efuse example: Adds CI tests for ESP32-C2

.gitlab/ci/target-test.yml

@@ -613,6 +613,12 @@ example_test_C3_GENERIC:
     - ESP32C3
     - Example_GENERIC
 
+example_test_C2_GENERIC:
+  extends: .example_test_esp32c2_template
+  tags:
+    - ESP32C2
+    - Example_GENERIC
+
 example_test_ESP32_SDSPI:
   extends: .example_test_esp32_template
   tags:

examples/system/.build-test-rules.yml

@@ -43,10 +43,6 @@ examples/system/deep_sleep:
       reason: target esp32c2 is not supported yet
 
 examples/system/efuse:
-  disable:
-    - if: IDF_TARGET == "esp32c2"
-      temporary: true
-      reason: target esp32c2 is not supported yet
   disable_test:
     - if: IDF_TARGET == "esp32s3"
       temporary: true

examples/system/efuse/README.md

@@ -1,5 +1,5 @@
-| Supported Targets | ESP32 | ESP32-C3 | ESP32-S2 | ESP32-S3 |
-| ----------------- | ----- | -------- | -------- | -------- |
+| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-S2 | ESP32-S3 |
+| ----------------- | ----- | -------- | -------- | -------- | -------- |
 
 # eFuse Example
 

examples/system/efuse/example_test.py

@@ -27,7 +27,7 @@ def erase_field_on_emul_efuse(dut, pos_of_bits):  # type: (ttfw_idf.TinyFW.Env,
     dut.write_flash(flash_files)
 
 
-@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32c3'])
+@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32c3', 'esp32c2'])
 def test_examples_efuse(env, _):  # type: (ttfw_idf.TinyFW.Env, None) -> None
     dut = env.get_dut('efuse', 'examples/system/efuse')
     dut.start_app()
@@ -54,7 +54,7 @@ def test_examples_efuse(env, _):  # type: (ttfw_idf.TinyFW.Env, None) -> None
                    timeout=30)
 
 
-@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32s2', 'esp32c3'])
+@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32s2', 'esp32c3', 'esp32c2'])
 def test_examples_efuse_with_virt_flash_enc(env, _):  # type: (ttfw_idf.TinyFW.Env, None) -> None
     dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_flash_enc')
     # check and log bin size
@@ -79,7 +79,10 @@ def test_examples_efuse_with_virt_flash_enc(env, _):  # type: (ttfw_idf.TinyFW.E
         dut.expect('Disable JTAG...')
         dut.expect('Disable ROM BASIC interpreter fallback...')
     else:
-        dut.expect('Writing EFUSE_BLK_KEY0 with purpose 4')
+        if dut.TARGET == 'esp32c2':
+            dut.expect('Writing EFUSE_BLK_KEY0 with purpose 1')
+        else:
+            dut.expect('Writing EFUSE_BLK_KEY0 with purpose 4')
         dut.expect('Not disabling UART bootloader encryption')
         dut.expect('Disable UART bootloader cache...')
         dut.expect('Disable JTAG...')
@@ -138,7 +141,7 @@ def test_examples_efuse_with_virt_flash_enc_aes_256(env, _):  # type: (ttfw_idf.
     dut.expect('example: Done')
 
 
-@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32s2', 'esp32c3'])
+@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32s2', 'esp32c3', 'esp32c2'])
 def test_examples_efuse_with_virt_flash_enc_pre_loaded(env, _):  # type: (ttfw_idf.TinyFW.Env, None) -> None
     dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_flash_enc')
 
