efuse example: Adds CI tests for ESP32-C2

This commit is contained in:
KonstantinKondrashov 2022-06-13 21:42:28 +08:00 committed by BOT
parent 87fbc2f487
commit 346cba9c57
14 changed files with 214 additions and 54 deletions

View File

@ -613,6 +613,12 @@ example_test_C3_GENERIC:
- ESP32C3 - ESP32C3
- Example_GENERIC - Example_GENERIC
example_test_C2_GENERIC:
extends: .example_test_esp32c2_template
tags:
- ESP32C2
- Example_GENERIC
example_test_ESP32_SDSPI: example_test_ESP32_SDSPI:
extends: .example_test_esp32_template extends: .example_test_esp32_template
tags: tags:

View File

@ -43,10 +43,6 @@ examples/system/deep_sleep:
reason: target esp32c2 is not supported yet reason: target esp32c2 is not supported yet
examples/system/efuse: examples/system/efuse:
disable:
- if: IDF_TARGET == "esp32c2"
temporary: true
reason: target esp32c2 is not supported yet
disable_test: disable_test:
- if: IDF_TARGET == "esp32s3" - if: IDF_TARGET == "esp32s3"
temporary: true temporary: true

View File

@ -1,5 +1,5 @@
| Supported Targets | ESP32 | ESP32-C3 | ESP32-S2 | ESP32-S3 | | Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-S2 | ESP32-S3 |
| ----------------- | ----- | -------- | -------- | -------- | | ----------------- | ----- | -------- | -------- | -------- | -------- |
# eFuse Example # eFuse Example

