX_KEY_DIGESTS; i++) {
+        for (int i = 0; i < SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS; i++) {
            ESP_LOGI(TAG, "Key slot %d:", i);
            if (trusted_keys.key_digests[i]) {
                ESP_LOG_BUFFER_HEXDUMP("trusted key", trusted_keys.key_digests[i], DIGEST_LEN, ESP_LOG_INFO);