From 3a23340e4027b8bef79d569f8a17e208c3c3ac5b Mon Sep 17 00:00:00 2001 From: KonstantinKondrashov Date: Fri, 3 Dec 2021 01:50:36 +0800 Subject: [PATCH 1/2] bootloader_support: Support eFuse key APIs in SB and FE --- .../src/flash_encryption/flash_encrypt.c | 8 ++++++++ .../bootloader_support/src/secure_boot_v2/secure_boot.c | 8 ++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/components/bootloader_support/src/flash_encryption/flash_encrypt.c b/components/bootloader_support/src/flash_encryption/flash_encrypt.c index e54a8c1341..fc340a2983 100644 --- a/components/bootloader_support/src/flash_encryption/flash_encrypt.c +++ b/components/bootloader_support/src/flash_encryption/flash_encrypt.c @@ -100,11 +100,19 @@ static esp_err_t check_and_generate_encryption_keys(void) ESP_LOGE(TAG, "XTS_AES_128_KEY is already in use, XTS_AES_256_KEY_1/2 can not be used"); return ESP_ERR_INVALID_STATE; } +#else +#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_AES64 + enum { BLOCKS_NEEDED = 1 }; + esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = { + ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY, + }; + key_size = 16; #else enum { BLOCKS_NEEDED = 1 }; esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = { ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY, }; +#endif // CONFIG_SECURE_FLASH_ENCRYPTION_AES64 #endif // CONFIG_SECURE_FLASH_ENCRYPTION_AES256 #endif // CONFIG_IDF_TARGET_ESP32 diff --git a/components/bootloader_support/src/secure_boot_v2/secure_boot.c b/components/bootloader_support/src/secure_boot_v2/secure_boot.c index 37223a89b6..9b30cbf967 100644 --- a/components/bootloader_support/src/secure_boot_v2/secure_boot.c +++ b/components/bootloader_support/src/secure_boot_v2/secure_boot.c @@ -131,7 +131,11 @@ static esp_err_t s_calculate_image_public_key_digests(uint32_t flash_offset, uin static esp_err_t check_and_generate_secure_boot_keys(const esp_image_metadata_t *image_data) { esp_err_t ret; -#ifdef CONFIG_IDF_TARGET_ESP32 +#ifdef CONFIG_IDF_TARGET_ESP8684 + esp_efuse_purpose_t secure_boot_key_purpose[SECURE_BOOT_NUM_BLOCKS] = { + ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2, + }; +#elif CONFIG_IDF_TARGET_ESP32 esp_efuse_purpose_t secure_boot_key_purpose[SECURE_BOOT_NUM_BLOCKS] = { ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2, }; @@ -146,7 +150,7 @@ static esp_err_t check_and_generate_secure_boot_keys(const esp_image_metadata_t ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST1, ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST2, }; -#endif // CONFIG_IDF_TARGET_ESP32 +#endif // CONFIG_IDF_TARGET_ESP32 || CONFIG_IDF_TARGET_ESP8684 /* Verify the bootloader */ esp_image_metadata_t bootloader_data = { 0 }; From ebdc52d4e2f6cc0a549b69c0bad422e460b7b30a Mon Sep 17 00:00:00 2001 From: KonstantinKondrashov Date: Fri, 3 Dec 2021 01:48:47 +0800 Subject: [PATCH 2/2] efuse(esp32c2): Support eFuse key APIs --- components/bootloader/Kconfig.projbuild | 2 + .../src/secure_boot_v2/secure_boot.c | 19 +- components/efuse/CMakeLists.txt | 18 +- components/efuse/esp32c2/esp_efuse_fields.c | 15 +- components/efuse/esp32c2/esp_efuse_table.c | 162 ++++++---- components/efuse/esp32c2/esp_efuse_table.csv | 65 ++-- components/efuse/esp32c2/esp_efuse_utility.c | 91 +++++- components/efuse/esp32c2/include/esp_efuse.h | 25 +- .../efuse/esp32c2/include/esp_efuse_table.h | 137 ++------ components/efuse/include/esp_efuse.h | 8 +- .../with_key_purposes/esp_efuse_api_key.c} | 30 +- .../one_key_block/esp_efuse_api_key.c | 247 +++++++++++++++ .../three_key_blocks/esp_efuse_api_key.c} | 9 +- components/efuse/src/esp_efuse_fields.c | 5 +- components/efuse/test/CMakeLists.txt | 16 +- .../test/one_key_block/esp_efuse_test_table.c | 109 +++++++ .../one_key_block/esp_efuse_test_table.csv | 34 ++ .../include/esp_efuse_test_table.h | 28 ++ .../efuse/test/one_key_block/test_efuse.c | 154 +++++++++ .../test/one_key_block/test_efuse_keys.c | 292 ++++++++++++++++++ components/efuse/test/test_efuse.c | 189 +----------- .../esp_efuse_test_table.c | 2 +- .../esp_efuse_test_table.csv | 0 .../include/esp_efuse_test_table.h | 2 +- .../efuse/test/three_key_blocks/test_efuse.c | 86 ++++++ .../test_efuse_coding_scheme.c | 4 +- .../with_key_purposes/esp_efuse_test_table.c | 107 +++++++ .../esp_efuse_test_table.csv | 33 ++ .../include/esp_efuse_test_table.h | 28 ++ .../efuse/test/with_key_purposes/test_efuse.c | 195 ++++++++++++ .../{ => with_key_purposes}/test_efuse_keys.c | 12 +- .../esp32c2/include/soc/Kconfig.soc_caps.in | 12 +- components/soc/esp32c2/include/soc/soc_caps.h | 6 +- .../esp32c3/include/soc/Kconfig.soc_caps.in | 4 + components/soc/esp32c3/include/soc/soc_caps.h | 3 +- .../esp32h2/include/soc/Kconfig.soc_caps.in | 4 + components/soc/esp32h2/include/soc/soc_caps.h | 3 +- .../esp32s2/include/soc/Kconfig.soc_caps.in | 4 + components/soc/esp32s2/include/soc/soc_caps.h | 1 + .../esp32s3/include/soc/Kconfig.soc_caps.in | 4 + components/soc/esp32s3/include/soc/soc_caps.h | 1 + 41 files changed, 1706 insertions(+), 460 deletions(-) rename components/efuse/src/{esp_efuse_api_key_esp32xx.c => efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c} (94%) create mode 100644 components/efuse/src/efuse_controller/keys/without_key_purposes/one_key_block/esp_efuse_api_key.c rename components/efuse/src/{esp_efuse_api_key_esp32.c => efuse_controller/keys/without_key_purposes/three_key_blocks/esp_efuse_api_key.c} (96%) create mode 100644 components/efuse/test/one_key_block/esp_efuse_test_table.c create mode 100644 components/efuse/test/one_key_block/esp_efuse_test_table.csv create mode 100644 components/efuse/test/one_key_block/include/esp_efuse_test_table.h create mode 100644 components/efuse/test/one_key_block/test_efuse.c create mode 100644 components/efuse/test/one_key_block/test_efuse_keys.c rename components/efuse/test/{ => three_key_blocks}/esp_efuse_test_table.c (97%) rename components/efuse/test/{ => three_key_blocks}/esp_efuse_test_table.csv (100%) rename components/efuse/test/{ => three_key_blocks}/include/esp_efuse_test_table.h (92%) create mode 100644 components/efuse/test/three_key_blocks/test_efuse.c rename components/efuse/test/{ => three_key_blocks}/test_efuse_coding_scheme.c (98%) create mode 100644 components/efuse/test/with_key_purposes/esp_efuse_test_table.c create mode 100644 components/efuse/test/with_key_purposes/esp_efuse_test_table.csv create mode 100644 components/efuse/test/with_key_purposes/include/esp_efuse_test_table.h create mode 100644 components/efuse/test/with_key_purposes/test_efuse.c rename components/efuse/test/{ => with_key_purposes}/test_efuse_keys.c (98%) diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild index 4f74c6988e..932f67f88d 100644 --- a/components/bootloader/Kconfig.projbuild +++ b/components/bootloader/Kconfig.projbuild @@ -273,6 +273,8 @@ menu "Bootloader config" depends on BOOTLOADER_APP_ANTI_ROLLBACK range 1 32 if IDF_TARGET_ESP32 default 32 if IDF_TARGET_ESP32 + range 1 4 if IDF_TARGET_ESP32C2 + default 4 if IDF_TARGET_ESP32C2 range 1 16 default 16 help diff --git a/components/bootloader_support/src/secure_boot_v2/secure_boot.c b/components/bootloader_support/src/secure_boot_v2/secure_boot.c index 9b30cbf967..5d6977636d 100644 --- a/components/bootloader_support/src/secure_boot_v2/secure_boot.c +++ b/components/bootloader_support/src/secure_boot_v2/secure_boot.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -131,26 +131,23 @@ static esp_err_t s_calculate_image_public_key_digests(uint32_t flash_offset, uin static esp_err_t check_and_generate_secure_boot_keys(const esp_image_metadata_t *image_data) { esp_err_t ret; -#ifdef CONFIG_IDF_TARGET_ESP8684 - esp_efuse_purpose_t secure_boot_key_purpose[SECURE_BOOT_NUM_BLOCKS] = { - ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2, - }; -#elif CONFIG_IDF_TARGET_ESP32 - esp_efuse_purpose_t secure_boot_key_purpose[SECURE_BOOT_NUM_BLOCKS] = { - ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2, - }; +#ifdef CONFIG_IDF_TARGET_ESP32 esp_efuse_coding_scheme_t coding_scheme = esp_efuse_get_coding_scheme(EFUSE_BLK_SECURE_BOOT); if (coding_scheme != EFUSE_CODING_SCHEME_NONE) { ESP_LOGE(TAG, "No coding schemes are supported in secure boot v2.(Detected scheme: 0x%x)", coding_scheme); return ESP_ERR_NOT_SUPPORTED; } -#else +#endif // CONFIG_IDF_TARGET_ESP32 + esp_efuse_purpose_t secure_boot_key_purpose[SECURE_BOOT_NUM_BLOCKS] = { +#if SECURE_BOOT_NUM_BLOCKS == 1 + ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2, +#else ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST0, ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST1, ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST2, +#endif }; -#endif // CONFIG_IDF_TARGET_ESP32 || CONFIG_IDF_TARGET_ESP8684 /* Verify the bootloader */ esp_image_metadata_t bootloader_data = { 0 }; diff --git a/components/efuse/CMakeLists.txt b/components/efuse/CMakeLists.txt index fc4da1d4f2..fdfe6ecaa1 100644 --- a/components/efuse/CMakeLists.txt +++ b/components/efuse/CMakeLists.txt @@ -13,14 +13,20 @@ if(EXISTS "${COMPONENT_DIR}/${target}") add_prefix(srcs "${target}/" ${EFUSE_SOC_SRCS}) endif() +if(CONFIG_SOC_EFUSE_KEY_PURPOSE_FIELD) + set(type "with_key_purposes") +else() + if(CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK) + set(type "without_key_purposes/one_key_block") + else() + set(type "without_key_purposes/three_key_blocks") + endif() +endif() + list(APPEND srcs "src/esp_efuse_api.c" "src/esp_efuse_fields.c" - "src/esp_efuse_utility.c") -if("esp32" STREQUAL "${target}") - list(APPEND srcs "src/esp_efuse_api_key_esp32.c") -else() - list(APPEND srcs "src/esp_efuse_api_key_esp32xx.c") -endif() + "src/esp_efuse_utility.c" + "src/efuse_controller/keys/${type}/esp_efuse_api_key.c") idf_component_register(SRCS "${srcs}" PRIV_REQUIRES bootloader_support soc spi_flash diff --git a/components/efuse/esp32c2/esp_efuse_fields.c b/components/efuse/esp32c2/esp_efuse_fields.c index e6cb85c3f9..9001bd4b90 100644 --- a/components/efuse/esp32c2/esp_efuse_fields.c +++ b/components/efuse/esp32c2/esp_efuse_fields.c @@ -40,15 +40,24 @@ uint32_t esp_efuse_get_pkg_ver(void) esp_err_t esp_efuse_set_rom_log_scheme(esp_efuse_rom_log_scheme_t log_scheme) { - abort(); + int cur_log_scheme = 0; + esp_efuse_read_field_blob(ESP_EFUSE_UART_PRINT_CONTROL, &cur_log_scheme, ESP_EFUSE_UART_PRINT_CONTROL[0]->bit_count); + if (!cur_log_scheme) { // not burned yet + return esp_efuse_write_field_blob(ESP_EFUSE_UART_PRINT_CONTROL, &log_scheme, ESP_EFUSE_UART_PRINT_CONTROL[0]->bit_count); + } else { + return ESP_ERR_INVALID_STATE; + } } esp_err_t esp_efuse_disable_rom_download_mode(void) { - abort(); + return esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MODE); } esp_err_t esp_efuse_enable_rom_secure_download_mode(void) { - abort(); + if (esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MODE)) { + return ESP_ERR_INVALID_STATE; + } + return esp_efuse_write_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD); } diff --git a/components/efuse/esp32c2/esp_efuse_table.c b/components/efuse/esp32c2/esp_efuse_table.c index 51c9fcbcdf..27349e27cd 100644 --- a/components/efuse/esp32c2/esp_efuse_table.c +++ b/components/efuse/esp32c2/esp_efuse_table.c @@ -9,7 +9,7 @@ #include #include "esp_efuse_table.h" -// md5_digest_table 3bf086fa10d850cbaeccbd70fcba1c2f +// md5_digest_table af57e8a6a405ebf239cc552f713c91d0 // This file was generated from the file esp_efuse_table.csv. DO NOT CHANGE THIS FILE MANUALLY. // If you want to change some fields, you need to change esp_efuse_table.csv file // then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. @@ -24,15 +24,19 @@ static const esp_efuse_desc_t WR_DIS_KEY0_RD_DIS[] = { }; static const esp_efuse_desc_t WR_DIS_GROUP_1[] = { - {EFUSE_BLK0, 1, 1}, // Write protection for WDT_DELAY DIS_PAD_JTAG, + {EFUSE_BLK0, 1, 1}, // Write protection for WDT_DELAY DIS_PAD_JTAG DIS_DOWNLOAD_ICACHE, }; static const esp_efuse_desc_t WR_DIS_GROUP_2[] = { - {EFUSE_BLK0, 2, 1}, // Write protection for DOWNLOAD_DIS_MANUAL_ENCRYPT SPI_BOOT_ENCRYPT_DECRYPT_CNT XTS_KEY_LENGTH_256, + {EFUSE_BLK0, 2, 1}, // Write protection for DOWNLOAD_DIS_MANUAL_ENCRYPT SPI_BOOT_CRYPT_CNT XTS_KEY_LENGTH_256 SECURE_BOOT_EN, +}; + +static const esp_efuse_desc_t WR_DIS_SPI_BOOT_CRYPT_CNT[] = { + {EFUSE_BLK0, 2, 1}, // Write protection for DOWNLOAD_DIS_MANUAL_ENCRYPT [SPI_BOOT_CRYPT_CNT] XTS_KEY_LENGTH_256 SECURE_BOOT_EN, }; static const esp_efuse_desc_t WR_DIS_GROUP_3[] = { - {EFUSE_BLK0, 3, 1}, // Write protection for UART_PRINT_CONTROL FORCE_SEND_RESUME DIS_DOWNLOAD_MODE DIS_DIRECT_BOOT ENABLE_SECURITY_DOWNLOAD FLASH_TPUW SECURE_BOOT_EN, + {EFUSE_BLK0, 3, 1}, // Write protection for UART_PRINT_CONTROL FORCE_SEND_RESUME DIS_DOWNLOAD_MODE DIS_DIRECT_BOOT ENABLE_SECURITY_DOWNLOAD FLASH_TPUW, }; static const esp_efuse_desc_t WR_DIS_BLK0_RESERVED[] = { @@ -48,79 +52,87 @@ static const esp_efuse_desc_t WR_DIS_SYS_DATA_PART1[] = { }; static const esp_efuse_desc_t WR_DIS_KEY0[] = { - {EFUSE_BLK0, 7, 1}, // Write protection for EFUSE_BLK3. KEY0, + {EFUSE_BLK0, 7, 1}, // Write protection for EFUSE_BLK3. whole KEY0, }; static const esp_efuse_desc_t RD_DIS[] = { - {EFUSE_BLK0, 8, 2}, // Read protection, + {EFUSE_BLK0, 32, 2}, // Read protection, }; static const esp_efuse_desc_t RD_DIS_KEY0[] = { {EFUSE_BLK0, 32, 2}, // Read protection for EFUSE_BLK3. KEY0, }; +static const esp_efuse_desc_t RD_DIS_KEY0_LOW[] = { + {EFUSE_BLK0, 32, 1}, // Read protection for EFUSE_BLK3. KEY0 lower 128-bit key, +}; + +static const esp_efuse_desc_t RD_DIS_KEY0_HI[] = { + {EFUSE_BLK0, 33, 1}, // Read protection for EFUSE_BLK3. KEY0 higher 128-bit key, +}; + static const esp_efuse_desc_t WDT_DELAY_SEL[] = { - {EFUSE_BLK0, 34, 2}, // /* TODO: Need Description*/, + {EFUSE_BLK0, 34, 2}, // RTC WDT timeout threshold, }; static const esp_efuse_desc_t DIS_PAD_JTAG[] = { - {EFUSE_BLK0, 36, 1}, // /* TODO: Need Description*/, + {EFUSE_BLK0, 36, 1}, // Hardware Disable JTAG permanently, }; -static const esp_efuse_desc_t EFUSE_DIS_DOWNLOAD_ICACHE[] = { - {EFUSE_BLK0, 37, 1}, // /* TODO: Need Description*/, +static const esp_efuse_desc_t DIS_DOWNLOAD_ICACHE[] = { + {EFUSE_BLK0, 37, 1}, // Disable ICache in Download mode, }; static const esp_efuse_desc_t DIS_DOWNLOAD_MANUAL_ENCRYPT[] = { - {EFUSE_BLK0, 38, 1}, // /* TODO: Need Description*/, + {EFUSE_BLK0, 38, 1}, // Disable flash encryption in Download boot mode, }; -static const esp_efuse_desc_t SPI_BOOT_ENCRYPT_DECRYPT_CNT[] = { - {EFUSE_BLK0, 39, 3}, // /* TODO: Need Description*/, +static const esp_efuse_desc_t SPI_BOOT_CRYPT_CNT[] = { + {EFUSE_BLK0, 39, 3}, // Enable SPI boot encrypt/decrypt. Odd number: enable; even number: disable, }; static const esp_efuse_desc_t XTS_KEY_LENGTH_256[] = { - {EFUSE_BLK0, 42, 1}, // /* TODO: Need Description*/, + {EFUSE_BLK0, 42, 1}, // Select XTS_AES key length. 