View File

@ -27,7 +27,7 @@ def erase_field_on_emul_efuse(dut, pos_of_bits): # type: (ttfw_idf.TinyFW.Env,
dut.write_flash(flash_files) dut.write_flash(flash_files)
@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32c3']) @ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32c3', 'esp32c2'])
def test_examples_efuse(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None def test_examples_efuse(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None
dut = env.get_dut('efuse', 'examples/system/efuse') dut = env.get_dut('efuse', 'examples/system/efuse')
dut.start_app() dut.start_app()
@ -54,7 +54,7 @@ def test_examples_efuse(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None
timeout=30) timeout=30)
@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32s2', 'esp32c3']) @ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32s2', 'esp32c3', 'esp32c2'])
def test_examples_efuse_with_virt_flash_enc(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None def test_examples_efuse_with_virt_flash_enc(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None
dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_flash_enc') dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_flash_enc')
# check and log bin size # check and log bin size
@ -79,7 +79,10 @@ def test_examples_efuse_with_virt_flash_enc(env, _): # type: (ttfw_idf.TinyFW.E
dut.expect('Disable JTAG...') dut.expect('Disable JTAG...')
dut.expect('Disable ROM BASIC interpreter fallback...') dut.expect('Disable ROM BASIC interpreter fallback...')
else: else:
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 4') if dut.TARGET == 'esp32c2':
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 1')
else:
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 4')
dut.expect('Not disabling UART bootloader encryption') dut.expect('Not disabling UART bootloader encryption')
dut.expect('Disable UART bootloader cache...') dut.expect('Disable UART bootloader cache...')
dut.expect('Disable JTAG...') dut.expect('Disable JTAG...')
@ -138,7 +141,7 @@ def test_examples_efuse_with_virt_flash_enc_aes_256(env, _): # type: (ttfw_idf.
dut.expect('example: Done') dut.expect('example: Done')
@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32s2', 'esp32c3']) @ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32s2', 'esp32c3', 'esp32c2'])
def test_examples_efuse_with_virt_flash_enc_pre_loaded(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None def test_examples_efuse_with_virt_flash_enc_pre_loaded(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None
dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_flash_enc') dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_flash_enc')
@ -161,6 +164,9 @@ def test_examples_efuse_with_virt_flash_enc_pre_loaded(env, _): # type: (ttfw_i
FLASH_CRYPT_CNT = 20 FLASH_CRYPT_CNT = 20
# Resets eFuse, which enables Flash encryption feature # Resets eFuse, which enables Flash encryption feature
erase_field_on_emul_efuse(dut, [FLASH_CRYPT_CNT]) erase_field_on_emul_efuse(dut, [FLASH_CRYPT_CNT])
elif dut.TARGET == 'esp32c2':
FLASH_CRYPT_CNT = 39
erase_field_on_emul_efuse(dut, [FLASH_CRYPT_CNT])
else: else:
# offset of this eFuse is taken from components/efuse/{target}/esp_efuse_table.csv # offset of this eFuse is taken from components/efuse/{target}/esp_efuse_table.csv
print(' - Flash emul_efuse with pre-loaded efuses (SPI_BOOT_CRYPT_CNT 1 -> 0)') print(' - Flash emul_efuse with pre-loaded efuses (SPI_BOOT_CRYPT_CNT 1 -> 0)')
@ -201,7 +207,7 @@ def test_examples_efuse_with_virt_flash_enc_pre_loaded(env, _): # type: (ttfw_i
dut.expect('example: Done') dut.expect('example: Done')
@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32s2', 'esp32c3']) @ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32', 'esp32s2', 'esp32c3', 'esp32c2'])
def test_examples_efuse_with_virt_flash_enc_release(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None def test_examples_efuse_with_virt_flash_enc_release(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None
dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_flash_enc_release') dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_flash_enc_release')
# check and log bin size # check and log bin size
@ -226,7 +232,10 @@ def test_examples_efuse_with_virt_flash_enc_release(env, _): # type: (ttfw_idf.
dut.expect('Disable JTAG...') dut.expect('Disable JTAG...')
dut.expect('Disable ROM BASIC interpreter fallback...') dut.expect('Disable ROM BASIC interpreter fallback...')
else: else:
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 4') if dut.TARGET == 'esp32c2':
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 1')
else:
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 4')
dut.expect('Disable UART bootloader encryption') dut.expect('Disable UART bootloader encryption')
dut.expect('Disable UART bootloader cache...') dut.expect('Disable UART bootloader cache...')
dut.expect('Disable JTAG...') dut.expect('Disable JTAG...')
@ -347,7 +356,7 @@ def test_examples_efuse_with_virt_secure_boot_v1_pre_loaded(env, _): # type: (t
@ttfw_idf.idf_example_test(env_tag='Example_EthKitV12', target=['esp32']) @ttfw_idf.idf_example_test(env_tag='Example_EthKitV12', target=['esp32'])
def test_examples_efuse_with_virt_secure_boot_v2(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None def test_examples_efuse_with_virt_secure_boot_v2(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None
# only for ESP32 ECO3 # only for ESP32 ECO3
dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2') dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2.' + env.default_dut_cls.TARGET)
# check and log bin size # check and log bin size
binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin') binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
bin_size = os.path.getsize(binary_file) bin_size = os.path.getsize(binary_file)
@ -408,7 +417,7 @@ def test_examples_efuse_with_virt_secure_boot_v2(env, _): # type: (ttfw_idf.Tin
@ttfw_idf.idf_example_test(env_tag='Example_EthKitV12', target=['esp32']) @ttfw_idf.idf_example_test(env_tag='Example_EthKitV12', target=['esp32'])
def test_examples_efuse_with_virt_secure_boot_v2_pre_loaded(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None def test_examples_efuse_with_virt_secure_boot_v2_pre_loaded(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None
# only for ESP32 ECO3 # only for ESP32 ECO3
dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2') dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2.' + env.default_dut_cls.TARGET)
print(' - Erase flash') print(' - Erase flash')
dut.erase_flash() dut.erase_flash()
@ -469,9 +478,9 @@ def test_examples_efuse_with_virt_secure_boot_v2_pre_loaded(env, _): # type: (t
dut.expect('example: Done') dut.expect('example: Done')
@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32s2', 'esp32c3']) @ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32s2', 'esp32c3', 'esp32c2'])
def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None
dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2') dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2.' + env.default_dut_cls.TARGET)