@@ -161,6 +164,9 @@ def test_examples_efuse_with_virt_flash_enc_pre_loaded(env, _):  # type: (ttfw_i
         FLASH_CRYPT_CNT = 20
         # Resets eFuse, which enables Flash encryption feature
         erase_field_on_emul_efuse(dut, [FLASH_CRYPT_CNT])
+    elif dut.TARGET == 'esp32c2':
+        FLASH_CRYPT_CNT = 39
+        erase_field_on_emul_efuse(dut, [FLASH_CRYPT_CNT])
     else:
         # offset of this eFuse is taken from components/efuse/{target}/esp_efuse_table.csv
         print(' - Flash emul_efuse with pre-loaded efuses (SPI_BOOT_CRYPT_CNT 1 -> 0)')
@@ -201,7 +207,7 @@ def test_examples_efuse_with_virt_flash_enc_pre_loaded(env, _):  # type: (ttfw_i
     dut.expect('example: Done')
 
 
-@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32s2', 'esp32c3'])
+@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32s2', 'esp32c3', 'esp32c2'])
 def test_examples_efuse_with_virt_flash_enc_release(env, _):  # type: (ttfw_idf.TinyFW.Env, None) -> None
     dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_flash_enc_release')
     # check and log bin size
@@ -226,7 +232,10 @@ def test_examples_efuse_with_virt_flash_enc_release(env, _):  # type: (ttfw_idf.
         dut.expect('Disable JTAG...')
         dut.expect('Disable ROM BASIC interpreter fallback...')
     else:
-        dut.expect('Writing EFUSE_BLK_KEY0 with purpose 4')
+        if dut.TARGET == 'esp32c2':
+            dut.expect('Writing EFUSE_BLK_KEY0 with purpose 1')
+        else:
+            dut.expect('Writing EFUSE_BLK_KEY0 with purpose 4')
         dut.expect('Disable UART bootloader encryption')
         dut.expect('Disable UART bootloader cache...')
         dut.expect('Disable JTAG...')
@@ -347,7 +356,7 @@ def test_examples_efuse_with_virt_secure_boot_v1_pre_loaded(env, _):  # type: (t
 @ttfw_idf.idf_example_test(env_tag='Example_EthKitV12', target=['esp32'])
 def test_examples_efuse_with_virt_secure_boot_v2(env, _):  # type: (ttfw_idf.TinyFW.Env, None) -> None
     # only for ESP32 ECO3
-    dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2')
+    dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2.' + env.default_dut_cls.TARGET)
     # check and log bin size
     binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
     bin_size = os.path.getsize(binary_file)
@@ -408,7 +417,7 @@ def test_examples_efuse_with_virt_secure_boot_v2(env, _):  # type: (ttfw_idf.Tin
 @ttfw_idf.idf_example_test(env_tag='Example_EthKitV12', target=['esp32'])
 def test_examples_efuse_with_virt_secure_boot_v2_pre_loaded(env, _):  # type: (ttfw_idf.TinyFW.Env, None) -> None
     # only for ESP32 ECO3
-    dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2')
+    dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2.' + env.default_dut_cls.TARGET)
 
     print(' - Erase flash')
     dut.erase_flash()
@@ -469,9 +478,9 @@ def test_examples_efuse_with_virt_secure_boot_v2_pre_loaded(env, _):  # type: (t
     dut.expect('example: Done')
 
 
-@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32s2', 'esp32c3'])
+@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32s2', 'esp32c3', 'esp32c2'])
 def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(env, _):  # type: (ttfw_idf.TinyFW.Env, None) -> None
-    dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2')
+    dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2.' + env.default_dut_cls.TARGET)
     # check and log bin size
     binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
     bin_size = os.path.getsize(binary_file)
@@ -489,24 +498,29 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(env, _):  # type: (ttfw
 
     dut.expect('Verifying image signature...')
     dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
-    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
+    signed_scheme = 'ECDSA' if dut.TARGET == 'esp32c2' else 'RSA-PSS'
+    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
     dut.expect('secure_boot_v2: Signature verified successfully!')
 
     dut.expect('secure_boot_v2: enabling secure boot v2...')
     dut.expect('Verifying image signature...')
     dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
-    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
+    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
     dut.expect('secure_boot_v2: Signature verified successfully!')
     dut.expect('secure_boot_v2: Secure boot digests absent, generating..')
     dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
     dut.expect('secure_boot_v2: 1 signature block(s) found appended to the bootloader')
 