1: 256-bit of whole block3; 0: Lower 128-bit of block3, }; static const esp_efuse_desc_t UART_PRINT_CONTROL[] = { - {EFUSE_BLK0, 43, 2}, // /* TODO: Need Description*/, + {EFUSE_BLK0, 43, 2}, // Set UART boot message output mode. 00: Force print; 01: Low-level print controlled by GPIO 8; 10: High-level print controlled by GPIO 8; 11: Print force disabled, }; static const esp_efuse_desc_t FORCE_SEND_RESUME[] = { - {EFUSE_BLK0, 45, 1}, // /* TODO: Need Description*/, + {EFUSE_BLK0, 45, 1}, // Force ROM code to send an SPI flash resume command during SPI boot, }; static const esp_efuse_desc_t DIS_DOWNLOAD_MODE[] = { - {EFUSE_BLK0, 46, 1}, // /* TODO: Need Description*/, + {EFUSE_BLK0, 46, 1}, // Disable all download boot modes, }; static const esp_efuse_desc_t DIS_DIRECT_BOOT[] = { - {EFUSE_BLK0, 47, 1}, // /* TODO: Need Description*/, + {EFUSE_BLK0, 47, 1}, // Disable direct_boot mode, }; static const esp_efuse_desc_t ENABLE_SECURITY_DOWNLOAD[] = { - {EFUSE_BLK0, 48, 1}, // /* TODO: Need Description*/, + {EFUSE_BLK0, 48, 1}, // Enable secure UART download mode, }; static const esp_efuse_desc_t FLASH_TPUW[] = { - {EFUSE_BLK0, 49, 4}, // /* TODO: Need Description*/, + {EFUSE_BLK0, 49, 4}, // Configure flash startup delay after SoC being powered up (the unit is ms/2). When the value is 15 delay will be 7.5 ms, }; static const esp_efuse_desc_t SECURE_BOOT_EN[] = { - {EFUSE_BLK0, 53, 1}, // /* TODO: Need Description*/, + {EFUSE_BLK0, 53, 1}, // Enable secure boot, }; -static const esp_efuse_desc_t SYSTEM_DATA0[] = { - {EFUSE_BLK1, 0, 32}, // EFUSE_SYSTEM_DATA0, +static const esp_efuse_desc_t SECURE_VERSION[] = { + {EFUSE_BLK0, 54, 4}, // Secure version for anti-rollback, }; -static const esp_efuse_desc_t SYSTEM_DATA1[] = { - {EFUSE_BLK1, 32, 32}, // EFUSE_SYSTEM_DATA1, +static const esp_efuse_desc_t USER_DATA[] = { + {EFUSE_BLK1, 0, 88}, // User data block, }; -static const esp_efuse_desc_t SYSTEM_DATA2[] = { - {EFUSE_BLK1, 64, 23}, // EFUSE_SYSTEM_DATA2, +static const esp_efuse_desc_t USER_DATA_MAC_CUSTOM[] = { + {EFUSE_BLK1, 0, 48}, // Custom MAC addr, }; static const esp_efuse_desc_t MAC_FACTORY[] = { @@ -177,7 +189,19 @@ static const esp_efuse_desc_t ADC_CALIBRATION_2[] = { }; static const esp_efuse_desc_t KEY0[] = { - {EFUSE_BLK3, 0, 256}, // Key0 or user data, + {EFUSE_BLK3, 0, 256}, // [256bit FE key] or [128bit FE key and 128key SB key] or [user data], +}; + +static const esp_efuse_desc_t KEY0_FE_256BIT[] = { + {EFUSE_BLK3, 0, 256}, // [256bit FE key], +}; + +static const esp_efuse_desc_t KEY0_FE_128BIT[] = { + {EFUSE_BLK3, 0, 128}, // [128bit FE key], +}; + +static const esp_efuse_desc_t KEY0_SB_128BIT[] = { + {EFUSE_BLK3, 128, 128}, // [128bit SB key], }; @@ -195,17 +219,22 @@ const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY0_RD_DIS[] = { }; const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_GROUP_1[] = { - &WR_DIS_GROUP_1[0], // Write protection for WDT_DELAY DIS_PAD_JTAG + &WR_DIS_GROUP_1[0], // Write protection for WDT_DELAY DIS_PAD_JTAG DIS_DOWNLOAD_ICACHE NULL }; const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_GROUP_2[] = { - &WR_DIS_GROUP_2[0], // Write protection for DOWNLOAD_DIS_MANUAL_ENCRYPT SPI_BOOT_ENCRYPT_DECRYPT_CNT XTS_KEY_LENGTH_256 + &WR_DIS_GROUP_2[0], // Write protection for DOWNLOAD_DIS_MANUAL_ENCRYPT SPI_BOOT_CRYPT_CNT XTS_KEY_LENGTH_256 SECURE_BOOT_EN + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT[] = { + &WR_DIS_SPI_BOOT_CRYPT_CNT[0], // Write protection for DOWNLOAD_DIS_MANUAL_ENCRYPT [SPI_BOOT_CRYPT_CNT] XTS_KEY_LENGTH_256 SECURE_BOOT_EN NULL }; const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_GROUP_3[] = { - &WR_DIS_GROUP_3[0], // Write protection for UART_PRINT_CONTROL FORCE_SEND_RESUME DIS_DOWNLOAD_MODE DIS_DIRECT_BOOT ENABLE_SECURITY_DOWNLOAD FLASH_TPUW SECURE_BOOT_EN + &WR_DIS_GROUP_3[0], // Write protection for UART_PRINT_CONTROL FORCE_SEND_RESUME DIS_DOWNLOAD_MODE DIS_DIRECT_BOOT ENABLE_SECURITY_DOWNLOAD FLASH_TPUW NULL }; @@ -225,7 +254,7 @@ const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SYS_DATA_PART1[] = { }; const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY0[] = { - &WR_DIS_KEY0[0], // Write protection for EFUSE_BLK3. KEY0 + &WR_DIS_KEY0[0], // Write protection for EFUSE_BLK3. whole KEY0 NULL }; @@ -239,83 +268,93 @@ const esp_efuse_desc_t* ESP_EFUSE_RD_DIS_KEY0[] = { NULL }; +const esp_efuse_desc_t* ESP_EFUSE_RD_DIS_KEY0_LOW[] = { + &RD_DIS_KEY0_LOW[0], // Read protection for EFUSE_BLK3. KEY0 lower 128-bit key + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_RD_DIS_KEY0_HI[] = { + &RD_DIS_KEY0_HI[0], // Read protection for EFUSE_BLK3. KEY0 higher 128-bit key + NULL +}; + const esp_efuse_desc_t* ESP_EFUSE_WDT_DELAY_SEL[] = { - &WDT_DELAY_SEL[0], // /* TODO: Need Description*/ + &WDT_DELAY_SEL[0], // RTC WDT timeout threshold NULL }; const esp_efuse_desc_t* ESP_EFUSE_DIS_PAD_JTAG[] = { - &DIS_PAD_JTAG[0], // /* TODO: Need Description*/ + &DIS_PAD_JTAG[0], // Hardware Disable JTAG permanently NULL }; -const esp_efuse_desc_t* ESP_EFUSE_EFUSE_DIS_DOWNLOAD_ICACHE[] = { - &EFUSE_DIS_DOWNLOAD_ICACHE[0], // /* TODO: Need Description*/ +const esp_efuse_desc_t* ESP_EFUSE_DIS_DOWNLOAD_ICACHE[] = { + &DIS_DOWNLOAD_ICACHE[0], // Disable ICache in Download mode NULL }; const esp_efuse_desc_t* ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT[] = { - &DIS_DOWNLOAD_MANUAL_ENCRYPT[0], // /* TODO: Need Description*/ + &DIS_DOWNLOAD_MANUAL_ENCRYPT[0], // Disable flash encryption in Download boot mode NULL }; -const esp_efuse_desc_t* ESP_EFUSE_SPI_BOOT_ENCRYPT_DECRYPT_CNT[] = { - &SPI_BOOT_ENCRYPT_DECRYPT_CNT[0], // /* TODO: Need Description*/ +const esp_efuse_desc_t* ESP_EFUSE_SPI_BOOT_CRYPT_CNT[] = { + &SPI_BOOT_CRYPT_CNT[0], // Enable SPI boot encrypt/decrypt. Odd number: enable; even number: disable NULL }; const esp_efuse_desc_t* ESP_EFUSE_XTS_KEY_LENGTH_256[] = { - &XTS_KEY_LENGTH_256[0], // /* TODO: Need Description*/ + &XTS_KEY_LENGTH_256[0], // Select XTS_AES key length. 1: 256-bit of whole block3; 0: Lower 128-bit of block3 NULL }; const esp_efuse_desc_t* ESP_EFUSE_UART_PRINT_CONTROL[] = { - &UART_PRINT_CONTROL[0], // /* TODO: Need Description*/ + &UART_PRINT_CONTROL[0], // Set UART boot message output mode. 00: Force print; 01: Low-level print controlled by GPIO 8; 10: High-level print controlled by GPIO 8; 11: Print force disabled NULL }; const esp_efuse_desc_t* ESP_EFUSE_FORCE_SEND_RESUME[] = { - &FORCE_SEND_RESUME[0], // /* TODO: Need Description*/ + &FORCE_SEND_RESUME[0], // Force ROM code to send an SPI flash resume command during SPI boot NULL }; const esp_efuse_desc_t* ESP_EFUSE_DIS_DOWNLOAD_MODE[] = { - &DIS_DOWNLOAD_MODE[0], // /* TODO: Need Description*/ + &DIS_DOWNLOAD_MODE[0], // Disable all download boot modes NULL }; const esp_efuse_desc_t* ESP_EFUSE_DIS_DIRECT_BOOT[] = { - &DIS_DIRECT_BOOT[0], // /* TODO: Need Description*/ + &DIS_DIRECT_BOOT[0], // Disable direct_boot mode NULL }; const esp_efuse_desc_t* ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD[] = { - &ENABLE_SECURITY_DOWNLOAD[0], // /* TODO: Need Description*/ + &ENABLE_SECURITY_DOWNLOAD[0], // Enable secure UART download mode NULL }; const esp_efuse_desc_t* ESP_EFUSE_FLASH_TPUW[] = { - &FLASH_TPUW[0], // /* TODO: Need Description*/ + &FLASH_TPUW[0], // Configure flash startup delay after SoC being powered up (the unit is ms/2). When the value is 15 delay will be 7.5 ms NULL }; const esp_efuse_desc_t* ESP_EFUSE_SECURE_BOOT_EN[] = { - &SECURE_BOOT_EN[0], // /* TODO: Need Description*/ + &SECURE_BOOT_EN[0], // Enable secure boot NULL }; -const esp_efuse_desc_t* ESP_EFUSE_SYSTEM_DATA0[] = { - &SYSTEM_DATA0[0], // EFUSE_SYSTEM_DATA0 +const esp_efuse_desc_t* ESP_EFUSE_SECURE_VERSION[] = { + &SECURE_VERSION[0], // Secure version for anti-rollback NULL }; -const esp_efuse_desc_t* ESP_EFUSE_SYSTEM_DATA1[] = { - &SYSTEM_DATA1[0], // EFUSE_SYSTEM_DATA1 +const esp_efuse_desc_t* ESP_EFUSE_USER_DATA[] = { + &USER_DATA[0], // User data block NULL }; -const esp_efuse_desc_t* ESP_EFUSE_SYSTEM_DATA2[] = { - &SYSTEM_DATA2[0], // EFUSE_SYSTEM_DATA2 +const esp_efuse_desc_t* ESP_EFUSE_USER_DATA_MAC_CUSTOM[] = { + &USER_DATA_MAC_CUSTOM[0], // Custom MAC addr NULL }; @@ -385,6 +424,21 @@ const esp_efuse_desc_t* ESP_EFUSE_ADC_CALIBRATION_2[] = { }; const esp_efuse_desc_t* ESP_EFUSE_KEY0[] = { - &KEY0[0], // Key0 or user data + &KEY0[0], // [256bit FE key] or [128bit FE key and 128key SB key] or [user data] + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_KEY0_FE_256BIT[] = { + &KEY0_FE_256BIT[0], // [256bit FE key] + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_KEY0_FE_128BIT[] = { + &KEY0_FE_128BIT[0], // [128bit FE key] + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_KEY0_SB_128BIT[] = { + &KEY0_SB_128BIT[0], // [128bit SB key] NULL }; diff --git a/components/efuse/esp32c2/esp_efuse_table.csv b/components/efuse/esp32c2/esp_efuse_table.csv index 730ea9e4db..f462af61ab 100644 --- a/components/efuse/esp32c2/esp_efuse_table.csv +++ b/components/efuse/esp32c2/esp_efuse_table.csv @@ -1,10 +1,8 @@ # field_name, | efuse_block, | bit_start, | bit_count, |comment # -# | (EFUSE_BLK0 | (0..255) | (1..-) | # -# | EFUSE_BLK1 | |MAX_BLK_LEN*| # -# | ... | | | # -# | EFUSE_BLK10)| | | # +# | (EFUSE_BLK0 | (0..255) | (1-256) | # +# | EFUSE_BLK1 | | | # +# | EFUSE_BLK3) | | | # ########################################################################## -# *) The value MAX_BLK_LEN depends on CONFIG_EFUSE_MAX_BLK_LEN, will be replaced with "None" - 256. "3/4" - 192. "REPEAT" - 128. # !!!!!!!!!!! # # After editing this file, run the command manually "make efuse_common_table" or "idf.py efuse_common_table" # this will generate new source files, next rebuild all the sources. @@ -15,39 +13,40 @@ # EFUSE_RD_WR_DIS_REG # WR_DIS, EFUSE_BLK0, 0, 8, Write protection WR_DIS.KEY0_RD_DIS, EFUSE_BLK0, 0, 1, Write protection for KEY0_RD_DIS - WR_DIS.GROUP_1, EFUSE_BLK0, 1, 1, Write protection for WDT_DELAY DIS_PAD_JTAG - WR_DIS.GROUP_2, EFUSE_BLK0, 2, 1, Write protection for DOWNLOAD_DIS_MANUAL_ENCRYPT SPI_BOOT_ENCRYPT_DECRYPT_CNT XTS_KEY_LENGTH_256 - WR_DIS.GROUP_3, EFUSE_BLK0, 3, 1, Write protection for UART_PRINT_CONTROL FORCE_SEND_RESUME DIS_DOWNLOAD_MODE DIS_DIRECT_BOOT ENABLE_SECURITY_DOWNLOAD FLASH_TPUW SECURE_BOOT_EN + WR_DIS.GROUP_1, EFUSE_BLK0, 1, 1, Write protection for WDT_DELAY DIS_PAD_JTAG DIS_DOWNLOAD_ICACHE + WR_DIS.GROUP_2, EFUSE_BLK0, 2, 1, Write protection for DOWNLOAD_DIS_MANUAL_ENCRYPT SPI_BOOT_CRYPT_CNT XTS_KEY_LENGTH_256 SECURE_BOOT_EN + WR_DIS.SPI_BOOT_CRYPT_CNT, EFUSE_BLK0, 2, 1, Write protection for DOWNLOAD_DIS_MANUAL_ENCRYPT [SPI_BOOT_CRYPT_CNT] XTS_KEY_LENGTH_256 SECURE_BOOT_EN + WR_DIS.GROUP_3, EFUSE_BLK0, 3, 1, Write protection for UART_PRINT_CONTROL FORCE_SEND_RESUME DIS_DOWNLOAD_MODE DIS_DIRECT_BOOT ENABLE_SECURITY_DOWNLOAD FLASH_TPUW WR_DIS.BLK0_RESERVED, EFUSE_BLK0, 4, 1, Write protection for BLK0_RESERVED WR_DIS.SYS_DATA_PART0, EFUSE_BLK0, 5, 1, Write protection for EFUSE_BLK1. SYS_DATA_PART0 WR_DIS.SYS_DATA_PART1, EFUSE_BLK0, 6, 1, Write protection for EFUSE_BLK2. SYS_DATA_PART2 - WR_DIS.KEY0, EFUSE_BLK0, 7, 1, Write protection for EFUSE_BLK3. KEY0 - + WR_DIS.KEY0, EFUSE_BLK0, 7, 1, Write protection for EFUSE_BLK3. whole KEY0 # EFUSE_RD_REPEAT_DATA0_REG # - RD_DIS, EFUSE_BLK0, 8, 2, Read protection - RD_DIS.KEY0, EFUSE_BLK0, 8, 2, Read protection for EFUSE_BLK3. KEY0 + RD_DIS, EFUSE_BLK0, 32, 2, Read protection + RD_DIS.KEY0, EFUSE_BLK0, 32, 2, Read protection for EFUSE_BLK3. KEY0 + RD_DIS.KEY0.LOW, EFUSE_BLK0, 32, 1, Read protection for EFUSE_BLK3. KEY0 lower 128-bit key + RD_DIS.KEY0.HI, EFUSE_BLK0, 33, 1, Read protection for EFUSE_BLK3. KEY0 higher 128-bit key - WDT_DELAY_SEL, EFUSE_BLK0, 10, 2, /* TODO: Need Description*/ - DIS_PAD_JTAG, EFUSE_BLK0, 12, 1, /* TODO: Need Description*/ - EFUSE_DIS_DOWNLOAD_ICACHE, EFUSE_BLK0, 13, 1, /* TODO: Need Description*/ - DIS_DOWNLOAD_MANUAL_ENCRYPT, EFUSE_BLK0, 14, 1, /* TODO: Need Description*/ - SPI_BOOT_ENCRYPT_DECRYPT_CNT, EFUSE_BLK0, 15, 3, /* TODO: Need Description*/ - XTS_KEY_LENGTH_256, EFUSE_BLK0, 18, 1, /* TODO: Need Description*/ - UART_PRINT_CONTROL, EFUSE_BLK0, 19, 2, /* TODO: Need Description*/ - FORCE_SEND_RESUME, EFUSE_BLK0, 21, 1, /* TODO: Need Description*/ - DIS_DOWNLOAD_MODE, EFUSE_BLK0, 22, 1, /* TODO: Need Description*/ - DIS_DIRECT_BOOT, EFUSE_BLK0, 23, 1, /* TODO: Need Description*/ - ENABLE_SECURITY_DOWNLOAD, EFUSE_BLK0, 24, 1, /* TODO: Need Description*/ - FLASH_TPUW, EFUSE_BLK0, 25, 4, /* TODO: Need Description*/ - SECURE_BOOT_EN, EFUSE_BLK0, 29, 1, /* TODO: Need Description*/ + WDT_DELAY_SEL, EFUSE_BLK0, 34, 2, RTC WDT timeout threshold + DIS_PAD_JTAG, EFUSE_BLK0, 36, 1, Hardware Disable JTAG permanently + DIS_DOWNLOAD_ICACHE, EFUSE_BLK0, 37, 1, Disable ICache in Download mode + DIS_DOWNLOAD_MANUAL_ENCRYPT, EFUSE_BLK0, 38, 1, Disable flash encryption in Download boot mode + SPI_BOOT_CRYPT_CNT, EFUSE_BLK0, 39, 3, Enable SPI boot encrypt/decrypt. Odd number: enable; even number: disable + XTS_KEY_LENGTH_256, EFUSE_BLK0, 42, 1, Select XTS_AES key length. 1: 256-bit of whole block3; 0: Lower 128-bit of block3 + UART_PRINT_CONTROL, EFUSE_BLK0, 43, 2, Set UART boot message output mode. 00: Force print; 01: Low-level print controlled by GPIO 8; 10: High-level print controlled by GPIO 8; 11: Print force disabled + FORCE_SEND_RESUME, EFUSE_BLK0, 45, 1, Force ROM code to send an SPI flash resume command during SPI boot + DIS_DOWNLOAD_MODE, EFUSE_BLK0, 46, 1, Disable all download boot modes + DIS_DIRECT_BOOT, EFUSE_BLK0, 47, 1, Disable direct_boot mode + ENABLE_SECURITY_DOWNLOAD, EFUSE_BLK0, 48, 1, Enable secure UART download mode + FLASH_TPUW, EFUSE_BLK0, 49, 4, Configure flash startup delay after SoC being powered up (the unit is ms/2). When the value is 15 delay will be 7.5 ms + SECURE_BOOT_EN, EFUSE_BLK0, 53, 1, Enable secure boot + SECURE_VERSION, EFUSE_BLK0, 54, 4, Secure version for anti-rollback -# SYS_DATA_PART0 BLOCK# - System configuration +# USER_DATA BLOCK# - System configuration ####################### - SYSTEM_DATA0, EFUSE_BLK1, 0, 32, EFUSE_SYSTEM_DATA0 - SYSTEM_DATA1, EFUSE_BLK1, 32, 32, EFUSE_SYSTEM_DATA1 - SYSTEM_DATA2, EFUSE_BLK1, 64, 23, EFUSE_SYSTEM_DATA2 - + USER_DATA, EFUSE_BLK1, 0, 88, User data block + USER_DATA.MAC_CUSTOM, EFUSE_BLK1, 0, 48, Custom MAC addr # SYS_DATA_PART1 BLOCK# - System configuration @@ -77,6 +76,6 @@ ################ KEY0, EFUSE_BLK3, 0, 256, [256bit FE key] or [128bit FE key and 128key SB key] or [user data] -KEY0.FLASH_ENCRYPTION EFUSE_BLK3, 0, 256, [256bit FE key] -KEY0.FLASH_ENCRYPTION_128 EFUSE_BLK3, 0, 128, [128bit FE key] -KEY0.SECURE_BOOT_128 EFUSE_BLK3, 128, 256, [128bit SB key] +KEY0.FE_256BIT, EFUSE_BLK3, 0, 256, [256bit FE key] +KEY0.FE_128BIT, EFUSE_BLK3, 0, 128, [128bit FE key] +KEY0.SB_128BIT, EFUSE_BLK3, 128, 128, [128bit SB key] diff --git a/components/efuse/esp32c2/esp_efuse_utility.c b/components/efuse/esp32c2/esp_efuse_utility.c index 864693959c..cd30697b6e 100644 --- a/components/efuse/esp32c2/esp_efuse_utility.c +++ b/components/efuse/esp32c2/esp_efuse_utility.c @@ -13,24 +13,84 @@ #include "esp_private/esp_clk.h" #include "esp32c2/rom/efuse.h" +static const char *TAG = "efuse"; + +#ifdef CONFIG_EFUSE_VIRTUAL +extern uint32_t virt_blocks[EFUSE_BLK_MAX][COUNT_EFUSE_REG_PER_BLOCK]; +#endif // CONFIG_EFUSE_VIRTUAL + /*Range addresses to read blocks*/ const esp_efuse_range_addr_t range_read_addr_blocks[] = { - {EFUSE_RD_WR_DIS_REG, EFUSE_RD_REPEAT_DATA0_REG}, // range address of EFUSE_BLK0 REPEAT - {EFUSE_RD_BLK1_DATA0_REG, EFUSE_RD_BLK1_DATA2_REG}, // range address of EFUSE_BLK1 SYS_DATA_PART0 - {EFUSE_RD_BLK2_DATA0_REG, EFUSE_RD_BLK2_DATA7_REG}, // range address of EFUSE_BLK2 SYS_DATA_PART_1 - {EFUSE_RD_BLK3_DATA0_REG, EFUSE_RD_BLK3_DATA7_REG}, // range address of EFUSE_BLK3 KEY0 + {EFUSE_RD_WR_DIS_REG, EFUSE_RD_REPEAT_DATA0_REG}, // range address