# check and log bin size # check and log bin size
binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin') binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
bin_size = os.path.getsize(binary_file) bin_size = os.path.getsize(binary_file)
@ -489,24 +498,29 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(env, _): # type: (ttfw
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set') dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...') signed_scheme = 'ECDSA' if dut.TARGET == 'esp32c2' else 'RSA-PSS'
dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
dut.expect('secure_boot_v2: Signature verified successfully!') dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('secure_boot_v2: enabling secure boot v2...') dut.expect('secure_boot_v2: enabling secure boot v2...')
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set') dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...') dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
dut.expect('secure_boot_v2: Signature verified successfully!') dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('secure_boot_v2: Secure boot digests absent, generating..') dut.expect('secure_boot_v2: Secure boot digests absent, generating..')
dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures') dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
dut.expect('secure_boot_v2: 1 signature block(s) found appended to the bootloader') dut.expect('secure_boot_v2: 1 signature block(s) found appended to the bootloader')
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 9') if dut.TARGET == 'esp32c2':
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 3')
else:
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 9')
dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures') dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
dut.expect('secure_boot_v2: 1 signature block(s) found appended to the app') dut.expect('secure_boot_v2: 1 signature block(s) found appended to the app')
dut.expect('secure_boot_v2: Application key(0) matches with bootloader key(0)') dut.expect('secure_boot_v2: Application key(0) matches with bootloader key(0)')
dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...') if dut.TARGET != 'esp32c2':
dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...') dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...')
dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...')
dut.expect('secure_boot_v2: blowing secure boot efuse...') dut.expect('secure_boot_v2: blowing secure boot efuse...')
dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED') dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED')
dut.expect('Disable hardware & software JTAG...') dut.expect('Disable hardware & software JTAG...')
@ -520,7 +534,7 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(env, _): # type: (ttfw
dut.reset() dut.reset()
dut.expect('Loading virtual efuse blocks from flash') dut.expect('Loading virtual efuse blocks from flash')
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...') dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
dut.expect('secure_boot_v2: Signature verified successfully!') dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('secure_boot_v2: enabling secure boot v2...') dut.expect('secure_boot_v2: enabling secure boot v2...')
dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..') dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
@ -528,9 +542,9 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(env, _): # type: (ttfw
dut.expect('example: Done') dut.expect('example: Done')
@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32s2', 'esp32c3']) @ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32s2', 'esp32c3', 'esp32c2'])
def test_examples_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None def test_examples_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None
dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2') dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_secure_boot_v2.' + env.default_dut_cls.TARGET)
print(' - Erase flash') print(' - Erase flash')
dut.erase_flash() dut.erase_flash()
@ -546,28 +560,34 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(env, _): #
print(' - Flash emul_efuse with pre-loaded efuses (SECURE_BOOT_EN 1 -> 0, SECURE_BOOT_KEY_REVOKE[0..2] -> 0)') print(' - Flash emul_efuse with pre-loaded efuses (SECURE_BOOT_EN 1 -> 0, SECURE_BOOT_KEY_REVOKE[0..2] -> 0)')
# offsets of eFuses are taken from components/efuse/{target}/esp_efuse_table.csv # offsets of eFuses are taken from components/efuse/{target}/esp_efuse_table.csv
SECURE_BOOT_EN = 116 if dut.TARGET == 'esp32c2':
SECURE_BOOT_KEY_REVOKE0 = 85 SECURE_BOOT_EN = 53
SECURE_BOOT_KEY_REVOKE1 = 86 erase_field_on_emul_efuse(dut, [SECURE_BOOT_EN])
SECURE_BOOT_KEY_REVOKE2 = 87 else:
# Resets eFuse, which enables Secure boot feature SECURE_BOOT_EN = 116
# Resets eFuses, which control digest slots SECURE_BOOT_KEY_REVOKE0 = 85
erase_field_on_emul_efuse(dut, [SECURE_BOOT_EN, SECURE_BOOT_KEY_REVOKE0, SECURE_BOOT_KEY_REVOKE1, SECURE_BOOT_KEY_REVOKE2]) SECURE_BOOT_KEY_REVOKE1 = 86
SECURE_BOOT_KEY_REVOKE2 = 87
# Resets eFuse, which enables Secure boot feature
# Resets eFuses, which control digest slots
erase_field_on_emul_efuse(dut, [SECURE_BOOT_EN, SECURE_BOOT_KEY_REVOKE0, SECURE_BOOT_KEY_REVOKE1, SECURE_BOOT_KEY_REVOKE2])
print(' - Start app (flash partition_table and app)') print(' - Start app (flash partition_table and app)')
dut.start_app() dut.start_app()
dut.expect('Loading virtual efuse blocks from flash') dut.expect('Loading virtual efuse blocks from flash')
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...') signed_scheme = 'ECDSA' if dut.TARGET == 'esp32c2' else 'RSA-PSS'
dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
dut.expect('secure_boot_v2: Signature verified successfully!') dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('secure_boot_v2: Secure boot digests already present') dut.expect('secure_boot_v2: Secure boot digests already present')
dut.expect('secure_boot_v2: Using pre-loaded public key digest in eFuse') dut.expect('secure_boot_v2: Using pre-loaded public key digest in eFuse')
dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures') dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
dut.expect('secure_boot_v2: 1 signature block(s) found appended to the app') dut.expect('secure_boot_v2: 1 signature block(s) found appended to the app')
dut.expect('secure_boot_v2: Application key(0) matches with bootloader key(0)') dut.expect('secure_boot_v2: Application key(0) matches with bootloader key(0)')
dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...') if dut.TARGET != 'esp32c2':
dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...') dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...')
dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...')
dut.expect('secure_boot_v2: blowing secure boot efuse...') dut.expect('secure_boot_v2: blowing secure boot efuse...')
dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED') dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED')
@ -582,7 +602,7 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(env, _): #
dut.reset() dut.reset()
dut.expect('Loading virtual efuse blocks from flash') dut.expect('Loading virtual efuse blocks from flash')