-    dut.expect('Writing EFUSE_BLK_KEY0 with purpose 9')
+    if dut.TARGET == 'esp32c2':
+        dut.expect('Writing EFUSE_BLK_KEY0 with purpose 3')
+    else:
+        dut.expect('Writing EFUSE_BLK_KEY0 with purpose 9')
     dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
     dut.expect('secure_boot_v2: 1 signature block(s) found appended to the app')
     dut.expect('secure_boot_v2: Application key(0) matches with bootloader key(0)')
-    dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...')
-    dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...')
+    if dut.TARGET != 'esp32c2':
+        dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...')
+        dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...')
     dut.expect('secure_boot_v2: blowing secure boot efuse...')
     dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED')
     dut.expect('Disable hardware & software JTAG...')
@@ -520,7 +534,7 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(env, _):  # type: (ttfw
     dut.reset()
     dut.expect('Loading virtual efuse blocks from flash')
     dut.expect('Verifying image signature...')
-    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
+    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
     dut.expect('secure_boot_v2: Signature verified successfully!')
     dut.expect('secure_boot_v2: enabling secure boot v2...')
     dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
@@ -528,9 +542,9 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(env, _):  # type: (ttfw
     dut.expect('example: Done')
 
 
-@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32s2', 'esp32c3'])
+@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32s2', 'esp32c3', 'esp32c2'])
 def test_examples_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(env, _):  # type: (ttfw_idf.TinyFW.Env, None) -> None
-    dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2')
+    dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2.' + env.default_dut_cls.TARGET)
 
     print(' - Erase flash')
     dut.erase_flash()
@@ -546,28 +560,34 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(env, _):  #
 
     print(' - Flash emul_efuse with pre-loaded efuses (SECURE_BOOT_EN 1 -> 0, SECURE_BOOT_KEY_REVOKE[0..2] -> 0)')
     # offsets of eFuses are taken from components/efuse/{target}/esp_efuse_table.csv
-    SECURE_BOOT_EN = 116
-    SECURE_BOOT_KEY_REVOKE0 = 85
-    SECURE_BOOT_KEY_REVOKE1 = 86
-    SECURE_BOOT_KEY_REVOKE2 = 87
-    # Resets eFuse, which enables Secure boot feature
-    # Resets eFuses, which control digest slots
-    erase_field_on_emul_efuse(dut, [SECURE_BOOT_EN, SECURE_BOOT_KEY_REVOKE0, SECURE_BOOT_KEY_REVOKE1, SECURE_BOOT_KEY_REVOKE2])
+    if dut.TARGET == 'esp32c2':
+        SECURE_BOOT_EN = 53
+        erase_field_on_emul_efuse(dut, [SECURE_BOOT_EN])
+    else:
+        SECURE_BOOT_EN = 116
+        SECURE_BOOT_KEY_REVOKE0 = 85
+        SECURE_BOOT_KEY_REVOKE1 = 86
+        SECURE_BOOT_KEY_REVOKE2 = 87
+        # Resets eFuse, which enables Secure boot feature
+        # Resets eFuses, which control digest slots
+        erase_field_on_emul_efuse(dut, [SECURE_BOOT_EN, SECURE_BOOT_KEY_REVOKE0, SECURE_BOOT_KEY_REVOKE1, SECURE_BOOT_KEY_REVOKE2])
 
     print(' - Start app (flash partition_table and app)')
     dut.start_app()
     dut.expect('Loading virtual efuse blocks from flash')
 
     dut.expect('Verifying image signature...')
-    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
+    signed_scheme = 'ECDSA' if dut.TARGET == 'esp32c2' else 'RSA-PSS'
+    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
     dut.expect('secure_boot_v2: Signature verified successfully!')
     dut.expect('secure_boot_v2: Secure boot digests already present')
     dut.expect('secure_boot_v2: Using pre-loaded public key digest in eFuse')
     dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
     dut.expect('secure_boot_v2: 1 signature block(s) found appended to the app')
     dut.expect('secure_boot_v2: Application key(0) matches with bootloader key(0)')
-    dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...')
-    dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...')
+    if dut.TARGET != 'esp32c2':
+        dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...')
+        dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...')
 
