alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

secure boot: Rename efuse option for UART bootloader to option for ROM interpreter

Browse Source
This commit is contained in:
Angus Gratton 2016-11-11 15:14:13 +11:00
parent bcdebda8e4
commit 8691b54758
2 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
components/bootloader/Kconfig.projbuild
View File

@ -85,31 +85,31 @@ config SECURE_BOOT_SIGNING_KEY
See docs/security/secure-boot.rst for details. See docs/security/secure-boot.rst for details.
config SECURE_BOOT_DISABLE_JTAG config SECURE_BOOT_DISABLE_JTAG
bool "First boot: Permanently disable JTAG" bool "First boot: Permanently disable JTAG"
depends on SECURE_BOOTLOADER_ENABLED depends on SECURE_BOOTLOADER_ENABLED
default Y default Y
help help
Bootloader permanently disable JTAG (across entire chip) when enabling secure boot. This happens on first boot of the bootloader. Bootloader permanently disable JTAG (across entire chip) when enabling secure boot. This happens on first boot of the bootloader.
It is recommended this option remains set for production environments. It is recommended this option remains set for production environments.
config SECURE_BOOT_DISABLE_UART_BOOTLOADER config SECURE_BOOT_DISABLE_ROM_BASIC
bool "First boot: Permanently disable UART bootloader" bool "First boot: Permanently disable ROM BASIC fallback"
depends on SECURE_BOOTLOADER_ENABLED depends on SECURE_BOOTLOADER_ENABLED
default Y default Y
help help
Bootloader permanently disables UART and other bootloader modes when enabling secure boot. This happens on first boot. Bootloader permanently disables ROM BASIC (on UART console) as a fallback if the bootloader image becomes invalid. This happens on first boot.
It is recommended this option remains set for production environments. It is recommended this option remains set in production environments.
config SECURE_BOOT_TEST_MODE config SECURE_BOOT_TEST_MODE
bool "Test mode: don't actually enable secure boot" bool "Test mode: don't actually enable secure boot"
depends on SECURE_BOOTLOADER_ENABLED depends on SECURE_BOOTLOADER_ENABLED
default N default N
help help
If this option is set, all permanent secure boot changes (via Efuse) are disabled. If this option is set, all permanent secure boot changes (via Efuse) are disabled.
This option is for testing purposes only - it effectively completely disables secure boot protection. This option is for testing purposes only - it effectively completely disables secure boot protection.
config SECURE_BOOTLOADER_ENABLED config SECURE_BOOTLOADER_ENABLED
bool bool

2
components/bootloader_support/src/secure_boot_signatures.c
View File

@ -46,7 +46,7 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
uint8_t digest[32]; uint8_t digest[32];
ptrdiff_t keylen; ptrdiff_t keylen;
const uint8_t *data, *digest_data; const uint8_t *data, *digest_data;
uint32_t digest_len, chunk_len; uint32_t digest_len;
const signature_block_t *sigblock; const signature_block_t *sigblock;
bool is_valid; bool is_valid;