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...') dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
dut.expect('secure_boot_v2: Signature verified successfully!') dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('secure_boot_v2: enabling secure boot v2...') dut.expect('secure_boot_v2: enabling secure boot v2...')
dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..') dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
@ -654,7 +674,7 @@ def test_examples_efuse_with_virt_sb_v1_and_fe(env, _): # type: (ttfw_idf.TinyF
@ttfw_idf.idf_example_test(env_tag='Example_EthKitV12', target=['esp32']) @ttfw_idf.idf_example_test(env_tag='Example_EthKitV12', target=['esp32'])
def test_examples_efuse_with_virt_sb_v2_and_fe(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None def test_examples_efuse_with_virt_sb_v2_and_fe(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None
# only for ESP32 ECO3 # only for ESP32 ECO3
dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_sb_v2_and_fe') dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_sb_v2_and_fe.' + env.default_dut_cls.TARGET)
# check and log bin size # check and log bin size
binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin') binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
bin_size = os.path.getsize(binary_file) bin_size = os.path.getsize(binary_file)
@ -730,9 +750,9 @@ def test_examples_efuse_with_virt_sb_v2_and_fe(env, _): # type: (ttfw_idf.TinyF
dut.expect('example: Done') dut.expect('example: Done')
@ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32s2', 'esp32c3']) @ttfw_idf.idf_example_test(env_tag='Example_GENERIC', target=['esp32s2', 'esp32c3', 'esp32c2'])
def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None
dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_sb_v2_and_fe') dut = env.get_dut('efuse', 'examples/system/efuse', app_config_name='virt_sb_v2_and_fe.' + env.default_dut_cls.TARGET)
# check and log bin size # check and log bin size
binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin') binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
bin_size = os.path.getsize(binary_file) bin_size = os.path.getsize(binary_file)
@ -750,51 +770,65 @@ def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(env, _): # type: (ttfw_i
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set') dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...') signed_scheme = 'ECDSA' if dut.TARGET == 'esp32c2' else 'RSA-PSS'
dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
dut.expect('secure_boot_v2: Signature verified successfully!') dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('secure_boot_v2: enabling secure boot v2...') dut.expect('secure_boot_v2: enabling secure boot v2...')
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set') dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...') dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
dut.expect('secure_boot_v2: Signature verified successfully!') dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('secure_boot_v2: Secure boot digests absent, generating..') dut.expect('secure_boot_v2: Secure boot digests absent, generating..')
dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures') dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
dut.expect('secure_boot_v2: 1 signature block(s) found appended to the bootloader') dut.expect('secure_boot_v2: 1 signature block(s) found appended to the bootloader')
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 9') if dut.TARGET == 'esp32c2':
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 3')
else:
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 9')
dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures') dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
dut.expect('secure_boot_v2: 1 signature block(s) found appended to the app') dut.expect('secure_boot_v2: 1 signature block(s) found appended to the app')
dut.expect('secure_boot_v2: Application key(0) matches with bootloader key(0)') dut.expect('secure_boot_v2: Application key(0) matches with bootloader key(0)')
dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...') if dut.TARGET != 'esp32c2':
dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...') dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...')
dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...')
dut.expect('secure_boot_v2: blowing secure boot efuse...') dut.expect('secure_boot_v2: blowing secure boot efuse...')
dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED') dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED')
dut.expect('Disable hardware & software JTAG...') dut.expect('Disable hardware & software JTAG...')
dut.expect('secure_boot_v2: Secure boot permanently enabled')
if dut.TARGET != 'esp32c2':
dut.expect('secure_boot_v2: Secure boot permanently enabled')
dut.expect('Checking flash encryption...') dut.expect('Checking flash encryption...')
dut.expect('flash_encrypt: Generating new flash encryption key...') dut.expect('flash_encrypt: Generating new flash encryption key...')
dut.expect('Writing EFUSE_BLK_KEY1 with purpose 4') if dut.TARGET == 'esp32c2':
dut.expect('Writing EFUSE_BLK_KEY0 with purpose 2')
else:
dut.expect('Writing EFUSE_BLK_KEY1 with purpose 4')
dut.expect('Not disabling UART bootloader encryption') dut.expect('Not disabling UART bootloader encryption')
dut.expect('Disable UART bootloader cache...') dut.expect('Disable UART bootloader cache...')
dut.expect('Disable JTAG...') dut.expect('Disable JTAG...')
if dut.TARGET == 'esp32c2':
dut.expect('boot: Secure boot permanently enabled')
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...') dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
dut.expect('secure_boot_v2: Signature verified successfully!') dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('flash_encrypt: bootloader encrypted successfully') dut.expect('flash_encrypt: bootloader encrypted successfully')
dut.expect('flash_encrypt: partition table encrypted and loaded successfully') dut.expect('flash_encrypt: partition table encrypted and loaded successfully')
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...') dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
dut.expect('secure_boot_v2: Signature verified successfully!') dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('flash_encrypt: Flash encryption completed', timeout=90) dut.expect('flash_encrypt: Flash encryption completed', timeout=90)
dut.expect('Resetting with flash encryption enabled...') dut.expect('Resetting with flash encryption enabled...')
dut.expect('Loading virtual efuse blocks from flash') dut.expect('Loading virtual efuse blocks from flash')
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Verifying with RSA-PSS...') dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
dut.expect('secure_boot_v2: Signature verified successfully!') dut.expect('secure_boot_v2: Signature verified successfully!')
dut.expect('secure_boot_v2: enabling secure boot v2...') dut.expect('secure_boot_v2: enabling secure boot v2...')
dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..') dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')