     dut.expect('secure_boot_v2: blowing secure boot efuse...')
     dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED')
@@ -582,7 +602,7 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(env, _):  #
     dut.reset()
     dut.expect('Loading virtual efuse blocks from flash')
     dut.expect('Verifying image signature...')
-    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
+    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
     dut.expect('secure_boot_v2: Signature verified successfully!')
     dut.expect('secure_boot_v2: enabling secure boot v2...')
     dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
@@ -654,7 +674,7 @@ def test_examples_efuse_with_virt_sb_v1_and_fe(env, _):  # type: (ttfw_idf.TinyF
 @ttfw_idf.idf_example_test(env_tag='Example_EthKitV12', target=['esp32'])
 def test_examples_efuse_with_virt_sb_v2_and_fe(env, _):  # type: (ttfw_idf.TinyFW.Env, None) -> None
     # only for ESP32 ECO3
-    dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_sb_v2_and_fe')
+    dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_sb_v2_and_fe.' + env.default_dut_cls.TARGET)
     # check and log bin size
     binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
     bin_size = os.path.getsize(binary_file)
@@ -730,9 +750,9 @@ def test_examples_efuse_with_virt_sb_v2_and_fe(env, _):  # type: (ttfw_idf.TinyF
     dut.expect('example: Done')
 
 
-@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32s2', 'esp32c3'])
+@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32s2', 'esp32c3', 'esp32c2'])
 def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(env, _):  # type: (ttfw_idf.TinyFW.Env, None) -> None
-    dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_sb_v2_and_fe')
+    dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_sb_v2_and_fe.' + env.default_dut_cls.TARGET)
     # check and log bin size
     binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
     bin_size = os.path.getsize(binary_file)
@@ -750,51 +770,65 @@ def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(env, _):  # type: (ttfw_i
 
     dut.expect('Verifying image signature...')
     dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
-    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
+    signed_scheme = 'ECDSA' if dut.TARGET == 'esp32c2' else 'RSA-PSS'
+    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
     dut.expect('secure_boot_v2: Signature verified successfully!')
 
     dut.expect('secure_boot_v2: enabling secure boot v2...')
     dut.expect('Verifying image signature...')
     dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
-    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
+    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
     dut.expect('secure_boot_v2: Signature verified successfully!')
     dut.expect('secure_boot_v2: Secure boot digests absent, generating..')
     dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
     dut.expect('secure_boot_v2: 1 signature block(s) found appended to the bootloader')
 
-    dut.expect('Writing EFUSE_BLK_KEY0 with purpose 9')
+    if dut.TARGET == 'esp32c2':
+        dut.expect('Writing EFUSE_BLK_KEY0 with purpose 3')
+    else:
+        dut.expect('Writing EFUSE_BLK_KEY0 with purpose 9')
     dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
     dut.expect('secure_boot_v2: 1 signature block(s) found appended to the app')
     dut.expect('secure_boot_v2: Application key(0) matches with bootloader key(0)')
-    dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...')
-    dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...')
+    if dut.TARGET != 'esp32c2':
+        dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...')
+        dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...')
     dut.expect('secure_boot_v2: blowing secure boot efuse...')
     dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED')
     dut.expect('Disable hardware & software JTAG...')
-    dut.expect('secure_boot_v2: Secure boot permanently enabled')
+
+    if dut.TARGET != 'esp32c2':
+        dut.expect('secure_boot_v2: Secure boot permanently enabled')
 
     dut.expect('Checking flash encryption...')
     dut.expect('flash_encrypt: Generating new flash encryption key...')
-    dut.expect('Writing EFUSE_BLK_KEY1 with purpose 4')
+    if dut.TARGET == 'esp32c2':
+        dut.expect('Writing EFUSE_BLK_KEY0 with purpose 2')
+    else:
+        dut.expect('Writing EFUSE_BLK_KEY1 with purpose 4')
+
     dut.expect('Not disabling UART bootloader encryption')
     dut.expect('Disable UART bootloader cache...')
     dut.expect('Disable JTAG...')
 