of EFUSE_BLK0 (2 regs) REPEAT + {EFUSE_RD_BLK1_DATA0_REG, EFUSE_RD_BLK1_DATA2_REG}, // range address of EFUSE_BLK1 (3 regs) SYS_DATA_PART0 + {EFUSE_RD_BLK2_DATA0_REG, EFUSE_RD_BLK2_DATA7_REG}, // range address of EFUSE_BLK2 (8 regs) SYS_DATA_PART_1 + {EFUSE_RD_BLK3_DATA0_REG, EFUSE_RD_BLK3_DATA7_REG}, // range address of EFUSE_BLK3 (8 regs) KEY0 }; +static uint32_t write_mass_blocks[EFUSE_BLK_MAX][COUNT_EFUSE_REG_PER_BLOCK] = { 0 }; + +/*Range addresses to write blocks (it is not real regs, it is buffer) */ +const esp_efuse_range_addr_t range_write_addr_blocks[] = { + {(uint32_t) &write_mass_blocks[EFUSE_BLK0][0], (uint32_t) &write_mass_blocks[EFUSE_BLK0][1]}, + {(uint32_t) &write_mass_blocks[EFUSE_BLK1][0], (uint32_t) &write_mass_blocks[EFUSE_BLK1][2]}, + {(uint32_t) &write_mass_blocks[EFUSE_BLK2][0], (uint32_t) &write_mass_blocks[EFUSE_BLK2][7]}, + {(uint32_t) &write_mass_blocks[EFUSE_BLK3][0], (uint32_t) &write_mass_blocks[EFUSE_BLK3][7]}, +}; + +#ifndef CONFIG_EFUSE_VIRTUAL +// Update Efuse timing configuration +static esp_err_t esp_efuse_set_timing(void) +{ + // no need to set special timing values + return ESP_OK; +} +#endif // ifndef CONFIG_EFUSE_VIRTUAL + // Efuse read operation: copies data from physical efuses to efuse read registers. void esp_efuse_utility_clear_program_registers(void) { - abort(); + ets_efuse_read(); + ets_efuse_clear_program_registers(); } // Burn values written to the efuse write registers void esp_efuse_utility_burn_chip(void) { - abort(); +#ifdef CONFIG_EFUSE_VIRTUAL + ESP_LOGW(TAG, "Virtual efuses enabled: Not really burning eFuses"); + for (int num_block = EFUSE_BLK_MAX - 1; num_block >= EFUSE_BLK0; num_block--) { + int subblock = 0; + for (uint32_t addr_wr_block = range_write_addr_blocks[num_block].start; addr_wr_block <= range_write_addr_blocks[num_block].end; addr_wr_block += 4) { + virt_blocks[num_block][subblock++] |= REG_READ(addr_wr_block); + } + } +#ifdef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH + esp_efuse_utility_write_efuses_to_flash(); +#endif +#else + if (esp_efuse_set_timing() != ESP_OK) { + ESP_LOGE(TAG, "Efuse fields are not burnt"); + } else { + // Permanently update values written to the efuse write registers + // It is necessary to process blocks in the order from MAX-> EFUSE_BLK0, because EFUSE_BLK0 has protection bits for other blocks. + for (int num_block = EFUSE_BLK_MAX - 1; num_block >= EFUSE_BLK0; num_block--) { + for (uint32_t addr_wr_block = range_write_addr_blocks[num_block].start; addr_wr_block <= range_write_addr_blocks[num_block].end; addr_wr_block += 4) { + if (REG_READ(addr_wr_block) != 0) { + if (esp_efuse_get_coding_scheme(num_block) == EFUSE_CODING_SCHEME_RS) { + uint8_t block_rs[12]; + ets_efuse_rs_calculate((void *)range_write_addr_blocks[num_block].start, block_rs); + memcpy((void *)EFUSE_PGM_CHECK_VALUE0_REG, block_rs, sizeof(block_rs)); + } + int data_len = (range_write_addr_blocks[num_block].end - range_write_addr_blocks[num_block].start) + sizeof(uint32_t); + memcpy((void *)EFUSE_PGM_DATA0_REG, (void *)range_write_addr_blocks[num_block].start, data_len); + ets_efuse_program(num_block); + break; + } + } + } + } +#endif // CONFIG_EFUSE_VIRTUAL + esp_efuse_utility_reset(); } // After esp_efuse_write.. functions EFUSE_BLKx_WDATAx_REG were filled is not coded values. @@ -39,5 +99,22 @@ void esp_efuse_utility_burn_chip(void) // They will be filled during the burn operation. esp_err_t esp_efuse_utility_apply_new_coding_scheme() { - abort(); + // start with EFUSE_BLK1. EFUSE_BLK0 - always uses EFUSE_CODING_SCHEME_NONE. + for (int num_block = EFUSE_BLK1; num_block < EFUSE_BLK_MAX; num_block++) { + if (esp_efuse_get_coding_scheme(num_block) == EFUSE_CODING_SCHEME_RS) { + for (uint32_t addr_wr_block = range_write_addr_blocks[num_block].start; addr_wr_block <= range_write_addr_blocks[num_block].end; addr_wr_block += 4) { + if (REG_READ(addr_wr_block)) { + int num_reg = 0; + for (uint32_t addr_rd_block = range_read_addr_blocks[num_block].start; addr_rd_block <= range_read_addr_blocks[num_block].end; addr_rd_block += 4, ++num_reg) { + if (esp_efuse_utility_read_reg(num_block, num_reg)) { + ESP_LOGE(TAG, "Bits are not empty. Write operation is forbidden."); + return ESP_ERR_CODING; + } + } + break; + } + } + } + } + return ESP_OK; } diff --git a/components/efuse/esp32c2/include/esp_efuse.h b/components/efuse/esp32c2/include/esp_efuse.h index c190992788..c70db38e92 100644 --- a/components/efuse/esp32c2/include/esp_efuse.h +++ b/components/efuse/esp32c2/include/esp_efuse.h @@ -11,7 +11,7 @@ extern "C" { #endif /** - * @brief Type of eFuse blocks ESP32C2 + * @brief Type of eFuse blocks */ typedef enum { EFUSE_BLK0 = 0, /**< Number of eFuse BLOCK0. REPEAT_DATA */ @@ -22,11 +22,11 @@ typedef enum { EFUSE_BLK2 = 2, /**< Number of eFuse BLOCK2. SYS_DATA_PART1 */ EFUSE_BLK_SYS_DATA_PART1 = 2, /**< Number of eFuse BLOCK2. SYS_DATA_PART1 */ - EFUSE_BLK3 = 3, /**< Number of eFuse BLOCK3. KEY0*/ - EFUSE_BLK_KEY0 = 3, /**< Number of eFuse BLOCK3. KEY0*/ + EFUSE_BLK3 = 3, /**< Number of eFuse BLOCK3. KEY0. whole block */ + EFUSE_BLK_KEY0 = 3, /**< Number of eFuse BLOCK3. KEY0. whole block */ EFUSE_BLK_KEY_MAX = 4, - EFUSE_BLK_MAX = 4, + EFUSE_BLK_MAX = 4, /**< Number of eFuse blocks */ } esp_efuse_block_t; /** @@ -37,16 +37,15 @@ typedef enum { EFUSE_CODING_SCHEME_RS = 3, /**< Reed-Solomon coding */ } esp_efuse_coding_scheme_t; -/** For ESP32C2, there's no key purpose region for efuse keys, In order to maintain - * compatibility with the previous apis, we should set the parameter of 'ets_efuse_purpose_t' - * as default value ETS_EFUSE_KEY_PURPOSE_INVALID. - * (In fact, this parameter can be any value, the api in the rom will not process key_purpose region) - */ +/** + * @brief Type of key purposes (they are virtual because this chip has only fixed purposes for block) + */ typedef enum { - ESP_EFUSE_KEY_PURPOSE_INVALID = -1, - ESP_EFUSE_KEY_PURPOSE_USER = 0, - ESP_EFUSE_KEY_PURPOSE_FLASH_ENCRYPTION = 1, - ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V1 = 2, + ESP_EFUSE_KEY_PURPOSE_USER = 0, /**< whole BLOCK3 */ + ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY = 1, /**< FE uses the whole BLOCK3 (key is 256-bits) */ + ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY = 2, /**< FE uses lower 128-bits of BLOCK3 (key is 128-bits) */ + ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2 = 3, /**< SB uses higher 128-bits of BLOCK3 (key is 128-bits) */ + ESP_EFUSE_KEY_PURPOSE_MAX, /**< MAX PURPOSE */ } esp_efuse_purpose_t; #ifdef __cplusplus diff --git a/components/efuse/esp32c2/include/esp_efuse_table.h b/components/efuse/esp32c2/include/esp_efuse_table.h index e07bffcf11..9f5562db0f 100644 --- a/components/efuse/esp32c2/include/esp_efuse_table.h +++ b/components/efuse/esp32c2/include/esp_efuse_table.h @@ -9,7 +9,7 @@ extern "C" { #endif -// md5_digest_table 3f91b5a37afbcdf1379820626a92e69c +// md5_digest_table af57e8a6a405ebf239cc552f713c91d0 // This file was generated from the file esp_efuse_table.csv. DO NOT CHANGE THIS FILE MANUALLY. // If you want to change some fields, you need to change esp_efuse_table.csv file // then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. @@ -17,128 +17,51 @@ extern "C" { extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_RD_DIS[]; +extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY0_RD_DIS[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_GROUP_1[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_GROUP_2[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SECURE_BOOT_KEY_REVOKE0[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SECURE_BOOT_KEY_REVOKE1[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SECURE_BOOT_KEY_REVOKE2[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY0_PURPOSE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY1_PURPOSE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY2_PURPOSE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY3_PURPOSE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY4_PURPOSE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY5_PURPOSE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SECURE_BOOT_EN[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SECURE_BOOT_AGGRESSIVE_REVOKE[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_GROUP_3[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_BLK1[]; +extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_BLK0_RESERVED[]; +extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SYS_DATA_PART0[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SYS_DATA_PART1[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_USER_DATA[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY0[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY1[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY2[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY3[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY4[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY5[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SYS_DATA_PART2[]; extern const esp_efuse_desc_t* ESP_EFUSE_RD_DIS[]; extern const esp_efuse_desc_t* ESP_EFUSE_RD_DIS_KEY0[]; -extern const esp_efuse_desc_t* ESP_EFUSE_RD_DIS_KEY1[]; -extern const esp_efuse_desc_t* ESP_EFUSE_RD_DIS_KEY2[]; -extern const esp_efuse_desc_t* ESP_EFUSE_RD_DIS_KEY3[]; -extern const esp_efuse_desc_t* ESP_EFUSE_RD_DIS_KEY4[]; -extern const esp_efuse_desc_t* ESP_EFUSE_RD_DIS_KEY5[]; -extern const esp_efuse_desc_t* ESP_EFUSE_RD_DIS_SYS_DATA_PART2[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_RTC_RAM_BOOT[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_ICACHE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_USB_JTAG[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_DOWNLOAD_ICACHE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_USB_DEVICE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_FORCE_DOWNLOAD[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_USB[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_CAN[]; -extern const esp_efuse_desc_t* ESP_EFUSE_JTAG_SEL_ENABLE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SOFT_DIS_JTAG[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_PAD_JTAG[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT[]; -extern const esp_efuse_desc_t* ESP_EFUSE_USB_DREFH[]; -extern const esp_efuse_desc_t* ESP_EFUSE_USB_DREFL[]; -extern const esp_efuse_desc_t* ESP_EFUSE_USB_EXCHG_PINS[]; -extern const esp_efuse_desc_t* ESP_EFUSE_VDD_SPI_AS_GPIO[]; -extern const esp_efuse_desc_t* ESP_EFUSE_BTLC_GPIO_ENABLE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_POWERGLITCH_EN[]; -extern const esp_efuse_desc_t* ESP_EFUSE_POWER_GLITCH_DSENSE[]; +extern const esp_efuse_desc_t* ESP_EFUSE_RD_DIS_KEY0_LOW[]; +extern const esp_efuse_desc_t* ESP_EFUSE_RD_DIS_KEY0_HI[]; extern const esp_efuse_desc_t* ESP_EFUSE_WDT_DELAY_SEL[]; +extern const esp_efuse_desc_t* ESP_EFUSE_DIS_PAD_JTAG[]; +extern const esp_efuse_desc_t* ESP_EFUSE_DIS_DOWNLOAD_ICACHE[]; +extern const esp_efuse_desc_t* ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT[]; extern const esp_efuse_desc_t* ESP_EFUSE_SPI_BOOT_CRYPT_CNT[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SECURE_BOOT_KEY_REVOKE0[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SECURE_BOOT_KEY_REVOKE1[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SECURE_BOOT_KEY_REVOKE2[]; -extern const esp_efuse_desc_t* ESP_EFUSE_KEY_PURPOSE_0[]; -extern const esp_efuse_desc_t* ESP_EFUSE_KEY_PURPOSE_1[]; -extern const esp_efuse_desc_t* ESP_EFUSE_KEY_PURPOSE_2[]; -extern const esp_efuse_desc_t* ESP_EFUSE_KEY_PURPOSE_3[]; -extern const esp_efuse_desc_t* ESP_EFUSE_KEY_PURPOSE_4[]; -extern const esp_efuse_desc_t* ESP_EFUSE_KEY_PURPOSE_5[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SECURE_BOOT_EN[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_FLASH_TPUW[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_DOWNLOAD_MODE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_LEGACY_SPI_BOOT[]; -extern const esp_efuse_desc_t* ESP_EFUSE_UART_PRINT_CHANNEL[]; -extern const esp_efuse_desc_t* ESP_EFUSE_FLASH_ECC_MODE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIS_USB_DOWNLOAD_MODE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD[]; +extern const esp_efuse_desc_t* ESP_EFUSE_XTS_KEY_LENGTH_256[]; extern const esp_efuse_desc_t* ESP_EFUSE_UART_PRINT_CONTROL[]; -extern const esp_efuse_desc_t* ESP_EFUSE_PIN_POWER_SELECTION[]; -extern const esp_efuse_desc_t* ESP_EFUSE_FLASH_TYPE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_FLASH_PAGE_SIZE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_FLASH_ECC_EN[]; extern const esp_efuse_desc_t* ESP_EFUSE_FORCE_SEND_RESUME[]; +extern const esp_efuse_desc_t* ESP_EFUSE_DIS_DOWNLOAD_MODE[]; +extern const esp_efuse_desc_t* ESP_EFUSE_DIS_DIRECT_BOOT[]; +extern const esp_efuse_desc_t* ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD[]; +extern const esp_efuse_desc_t* ESP_EFUSE_FLASH_TPUW[]; +extern const esp_efuse_desc_t* ESP_EFUSE_SECURE_BOOT_EN[]; extern const esp_efuse_desc_t* ESP_EFUSE_SECURE_VERSION[]; -extern const esp_efuse_desc_t* ESP_EFUSE_MAC_FACTORY[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SPI_PAD_CONFIG_CLK[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SPI_PAD_CONFIG_Q_D1[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SPI_PAD_CONFIG_D_D0[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SPI_PAD_CONFIG_CS[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SPI_PAD_CONFIG_HD_D3[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SPI_PAD_CONFIG_WP_D2[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SPI_PAD_CONFIG_DQS[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SPI_PAD_CONFIG_D4[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SPI_PAD_CONFIG_D5[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SPI_PAD_CONFIG_D6[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SPI_PAD_CONFIG_D7[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WAFER_VERSION[]; -extern const esp_efuse_desc_t* ESP_EFUSE_PKG_VERSION[]; -extern const esp_efuse_desc_t* ESP_EFUSE_BLOCK1_VERSION[]; -extern const esp_efuse_desc_t* ESP_EFUSE_OPTIONAL_UNIQUE_ID[]; -extern const esp_efuse_desc_t* ESP_EFUSE_BLOCK2_VERSION[]; -extern const esp_efuse_desc_t* ESP_EFUSE_TEMP_CALIB[]; -extern const esp_efuse_desc_t* ESP_EFUSE_OCODE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_ADC1_INIT_CODE_ATTEN0[]; -extern const esp_efuse_desc_t* ESP_EFUSE_ADC1_INIT_CODE_ATTEN1[]; -extern const esp_efuse_desc_t* ESP_EFUSE_ADC1_INIT_CODE_ATTEN2[]; -extern const esp_efuse_desc_t* ESP_EFUSE_ADC1_INIT_CODE_ATTEN3[]; -extern const esp_efuse_desc_t* ESP_EFUSE_ADC1_CAL_VOL_ATTEN0[]; -extern const esp_efuse_desc_t* ESP_EFUSE_ADC1_CAL_VOL_ATTEN1[]; -extern const esp_efuse_desc_t* ESP_EFUSE_ADC1_CAL_VOL_ATTEN2[]; -extern const esp_efuse_desc_t* ESP_EFUSE_ADC1_CAL_VOL_ATTEN3[]; extern const esp_efuse_desc_t* ESP_EFUSE_USER_DATA[]; extern const esp_efuse_desc_t* ESP_EFUSE_USER_DATA_MAC_CUSTOM[]; +extern const esp_efuse_desc_t* ESP_EFUSE_MAC_FACTORY[]; +extern const esp_efuse_desc_t* ESP_EFUSE_WAFER_VERSION[]; +extern const esp_efuse_desc_t* ESP_EFUSE_PKG_VERSION[]; +extern const esp_efuse_desc_t* ESP_EFUSE_BLOCK2_VERSION[]; +extern const esp_efuse_desc_t* ESP_EFUSE_RF_REF_I_BIAS_CONFIG[]; +extern const