View File

@ -15,6 +15,10 @@
#include "esp_efuse.h" #include "esp_efuse.h"
#include "esp_efuse_table.h" #include "esp_efuse_table.h"
#include "esp_efuse_custom_table.h" #include "esp_efuse_custom_table.h"
#if CONFIG_IDF_TARGET_ESP32C2
#include "esp_secure_boot.h"
#include "esp_flash_encrypt.h"
#endif
#include "sdkconfig.h" #include "sdkconfig.h"
static const char* TAG = "example"; static const char* TAG = "example";
@ -138,6 +142,16 @@ void app_main(void)
read_efuse_fields(&device_desc); read_efuse_fields(&device_desc);
ESP_LOGW(TAG, "This example does not burn any efuse in reality only virtually"); ESP_LOGW(TAG, "This example does not burn any efuse in reality only virtually");
#if CONFIG_IDF_TARGET_ESP32C2
if (esp_secure_boot_enabled() || esp_flash_encryption_enabled()) {
ESP_LOGW(TAG, "BLOCK3 is used for secure boot or/and flash encryption");
ESP_LOGW(TAG, "eFuses from the custom eFuse table can not be used as they are placed in BLOCK3");
ESP_LOGI(TAG, "Done");
return;
}
#endif
#ifdef CONFIG_EFUSE_VIRTUAL #ifdef CONFIG_EFUSE_VIRTUAL
ESP_LOGW(TAG, "Write operations in efuse fields are performed virtually"); ESP_LOGW(TAG, "Write operations in efuse fields are performed virtually");
if (device_desc.device_role == 0) { if (device_desc.device_role == 0) {

