From 9be1c9f03ec890b76cfc875ba6adbd77aac8b73d Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 28 Mar 2024 11:35:33 +0530 Subject: [PATCH] fix(bootloader_support): Fix API not defined for application --- components/bootloader_support/CMakeLists.txt | 4 ++++ .../bootloader_support/include/esp_flash_encrypt.h | 7 +++++-- components/bootloader_support/include/esp_secure_boot.h | 9 +++++++-- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/components/bootloader_support/CMakeLists.txt b/components/bootloader_support/CMakeLists.txt index d721fef50a..fbe9adf5fd 100644 --- a/components/bootloader_support/CMakeLists.txt +++ b/components/bootloader_support/CMakeLists.txt @@ -86,6 +86,10 @@ if(BOOTLOADER_BUILD) endif() endif() else() + if(CONFIG_SOC_SECURE_BOOT_SUPPORTED) + list(APPEND srcs "src/${IDF_TARGET}/secure_boot_secure_features.c") + endif() + if(CONFIG_SECURE_SIGNED_ON_UPDATE) if(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME) list(APPEND srcs "src/secure_boot_v1/secure_boot_signatures_app.c") diff --git a/components/bootloader_support/include/esp_flash_encrypt.h b/components/bootloader_support/include/esp_flash_encrypt.h index d6b0a54c5a..7c09593ecc 100644 --- a/components/bootloader_support/include/esp_flash_encrypt.h +++ b/components/bootloader_support/include/esp_flash_encrypt.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -82,7 +82,7 @@ bool esp_flash_encryption_enabled(void); * @note RTC_WDT will reset while encryption operations will be performed (if RTC_WDT is configured). * * @return ESP_OK if all operations succeeded, ESP_ERR_INVALID_STATE - * if a fatal error occured during encryption of all partitions. + * if a fatal error occurred during encryption of all partitions. */ esp_err_t esp_flash_encrypt_check_and_update(void); @@ -178,12 +178,15 @@ esp_flash_enc_mode_t esp_get_flash_encryption_mode(void); */ void esp_flash_encryption_init_checks(void); + +#if BOOTLOADER_BUILD && CONFIG_SECURE_FLASH_ENC_ENABLED /** @brief Set all secure eFuse features related to flash encryption * * @return * - ESP_OK - Successfully */ esp_err_t esp_flash_encryption_enable_secure_features(void); +#endif /* BOOTLOADER_BUILD && CONFIG_SECURE_FLASH_ENC_ENABLED */ /** @brief Returns the verification status for all physical security features of flash encryption in release mode * diff --git a/components/bootloader_support/include/esp_secure_boot.h b/components/bootloader_support/include/esp_secure_boot.h index fdb757db3b..465c7368d5 100644 --- a/components/bootloader_support/include/esp_secure_boot.h +++ b/components/bootloader_support/include/esp_secure_boot.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -292,7 +292,7 @@ void esp_secure_boot_init_checks(void); * @return * - ESP_OK - At least one signature was found * - ESP_ERR_NOT_FOUND - No signatures were found, num_digests value will be zero - * - ESP_FAIL - An error occured trying to read the signature blocks from flash + * - ESP_FAIL - An error occurred trying to read the signature blocks from flash */ esp_err_t esp_secure_boot_get_signature_blocks_for_running_app(bool digest_public_keys, esp_image_sig_public_key_digests_t *public_key_digests); @@ -300,6 +300,11 @@ esp_err_t esp_secure_boot_get_signature_blocks_for_running_app(bool digest_publi /** @brief Set all secure eFuse features related to secure_boot * + * @note + * This API needs to be called in the eFuse batch mode. + * i.e. A call to esp_efuse_batch_write_begin() should be made prior to calling this API to start the batch mode + * After the API has been executed a call to esp_efuse_batch_write_commit()/esp_efuse_batch_write_cancel() + * should be made accordingly. * @return * - ESP_OK - Successfully */