esp_efuse_desc_t* ESP_EFUSE_LDO_VOL_BIAS_CONFIG_LOW[]; +extern const esp_efuse_desc_t* ESP_EFUSE_LDO_VOL_BIAS_CONFIG_HIGH[]; +extern const esp_efuse_desc_t* ESP_EFUSE_PVT_LOW[]; +extern const esp_efuse_desc_t* ESP_EFUSE_PVT_HIGH[]; +extern const esp_efuse_desc_t* ESP_EFUSE_ADC_CALIBRATION_0[]; +extern const esp_efuse_desc_t* ESP_EFUSE_ADC_CALIBRATION_1[]; +extern const esp_efuse_desc_t* ESP_EFUSE_ADC_CALIBRATION_2[]; extern const esp_efuse_desc_t* ESP_EFUSE_KEY0[]; -extern const esp_efuse_desc_t* ESP_EFUSE_KEY1[]; -extern const esp_efuse_desc_t* ESP_EFUSE_KEY2[]; -extern const esp_efuse_desc_t* ESP_EFUSE_KEY3[]; -extern const esp_efuse_desc_t* ESP_EFUSE_KEY4[]; -extern const esp_efuse_desc_t* ESP_EFUSE_KEY5[]; -extern const esp_efuse_desc_t* ESP_EFUSE_SYS_DATA_PART2[]; -extern const esp_efuse_desc_t* ESP_EFUSE_K_RTC_LDO[]; -extern const esp_efuse_desc_t* ESP_EFUSE_K_DIG_LDO[]; -extern const esp_efuse_desc_t* ESP_EFUSE_V_RTC_DBIAS20[]; -extern const esp_efuse_desc_t* ESP_EFUSE_V_DIG_DBIAS20[]; -extern const esp_efuse_desc_t* ESP_EFUSE_DIG_DBIAS_HVT[]; -extern const esp_efuse_desc_t* ESP_EFUSE_THRES_HVT[]; +extern const esp_efuse_desc_t* ESP_EFUSE_KEY0_FE_256BIT[]; +extern const esp_efuse_desc_t* ESP_EFUSE_KEY0_FE_128BIT[]; +extern const esp_efuse_desc_t* ESP_EFUSE_KEY0_SB_128BIT[]; #ifdef __cplusplus } diff --git a/components/efuse/include/esp_efuse.h b/components/efuse/include/esp_efuse.h index 83d0297aae..c19e75c8df 100644 --- a/components/efuse/include/esp_efuse.h +++ b/components/efuse/include/esp_efuse.h @@ -599,8 +599,7 @@ bool esp_efuse_get_keypurpose_dis_write(esp_efuse_block_t block); */ esp_efuse_purpose_t esp_efuse_get_key_purpose(esp_efuse_block_t block); - -#ifndef CONFIG_IDF_TARGET_ESP32 +#if SOC_EFUSE_KEY_PURPOSE_FIELD /** * @brief Returns a pointer to a key purpose for an efuse key block. * @@ -662,6 +661,9 @@ esp_efuse_block_t esp_efuse_find_unused_key_block(void); */ unsigned esp_efuse_count_unused_key_blocks(void); +#endif // SOC_EFUSE_KEY_PURPOSE_FIELD + +#if SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY /** * @brief Returns the status of the Secure Boot public key digest revocation bit. * @@ -709,7 +711,7 @@ bool esp_efuse_get_write_protect_of_digest_revoke(unsigned num_digest); */ esp_err_t esp_efuse_set_write_protect_of_digest_revoke(unsigned num_digest); -#endif // not CONFIG_IDF_TARGET_ESP32 +#endif // SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY /** * @brief Program a block of key data to an efuse block diff --git a/components/efuse/src/esp_efuse_api_key_esp32xx.c b/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c similarity index 94% rename from components/efuse/src/esp_efuse_api_key_esp32xx.c rename to components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c index 7a698e8e53..67f695aae9 100644 --- a/components/efuse/src/esp_efuse_api_key_esp32xx.c +++ b/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c @@ -11,6 +11,11 @@ #include "sdkconfig.h" #include "esp_efuse_table.h" +/* + * Each eFuse key block has a special field that defines the purpose of this block. + * This special field is called key_purpose. + */ + const static char *TAG = "efuse"; /** @@ -31,9 +36,6 @@ typedef struct { } esp_efuse_revokes_t; const esp_efuse_keys_t s_table[EFUSE_BLK_KEY_MAX - EFUSE_BLK_KEY0] = { -#if CONFIG_IDF_TARGET_ESP32C2 - {ESP_EFUSE_KEY0, NULL, ESP_EFUSE_RD_DIS_KEY0, ESP_EFUSE_WR_DIS_KEY0, NULL}, -#else {ESP_EFUSE_KEY0, ESP_EFUSE_KEY_PURPOSE_0, ESP_EFUSE_RD_DIS_KEY0, ESP_EFUSE_WR_DIS_KEY0, ESP_EFUSE_WR_DIS_KEY0_PURPOSE}, {ESP_EFUSE_KEY1, ESP_EFUSE_KEY_PURPOSE_1, ESP_EFUSE_RD_DIS_KEY1, ESP_EFUSE_WR_DIS_KEY1, ESP_EFUSE_WR_DIS_KEY1_PURPOSE}, {ESP_EFUSE_KEY2, ESP_EFUSE_KEY_PURPOSE_2, ESP_EFUSE_RD_DIS_KEY2, ESP_EFUSE_WR_DIS_KEY2, ESP_EFUSE_WR_DIS_KEY2_PURPOSE}, @@ -43,7 +45,6 @@ const esp_efuse_keys_t s_table[EFUSE_BLK_KEY_MAX - EFUSE_BLK_KEY0] = { #if 0 {ESP_EFUSE_KEY6, ESP_EFUSE_KEY_PURPOSE_6, ESP_EFUSE_RD_DIS_KEY6, ESP_EFUSE_WR_DIS_KEY6, ESP_EFUSE_WR_DIS_KEY6_PURPOSE}, #endif -#endif //#if CONFIG_IDF_TARGET_ESP32C2 }; #if SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY @@ -76,7 +77,6 @@ bool esp_efuse_block_is_empty(esp_efuse_block_t block) // Sets a write protection for the whole block. esp_err_t esp_efuse_set_write_protect(esp_efuse_block_t blk) { -#if !CONFIG_IDF_TARGET_ESP32C2 if (blk == EFUSE_BLK1) { return esp_efuse_write_field_cnt(ESP_EFUSE_WR_DIS_BLK1, 1); } else if (blk == EFUSE_BLK2) { @@ -89,8 +89,7 @@ esp_err_t esp_efuse_set_write_protect(esp_efuse_block_t blk) unsigned idx = blk - EFUSE_BLK_KEY0; return esp_efuse_write_field_cnt(s_table[idx].key_wr_dis, 1); } -#endif - return ESP_ERR_NOT_SUPPORTED; // IDF-3818 + return ESP_ERR_NOT_SUPPORTED; } // read protect for blk. @@ -100,11 +99,9 @@ esp_err_t esp_efuse_set_read_protect(esp_efuse_block_t blk) unsigned idx = blk - EFUSE_BLK_KEY0; return esp_efuse_write_field_cnt(s_table[idx].key_rd_dis, 1); } -#if !CONFIG_IDF_TARGET_ESP32C2 // IDF-3818 else if (blk == EFUSE_BLK10) { return esp_efuse_write_field_cnt(ESP_EFUSE_RD_DIS_SYS_DATA_PART2, 1); } -#endif return ESP_ERR_NOT_SUPPORTED; } @@ -171,7 +168,6 @@ esp_err_t esp_efuse_set_key_dis_write(esp_efuse_block_t block) return esp_efuse_write_field_bit(s_table[idx].key_wr_dis); } -#if !CONFIG_IDF_TARGET_ESP32C2 // cause esp32c2 efuse has no purpose region esp_efuse_purpose_t esp_efuse_get_key_purpose(esp_efuse_block_t block) { if (block < EFUSE_BLK_KEY0 || block >= EFUSE_BLK_KEY_MAX) { @@ -194,7 +190,6 @@ esp_err_t esp_efuse_set_key_purpose(esp_efuse_block_t block, esp_efuse_purpose_t unsigned idx = block - EFUSE_BLK_KEY0; return esp_efuse_write_field_blob(s_table[idx].keypurpose, &purpose, s_table[idx].keypurpose[0]->bit_count); } -#endif //CONFIG_IDF_TARGET_ESP32C2 bool esp_efuse_get_keypurpose_dis_write(esp_efuse_block_t block) { @@ -256,11 +251,8 @@ bool esp_efuse_key_block_unused(esp_efuse_block_t block) return false; // Not a key block } - if ( -#if !CONFIG_IDF_TARGET_ESP32C2 - esp_efuse_get_key_purpose(block) != ESP_EFUSE_KEY_PURPOSE_USER || + if (esp_efuse_get_key_purpose(block) != ESP_EFUSE_KEY_PURPOSE_USER || esp_efuse_get_keypurpose_dis_write(block) || -#endif esp_efuse_get_key_dis_read(block) || esp_efuse_get_key_dis_write(block)) { return false; // Block in use! @@ -277,15 +269,9 @@ esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpo { esp_err_t err = ESP_OK; -#if CONFIG_IDF_TARGET_ESP32C2 - if (block != EFUSE_BLK_KEY0) { - return ESP_ERR_INVALID_ARG; - } -#else if (block < EFUSE_BLK_KEY0 || block >= EFUSE_BLK_KEY_MAX || key_size_bytes > 32 || purpose >= ESP_EFUSE_KEY_PURPOSE_MAX) { return ESP_ERR_INVALID_ARG; } -#endif esp_efuse_batch_write_begin(); @@ -296,7 +282,6 @@ esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpo ESP_EFUSE_CHK(esp_efuse_write_field_blob(s_table[idx].key, key, key_size_bytes * 8)); ESP_EFUSE_CHK(esp_efuse_set_key_dis_write(block)); -#if !CONFIG_IDF_TARGET_ESP32C2 if (purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY || #ifdef SOC_FLASH_ENCRYPTION_XTS_AES_256 purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 || @@ -310,7 +295,6 @@ esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpo } ESP_EFUSE_CHK(esp_efuse_set_key_purpose(block, purpose)); ESP_EFUSE_CHK(esp_efuse_set_keypurpose_dis_write(block)); -#endif //#if !CONFIG_IDF_TARGET_ESP32C2 return esp_efuse_batch_write_commit(); } err_exit: diff --git a/components/efuse/src/efuse_controller/keys/without_key_purposes/one_key_block/esp_efuse_api_key.c b/components/efuse/src/efuse_controller/keys/without_key_purposes/one_key_block/esp_efuse_api_key.c new file mode 100644 index 0000000000..2910f23f71 --- /dev/null +++ b/components/efuse/src/efuse_controller/keys/without_key_purposes/one_key_block/esp_efuse_api_key.c @@ -0,0 +1,247 @@ +/* + * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include "esp_efuse.h" +#include "esp_efuse_utility.h" +#include "soc/efuse_periph.h" +#include "assert.h" +#include "sdkconfig.h" +#include "esp_efuse_table.h" + +/* + * The chip has only one eFuse key block. + * There are no eFuse key purpose fields (added only virtual key purposes to support key APIs). + * Flash Encryption key and Secure Boot key reside in one eFuse block. + * To burn the FE key and the SB key need to use the batch mode to do it at once. + */ + +static esp_err_t esp_efuse_set_key_purpose(esp_efuse_block_t block, esp_efuse_purpose_t purpose); + +static __attribute__((unused)) const char *TAG = "efuse"; + +/** + * @brief Keys and their attributes are packed into a structure + */ +typedef struct { + const esp_efuse_desc_t** key; /**< Key */ + esp_efuse_purpose_t purpose; /**< purpose of block */ + const esp_efuse_desc_t** key_rd_dis; /**< Read protection of a key */ + const esp_efuse_desc_t** key_wr_dis; /**< Write protection of a key*/ +} esp_efuse_keys_t; + +const esp_efuse_keys_t s_table[EFUSE_BLK_KEY_MAX - EFUSE_BLK_KEY0] = { + {ESP_EFUSE_KEY0, ESP_EFUSE_KEY_PURPOSE_USER, ESP_EFUSE_RD_DIS_KEY0, ESP_EFUSE_WR_DIS_KEY0}, // EFUSE_BLK_KEY0 +}; + +// Sets a write protection for the whole block. +esp_err_t esp_efuse_set_write_protect(esp_efuse_block_t blk) +{ + if (blk < EFUSE_BLK_KEY0 || blk >= EFUSE_BLK_KEY_MAX) { + return ESP_ERR_NOT_SUPPORTED; + } + unsigned idx = blk - EFUSE_BLK_KEY0; + return esp_efuse_write_field_cnt(s_table[idx].key_wr_dis, s_table[idx].key_wr_dis[0]->bit_count); +} + +// Sets a read protection for the whole block. +esp_err_t esp_efuse_set_read_protect(esp_efuse_block_t blk) +{ + if (blk < EFUSE_BLK_KEY0 || blk >= EFUSE_BLK_KEY_MAX) { + return ESP_ERR_NOT_SUPPORTED; + } + unsigned idx = blk - EFUSE_BLK_KEY0; + return esp_efuse_write_field_cnt(s_table[idx].key_rd_dis, s_table[idx].key_rd_dis[0]->bit_count); +} + +// get efuse coding_scheme. +esp_efuse_coding_scheme_t esp_efuse_get_coding_scheme(esp_efuse_block_t blk) +{ + esp_efuse_coding_scheme_t scheme; + if (blk == EFUSE_BLK0) { + scheme = EFUSE_CODING_SCHEME_NONE; + } else { + scheme = EFUSE_CODING_SCHEME_RS; + } + return scheme; +} + +bool esp_efuse_block_is_empty(esp_efuse_block_t block) +{ + assert(block >= EFUSE_BLK_KEY0 && block < EFUSE_BLK_KEY_MAX); + const unsigned blk_len_bit = 256; + uint32_t key[8]; + esp_err_t err = esp_efuse_read_block(block, &key, 0, blk_len_bit); + if (err != ESP_OK) { + return false; + } + unsigned zeros = 0; + for (unsigned i = 0; i < blk_len_bit / 32; ++i) { + if (key[i] == 0) { + ++zeros; + } + } + if (zeros == blk_len_bit / 32) { + return true; + } + return false; +} + +bool esp_efuse_get_key_dis_read(esp_efuse_block_t block) +{ + assert(block >= EFUSE_BLK_KEY0 && block < EFUSE_BLK_KEY_MAX); + unsigned idx = block - EFUSE_BLK_KEY0; + if (esp_efuse_get_key_purpose(block) == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY) { + uint8_t value = 0; + esp_err_t err = esp_efuse_read_field_blob(s_table[idx].key_rd_dis, &value, s_table[idx].key_rd_dis[0]->bit_count); + assert(err == ESP_OK); + return (err == ESP_OK) && (value == ((1 << s_table[idx].key_rd_dis[0]->bit_count) - 1)); + } + return esp_efuse_read_field_bit(ESP_EFUSE_RD_DIS_KEY0_LOW); +} + +esp_err_t esp_efuse_set_key_dis_read(esp_efuse_block_t block) +{ + if (block < EFUSE_BLK_KEY0 || block >= EFUSE_BLK_KEY_MAX) { + return ESP_ERR_INVALID_ARG; + } + if (esp_efuse_get_key_purpose(block) == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY) { + unsigned idx = block - EFUSE_BLK_KEY0; + uint8_t value = (1 << s_table[idx].key_rd_dis[0]->bit_count) - 1; + return esp_efuse_write_field_blob(s_table[idx].key_rd_dis, &value, s_table[idx].key_rd_dis[0]->bit_count); + } + return esp_efuse_write_field_bit(ESP_EFUSE_RD_DIS_KEY0_LOW); +} + +bool esp_efuse_get_key_dis_write(esp_efuse_block_t block) +{ + assert(block >= EFUSE_BLK_KEY0 && block < EFUSE_BLK_KEY_MAX); + unsigned idx = block - EFUSE_BLK_KEY0; + return esp_efuse_read_field_bit(s_table[idx].key_wr_dis); +} + +esp_err_t esp_efuse_set_key_dis_write(esp_efuse_block_t block) +{ + if (block < EFUSE_BLK_KEY0 || block >= EFUSE_BLK_KEY_MAX) { + return ESP_ERR_INVALID_ARG; + } + unsigned idx = block - EFUSE_BLK_KEY0; + return esp_efuse_write_field_bit(s_table[idx].key_wr_dis); +} + +bool esp_efuse_key_block_unused(esp_efuse_block_t block) +{ + if (block < EFUSE_BLK_KEY0 || block >= EFUSE_BLK_KEY_MAX) { + return false; // Not a key block + } + + if (esp_efuse_get_key_dis_read(block) || esp_efuse_get_key_dis_write(block) || + !esp_efuse_block_is_empty(block)) { + return false; // Block in use! + } + + return true; // Unused +} + +esp_efuse_purpose_t esp_efuse_get_key_purpose(esp_efuse_block_t block) +{ + if (block < EFUSE_BLK_KEY0 || block >= EFUSE_BLK_KEY_MAX) { + return ESP_EFUSE_KEY_PURPOSE_MAX; + } + if (esp_efuse_read_field_bit(ESP_EFUSE_XTS_KEY_LENGTH_256)) { + return ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY; + } + return ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY; +} + + +static esp_err_t esp_efuse_set_key_purpose(esp_efuse_block_t block, esp_efuse_purpose_t purpose) +{ + (void)block; + if (purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY) { + return esp_efuse_write_field_bit(ESP_EFUSE_XTS_KEY_LENGTH_256); + } + return ESP_OK; +} + +bool esp_efuse_get_keypurpose_dis_write(esp_efuse_block_t block) +{ + (void)block; + return true; +} + +bool esp_efuse_find_purpose(esp_efuse_purpose_t purpose, esp_efuse_block_t *block) +{ + (void)purpose; + esp_efuse_block_t dummy; + if (block == NULL) { + block = &dummy; + } + *block = EFUSE_BLK_KEY0; + return true; +} + +esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpose, const void *key, size_t key_size_bytes) +{ + esp_err_t err = ESP_OK; + if (block < EFUSE_BLK_KEY0 || block >= EFUSE_BLK_KEY_MAX || key_size_bytes > 32 || purpose >= ESP_EFUSE_KEY_PURPOSE_MAX) { + return ESP_ERR_INVALID_ARG; + } + if ((purpose == ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2 || purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY) && (key_size_bytes != 16)) { + return ESP_ERR_INVALID_ARG; + } + + esp_efuse_batch_write_begin(); + + if (!esp_efuse_key_block_unused(block)) { + err = ESP_ERR_INVALID_STATE; + } else { + size_t offset_in_bits = (purpose == ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2) ? 16 * 8 : 0; + ESP_EFUSE_CHK(esp_efuse_write_block(block, key, offset_in_bits, key_size_bytes * 8)); + if (purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY) { + ESP_EFUSE_CHK(esp_efuse_set_key_purpose(block, purpose)); + } + if (purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY || purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY) { + ESP_EFUSE_CHK(esp_efuse_set_key_dis_read(block)); + } + ESP_EFUSE_CHK(esp_efuse_set_key_dis_write(block)); + return esp_efuse_batch_write_commit(); + } +err_exit: + esp_efuse_batch_write_cancel(); + return err; +} + +esp_err_t esp_efuse_write_keys(const esp_efuse_purpose_t purposes[], uint8_t keys[][32], unsigned number_of_keys) +{ + esp_err_t err = ESP_FAIL; + if (number_of_keys == 0 || number_of_keys > 2 || keys == NULL || purposes == NULL) { + return ESP_ERR_INVALID_ARG; + } + + esp_efuse_purpose_t purpose = 0; + + esp_efuse_batch_write_begin(); + for (unsigned i_key = 0; i_key < number_of_keys; i_key++) { + purpose = purposes[i_key]; + ESP_LOGI(TAG, "Writing EFUSE_BLK_KEY0 with purpose %d", purpose); + size_t key_size = (purpose == ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2 || purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY) ? 