View File

@ -0,0 +1,21 @@
# FLASH_ENCRYPTION & SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
CONFIG_IDF_TARGET="esp32"
# ESP32 supports SECURE_BOOT_V2 only in ECO3
CONFIG_ESP32_REV_MIN_3=y
CONFIG_ESP32_REV_MIN=3
CONFIG_PARTITION_TABLE_OFFSET=0xD000
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
CONFIG_SECURE_FLASH_ENC_ENABLED=y
# IMPORTANT: ONLY VIRTUAL eFuse MODE!
CONFIG_EFUSE_VIRTUAL=y
CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=y

View File

@ -0,0 +1,17 @@
# FLASH_ENCRYPTION & SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
CONFIG_IDF_TARGET="esp32c2"
CONFIG_PARTITION_TABLE_OFFSET=0xD000
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem"
CONFIG_SECURE_FLASH_ENC_ENABLED=y
# IMPORTANT: ONLY VIRTUAL eFuse MODE!
CONFIG_EFUSE_VIRTUAL=y
CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=y

View File

@ -1,8 +1,7 @@
# FLASH_ENCRYPTION & SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH # FLASH_ENCRYPTION & SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
# ESP32 supports SECURE_BOOT_V2 only in ECO3 CONFIG_IDF_TARGET="esp32c3"
CONFIG_ESP32_REV_MIN_3=y
CONFIG_ESP32_REV_MIN=3
# ESP32C3 supports SECURE_BOOT_V2 only in ECO3 # ESP32C3 supports SECURE_BOOT_V2 only in ECO3
CONFIG_ESP32C3_REV_MIN_3=y CONFIG_ESP32C3_REV_MIN_3=y
CONFIG_ESP32C3_REV_MIN=3 CONFIG_ESP32C3_REV_MIN=3

View File

@ -0,0 +1,17 @@
# FLASH_ENCRYPTION & SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
CONFIG_IDF_TARGET="esp32s2"
CONFIG_PARTITION_TABLE_OFFSET=0xD000
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
CONFIG_SECURE_FLASH_ENC_ENABLED=y
# IMPORTANT: ONLY VIRTUAL eFuse MODE!
CONFIG_EFUSE_VIRTUAL=y
CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=y

View File

@ -0,0 +1,20 @@
# SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
CONFIG_IDF_TARGET="esp32"
# ESP32 supports SECURE_BOOT_V2 only in ECO3
CONFIG_ESP32_REV_MIN_3=y
CONFIG_ESP32_REV_MIN=3
CONFIG_PARTITION_TABLE_OFFSET=0xC000
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
# IMPORTANT: ONLY VIRTUAL eFuse MODE!
CONFIG_EFUSE_VIRTUAL=y
CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=y

View File

@ -0,0 +1,16 @@
# SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
CONFIG_IDF_TARGET="esp32c2"
CONFIG_PARTITION_TABLE_OFFSET=0xC000
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem"
CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
# IMPORTANT: ONLY VIRTUAL eFuse MODE!
CONFIG_EFUSE_VIRTUAL=y
CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=y

View File

@ -1,8 +1,7 @@
# SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH # SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
# ESP32 supports SECURE_BOOT_V2 only in ECO3 CONFIG_IDF_TARGET="esp32c3"
CONFIG_ESP32_REV_MIN_3=y
CONFIG_ESP32_REV_MIN=3
# ESP32C3 supports SECURE_BOOT_V2 only in ECO3 # ESP32C3 supports SECURE_BOOT_V2 only in ECO3
CONFIG_ESP32C3_REV_MIN_3=y CONFIG_ESP32C3_REV_MIN_3=y
CONFIG_ESP32C3_REV_MIN=3 CONFIG_ESP32C3_REV_MIN=3

View File

@ -0,0 +1,16 @@
# SECURE_BOOT_V2 with EFUSE_VIRTUAL_KEEP_IN_FLASH
CONFIG_IDF_TARGET="esp32s2"
CONFIG_PARTITION_TABLE_OFFSET=0xC000
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
# IMPORTANT: ONLY VIRTUAL eFuse MODE!
CONFIG_EFUSE_VIRTUAL=y
CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=y

View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIKbc9BxtbY3xeDA9J5PCCsPIk7pcTDylSQEzH2qXYcNCoAoGCCqGSM49
AwEHoUQDQgAEU9yRNPfLJd3+ZsvdjWMqQgGmmccAnwBtb+IJz8KkbbXys38S7D+z
5MLc+VY2AwGXNUyd0myLInojX2SKUOsOfw==
-----END EC PRIVATE KEY-----