+    if dut.TARGET == 'esp32c2':
+        dut.expect('boot: Secure boot permanently enabled')
+
     dut.expect('Verifying image signature...')
-    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
+    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
     dut.expect('secure_boot_v2: Signature verified successfully!')
     dut.expect('flash_encrypt: bootloader encrypted successfully')
     dut.expect('flash_encrypt: partition table encrypted and loaded successfully')
 
     dut.expect('Verifying image signature...')
-    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
+    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
     dut.expect('secure_boot_v2: Signature verified successfully!')
     dut.expect('flash_encrypt: Flash encryption completed', timeout=90)
     dut.expect('Resetting with flash encryption enabled...')
 
     dut.expect('Loading virtual efuse blocks from flash')
     dut.expect('Verifying image signature...')
-    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
+    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
     dut.expect('secure_boot_v2: Signature verified successfully!')
     dut.expect('secure_boot_v2: enabling secure boot v2...')
     dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')

examples/system/efuse/main/efuse_main.c

@@ -15,6 +15,10 @@
 #include "esp_efuse.h"
 #include "esp_efuse_table.h"
 #include "esp_efuse_custom_table.h"
+#if CONFIG_IDF_TARGET_ESP32C2
+#include "esp_secure_boot.h"
+#include "esp_flash_encrypt.h"
+#endif
 #include "sdkconfig.h"
 
 static const char* TAG = "example";
@@ -138,6 +142,16 @@ void app_main(void)
     read_efuse_fields(&device_desc);
 
     ESP_LOGW(TAG, "This example does not burn any efuse in reality only virtually");
+
+#if CONFIG_IDF_TARGET_ESP32C2
+    if (esp_secure_boot_enabled() || esp_flash_encryption_enabled()) {
+        ESP_LOGW(TAG, "BLOCK3 is used for secure boot or/and flash encryption");
+        ESP_LOGW(TAG, "eFuses from the custom eFuse table can not be used as they are placed in BLOCK3");
+        ESP_LOGI(TAG, "Done");
+        return;
+    }
+#endif
+
 #ifdef CONFIG_EFUSE_VIRTUAL
     ESP_LOGW(TAG, "Write operations in efuse fields are performed virtually");
     if (device_desc.device_role == 0) {

examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32

@@ -0,0 +1,21 @@
+# FLASH_ENCRYPTION & SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
+
+CONFIG_IDF_TARGET="esp32"
+
+# ESP32 supports SECURE_BOOT_V2 only in ECO3
+CONFIG_ESP32_REV_MIN_3=y
+CONFIG_ESP32_REV_MIN=3
+
+CONFIG_PARTITION_TABLE_OFFSET=0xD000
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
+
+CONFIG_SECURE_BOOT=y
+CONFIG_SECURE_BOOT_V2_ENABLED=y
+CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
+
+CONFIG_SECURE_FLASH_ENC_ENABLED=y
+
+# IMPORTANT: ONLY VIRTUAL eFuse MODE!
+CONFIG_EFUSE_VIRTUAL=y
+CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=y

examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c2

@@ -0,0 +1,17 @@
+# FLASH_ENCRYPTION & SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
+
+CONFIG_IDF_TARGET="esp32c2"
+
+CONFIG_PARTITION_TABLE_OFFSET=0xD000
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
+
+CONFIG_SECURE_BOOT=y
+CONFIG_SECURE_BOOT_V2_ENABLED=y
+CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem"
+
+CONFIG_SECURE_FLASH_ENC_ENABLED=y
+
+# IMPORTANT: ONLY VIRTUAL eFuse MODE!
+CONFIG_EFUSE_VIRTUAL=y
+CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=y

examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c3

@@ -1,8 +1,7 @@
 # FLASH_ENCRYPTION & SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
 