16 : 32; + ESP_EFUSE_CHK(esp_efuse_write_key(EFUSE_BLK_KEY0, purpose, keys[i_key], key_size)); + } + return esp_efuse_batch_write_commit(); +err_exit: + ESP_LOGE(TAG, "Failed to write EFUSE_BLK_KEY0 with purpose %d. Can't continue.", purpose); + esp_efuse_batch_write_cancel(); + return err; +} + +esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys) +{ + if (trusted_keys == NULL) { + return ESP_FAIL; + } + trusted_keys->key_digests[0] = (const void *)(esp_efuse_utility_get_read_register_address(EFUSE_BLK_KEY0) + 16); + return ESP_OK; +} diff --git a/components/efuse/src/esp_efuse_api_key_esp32.c b/components/efuse/src/efuse_controller/keys/without_key_purposes/three_key_blocks/esp_efuse_api_key.c similarity index 96% rename from components/efuse/src/esp_efuse_api_key_esp32.c rename to components/efuse/src/efuse_controller/keys/without_key_purposes/three_key_blocks/esp_efuse_api_key.c index 59ec9eb30e..57b3ff5a31 100644 --- a/components/efuse/src/esp_efuse_api_key_esp32.c +++ b/components/efuse/src/efuse_controller/keys/without_key_purposes/three_key_blocks/esp_efuse_api_key.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -11,6 +11,13 @@ #include "sdkconfig.h" #include "esp_efuse_table.h" +/* + * FE uses eFuse block1. + * SB uses eFuse block2. + * Block3 can be used by customer. + * There are no eFuse key purpose fields (added only virtual key purposes to support key APIs). + */ + static __attribute__((unused)) const char *TAG = "efuse"; /** diff --git a/components/efuse/src/esp_efuse_fields.c b/components/efuse/src/esp_efuse_fields.c index f274e962db..9898563a75 100644 --- a/components/efuse/src/esp_efuse_fields.c +++ b/components/efuse/src/esp_efuse_fields.c @@ -24,7 +24,7 @@ static __attribute__((unused)) const char *TAG = "efuse"; #ifdef CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD #define APP_SEC_VER_SIZE_EFUSE_FIELD CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD #else -#define APP_SEC_VER_SIZE_EFUSE_FIELD 16 // smallest possible size for all chips +#define APP_SEC_VER_SIZE_EFUSE_FIELD 4 // smallest possible size for all chips #endif // Reset efuse write registers @@ -33,8 +33,6 @@ void esp_efuse_reset(void) esp_efuse_utility_reset(); } -#if !CONFIG_IDF_TARGET_ESP32C2 -// IDF-3818 uint32_t esp_efuse_read_secure_version(void) { uint32_t secure_version = 0; @@ -85,4 +83,3 @@ esp_err_t esp_efuse_update_secure_version(uint32_t secure_version) } return ESP_OK; } -#endif diff --git a/components/efuse/test/CMakeLists.txt b/components/efuse/test/CMakeLists.txt index 1c0986a581..94252bc00f 100644 --- a/components/efuse/test/CMakeLists.txt +++ b/components/efuse/test/CMakeLists.txt @@ -1,6 +1,18 @@ idf_build_get_property(target IDF_TARGET) -idf_component_register(SRC_DIRS "." - PRIV_INCLUDE_DIRS "." "include" "../private_include" ../${target}/private_include +if(CONFIG_SOC_EFUSE_KEY_PURPOSE_FIELD) + set(dir "with_key_purposes") +else() + if(CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK) + set(dir "one_key_block") + else() + set(dir "three_key_blocks") + endif() +endif() + +set(src_dirs "." "${dir}") + +idf_component_register(SRC_DIRS "${src_dirs}" + PRIV_INCLUDE_DIRS "." "${dir}/include" "../private_include" "../${target}/private_include" PRIV_REQUIRES cmock test_utils efuse bootloader_support ) diff --git a/components/efuse/test/one_key_block/esp_efuse_test_table.c b/components/efuse/test/one_key_block/esp_efuse_test_table.c new file mode 100644 index 0000000000..ad7457507b --- /dev/null +++ b/components/efuse/test/one_key_block/esp_efuse_test_table.c @@ -0,0 +1,109 @@ +/* + * SPDX-FileCopyrightText: 2017-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include "sdkconfig.h" +#include "esp_efuse.h" +#include +#include "esp_efuse_test_table.h" + +// md5_digest_table df1ecf346aec29cf593e2f81dc4cd5e4 +// This file was generated from the file esp_efuse_test_table.csv. DO NOT CHANGE THIS FILE MANUALLY. +// If you want to change some fields, you need to change esp_efuse_test_table.csv file +// then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. +// To show efuse_table run the command 'show_efuse_table'. + +#define MAX_BLK_LEN CONFIG_EFUSE_MAX_BLK_LEN + +// The last free bit in the block is counted over the entire file. +#define LAST_FREE_BIT_BLK1 88 +#define LAST_FREE_BIT_BLK2 167 +#define LAST_FREE_BIT_BLK3 88 + +_Static_assert(LAST_FREE_BIT_BLK1 <= MAX_BLK_LEN, "The eFuse table does not match the coding scheme. Edit the table and restart the efuse_common_table or efuse_custom_table command to regenerate the new files."); +_Static_assert(LAST_FREE_BIT_BLK2 <= MAX_BLK_LEN, "The eFuse table does not match the coding scheme. Edit the table and restart the efuse_common_table or efuse_custom_table command to regenerate the new files."); +_Static_assert(LAST_FREE_BIT_BLK3 <= MAX_BLK_LEN, "The eFuse table does not match the coding scheme. Edit the table and restart the efuse_common_table or efuse_custom_table command to regenerate the new files."); + +static const esp_efuse_desc_t TEST1_LEN_8[] = { + {EFUSE_BLK3, 0, 8}, // TEST field, +}; + +static const esp_efuse_desc_t TEST2_LEN_16[] = { + {EFUSE_BLK3, 10, 8}, // TEST field, + {EFUSE_BLK3, 80, 8}, // TEST field, +}; + +static const esp_efuse_desc_t TEST3_LEN_6[] = { + {EFUSE_BLK3, 22, 6}, // TEST field, +}; + +static const esp_efuse_desc_t TEST4_LEN_182[] = { + {EFUSE_BLK1, 22, 49}, // TEST field, + {EFUSE_BLK2, 128, 39}, // TEST field, + {EFUSE_BLK1, 71, 17}, // TEST field, + {EFUSE_BLK1, 19, 1}, // TEST field, + {EFUSE_BLK1, 0, 16}, // TEST field, + {EFUSE_BLK2, 0, 17}, // TEST field, + {EFUSE_BLK2, 60, 43}, // TEST field, +}; + +static const esp_efuse_desc_t TEST5_LEN_1[] = { + {EFUSE_BLK1, 16, 1}, // TEST field, +}; + +static const esp_efuse_desc_t TEST6_LEN_17[] = { + {EFUSE_BLK1, 17, 1}, // TEST field, + {EFUSE_BLK2, 17, 2}, // TEST field, + {EFUSE_BLK3, 29, 4}, // TEST field, + {EFUSE_BLK2, 31, 3}, // TEST field, + {EFUSE_BLK3, 60, 6}, // TEST field, + {EFUSE_BLK2, 127, 1}, // TEST field, +}; + + + + + +const esp_efuse_desc_t* ESP_EFUSE_TEST1_LEN_8[] = { + &TEST1_LEN_8[0], // TEST field + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_TEST2_LEN_16[] = { + &TEST2_LEN_16[0], // TEST field + &TEST2_LEN_16[1], // TEST field + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_TEST3_LEN_6[] = { + &TEST3_LEN_6[0], // TEST field + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_TEST4_LEN_182[] = { + &TEST4_LEN_182[0], // TEST field + &TEST4_LEN_182[1], // TEST field + &TEST4_LEN_182[2], // TEST field + &TEST4_LEN_182[3], // TEST field + &TEST4_LEN_182[4], // TEST field + &TEST4_LEN_182[5], // TEST field + &TEST4_LEN_182[6], // TEST field + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_TEST5_LEN_1[] = { + &TEST5_LEN_1[0], // TEST field + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_TEST6_LEN_17[] = { + &TEST6_LEN_17[0], // TEST field + &TEST6_LEN_17[1], // TEST field + &TEST6_LEN_17[2], // TEST field + &TEST6_LEN_17[3], // TEST field + &TEST6_LEN_17[4], // TEST field + &TEST6_LEN_17[5], // TEST field + NULL +}; diff --git a/components/efuse/test/one_key_block/esp_efuse_test_table.csv b/components/efuse/test/one_key_block/esp_efuse_test_table.csv new file mode 100644 index 0000000000..4c5ea3c39f --- /dev/null +++ b/components/efuse/test/one_key_block/esp_efuse_test_table.csv @@ -0,0 +1,34 @@ +# field_name, | efuse_block, | bit_start, | bit_count, |comment # +# | (EFUSE_BLK0 | (0..255) | (1..256) | # +# | EFUSE_BLK1 | | | # +# | EFUSE_BLK2 | | | # +# | EFUSE_BLK3) | | | # +########################################################################## + +# To generate a new source files. Run two commands: +# cd ~/esp/esp-idf/components/efuse/ +# ./efuse_table_gen.py test/esp_efuse_test_table.csv + +TEST1_LEN_8, EFUSE_BLK3, 0, 8, TEST field + +TEST2_LEN_16, EFUSE_BLK3, 10, 8, TEST field +, EFUSE_BLK3, 80, 8, TEST field + +TEST3_LEN_6, EFUSE_BLK3, 22, 6, TEST field + +TEST4_LEN_182, EFUSE_BLK1, 22, 49, TEST field +, EFUSE_BLK2, 128, 39, TEST field +, EFUSE_BLK1, 71, 17, TEST field +, EFUSE_BLK1, 19, 1, TEST field +, EFUSE_BLK1, 0, 16, TEST field +, EFUSE_BLK2, 0, 17, TEST field +, EFUSE_BLK2, 60, 43, TEST field + +TEST5_LEN_1, EFUSE_BLK1, 16, 1, TEST field + +TEST6_LEN_17, EFUSE_BLK1, 17, 1, TEST field +, EFUSE_BLK2, 17, 2, TEST field +, EFUSE_BLK3, 29, 4, TEST field +, EFUSE_BLK2, 31, 3, TEST field +, EFUSE_BLK3, 60, 6, TEST field +, EFUSE_BLK2, 127, 1, TEST field diff --git a/components/efuse/test/one_key_block/include/esp_efuse_test_table.h b/components/efuse/test/one_key_block/include/esp_efuse_test_table.h new file mode 100644 index 0000000000..3fe2158b41 --- /dev/null +++ b/components/efuse/test/one_key_block/include/esp_efuse_test_table.h @@ -0,0 +1,28 @@ +/* + * SPDX-FileCopyrightText: 2017-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#ifdef __cplusplus +extern "C" { +#endif + + +// md5_digest_table df1ecf346aec29cf593e2f81dc4cd5e4 +// This file was generated from the file esp_efuse_test_table.csv. DO NOT CHANGE THIS FILE MANUALLY. +// If you want to change some fields, you need to change esp_efuse_test_table.csv file +// then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. +// To show efuse_table run the command 'show_efuse_table'. + + +extern const esp_efuse_desc_t* ESP_EFUSE_TEST1_LEN_8[]; +extern const esp_efuse_desc_t* ESP_EFUSE_TEST2_LEN_16[]; +extern const esp_efuse_desc_t* ESP_EFUSE_TEST3_LEN_6[]; +extern const esp_efuse_desc_t* ESP_EFUSE_TEST4_LEN_182[]; +extern const esp_efuse_desc_t* ESP_EFUSE_TEST5_LEN_1[]; +extern const esp_efuse_desc_t* ESP_EFUSE_TEST6_LEN_17[]; + +#ifdef __cplusplus +} +#endif diff --git a/components/efuse/test/one_key_block/test_efuse.c b/components/efuse/test/one_key_block/test_efuse.c new file mode 100644 index 0000000000..da6f30ad57 --- /dev/null +++ b/components/efuse/test/one_key_block/test_efuse.c @@ -0,0 +1,154 @@ +/* + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#include +#include +#include +#include +#include +#include "unity.h" +#include "esp_log.h" +#include +#include "esp_efuse.h" +#include "esp_efuse_table.h" +#include "esp_efuse_utility.h" +#include "esp_efuse_test_table.h" +#include "bootloader_random.h" +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include "freertos/semphr.h" +#include "test_utils.h" +#include "sdkconfig.h" +#include "esp_rom_efuse.h" +#include "bootloader_common.h" + +__attribute__((unused)) static const char* TAG = "efuse_test"; + + +#ifdef CONFIG_EFUSE_VIRTUAL + +TEST_CASE("Test a write protection", "[efuse]") +{ + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); + + esp_efuse_utility_debug_dump_blocks(); + + TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_set_write_protect(EFUSE_BLK0)); + TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_set_read_protect(EFUSE_BLK0)); + + size_t out_cnt; + esp_efuse_read_field_cnt(ESP_EFUSE_WR_DIS, &out_cnt); + TEST_ASSERT_EQUAL_INT(0, out_cnt); + TEST_ESP_OK(esp_efuse_set_write_protect(EFUSE_BLK_KEY0)); + esp_efuse_read_field_cnt(ESP_EFUSE_WR_DIS, &out_cnt); + TEST_ASSERT_EQUAL_INT(1, out_cnt); + TEST_ESP_ERR(ESP_ERR_EFUSE_CNT_IS_FULL, esp_efuse_set_write_protect(EFUSE_BLK_KEY0)); + + esp_efuse_utility_debug_dump_blocks(); + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); +} + +TEST_CASE("Test a read protection", "[efuse]") +{ + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); + + esp_efuse_utility_debug_dump_blocks(); + + TEST_ESP_OK(esp_efuse_write_field_bit(ESP_EFUSE_XTS_KEY_LENGTH_256)); + + size_t out_cnt; + esp_efuse_read_field_cnt(ESP_EFUSE_RD_DIS, &out_cnt); + TEST_ASSERT_EQUAL_INT(0, out_cnt); + TEST_ESP_OK(esp_efuse_set_read_protect(EFUSE_BLK_KEY0)); + esp_efuse_read_field_cnt(ESP_EFUSE_RD_DIS, &out_cnt); + TEST_ASSERT_EQUAL_INT(2, out_cnt); + + esp_efuse_utility_debug_dump_blocks(); + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); +} + +TEST_CASE("Test a key read protection 1", "[efuse]") +{ + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); + + esp_efuse_utility_debug_dump_blocks(); + + size_t out_cnt; + esp_efuse_read_field_cnt(ESP_EFUSE_RD_DIS, &out_cnt); + TEST_ASSERT_EQUAL_INT(0, out_cnt); + + TEST_ASSERT_FALSE(esp_efuse_get_key_dis_read(EFUSE_BLK_KEY0)); + TEST_ESP_OK(esp_efuse_set_key_dis_read(EFUSE_BLK_KEY0)); + TEST_ASSERT_TRUE(esp_efuse_get_key_dis_read(EFUSE_BLK_KEY0)); + + esp_efuse_read_field_cnt(ESP_EFUSE_RD_DIS, &out_cnt); + TEST_ASSERT_EQUAL_INT(1, out_cnt); + + esp_efuse_utility_debug_dump_blocks(); + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); +} + +TEST_CASE("Test a key read protection 2", "[efuse]") +{ + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); + + esp_efuse_utility_debug_dump_blocks(); + + TEST_ESP_OK(esp_efuse_write_field_bit(ESP_EFUSE_XTS_KEY_LENGTH_256)); + + size_t out_cnt; + esp_efuse_read_field_cnt(ESP_EFUSE_RD_DIS, &out_cnt); + TEST_ASSERT_EQUAL_INT(0, out_cnt); + + TEST_ASSERT_FALSE(esp_efuse_get_key_dis_read(EFUSE_BLK_KEY0)); + TEST_ESP_OK(esp_efuse_set_key_dis_read(EFUSE_BLK_KEY0)); + TEST_ASSERT_TRUE(esp_efuse_get_key_dis_read(EFUSE_BLK_KEY0)); + + esp_efuse_read_field_cnt(ESP_EFUSE_RD_DIS, &out_cnt); + TEST_ASSERT_EQUAL_INT(2, out_cnt); + + esp_efuse_utility_debug_dump_blocks(); + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); +} +#endif // CONFIG_EFUSE_VIRTUAL + +#ifdef CONFIG_IDF_ENV_FPGA +TEST_CASE("Test a real write (FPGA)2", "[efuse]") +{ + esp_efuse_utility_debug_dump_blocks(); + ESP_LOGI(TAG, "1. Write KEY3"); + uint8_t key[32] = {0}; + TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY0, &key, 256)); + for (int i = 0; i < sizeof(key); ++i) { + TEST_ASSERT_EQUAL_INT(0, key[i]); + } + uint8_t new_key[32] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, + 10, 11, 12, 12, 14, 15, 16, 17, 18, 19, + 20, 21, 22, 22, 24, 25, 26, 27, 28, 29, + 30, 31}; + TEST_ESP_OK(esp_efuse_write_field_blob(ESP_EFUSE_KEY0, &new_key, 256)); + TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY0, &key, 256)); + TEST_ASSERT_EQUAL_HEX8_ARRAY(new_key, key, sizeof(key)); + esp_efuse_utility_debug_dump_blocks(); + + ESP_LOGI(TAG, "2. Set a read protection for KEY0"); + TEST_ESP_OK(esp_efuse_set_read_protect(EFUSE_BLK_KEY0)); + TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY0, &key, 256)); +#ifndef CONFIG_EFUSE_VIRTUAL + TEST_ASSERT_EACH_EQUAL_HEX8(0, key, sizeof(key)); +#else + TEST_ASSERT_EQUAL_HEX8_ARRAY(new_key, key, sizeof(key)); +#endif // CONFIG_EFUSE_VIRTUAL + esp_efuse_utility_debug_dump_blocks(); +} +#endif // CONFIG_IDF_ENV_FPGA diff --git a/components/efuse/test/one_key_block/test_efuse_keys.c b/components/efuse/test/one_key_block/test_efuse_keys.c new file mode 100644 index 0000000000..8f28f74c16 --- /dev/null +++ b/components/efuse/test/one_key_block/test_efuse_keys.c @@ -0,0 +1,292 @@ +/* + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#include +#include +#include +#include +#include +#include +#include "unity.h" +#include "test_utils.h" +#include "esp_log.h" +#include "esp_efuse.h" +#include "esp_efuse_table.h" +#include "esp_efuse_utility.h" +#include "sdkconfig.h" + +__attribute__((unused)) static const char* TAG = "efuse_key_test"; + +#ifdef CONFIG_EFUSE_VIRTUAL + +TEST_CASE("Test keys and purposes, rd, wr, wr_key_purposes are in the initial state", "[efuse]") +{ + esp_efuse_utility_reset(); + esp_efuse_utility_update_virt_blocks(); + esp_efuse_utility_debug_dump_blocks(); + + for (esp_efuse_block_t num_key = EFUSE_BLK_KEY0; num_key < EFUSE_BLK_KEY_MAX; ++num_key) { + printf("EFUSE_BLK_KEY%d, RD, WR, PURPOSE_USER, PURPOSE_USER WR ... \n", num_key - EFUSE_BLK_KEY0); + uint8_t key[32] = { 0xEE }; + TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY0, &key, sizeof(key) * 8)); + TEST_ASSERT_EACH_EQUAL_HEX8(0, key, sizeof(key)); + TEST_ASSERT_FALSE(esp_efuse_get_key_dis_read(num_key)); + TEST_ASSERT_FALSE(esp_efuse_get_key_dis_write(num_key)); + TEST_ASSERT_EQUAL(ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY, esp_efuse_get_key_purpose(num_key)); + + esp_efuse_block_t key_block = EFUSE_BLK_MAX; + TEST_ASSERT_TRUE(esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_USER, NULL)); + TEST_ASSERT_TRUE(esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_USER, &key_block)); + TEST_ASSERT_EQUAL(EFUSE_BLK_KEY0, key_block); + + printf("EFUSE_BLK_KEY%d, RD, WR, PURPOSE_USER, PURPOSE_USER WR ... OK\n", num_key - EFUSE_BLK_KEY0); + } +} +#endif // CONFIG_EFUSE_VIRTUAL + +// If using efuse is real, then turn off writing tests. +#if CONFIG_EFUSE_VIRTUAL || CONFIG_IDF_ENV_FPGA + +static esp_err_t s_check_key(esp_efuse_block_t num_key, void* wr_key, esp_efuse_purpose_t purpose) +{ + size_t offset_in_bits = 0; + uint8_t key_size = 32; + if (purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY || purpose == ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2) { + key_size = 16; + } + + if (purpose == ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2) { + offset_in_bits = 16 * 8; + } + + uint8_t rd_key[32] = { 0xEE }; + TEST_ESP_OK(esp_efuse_read_block(EFUSE_BLK_KEY0, &rd_key, offset_in_bits, key_size * 8)); + +#ifndef CONFIG_IDF_ENV_FPGA + TEST_ASSERT_EQUAL_HEX8_ARRAY(wr_key, rd_key, key_size); +#endif // not CONFIG_IDF_ENV_FPGA + + TEST_ASSERT_TRUE(esp_efuse_get_key_dis_write(num_key)); + if (purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY || purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY) { + TEST_ASSERT_TRUE(esp_efuse_get_key_dis_read(num_key)); +#if CONFIG_IDF_ENV_FPGA && !CONFIG_EFUSE_VIRTUAL + TEST_ASSERT_EACH_EQUAL_HEX8(0, rd_key, key_size); +#endif // CONFIG_IDF_ENV_FPGA && ! CONFIG_EFUSE_VIRTUAL + } else { + TEST_ASSERT_EQUAL_HEX8_ARRAY(wr_key, rd_key, key_size); + } + + return ESP_OK; +} + +void test_write_key(esp_efuse_block_t num_key, esp_efuse_purpose_t purpose) { + int id = num_key - EFUSE_BLK_KEY0; + printf("EFUSE_BLK_KEY%d, purpose=%d ... \n", id, purpose); + + uint8_t wr_key[32]; + for (int i = 0; i < sizeof(wr_key); i++) { + wr_key[i] = id + 1 + i; + } + + uint8_t key_size = sizeof(wr_key); + if (purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY || purpose == ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2) { + key_size = 16; + } + + TEST_ASSERT_TRUE(esp_efuse_key_block_unused(num_key)); + + TEST_ESP_OK(esp_efuse_write_key(num_key, purpose, &wr_key, key_size)); + TEST_ESP_ERR(ESP_ERR_INVALID_STATE, esp_efuse_write_key(num_key, purpose, &wr_key, key_size)); + + TEST_ESP_OK(s_check_key(num_key, wr_key, purpose)); + + TEST_ASSERT_FALSE(esp_efuse_key_block_unused(num_key)); + + printf("EFUSE_BLK_KEY%d, purpose=%d ... OK\n", id, purpose); +} + +#ifndef CONFIG_IDF_ENV_FPGA +TEST_CASE("Test esp_efuse_write_key for virt mode", "[efuse]") +{ + uint8_t rd_key[32] = { 0xEE }; + esp_efuse_utility_reset(); + esp_efuse_utility_update_virt_blocks(); + + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_efuse_write_key(EFUSE_BLK_KEY0, ESP_EFUSE_KEY_PURPOSE_USER, &rd_key, 33)); + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_efuse_write_key(EFUSE_BLK3, ESP_EFUSE_KEY_PURPOSE_USER, NULL, sizeof(rd_key))); + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_efuse_write_key(EFUSE_BLK0, ESP_EFUSE_KEY_PURPOSE_USER, &rd_key, sizeof(rd_key))); + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_efuse_write_key(EFUSE_BLK0, ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY, &rd_key, sizeof(rd_key))); + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_efuse_write_key(EFUSE_BLK0, ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2, &rd_key, sizeof(rd_key))); + + for (esp_efuse_purpose_t purpose = ESP_EFUSE_KEY_PURPOSE_USER; purpose < ESP_EFUSE_KEY_PURPOSE_MAX; ++purpose) { + esp_efuse_utility_reset(); + esp_efuse_utility_update_virt_blocks(); + esp_efuse_utility_debug_dump_blocks(); + + if (purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY) { + TEST_ESP_OK(esp_efuse_write_field_bit(ESP_EFUSE_XTS_KEY_LENGTH_256)); + } + + TEST_ASSERT_TRUE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); + test_write_key(EFUSE_BLK_KEY0, purpose); + TEST_ASSERT_FALSE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); + + esp_efuse_utility_debug_dump_blocks(); + } +} +#endif // not CONFIG_IDF_ENV_FPGA + +TEST_CASE("Test 1 esp_efuse_write_key for FPGA", "[efuse]") +{ + esp_efuse_utility_reset(); + esp_efuse_utility_update_virt_blocks(); + esp_efuse_utility_debug_dump_blocks(); + TEST_ASSERT_TRUE(esp_efuse_key_block_unused(EFUSE_BLK_KEY0)); + TEST_ASSERT_TRUE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); + TEST_ASSERT_TRUE(esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY, NULL)); + + test_write_key(EFUSE_BLK_KEY0, ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY); + + esp_efuse_utility_debug_dump_blocks(); + + TEST_ASSERT_FALSE(esp_efuse_key_block_unused(EFUSE_BLK_KEY0)); +#ifdef CONFIG_IDF_ENV_FPGA + TEST_ASSERT_TRUE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); +#else + TEST_ASSERT_FALSE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); +#endif + + printf("reset efuses on the FPGA board for the next test\n"); +} + +TEST_CASE("Test 2 esp_efuse_write_key for FPGA", "[efuse]") +{ + esp_efuse_utility_reset(); + esp_efuse_utility_update_virt_blocks(); + esp_efuse_utility_debug_dump_blocks(); + TEST_ASSERT_TRUE(esp_efuse_key_block_unused(EFUSE_BLK_KEY0)); + TEST_ASSERT_TRUE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); + TEST_ASSERT_TRUE(esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY, NULL)); + + test_write_key(EFUSE_BLK_KEY0, ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2); + + esp_efuse_utility_debug_dump_blocks(); + + TEST_ASSERT_FALSE(esp_efuse_key_block_unused(EFUSE_BLK_KEY0)); + TEST_ASSERT_FALSE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); + + printf("reset efuses on the FPGA board for the next test\n"); +} + +TEST_CASE("Test 3 esp_efuse_write_key for FPGA", "[efuse]") +{ + esp_efuse_utility_reset(); + esp_efuse_utility_update_virt_blocks(); + esp_efuse_utility_debug_dump_blocks(); + TEST_ASSERT_TRUE(esp_efuse_key_block_unused(EFUSE_BLK_KEY0)); + TEST_ASSERT_TRUE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); + + TEST_ESP_OK(esp_efuse_write_field_bit(ESP_EFUSE_XTS_KEY_LENGTH_256)); + TEST_ASSERT_TRUE(esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY, NULL)); + + test_write_key(EFUSE_BLK_KEY0, ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY); + + esp_efuse_utility_debug_dump_blocks(); + + TEST_ASSERT_FALSE(esp_efuse_key_block_unused(EFUSE_BLK_KEY0)); +#ifdef CONFIG_IDF_ENV_FPGA + TEST_ASSERT_TRUE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); +#else + TEST_ASSERT_FALSE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); +#endif + + printf("reset efuses on the FPGA board for the next test\n"); +} + +TEST_CASE("Test esp_efuse_write_keys", "[efuse]") +{ + esp_efuse_utility_reset(); + esp_efuse_utility_update_virt_blocks(); + esp_efuse_utility_debug_dump_blocks(); + TEST_ASSERT_TRUE(esp_efuse_key_block_unused(EFUSE_BLK_KEY0)); + TEST_ASSERT_TRUE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); + TEST_ASSERT_TRUE(esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY, NULL)); + esp_efuse_block_t key_block = EFUSE_BLK_MAX; + + enum { BLOCKS_NEEDED1 = 2 }; + esp_efuse_purpose_t purpose1[BLOCKS_NEEDED1] = { + ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY, + ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2, + }; + uint8_t keys1[BLOCKS_NEEDED1][32] = {{0xEE}}; + + for (int num_key = 0; num_key < BLOCKS_NEEDED1; ++num_key) { + for (int i = 0; i < 32; ++i) { + keys1[num_key][i] = purpose1[num_key] + i + 1; + } + } + + TEST_ESP_OK(esp_efuse_write_keys(purpose1, keys1, BLOCKS_NEEDED1)); + + TEST_ASSERT_TRUE(esp_efuse_find_purpose(purpose1[0], &key_block)); + TEST_ASSERT_EQUAL(EFUSE_BLK_KEY0, key_block); + + TEST_ESP_OK(s_check_key(EFUSE_BLK_KEY0, keys1[0], ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY)); + TEST_ESP_OK(s_check_key(EFUSE_BLK_KEY0, keys1[1], ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2)); + + esp_efuse_utility_debug_dump_blocks(); + + TEST_ASSERT_FALSE(esp_efuse_key_block_unused(EFUSE_BLK_KEY0)); + TEST_ASSERT_FALSE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); + + enum { BLOCKS_NEEDED2 = 1 }; + esp_efuse_purpose_t purpose2[BLOCKS_NEEDED2] = { + ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY, + }; + TEST_ESP_ERR(ESP_ERR_INVALID_STATE, esp_efuse_write_keys(purpose2, keys1, BLOCKS_NEEDED2)); + + printf("reset efuses on the FPGA board for the next test\n"); +} + +TEST_CASE("Test esp_efuse_write_keys for returned errors", "[efuse]") +{ + esp_efuse_utility_reset(); + esp_efuse_utility_update_virt_blocks(); + esp_efuse_utility_debug_dump_blocks(); + TEST_ASSERT_TRUE(esp_efuse_key_block_unused(EFUSE_BLK_KEY0)); + TEST_ASSERT_TRUE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); + + enum { BLOCKS_NEEDED = 2 }; + esp_efuse_purpose_t purpose[BLOCKS_NEEDED] = { + ESP_EFUSE_KEY_PURPOSE_XTS_AES_64_KEY, + ESP_EFUSE_KEY_PURPOSE_MAX, // it leads ESP_ERR_INVALID_ARG in esp_efuse_write_keys + }; + uint8_t keys[BLOCKS_NEEDED][32]; + + for (int num_key = 0; num_key < BLOCKS_NEEDED; ++num_key) { + for (int i = 0; i < 32; ++i) { + keys[num_key][i] = purpose[num_key] + i + 1; + } + } + + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_efuse_write_keys(NULL, keys, BLOCKS_NEEDED)); + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_efuse_write_keys(purpose, NULL, BLOCKS_NEEDED)); + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_efuse_write_keys(purpose, keys, BLOCKS_NEEDED)); // ESP_EFUSE_KEY_PURPOSE_MAX is not a valid purpose. + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_efuse_write_keys(purpose, keys, 3)); + TEST_ASSERT_TRUE(esp_efuse_key_block_unused(EFUSE_BLK_KEY0)); + TEST_ASSERT_TRUE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); + TEST_ESP_OK(esp_efuse_write_keys(purpose, keys, 1)); + + esp_efuse_utility_debug_dump_blocks(); + + TEST_ASSERT_FALSE(esp_efuse_key_block_unused(EFUSE_BLK_KEY0)); +#ifdef CONFIG_IDF_ENV_FPGA + TEST_ASSERT_TRUE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); +#else + TEST_ASSERT_FALSE(esp_efuse_block_is_empty(EFUSE_BLK_KEY0)); +#endif +} + +#endif // CONFIG_EFUSE_VIRTUAL || CONFIG_IDF_ENV_FPGA diff --git a/components/efuse/test/test_efuse.c b/components/efuse/test/test_efuse.c index f94a0c58a4..da4a794038 100644 --- a/components/efuse/test/test_efuse.c +++ b/components/efuse/test/test_efuse.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -24,7 +24,12 @@ #include "esp_rom_efuse.h" #include "bootloader_common.h" -static const char* TAG = "efuse_test"; +#ifdef CONFIG_IDF_TARGET_ESP32 +#define MAC_FACTORY_HAS_CRC 1 +#endif + +__attribute__((unused)) static const char* TAG = "efuse_test"; + static void test_read_blob(void) { @@ -39,12 +44,12 @@ static void test_read_blob(void) TEST_ASSERT_EQUAL_INT(sizeof(mac) * 8, esp_efuse_get_field_size(ESP_EFUSE_MAC_FACTORY)); ESP_LOGI(TAG, "MAC: %02x:%02x:%02x:%02x:%02x:%02x", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); -#ifdef CONFIG_IDF_TARGET_ESP32 +#ifdef MAC_FACTORY_HAS_CRC ESP_LOGI(TAG, "2. Check CRC by MAC"); uint8_t crc; TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_MAC_FACTORY_CRC, &crc, 8)); TEST_ASSERT_EQUAL_HEX8(crc, esp_rom_efuse_mac_address_crc8(mac, sizeof(mac))); -#endif // CONFIG_IDF_TARGET_ESP32 +#endif ESP_LOGI(TAG, "3. Test check args"); uint32_t test_var; @@ -588,7 +593,7 @@ TEST_CASE("Test Bits are not empty. Write operation is forbidden", "[efuse]") uint8_t r_buff[32]; int st_offset = -1; int num_block; - for (num_block = EFUSE_BLK1; num_block < 4; ++num_block) { + for (num_block = EFUSE_BLK_KEY0; num_block < EFUSE_BLK_KEY_MAX; ++num_block) { memset(r_buff, 0, sizeof(r_buff)); esp_efuse_coding_scheme_t coding_scheme = esp_efuse_get_coding_scheme(num_block); if (coding_scheme == EFUSE_CODING_SCHEME_NONE) { @@ -607,7 +612,7 @@ TEST_CASE("Test Bits are not empty. Write operation is forbidden", "[efuse]") #else if (coding_scheme == EFUSE_CODING_SCHEME_RS) { printf("EFUSE_CODING_SCHEME_RS\n"); - if (num_block == EFUSE_BLK1) { + if (num_block == EFUSE_BLK_KEY0) { count_useful_reg = 6; } else { count_useful_reg = 8; @@ -640,7 +645,7 @@ TEST_CASE("Test Bits are not empty. Write operation is forbidden", "[efuse]") uint8_t val = 1; TEST_ESP_ERR(ESP_ERR_CODING, esp_efuse_write_block(num_block, &val, st_offset, 1)); } else { - printf("Test skipped. It is not applicable, the device has no written bits."); + printf("Test skipped. It is not applicable, the device has no written bits.