Update to compatible crc & SBv2 enable check api's

2024-10-05 20:47:46 -04:00 · 2020-08-06 02:40:53 +05:30 · 2020-08-06 02:40:53 +05:30 · 7d57165922
commit 7d57165922
parent d72350c0ce
3 changed files with 5 additions and 16 deletions
--- a/components/bootloader_support/src/esp32/secure_boot.c
+++ b/components/bootloader_support/src/esp32/secure_boot.c
@ -319,7 +319,7 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag
    uint32_t dis_reg = REG_READ(EFUSE_BLK0_RDATA0_REG);
    bool efuse_key_read_protected = dis_reg & EFUSE_RD_DIS_BLK2;
    bool efuse_key_write_protected = dis_reg & EFUSE_WR_DIS_BLK2;
-    if (efuse_key_write_protected == false 
+    if (efuse_key_write_protected == false
        && efuse_key_read_protected == false
        && REG_READ(EFUSE_BLK2_RDATA0_REG) == 0
        && REG_READ(EFUSE_BLK2_RDATA1_REG) == 0
@ -392,17 +392,6 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag
    ESP_LOGW(TAG, "Not disabling ROM BASIC fallback - SECURITY COMPROMISED");
 #endif

-#ifdef CONFIG_SECURE_DISABLE_ROM_DL_MODE
-    ESP_LOGI(TAG, "Disable ROM Download mode...");
-    esp_err_t err = esp_efuse_disable_rom_download_mode();
-    if (err != ESP_OK) {
-        ESP_LOGE(TAG, "Could not disable ROM Download mode...");
-        return ESP_FAIL;
-    }
-#else
-    ESP_LOGW(TAG, "Not disabling ROM Download mode - SECURITY COMPROMISED");
-#endif
-
 #ifndef CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS
    bool rd_dis_now = true;
 #ifdef CONFIG_SECURE_FLASH_ENC_ENABLED
--- a/components/bootloader_support/src/esp32s2/secure_boot.c
+++ b/components/bootloader_support/src/esp32s2/secure_boot.c
@ -21,7 +21,7 @@
 #include "bootloader_sha.h"
 #include "bootloader_utility.h"

-#include "esp_rom_crc.h"
+#include "esp32s2/rom/crc.h"
 #include "esp_efuse.h"
 #include "esp_efuse_table.h"

@ -40,7 +40,7 @@ static const char *TAG = "secure_boot_v2";
 /* A signature block is valid when it has correct magic byte, crc and image digest. */
 static esp_err_t validate_signature_block(const ets_secure_boot_sig_block_t *block, int block_num, const uint8_t *image_digest)
 {
-    uint32_t crc = esp_rom_crc32_le(0, (uint8_t *)block, CRC_SIGN_BLOCK_LEN);
+    uint32_t crc = crc32_le(0, (uint8_t *)block, CRC_SIGN_BLOCK_LEN);
    if (block->magic_byte != SIG_BLOCK_MAGIC_BYTE) {
        // All signature blocks have been parsed, no new signature block present.
        ESP_LOGD(TAG, "Signature block(%d) invalid/absent.", block_num);
@ -318,7 +318,7 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag
    assert(ets_efuse_secure_boot_aggressive_revoke_enabled());
 #endif

-    assert(esp_rom_efuse_is_secure_boot_enabled());
+    assert(ets_efuse_secure_boot_enabled());
    ESP_LOGI(TAG, "Secure boot permanently enabled");

    return ESP_OK;
--- a/components/esptool_py/esptool
+++ b/components/esptool_py/esptool
@ -1 +1 @@
-Subproject commit 5eada56341f3a74c3e09eef3b1266f1072145059
+Subproject commit 10225816df4c9c1b078e677e8a75a87778786ad1