alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'feature/logs_for_flash_enc_virtual' into 'master'

Browse Source 
bootloader_support: Adds better logs for virtual efuses

See merge request espressif/esp-idf!21748

Closes https://github.com/espressif/esp-idf/pull/10383
This commit is contained in:
Mahavir Jain 2022-12-23 16:02:53 +08:00
commit d6dd8a56f3
3 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
components/bootloader/Kconfig.projbuild
View File

@ -811,6 +811,10 @@ menu "Security features"
Release mode should always be selected for production or manufacturing. Once enabled it's no longer
possible for the device in ROM Download Mode to use the flash encryption hardware.
When EFUSE_VIRTUAL is enabled, SECURE_FLASH_ENCRYPTION_MODE_RELEASE is not available.
For CI tests we use IDF_CI_BUILD to bypass it ("export IDF_CI_BUILD=1").
We do not recommend bypassing it for other purposes.
Refer to the Flash Encryption section of the ESP-IDF Programmer's Guide for details.
config SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
@ -820,6 +824,7 @@ menu "Security features"
config SECURE_FLASH_ENCRYPTION_MODE_RELEASE
bool "Release"
select PARTITION_TABLE_MD5 if !APP_COMPATIBLE_PRE_V3_1_BOOTLOADERS
depends on !EFUSE_VIRTUAL || IDF_CI_BUILD
endchoice

4
components/bootloader_support/src/flash_encryption/flash_encrypt.c
View File

@ -313,6 +313,10 @@ esp_err_t esp_flash_encrypt_enable(void)
ESP_LOGI(TAG, "Flash encryption completed");
#if CONFIG_EFUSE_VIRTUAL
ESP_LOGW(TAG, "Flash encryption not really completed. Must disable virtual efuses");
#endif
return err;
}

3
components/efuse/Kconfig
View File

@ -23,6 +23,9 @@ menu "eFuse Bit Manager"
to RAM instead of eFuse registers, all permanent changes (via eFuse) are disabled.
Log output will state changes that would be applied, but they will not be.
If it is "y", then SECURE_FLASH_ENCRYPTION_MODE_RELEASE cannot be used.
Because the EFUSE VIRT mode is for testing only.
During startup, the eFuses are copied into RAM. This mode is useful for fast tests.
config EFUSE_VIRTUAL_KEEP_IN_FLASH