\n"); } } @@ -722,71 +727,6 @@ TEST_CASE("Batch mode is thread-safe", "[efuse]") } #endif // #ifndef CONFIG_FREERTOS_UNICORE -static void test_wp(esp_efuse_block_t blk, const esp_efuse_desc_t* field[]) -{ - size_t out_cnt; - TEST_ESP_OK(esp_efuse_set_write_protect(blk)); - esp_efuse_read_field_cnt(field, &out_cnt); - TEST_ASSERT_EQUAL_INT(1, out_cnt); -} - -static void test_rp(esp_efuse_block_t blk, const esp_efuse_desc_t* field[], bool read_first) -{ - size_t out_cnt; - if (read_first) { - esp_efuse_read_field_cnt(field, &out_cnt); - TEST_ASSERT_EQUAL_INT(0, out_cnt); - } - TEST_ESP_OK(esp_efuse_set_read_protect(blk)); - esp_efuse_read_field_cnt(field, &out_cnt); - TEST_ASSERT_EQUAL_INT(1, out_cnt); - if (read_first) { - TEST_ESP_ERR(ESP_ERR_EFUSE_CNT_IS_FULL, esp_efuse_set_read_protect(blk)); - } -} - -TEST_CASE("Test a write/read protection", "[efuse]") -{ - esp_efuse_utility_reset(); - esp_efuse_utility_erase_virt_blocks(); - - esp_efuse_utility_debug_dump_blocks(); - - TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_set_write_protect(EFUSE_BLK0)); - TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_set_read_protect(EFUSE_BLK0)); - - size_t out_cnt; - esp_efuse_read_field_cnt(ESP_EFUSE_WR_DIS_BLK1, &out_cnt); - TEST_ASSERT_EQUAL_INT(0, out_cnt); - TEST_ESP_OK(esp_efuse_set_write_protect(EFUSE_BLK1)); - esp_efuse_read_field_cnt(ESP_EFUSE_WR_DIS_BLK1, &out_cnt); - TEST_ASSERT_EQUAL_INT(1, out_cnt); - TEST_ESP_ERR(ESP_ERR_EFUSE_CNT_IS_FULL, esp_efuse_set_write_protect(EFUSE_BLK1)); - -#ifdef CONFIG_IDF_TARGET_ESP32 - test_wp(EFUSE_BLK2, ESP_EFUSE_WR_DIS_BLK2); - test_wp(EFUSE_BLK3, ESP_EFUSE_WR_DIS_BLK3); - - esp_efuse_utility_debug_dump_blocks(); - - test_rp(EFUSE_BLK1, ESP_EFUSE_RD_DIS_BLK1, true); - test_rp(EFUSE_BLK2, ESP_EFUSE_RD_DIS_BLK2, false); - test_rp(EFUSE_BLK3, ESP_EFUSE_RD_DIS_BLK3, false); -#else - test_wp(EFUSE_BLK2, ESP_EFUSE_WR_DIS_SYS_DATA_PART1); - test_wp(EFUSE_BLK3, ESP_EFUSE_WR_DIS_USER_DATA); - - esp_efuse_utility_debug_dump_blocks(); - - test_rp(EFUSE_BLK4, ESP_EFUSE_RD_DIS_KEY0, true); - test_rp(EFUSE_BLK5, ESP_EFUSE_RD_DIS_KEY1, false); - test_rp(EFUSE_BLK6, ESP_EFUSE_RD_DIS_KEY2, false); -#endif - - esp_efuse_utility_debug_dump_blocks(); - esp_efuse_utility_reset(); - esp_efuse_utility_erase_virt_blocks(); -} static volatile bool cmd_stop_reset_task1; static void efuse_burn_task(void* arg) @@ -904,32 +844,7 @@ TEST_CASE("Test a real write (FPGA)", "[efuse]") TEST_ASSERT_EQUAL_HEX8_ARRAY(new_mac, mac, sizeof(new_mac)); esp_efuse_utility_debug_dump_blocks(); } -#ifndef CONFIG_IDF_TARGET_ESP32 - ESP_LOGI(TAG, "2. Write KEY3"); - uint8_t key[32] = {0}; - TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY3, &key, 256)); - for (int i = 0; i < sizeof(key); ++i) { - TEST_ASSERT_EQUAL_INT(0, key[i]); - } - uint8_t new_key[32] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, - 10, 11, 12, 12, 14, 15, 16, 17, 18, 19, - 20, 21, 22, 22, 24, 25, 26, 27, 28, 29, - 30, 31}; - TEST_ESP_OK(esp_efuse_write_field_blob(ESP_EFUSE_KEY3, &new_key, 256)); - TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY3, &key, 256)); - TEST_ASSERT_EQUAL_HEX8_ARRAY(new_key, key, sizeof(key)); - esp_efuse_utility_debug_dump_blocks(); - ESP_LOGI(TAG, "3. Set a read protection for KEY3"); - TEST_ESP_OK(esp_efuse_set_read_protect(EFUSE_BLK7)); - TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY3, &key, 256)); -#ifndef CONFIG_EFUSE_VIRTUAL - TEST_ASSERT_EACH_EQUAL_HEX8(0, key, sizeof(key)); -#else - TEST_ASSERT_EQUAL_HEX8_ARRAY(new_key, key, sizeof(key)); -#endif // CONFIG_EFUSE_VIRTUAL - esp_efuse_utility_debug_dump_blocks(); -#endif // not CONFIG_IDF_TARGET_ESP32 ESP_LOGI(TAG, "4. Write SECURE_VERSION"); int max_bits = esp_efuse_get_field_size(ESP_EFUSE_SECURE_VERSION); size_t read_sec_version; @@ -955,83 +870,3 @@ TEST_CASE("Test chip_revision APIs return the same value", "[efuse]") esp_efuse_utility_update_virt_blocks(); TEST_ASSERT_EQUAL_INT(esp_efuse_get_chip_ver(), bootloader_common_get_chip_revision()); } - -#ifndef CONFIG_IDF_TARGET_ESP32 -#if CONFIG_IDF_ENV_FPGA || CONFIG_EFUSE_VIRTUAL -TEST_CASE("Test writing order is BLK_MAX->BLK0", "[efuse]") -{ - uint8_t new_key[32] = {33, 1, 2, 3, 4, 5, 6, 7, 8, 9, - 10, 11, 12, 12, 14, 15, 16, 17, 18, 19, - 20, 21, 22, 22, 24, 25, 26, 27, 28, 29, - 30, 31}; - esp_efuse_utility_erase_virt_blocks(); - esp_efuse_utility_debug_dump_blocks(); - - TEST_ESP_OK(esp_efuse_batch_write_begin()); - - TEST_ESP_OK(esp_efuse_write_field_blob(ESP_EFUSE_KEY4, &new_key, 256)); - // If the order of writing blocks is wrong (ex. BLK0 -> BLK_MAX) - // then the write protection bit will be set early and the key was left un-updated. - TEST_ESP_OK(esp_efuse_set_write_protect(EFUSE_BLK_KEY4)); - - TEST_ESP_OK(esp_efuse_batch_write_commit()); - esp_efuse_utility_debug_dump_blocks(); - - uint8_t key[32] = { 0xEE }; - TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY4, &key, 256)); - TEST_ASSERT_EQUAL_HEX8_ARRAY(new_key, key, sizeof(key)); -} - -TEST_CASE("Test reading inside of batch mode in a nested way", "[efuse]") -{ - uint8_t new_key[32] = {44, 1, 2, 3, 4, 5, 6, 7, 8, 9, - 10, 11, 12, 12, 14, 15, 16, 17, 18, 19, - 20, 21, 22, 22, 24, 25, 26, 27, 28, 29, - 30, 31}; - uint8_t key[32] = { 0xEE }; - esp_efuse_utility_reset(); - esp_efuse_utility_erase_virt_blocks(); - esp_efuse_utility_debug_dump_blocks(); - - TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY5, &key, 256)); - TEST_ASSERT_EACH_EQUAL_HEX8(0, key, sizeof(key)); - - TEST_ESP_OK(esp_efuse_batch_write_begin()); - TEST_ESP_OK(esp_efuse_batch_write_begin()); - TEST_ESP_OK(esp_efuse_batch_write_begin()); - TEST_ESP_OK(esp_efuse_write_field_blob(ESP_EFUSE_KEY5, &new_key, 256)); - TEST_ESP_OK(esp_efuse_set_write_protect(EFUSE_BLK_KEY5)); - ESP_LOGI(TAG, "Reading inside Batch mode, the key was not burn yet and it is empty"); - TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY5, &key, 256)); - TEST_ASSERT_EACH_EQUAL_HEX8(0, key, sizeof(key)); - TEST_ESP_OK(esp_efuse_batch_write_commit()); - TEST_ESP_OK(esp_efuse_batch_write_commit()); - TEST_ESP_OK(esp_efuse_batch_write_commit()); - - TEST_ESP_OK(esp_efuse_batch_write_begin()); - TEST_ESP_OK(esp_efuse_batch_write_begin()); - TEST_ESP_OK(esp_efuse_batch_write_begin()); - TEST_ESP_OK(esp_efuse_batch_write_begin()); - ESP_LOGI(TAG, "Reading inside Batch mode, the key is already set"); - TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY5, &key, 256)); - TEST_ASSERT_EQUAL_HEX8_ARRAY(new_key, key, sizeof(key)); - TEST_ESP_OK(esp_efuse_batch_write_commit()); - TEST_ESP_OK(esp_efuse_batch_write_commit()); - TEST_ESP_OK(esp_efuse_batch_write_commit()); - TEST_ESP_OK(esp_efuse_batch_write_commit()); - - esp_efuse_utility_debug_dump_blocks(); - - ESP_LOGI(TAG, "Reading inside Batch mode, the key is already set"); - TEST_ESP_ERR(ESP_ERR_INVALID_STATE, esp_efuse_batch_write_commit()); - TEST_ESP_ERR(ESP_ERR_INVALID_STATE, esp_efuse_batch_write_cancel()); - TEST_ESP_OK(esp_efuse_batch_write_begin()); - TEST_ESP_OK(esp_efuse_write_field_blob(ESP_EFUSE_KEY2, &new_key, 256)); - TEST_ESP_OK(esp_efuse_batch_write_commit()); - TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY2, &key, 256)); - TEST_ASSERT_EQUAL_HEX8_ARRAY(new_key, key, sizeof(key)); - - esp_efuse_utility_debug_dump_blocks(); -} -#endif // CONFIG_IDF_ENV_FPGA || CONFIG_EFUSE_VIRTUAL -#endif // not CONFIG_IDF_TARGET_ESP32 diff --git a/components/efuse/test/esp_efuse_test_table.c b/components/efuse/test/three_key_blocks/esp_efuse_test_table.c similarity index 97% rename from components/efuse/test/esp_efuse_test_table.c rename to components/efuse/test/three_key_blocks/esp_efuse_test_table.c index 794ff6dc3b..f3bf87a331 100644 --- a/components/efuse/test/esp_efuse_test_table.c +++ b/components/efuse/test/three_key_blocks/esp_efuse_test_table.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2017-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2017-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ diff --git a/components/efuse/test/esp_efuse_test_table.csv b/components/efuse/test/three_key_blocks/esp_efuse_test_table.csv similarity index 100% rename from components/efuse/test/esp_efuse_test_table.csv rename to components/efuse/test/three_key_blocks/esp_efuse_test_table.csv diff --git a/components/efuse/test/include/esp_efuse_test_table.h b/components/efuse/test/three_key_blocks/include/esp_efuse_test_table.h similarity index 92% rename from components/efuse/test/include/esp_efuse_test_table.h rename to components/efuse/test/three_key_blocks/include/esp_efuse_test_table.h index c297e610d3..e3aed49200 100644 --- a/components/efuse/test/include/esp_efuse_test_table.h +++ b/components/efuse/test/three_key_blocks/include/esp_efuse_test_table.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2017-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2017-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ diff --git a/components/efuse/test/three_key_blocks/test_efuse.c b/components/efuse/test/three_key_blocks/test_efuse.c new file mode 100644 index 0000000000..e9a7b708ec --- /dev/null +++ b/components/efuse/test/three_key_blocks/test_efuse.c @@ -0,0 +1,86 @@ +/* + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#include +#include +#include +#include +#include +#include "unity.h" +#include "esp_log.h" +#include +#include "esp_efuse.h" +#include "esp_efuse_table.h" +#include "esp_efuse_utility.h" +#include "esp_efuse_test_table.h" +#include "bootloader_random.h" +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include "freertos/semphr.h" +#include "test_utils.h" +#include "sdkconfig.h" +#include "esp_rom_efuse.h" +#include "bootloader_common.h" + +__attribute__((unused)) static const char* TAG = "efuse_test"; + + +#ifdef CONFIG_EFUSE_VIRTUAL + +static void test_wp(esp_efuse_block_t blk, const esp_efuse_desc_t* field[]) +{ + size_t out_cnt; + TEST_ESP_OK(esp_efuse_set_write_protect(blk)); + esp_efuse_read_field_cnt(field, &out_cnt); + TEST_ASSERT_EQUAL_INT(1, out_cnt); +} + +static void test_rp(esp_efuse_block_t blk, const esp_efuse_desc_t* field[], bool read_first) +{ + size_t out_cnt; + if (read_first) { + esp_efuse_read_field_cnt(field, &out_cnt); + TEST_ASSERT_EQUAL_INT(0, out_cnt); + } + TEST_ESP_OK(esp_efuse_set_read_protect(blk)); + esp_efuse_read_field_cnt(field, &out_cnt); + TEST_ASSERT_EQUAL_INT(1, out_cnt); + if (read_first) { + TEST_ESP_ERR(ESP_ERR_EFUSE_CNT_IS_FULL, esp_efuse_set_read_protect(blk)); + } +} + +TEST_CASE("Test a write/read protection", "[efuse]") +{ + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); + + esp_efuse_utility_debug_dump_blocks(); + + TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_set_write_protect(EFUSE_BLK0)); + TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_set_read_protect(EFUSE_BLK0)); + + size_t out_cnt; + esp_efuse_read_field_cnt(ESP_EFUSE_WR_DIS_BLK1, &out_cnt); + TEST_ASSERT_EQUAL_INT(0, out_cnt); + TEST_ESP_OK(esp_efuse_set_write_protect(EFUSE_BLK1)); + esp_efuse_read_field_cnt(ESP_EFUSE_WR_DIS_BLK1, &out_cnt); + TEST_ASSERT_EQUAL_INT(1, out_cnt); + TEST_ESP_ERR(ESP_ERR_EFUSE_CNT_IS_FULL, esp_efuse_set_write_protect(EFUSE_BLK1)); + + test_wp(EFUSE_BLK2, ESP_EFUSE_WR_DIS_BLK2); + test_wp(EFUSE_BLK3, ESP_EFUSE_WR_DIS_BLK3); + + esp_efuse_utility_debug_dump_blocks(); + + test_rp(EFUSE_BLK1, ESP_EFUSE_RD_DIS_BLK1, true); + test_rp(EFUSE_BLK2, ESP_EFUSE_RD_DIS_BLK2, false); + test_rp(EFUSE_BLK3, ESP_EFUSE_RD_DIS_BLK3, false); + + esp_efuse_utility_debug_dump_blocks(); + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); +} +#endif // #ifdef CONFIG_EFUSE_VIRTUAL diff --git a/components/efuse/test/test_efuse_coding_scheme.c b/components/efuse/test/three_key_blocks/test_efuse_coding_scheme.c similarity index 98% rename from components/efuse/test/test_efuse_coding_scheme.c rename to components/efuse/test/three_key_blocks/test_efuse_coding_scheme.c index 753fe624d1..fc19720bf4 100644 --- a/components/efuse/test/test_efuse_coding_scheme.c +++ b/components/efuse/test/three_key_blocks/test_efuse_coding_scheme.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -11,7 +11,6 @@ #include "unity.h" #include "bootloader_random.h" -#ifdef CONFIG_IDF_TARGET_ESP32 typedef struct { uint8_t unencoded[24]; uint32_t encoded[8]; @@ -209,4 +208,3 @@ TEST_CASE("Test data does not match the coding scheme", "[efuse]") esp_efuse_utility_reset(); } -#endif // CONFIG_IDF_TARGET_ESP32 diff --git a/components/efuse/test/with_key_purposes/esp_efuse_test_table.c b/components/efuse/test/with_key_purposes/esp_efuse_test_table.c new file mode 100644 index 0000000000..a278ff0d12 --- /dev/null +++ b/components/efuse/test/with_key_purposes/esp_efuse_test_table.c @@ -0,0 +1,107 @@ +/* + * SPDX-FileCopyrightText: 2017-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include "sdkconfig.h" +#include "esp_efuse.h" +#include +#include "esp_efuse_test_table.h" + +// md5_digest_table 7d587827a6f6134241dce7d3713b3edc +// This file was generated from the file esp_efuse_test_table.csv. DO NOT CHANGE THIS FILE MANUALLY. +// If you want to change some fields, you need to change esp_efuse_test_table.csv file +// then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. +// To show efuse_table run the command 'show_efuse_table'. + +#define MAX_BLK_LEN CONFIG_EFUSE_MAX_BLK_LEN + +// The last free bit in the block is counted over the entire file. +#define LAST_FREE_BIT_BLK1 128 +#define LAST_FREE_BIT_BLK2 128 +#define LAST_FREE_BIT_BLK3 88 + +_Static_assert(LAST_FREE_BIT_BLK1 <= MAX_BLK_LEN, "The eFuse table does not match the coding scheme. Edit the table and restart the efuse_common_table or efuse_custom_table command to regenerate the new files."); +_Static_assert(LAST_FREE_BIT_BLK2 <= MAX_BLK_LEN, "The eFuse table does not match the coding scheme. Edit the table and restart the efuse_common_table or efuse_custom_table command to regenerate the new files."); +_Static_assert(LAST_FREE_BIT_BLK3 <= MAX_BLK_LEN, "The eFuse table does not match the coding scheme. Edit the table and restart the efuse_common_table or efuse_custom_table command to regenerate the new files."); + +static const esp_efuse_desc_t TEST1_LEN_8[] = { + {EFUSE_BLK3, 0, 8}, // TEST field, +}; + +static const esp_efuse_desc_t TEST2_LEN_16[] = { + {EFUSE_BLK3, 10, 8}, // TEST field, + {EFUSE_BLK3, 80, 8}, // TEST field, +}; + +static const esp_efuse_desc_t TEST3_LEN_6[] = { + {EFUSE_BLK3, 22, 6}, // TEST field, +}; + +static const esp_efuse_desc_t TEST4_LEN_182[] = { + {EFUSE_BLK1, 22, 49}, // TEST field, + {EFUSE_BLK1, 89, 39}, // TEST field, + {EFUSE_BLK1, 71, 18}, // TEST field, + {EFUSE_BLK1, 0, 16}, // TEST field, + {EFUSE_BLK2, 0, 17}, // TEST field, + {EFUSE_BLK2, 60, 43}, // TEST field, +}; + +static const esp_efuse_desc_t TEST5_LEN_1[] = { + {EFUSE_BLK1, 16, 1}, // TEST field, +}; + +static const esp_efuse_desc_t TEST6_LEN_17[] = { + {EFUSE_BLK1, 17, 1}, // TEST field, + {EFUSE_BLK2, 17, 2}, // TEST field, + {EFUSE_BLK3, 29, 4}, // TEST field, + {EFUSE_BLK2, 31, 3}, // TEST field, + {EFUSE_BLK3, 60, 6}, // TEST field, + {EFUSE_BLK2, 127, 1}, // TEST field, +}; + + + + + +const esp_efuse_desc_t* ESP_EFUSE_TEST1_LEN_8[] = { + &TEST1_LEN_8[0], // TEST field + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_TEST2_LEN_16[] = { + &TEST2_LEN_16[0], // TEST field + &TEST2_LEN_16[1], // TEST field + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_TEST3_LEN_6[] = { + &TEST3_LEN_6[0], // TEST field + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_TEST4_LEN_182[] = { + &TEST4_LEN_182[0], // TEST field + &TEST4_LEN_182[1], // TEST field + &TEST4_LEN_182[2], // TEST field + &TEST4_LEN_182[3], // TEST field + &TEST4_LEN_182[4], // TEST field + &TEST4_LEN_182[5], // TEST field + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_TEST5_LEN_1[] = { + &TEST5_LEN_1[0], // TEST field + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_TEST6_LEN_17[] = { + &TEST6_LEN_17[0], // TEST field + &TEST6_LEN_17[1], // TEST field + &TEST6_LEN_17[2], // TEST field + &TEST6_LEN_17[3], // TEST field + &TEST6_LEN_17[4], // TEST field + &TEST6_LEN_17[5], // TEST field + NULL +}; diff --git a/components/efuse/test/with_key_purposes/esp_efuse_test_table.csv b/components/efuse/test/with_key_purposes/esp_efuse_test_table.csv new file mode 100644 index 0000000000..24798c1a3f --- /dev/null +++ b/components/efuse/test/with_key_purposes/esp_efuse_test_table.csv @@ -0,0 +1,33 @@ +# field_name, | efuse_block, | bit_start, | bit_count, |comment # +# | (EFUSE_BLK0 | (0..255) | (1..256) | # +# | EFUSE_BLK1 | | | # +# | EFUSE_BLK2 | | | # +# | EFUSE_BLK3) | | | # +########################################################################## + +# To generate a new source files. Run two commands: +# cd ~/esp/esp-idf/components/efuse/ +# ./efuse_table_gen.py test/esp_efuse_test_table.csv + +TEST1_LEN_8, EFUSE_BLK3, 0, 8, TEST field + +TEST2_LEN_16, EFUSE_BLK3, 10, 8, TEST field +, EFUSE_BLK3, 80, 8, TEST field + +TEST3_LEN_6, EFUSE_BLK3, 22, 6, TEST field + +TEST4_LEN_182, EFUSE_BLK1, 22, 49, TEST field +, EFUSE_BLK1, 89, 39, TEST field +, EFUSE_BLK1, 71, 18, TEST field +, EFUSE_BLK1, 0, 16, TEST field +, EFUSE_BLK2, 0, 17, TEST field +, EFUSE_BLK2, 60, 43, TEST field + +TEST5_LEN_1, EFUSE_BLK1, 16, 1, TEST field + +TEST6_LEN_17, EFUSE_BLK1, 17, 1, TEST field +, EFUSE_BLK2, 17, 2, TEST field +, EFUSE_BLK3, 29, 4, TEST field +, EFUSE_BLK2, 31, 3, TEST field +, EFUSE_BLK3, 60, 6, TEST field +, EFUSE_BLK2, 127, 1, TEST field diff --git a/components/efuse/test/with_key_purposes/include/esp_efuse_test_table.h b/components/efuse/test/with_key_purposes/include/esp_efuse_test_table.h