efuse: Hides the FLASH_ENCRYPTION_MODE_RELEASE option when using EFUSE_VIRTUAL

This commit is contained in:
KonstantinKondrashov 2022-12-21 19:31:27 +08:00
parent 9e02682097
commit 92de037883
2 changed files with 8 additions and 0 deletions

View File

@ -811,6 +811,10 @@ menu "Security features"
Release mode should always be selected for production or manufacturing. Once enabled it's no longer
possible for the device in ROM Download Mode to use the flash encryption hardware.
When EFUSE_VIRTUAL is enabled, SECURE_FLASH_ENCRYPTION_MODE_RELEASE is not available.
For CI tests we use IDF_CI_BUILD to bypass it ("export IDF_CI_BUILD=1").
We do not recommend bypassing it for other purposes.
Refer to the Flash Encryption section of the ESP-IDF Programmer's Guide for details.
config SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
@ -820,6 +824,7 @@ menu "Security features"
config SECURE_FLASH_ENCRYPTION_MODE_RELEASE
bool "Release"
select PARTITION_TABLE_MD5 if !APP_COMPATIBLE_PRE_V3_1_BOOTLOADERS
depends on !EFUSE_VIRTUAL || IDF_CI_BUILD
endchoice

View File

@ -23,6 +23,9 @@ menu "eFuse Bit Manager"
to RAM instead of eFuse registers, all permanent changes (via eFuse) are disabled.
Log output will state changes that would be applied, but they will not be.
If it is "y", then SECURE_FLASH_ENCRYPTION_MODE_RELEASE cannot be used.
Because the EFUSE VIRT mode is for testing only.
During startup, the eFuses are copied into RAM. This mode is useful for fast tests.
config EFUSE_VIRTUAL_KEEP_IN_FLASH