-# ESP32 supports SECURE_BOOT_V2 only in ECO3
-CONFIG_ESP32_REV_MIN_3=y
-CONFIG_ESP32_REV_MIN=3
+CONFIG_IDF_TARGET="esp32c3"
+
 # ESP32C3 supports SECURE_BOOT_V2 only in ECO3
 CONFIG_ESP32C3_REV_MIN_3=y
 CONFIG_ESP32C3_REV_MIN=3

examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32s2

@@ -0,0 +1,17 @@
+# FLASH_ENCRYPTION & SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
+
+CONFIG_IDF_TARGET="esp32s2"
+
+CONFIG_PARTITION_TABLE_OFFSET=0xD000
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
+
+CONFIG_SECURE_BOOT=y
+CONFIG_SECURE_BOOT_V2_ENABLED=y
+CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
+
+CONFIG_SECURE_FLASH_ENC_ENABLED=y
+
+# IMPORTANT: ONLY VIRTUAL eFuse MODE!
+CONFIG_EFUSE_VIRTUAL=y
+CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=y

examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32

@@ -0,0 +1,20 @@
+# SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
+
+CONFIG_IDF_TARGET="esp32"
+
+# ESP32 supports SECURE_BOOT_V2 only in ECO3
+CONFIG_ESP32_REV_MIN_3=y
+CONFIG_ESP32_REV_MIN=3
+
+CONFIG_PARTITION_TABLE_OFFSET=0xC000
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
+
+CONFIG_SECURE_BOOT=y
+CONFIG_SECURE_BOOT_V2_ENABLED=y
+CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
+CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
+
+# IMPORTANT: ONLY VIRTUAL eFuse MODE!
+CONFIG_EFUSE_VIRTUAL=y
+CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=y

examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c2

@@ -0,0 +1,16 @@
+# SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
+
+CONFIG_IDF_TARGET="esp32c2"
+
+CONFIG_PARTITION_TABLE_OFFSET=0xC000
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
+
+CONFIG_SECURE_BOOT=y
+CONFIG_SECURE_BOOT_V2_ENABLED=y
+CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem"
+CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
+
+# IMPORTANT: ONLY VIRTUAL eFuse MODE!
+CONFIG_EFUSE_VIRTUAL=y
+CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=y

examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c3

@@ -1,8 +1,7 @@
 # SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
 
-# ESP32 supports SECURE_BOOT_V2 only in ECO3
-CONFIG_ESP32_REV_MIN_3=y
-CONFIG_ESP32_REV_MIN=3
+CONFIG_IDF_TARGET="esp32c3"
+
 # ESP32C3 supports SECURE_BOOT_V2 only in ECO3
 CONFIG_ESP32C3_REV_MIN_3=y
 CONFIG_ESP32C3_REV_MIN=3

examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32s2

@@ -0,0 +1,16 @@
+# SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
+
+CONFIG_IDF_TARGET="esp32s2"
+
+CONFIG_PARTITION_TABLE_OFFSET=0xC000
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
+
+CONFIG_SECURE_BOOT=y
+CONFIG_SECURE_BOOT_V2_ENABLED=y
+CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
+CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
+
+# IMPORTANT: ONLY VIRTUAL eFuse MODE!
+CONFIG_EFUSE_VIRTUAL=y
+CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=y

examples/system/efuse/test/secure_boot_signing_key_ecdsa_nistp256.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIKbc9BxtbY3xeDA9J5PCCsPIk7pcTDylSQEzH2qXYcNCoAoGCCqGSM49
+AwEHoUQDQgAEU9yRNPfLJd3+ZsvdjWMqQgGmmccAnwBtb+IJz8KkbbXys38S7D+z
+5MLc+VY2AwGXNUyd0myLInojX2SKUOsOfw==
+-----END EC PRIVATE KEY-----