new file mode 100644 index 0000000000..6b6414a0da --- /dev/null +++ b/components/efuse/test/with_key_purposes/include/esp_efuse_test_table.h @@ -0,0 +1,28 @@ +/* + * SPDX-FileCopyrightText: 2017-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#ifdef __cplusplus +extern "C" { +#endif + + +// md5_digest_table 7d587827a6f6134241dce7d3713b3edc +// This file was generated from the file esp_efuse_test_table.csv. DO NOT CHANGE THIS FILE MANUALLY. +// If you want to change some fields, you need to change esp_efuse_test_table.csv file +// then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. +// To show efuse_table run the command 'show_efuse_table'. + + +extern const esp_efuse_desc_t* ESP_EFUSE_TEST1_LEN_8[]; +extern const esp_efuse_desc_t* ESP_EFUSE_TEST2_LEN_16[]; +extern const esp_efuse_desc_t* ESP_EFUSE_TEST3_LEN_6[]; +extern const esp_efuse_desc_t* ESP_EFUSE_TEST4_LEN_182[]; +extern const esp_efuse_desc_t* ESP_EFUSE_TEST5_LEN_1[]; +extern const esp_efuse_desc_t* ESP_EFUSE_TEST6_LEN_17[]; + +#ifdef __cplusplus +} +#endif diff --git a/components/efuse/test/with_key_purposes/test_efuse.c b/components/efuse/test/with_key_purposes/test_efuse.c new file mode 100644 index 0000000000..6b2d53b550 --- /dev/null +++ b/components/efuse/test/with_key_purposes/test_efuse.c @@ -0,0 +1,195 @@ +/* + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#include +#include +#include +#include +#include +#include "unity.h" +#include "esp_log.h" +#include +#include "esp_efuse.h" +#include "esp_efuse_table.h" +#include "esp_efuse_utility.h" +#include "esp_efuse_test_table.h" +#include "bootloader_random.h" +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include "freertos/semphr.h" +#include "test_utils.h" +#include "sdkconfig.h" +#include "esp_rom_efuse.h" +#include "bootloader_common.h" + +__attribute__((unused)) static const char* TAG = "efuse_test"; + + +#ifdef CONFIG_EFUSE_VIRTUAL + +static void test_wp(esp_efuse_block_t blk, const esp_efuse_desc_t* field[]) +{ + size_t out_cnt; + TEST_ESP_OK(esp_efuse_set_write_protect(blk)); + esp_efuse_read_field_cnt(field, &out_cnt); + TEST_ASSERT_EQUAL_INT(1, out_cnt); +} + +static void test_rp(esp_efuse_block_t blk, const esp_efuse_desc_t* field[], bool read_first) +{ + size_t out_cnt; + if (read_first) { + esp_efuse_read_field_cnt(field, &out_cnt); + TEST_ASSERT_EQUAL_INT(0, out_cnt); + } + TEST_ESP_OK(esp_efuse_set_read_protect(blk)); + esp_efuse_read_field_cnt(field, &out_cnt); + TEST_ASSERT_EQUAL_INT(1, out_cnt); + if (read_first) { + TEST_ESP_ERR(ESP_ERR_EFUSE_CNT_IS_FULL, esp_efuse_set_read_protect(blk)); + } +} + +TEST_CASE("Test a write/read protection", "[efuse]") +{ + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); + + esp_efuse_utility_debug_dump_blocks(); + + TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_set_write_protect(EFUSE_BLK0)); + TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_set_read_protect(EFUSE_BLK0)); + + size_t out_cnt; + esp_efuse_read_field_cnt(ESP_EFUSE_WR_DIS_BLK1, &out_cnt); + TEST_ASSERT_EQUAL_INT(0, out_cnt); + TEST_ESP_OK(esp_efuse_set_write_protect(EFUSE_BLK1)); + esp_efuse_read_field_cnt(ESP_EFUSE_WR_DIS_BLK1, &out_cnt); + TEST_ASSERT_EQUAL_INT(1, out_cnt); + TEST_ESP_ERR(ESP_ERR_EFUSE_CNT_IS_FULL, esp_efuse_set_write_protect(EFUSE_BLK1)); + + test_wp(EFUSE_BLK2, ESP_EFUSE_WR_DIS_SYS_DATA_PART1); + test_wp(EFUSE_BLK3, ESP_EFUSE_WR_DIS_USER_DATA); + + esp_efuse_utility_debug_dump_blocks(); + + test_rp(EFUSE_BLK4, ESP_EFUSE_RD_DIS_KEY0, true); + test_rp(EFUSE_BLK5, ESP_EFUSE_RD_DIS_KEY1, false); + test_rp(EFUSE_BLK6, ESP_EFUSE_RD_DIS_KEY2, false); + + esp_efuse_utility_debug_dump_blocks(); + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); +} +#endif // CONFIG_EFUSE_VIRTUAL + +#ifdef CONFIG_IDF_ENV_FPGA +TEST_CASE("Test a real write (FPGA)2", "[efuse]") +{ + esp_efuse_utility_debug_dump_blocks(); + ESP_LOGI(TAG, "1. Write KEY3"); + uint8_t key[32] = {0}; + TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY3, &key, 256)); + for (int i = 0; i < sizeof(key); ++i) { + TEST_ASSERT_EQUAL_INT(0, key[i]); + } + uint8_t new_key[32] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, + 10, 11, 12, 12, 14, 15, 16, 17, 18, 19, + 20, 21, 22, 22, 24, 25, 26, 27, 28, 29, + 30, 31}; + TEST_ESP_OK(esp_efuse_write_field_blob(ESP_EFUSE_KEY3, &new_key, 256)); + TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY3, &key, 256)); + TEST_ASSERT_EQUAL_HEX8_ARRAY(new_key, key, sizeof(key)); + esp_efuse_utility_debug_dump_blocks(); + + ESP_LOGI(TAG, "2. Set a read protection for KEY3"); + TEST_ESP_OK(esp_efuse_set_read_protect(ESP_EFUSE_KEY3)); + TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY3, &key, 256)); +#ifndef CONFIG_EFUSE_VIRTUAL + TEST_ASSERT_EACH_EQUAL_HEX8(0, key, sizeof(key)); +#else + TEST_ASSERT_EQUAL_HEX8_ARRAY(new_key, key, sizeof(key)); +#endif // CONFIG_EFUSE_VIRTUAL + esp_efuse_utility_debug_dump_blocks(); +} +#endif // CONFIG_IDF_ENV_FPGA + +#if CONFIG_IDF_ENV_FPGA || CONFIG_EFUSE_VIRTUAL +TEST_CASE("Test writing order is BLK_MAX->BLK0", "[efuse]") +{ + uint8_t new_key[32] = {33, 1, 2, 3, 4, 5, 6, 7, 8, 9, + 10, 11, 12, 12, 14, 15, 16, 17, 18, 19, + 20, 21, 22, 22, 24, 25, 26, 27, 28, 29, + 30, 31}; + esp_efuse_utility_erase_virt_blocks(); + esp_efuse_utility_debug_dump_blocks(); + + TEST_ESP_OK(esp_efuse_batch_write_begin()); + + TEST_ESP_OK(esp_efuse_write_field_blob(ESP_EFUSE_KEY4, &new_key, 256)); + // If the order of writing blocks is wrong (ex. BLK0 -> BLK_MAX) + // then the write protection bit will be set early and the key was left un-updated. + TEST_ESP_OK(esp_efuse_set_write_protect(EFUSE_BLK_KEY4)); + + TEST_ESP_OK(esp_efuse_batch_write_commit()); + esp_efuse_utility_debug_dump_blocks(); + + uint8_t key[32] = { 0xEE }; + TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY4, &key, 256)); + TEST_ASSERT_EQUAL_HEX8_ARRAY(new_key, key, sizeof(key)); +} + +TEST_CASE("Test reading inside of batch mode in a nested way", "[efuse]") +{ + uint8_t new_key[32] = {44, 1, 2, 3, 4, 5, 6, 7, 8, 9, + 10, 11, 12, 12, 14, 15, 16, 17, 18, 19, + 20, 21, 22, 22, 24, 25, 26, 27, 28, 29, + 30, 31}; + uint8_t key[32] = { 0xEE }; + esp_efuse_utility_reset(); + esp_efuse_utility_erase_virt_blocks(); + esp_efuse_utility_debug_dump_blocks(); + + TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY5, &key, 256)); + TEST_ASSERT_EACH_EQUAL_HEX8(0, key, sizeof(key)); + + TEST_ESP_OK(esp_efuse_batch_write_begin()); + TEST_ESP_OK(esp_efuse_batch_write_begin()); + TEST_ESP_OK(esp_efuse_batch_write_begin()); + TEST_ESP_OK(esp_efuse_write_field_blob(ESP_EFUSE_KEY5, &new_key, 256)); + TEST_ESP_OK(esp_efuse_set_write_protect(EFUSE_BLK_KEY5)); + ESP_LOGI(TAG, "Reading inside Batch mode, the key was not burn yet and it is empty"); + TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY5, &key, 256)); + TEST_ASSERT_EACH_EQUAL_HEX8(0, key, sizeof(key)); + TEST_ESP_OK(esp_efuse_batch_write_commit()); + TEST_ESP_OK(esp_efuse_batch_write_commit()); + TEST_ESP_OK(esp_efuse_batch_write_commit()); + + TEST_ESP_OK(esp_efuse_batch_write_begin()); + TEST_ESP_OK(esp_efuse_batch_write_begin()); + TEST_ESP_OK(esp_efuse_batch_write_begin()); + TEST_ESP_OK(esp_efuse_batch_write_begin()); + ESP_LOGI(TAG, "Reading inside Batch mode, the key is already set"); + TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY5, &key, 256)); + TEST_ASSERT_EQUAL_HEX8_ARRAY(new_key, key, sizeof(key)); + TEST_ESP_OK(esp_efuse_batch_write_commit()); + TEST_ESP_OK(esp_efuse_batch_write_commit()); + TEST_ESP_OK(esp_efuse_batch_write_commit()); + TEST_ESP_OK(esp_efuse_batch_write_commit()); + + esp_efuse_utility_debug_dump_blocks(); + + ESP_LOGI(TAG, "Reading inside Batch mode, the key is already set"); + TEST_ESP_ERR(ESP_ERR_INVALID_STATE, esp_efuse_batch_write_commit()); + TEST_ESP_ERR(ESP_ERR_INVALID_STATE, esp_efuse_batch_write_cancel()); + TEST_ESP_OK(esp_efuse_batch_write_begin()); + TEST_ESP_OK(esp_efuse_write_field_blob(ESP_EFUSE_KEY2, &new_key, 256)); + TEST_ESP_OK(esp_efuse_batch_write_commit()); + TEST_ESP_OK(esp_efuse_read_field_blob(ESP_EFUSE_KEY2, &key, 256)); + TEST_ASSERT_EQUAL_HEX8_ARRAY(new_key, key, sizeof(key)); + + esp_efuse_utility_debug_dump_blocks(); +} +#endif // CONFIG_IDF_ENV_FPGA || CONFIG_EFUSE_VIRTUAL diff --git a/components/efuse/test/test_efuse_keys.c b/components/efuse/test/with_key_purposes/test_efuse_keys.c similarity index 98% rename from components/efuse/test/test_efuse_keys.c rename to components/efuse/test/with_key_purposes/test_efuse_keys.c index 24f3190bed..b7a4994e1e 100644 --- a/components/efuse/test/test_efuse_keys.c +++ b/components/efuse/test/with_key_purposes/test_efuse_keys.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -17,10 +17,10 @@ #include "esp_efuse_utility.h" #include "sdkconfig.h" -__attribute__((unused)) static const char* TAG = "efuse_test"; +__attribute__((unused)) static const char* TAG = "efuse_key_test"; -#ifndef CONFIG_IDF_TARGET_ESP32 +#ifdef CONFIG_EFUSE_VIRTUAL TEST_CASE("Test keys and purposes, rd, wr, wr_key_purposes are in the initial state", "[efuse]") { @@ -47,6 +47,7 @@ TEST_CASE("Test keys and purposes, rd, wr, wr_key_purposes are in the initial st printf("EFUSE_BLK_KEY%d, RD, WR, PURPOSE_USER, PURPOSE_USER WR ... OK\n", num_key - EFUSE_BLK_KEY0); } } +#endif // CONFIG_EFUSE_VIRTUAL // If using efuse is real, then turn off writing tests. #if CONFIG_EFUSE_VIRTUAL || CONFIG_IDF_ENV_FPGA @@ -309,6 +310,8 @@ TEST_CASE("Test esp_efuse_write_keys for returned errors", "[efuse]") TEST_ESP_ERR(ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS, esp_efuse_write_keys(purpose, keys, unused_keys + 1)); } +#if SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY + TEST_CASE("Test revocation APIs", "[efuse]") { esp_efuse_utility_reset(); @@ -381,7 +384,6 @@ TEST_CASE("Test set_write_protect_of_digest_revoke", "[efuse]") TEST_ASSERT_TRUE(esp_efuse_get_digest_revoke(2)); #endif // CONFIG_IDF_ENV_FPGA && !CONFIG_EFUSE_VIRTUAL } +#endif // SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY #endif // CONFIG_EFUSE_VIRTUAL || CONFIG_IDF_ENV_FPGA - -#endif // not CONFIG_IDF_TARGET_ESP32 diff --git a/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in index 8969ec7393..99d7b61b05 100644 --- a/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in @@ -36,10 +36,18 @@ config SOC_SUPPORTS_SECURE_DL_MODE default y config SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS - int - default 3 + bool + default y config SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS + bool + default n + +config SOC_EFUSE_KEY_PURPOSE_FIELD + bool + default n + +config SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK bool default y diff --git a/components/soc/esp32c2/include/soc/soc_caps.h b/components/soc/esp32c2/include/soc/soc_caps.h index 37e94fe626..71ff1b8f00 100644 --- a/components/soc/esp32c2/include/soc/soc_caps.h +++ b/components/soc/esp32c2/include/soc/soc_caps.h @@ -33,8 +33,10 @@ #define SOC_WIFI_SUPPORTED 0 // Enable during bringup, IDF-3905 #define SOC_ASYNC_MEMCPY_SUPPORTED 1 #define SOC_SUPPORTS_SECURE_DL_MODE 1 -#define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 3 -#define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS 1 +#define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 1 +#define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS 0 +#define SOC_EFUSE_KEY_PURPOSE_FIELD 0 +#define SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK 1 #define SOC_RTC_FAST_MEM_SUPPORTED 0 #define SOC_RTC_SLOW_MEM_SUPPORTED 0 #define SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY 0 diff --git a/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in index b9f473ddc3..51aabdef30 100644 --- a/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in @@ -71,6 +71,10 @@ config SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS bool default y +config SOC_EFUSE_KEY_PURPOSE_FIELD + bool + default y + config SOC_ICACHE_ACCESS_RODATA_SUPPORTED bool default y diff --git a/components/soc/esp32c3/include/soc/soc_caps.h b/components/soc/esp32c3/include/soc/soc_caps.h index f3395bb06b..00f51085b5 100644 --- a/components/soc/esp32c3/include/soc/soc_caps.h +++ b/components/soc/esp32c3/include/soc/soc_caps.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -42,6 +42,7 @@ #define SOC_SUPPORTS_SECURE_DL_MODE 1 #define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 3 #define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS 1 +#define SOC_EFUSE_KEY_PURPOSE_FIELD 1 #define SOC_ICACHE_ACCESS_RODATA_SUPPORTED 1 #define SOC_RTC_FAST_MEM_SUPPORTED 1 #define SOC_RTC_SLOW_MEM_SUPPORTED 0 diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in index e7454d936e..0b315914b0 100644 --- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in @@ -51,6 +51,10 @@ config SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS int default 3 +config SOC_EFUSE_KEY_PURPOSE_FIELD + bool + default y + config SOC_ICACHE_ACCESS_RODATA_SUPPORTED bool default y diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index c4d4de7b4c..d8e2cffd22 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -36,6 +36,7 @@ #define SOC_USB_SERIAL_JTAG_SUPPORTED 1 #define SOC_SUPPORTS_SECURE_DL_MODE 1 #define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 3 +#define SOC_EFUSE_KEY_PURPOSE_FIELD 1 #define SOC_ICACHE_ACCESS_RODATA_SUPPORTED 1 #define SOC_TEMP_SENSOR_SUPPORTED 1 #define SOC_RTC_FAST_MEM_SUPPORTED 1 diff --git a/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in index e14c8500cb..28af2134ef 100644 --- a/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in @@ -75,6 +75,10 @@ config SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS bool default y +config SOC_EFUSE_KEY_PURPOSE_FIELD + bool + default y + config SOC_ICACHE_ACCESS_RODATA_SUPPORTED bool default y diff --git a/components/soc/esp32s2/include/soc/soc_caps.h b/components/soc/esp32s2/include/soc/soc_caps.h index 9374d84e37..8a1136145f 100644 --- a/components/soc/esp32s2/include/soc/soc_caps.h +++ b/components/soc/esp32s2/include/soc/soc_caps.h @@ -57,6 +57,7 @@ #define SOC_ASYNC_MEMCPY_SUPPORTED 1 #define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 3 #define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS 1 +#define SOC_EFUSE_KEY_PURPOSE_FIELD 1 #define SOC_ICACHE_ACCESS_RODATA_SUPPORTED 1 #define SOC_TEMP_SENSOR_SUPPORTED 1 #define SOC_CACHE_SUPPORT_WRAP 1 diff --git a/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in b/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in index 2eb054b0fc..d4672ec465 100644 --- a/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in @@ -215,6 +215,10 @@ config SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS bool default y +config SOC_EFUSE_KEY_PURPOSE_FIELD + bool + default y + config SOC_SDMMC_HOST_SUPPORTED bool default y diff --git a/components/soc/esp32s3/include/soc/soc_caps.h b/components/soc/esp32s3/include/soc/soc_caps.h index b3be1edabf..a311c4ed85 100644 --- a/components/soc/esp32s3/include/soc/soc_caps.h +++ b/components/soc/esp32s3/include/soc/soc_caps.h @@ -47,6 +47,7 @@ #define SOC_SUPPORTS_SECURE_DL_MODE 1 #define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 3 #define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS 1 +#define SOC_EFUSE_KEY_PURPOSE_FIELD 1 #define SOC_SDMMC_HOST_SUPPORTED 1 #define SOC_FLASH_ENCRYPTION_XTS_AES 1 #define SOC_RTC_FAST_MEM_SUPPORTED 1