mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
fix(nvs_sec_provider): Added check for nvs_keys partition
Added check to whether nvs_keys partition is provided or not in partiton csv. Converted nvs_sec_provider_register_flash_enc_ctr and nvs_sec_provider_register_hmac_ctr functions from __attribute__(constructor) to ESP_SYSTEM_INIT_FN.
This commit is contained in:
parent
ef221d007a
commit
aaf1f868d5
@ -97,6 +97,10 @@ SECONDARY: 130: init_coredump in components/espcoredump/src/core_dump_init.c on
|
|||||||
# esp_debug_stubs doesn't have init dependencies
|
# esp_debug_stubs doesn't have init dependencies
|
||||||
SECONDARY: 140: init_dbg_stubs in components/app_trace/debug_stubs.c on BIT(0)
|
SECONDARY: 140: init_dbg_stubs in components/app_trace/debug_stubs.c on BIT(0)
|
||||||
|
|
||||||
|
# Register NVS Encryption schemes
|
||||||
|
SECONDARY: 150: nvs_sec_provider_register_flash_enc_scheme in components/nvs_sec_provider/nvs_sec_provider.c on BIT(0)
|
||||||
|
SECONDARY: 151: nvs_sec_provider_register_hmac_scheme in components/nvs_sec_provider/nvs_sec_provider.c on BIT(0)
|
||||||
|
|
||||||
# the rest of the components which are initialized from startup_funcs.c
|
# the rest of the components which are initialized from startup_funcs.c
|
||||||
# [refactor-todo]: move init calls into respective components
|
# [refactor-todo]: move init calls into respective components
|
||||||
SECONDARY: 201: init_pm in components/esp_system/startup_funcs.c on BIT(0)
|
SECONDARY: 201: init_pm in components/esp_system/startup_funcs.c on BIT(0)
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
@ -10,10 +10,10 @@
|
|||||||
#include "esp_fault.h"
|
#include "esp_fault.h"
|
||||||
#include "soc/soc_caps.h"
|
#include "soc/soc_caps.h"
|
||||||
#include "sdkconfig.h"
|
#include "sdkconfig.h"
|
||||||
|
|
||||||
#include "nvs_flash.h"
|
#include "nvs_flash.h"
|
||||||
#include "nvs_sec_provider.h"
|
#include "nvs_sec_provider.h"
|
||||||
|
|
||||||
|
#include "esp_private/startup_internal.h"
|
||||||
#if SOC_HMAC_SUPPORTED
|
#if SOC_HMAC_SUPPORTED
|
||||||
#include "bootloader_random.h"
|
#include "bootloader_random.h"
|
||||||
#include "esp_random.h"
|
#include "esp_random.h"
|
||||||
@ -79,14 +79,27 @@ esp_err_t nvs_sec_provider_register_flash_enc(const nvs_sec_config_flash_enc_t *
|
|||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void __attribute__((constructor)) nvs_sec_provider_register_flash_enc_ctr(void)
|
|
||||||
|
ESP_SYSTEM_INIT_FN(nvs_sec_provider_register_flash_enc_scheme, SECONDARY, BIT(0), 150)
|
||||||
{
|
{
|
||||||
ESP_EARLY_LOGI(TAG, "NVS Encryption - Registering Flash encryption-based scheme...");
|
ESP_EARLY_LOGI(TAG, "NVS Encryption - Registering Flash encryption-based scheme...");
|
||||||
|
|
||||||
nvs_sec_config_flash_enc_t sec_scheme_cfg = NVS_SEC_PROVIDER_CFG_FLASH_ENC_DEFAULT();
|
nvs_sec_config_flash_enc_t sec_scheme_cfg = NVS_SEC_PROVIDER_CFG_FLASH_ENC_DEFAULT();
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This checks partition with subtype nvs_keys from partition table, if NVS Encryption is enabled
|
||||||
|
* and "nvs_keys" do not exist in partition table, then execution gets aborted. To fix the problem,
|
||||||
|
* please introduce partition with subtype "nvs_keys" in the partition table.
|
||||||
|
*/
|
||||||
|
|
||||||
|
if (sec_scheme_cfg.nvs_keys_part == NULL) {
|
||||||
|
ESP_EARLY_LOGE(TAG, "partition with subtype \"nvs_keys\" not found");
|
||||||
|
return ESP_FAIL;
|
||||||
|
}
|
||||||
|
|
||||||
nvs_sec_scheme_t *sec_scheme_handle_out = NULL;
|
nvs_sec_scheme_t *sec_scheme_handle_out = NULL;
|
||||||
|
|
||||||
nvs_sec_provider_register_flash_enc(&sec_scheme_cfg, &sec_scheme_handle_out);
|
return nvs_sec_provider_register_flash_enc(&sec_scheme_cfg, &sec_scheme_handle_out);
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
@ -251,14 +264,15 @@ esp_err_t nvs_sec_provider_register_hmac(const nvs_sec_config_hmac_t *sec_scheme
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if CONFIG_NVS_SEC_KEY_PROTECT_USING_HMAC
|
#if CONFIG_NVS_SEC_KEY_PROTECT_USING_HMAC
|
||||||
static void __attribute__((constructor)) nvs_sec_provider_register_hmac_ctr(void)
|
ESP_SYSTEM_INIT_FN(nvs_sec_provider_register_hmac_scheme, SECONDARY, BIT(0), 151)
|
||||||
{
|
{
|
||||||
ESP_EARLY_LOGI(TAG, "NVS Encryption - Registering HMAC-based scheme...");
|
ESP_EARLY_LOGI(TAG, "NVS Encryption - Registering HMAC-based scheme...");
|
||||||
|
|
||||||
nvs_sec_config_hmac_t sec_scheme_cfg = NVS_SEC_PROVIDER_CFG_HMAC_DEFAULT();
|
nvs_sec_config_hmac_t sec_scheme_cfg = NVS_SEC_PROVIDER_CFG_HMAC_DEFAULT();
|
||||||
|
|
||||||
nvs_sec_scheme_t *sec_scheme_handle_out = NULL;
|
nvs_sec_scheme_t *sec_scheme_handle_out = NULL;
|
||||||
|
|
||||||
nvs_sec_provider_register_hmac(&sec_scheme_cfg, &sec_scheme_handle_out);
|
return nvs_sec_provider_register_hmac(&sec_scheme_cfg, &sec_scheme_handle_out);
|
||||||
}
|
}
|
||||||
#endif // CONFIG_NVS_SEC_KEY_PROTECT_USING_HMAC
|
#endif // CONFIG_NVS_SEC_KEY_PROTECT_USING_HMAC
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user