diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild index cbd39b5626..7417e11da1 100644 --- a/components/bootloader/Kconfig.projbuild +++ b/components/bootloader/Kconfig.projbuild @@ -732,9 +732,17 @@ menu "Security features" efuse when Secure Boot is enabled. This prevents any more efuses from being read protected. If this option is set, it will remain possible to write the EFUSE_RD_DIS efuse field after Secure - Boot is enabled. This may allow an attacker to read-protect the BLK2 efuse holding the public - key digest, causing an immediate denial of service and possibly allowing an additional fault - injection attack to bypass the signature protection. + Boot is enabled. This may allow an attacker to read-protect the BLK2 efuse (for ESP32) and + BLOCK4-BLOCK10 (i.e. BLOCK_KEY0-BLOCK_KEY5)(for other chips) holding the public key digest, causing an + immediate denial of service and possibly allowing an additional fault injection attack to + bypass the signature protection. + + NOTE: Once a BLOCK is read-protected, the application will read all zeros from that block + + NOTE: If "UART ROM download mode (Permanently disabled (recommended))" or + "UART ROM download mode (Permanently switch to Secure mode (recommended))" is set, + then it is __NOT__ possible to read/write efuses using espefuse.py utility. + However, efuse can be read/written from the application config SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC bool "Leave UART bootloader encryption enabled" diff --git a/components/bootloader_support/src/esp32c3/flash_encrypt.c b/components/bootloader_support/src/esp32c3/flash_encrypt.c index 8c553cd253..12cd48ac09 100644 --- a/components/bootloader_support/src/esp32c3/flash_encrypt.c +++ b/components/bootloader_support/src/esp32c3/flash_encrypt.c @@ -152,6 +152,12 @@ static esp_err_t initialise_flash_encryption(void) esp_efuse_write_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT); +#if defined(CONFIG_SECURE_BOOT_V2_ENABLED) && !defined(CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS) + // This bit is set when enabling Secure Boot V2, but we can't enable it until this later point in the first boot + // otherwise the Flash Encryption key cannot be read protected + esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS); +#endif + esp_err_t err = esp_efuse_batch_write_commit(); if (err != ESP_OK) { ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err); diff --git a/components/bootloader_support/src/esp32c3/secure_boot.c b/components/bootloader_support/src/esp32c3/secure_boot.c index cdc89f8b80..01693ba513 100644 --- a/components/bootloader_support/src/esp32c3/secure_boot.c +++ b/components/bootloader_support/src/esp32c3/secure_boot.c @@ -280,6 +280,21 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag esp_efuse_write_field_bit(ESP_EFUSE_SECURE_BOOT_EN); +#ifndef CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS + bool rd_dis_now = true; +#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED + /* If flash encryption is not enabled yet then don't read-disable efuses yet, do it later in the boot + when Flash Encryption is being enabled */ + rd_dis_now = esp_flash_encryption_enabled(); +#endif + if (rd_dis_now) { + ESP_LOGI(TAG, "Prevent read disabling of additional efuses..."); + esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS); + } +#else + ESP_LOGW(TAG, "Allowing read disabling of additional efuses - SECURITY COMPROMISED"); +#endif + esp_err_t err = esp_efuse_batch_write_commit(); if (err != ESP_OK) { ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err); diff --git a/components/bootloader_support/src/esp32s2/flash_encrypt.c b/components/bootloader_support/src/esp32s2/flash_encrypt.c index ad383ee296..e224682d1d 100644 --- a/components/bootloader_support/src/esp32s2/flash_encrypt.c +++ b/components/bootloader_support/src/esp32s2/flash_encrypt.c @@ -176,6 +176,12 @@ static esp_err_t initialise_flash_encryption(void) esp_efuse_write_field_bit(ESP_EFUSE_DIS_BOOT_REMAP); esp_efuse_write_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT); +#if defined(CONFIG_SECURE_BOOT_V2_ENABLED) && !defined(CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS) + // This bit is set when enabling Secure Boot V2, but we can't enable it until this later point in the first boot + // otherwise the Flash Encryption key cannot be read protected + esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS); +#endif + esp_err_t err = esp_efuse_batch_write_commit(); if (err != ESP_OK) { ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err); diff --git a/components/bootloader_support/src/esp32s2/secure_boot.c b/components/bootloader_support/src/esp32s2/secure_boot.c index c79203ed84..cfdf755376 100644 --- a/components/bootloader_support/src/esp32s2/secure_boot.c +++ b/components/bootloader_support/src/esp32s2/secure_boot.c @@ -282,6 +282,21 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag esp_efuse_write_field_bit(ESP_EFUSE_SECURE_BOOT_EN); +#ifndef CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS + bool rd_dis_now = true; +#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED + /* If flash encryption is not enabled yet then don't read-disable efuses yet, do it later in the boot + when Flash Encryption is being enabled */ + rd_dis_now = esp_flash_encryption_enabled(); +#endif + if (rd_dis_now) { + ESP_LOGI(TAG, "Prevent read disabling of additional efuses..."); + esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS); + } +#else + ESP_LOGW(TAG, "Allowing read disabling of additional efuses - SECURITY COMPROMISED"); +#endif + esp_err_t err = esp_efuse_batch_write_commit(); if (err != ESP_OK) { ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err);