Merge branch 'bugfix/startup_secure_options' into 'master'

esp_system: fix compilation error when security features are enabled See merge request espressif/esp-idf!9678
2024-10-05 20:47:46 -04:00 · 2020-07-20 15:08:17 +08:00 · 2020-07-20 15:08:17 +08:00 · eb77e1b11a
commit eb77e1b11a
parent f092054f3d eff6a1eaab
3 changed files with 11 additions and 4 deletions
--- a/components/bootloader/Kconfig.projbuild
+++ b/components/bootloader/Kconfig.projbuild
@ -320,6 +320,11 @@ menu "Security features"
        select MBEDTLS_ECDSA_C
        depends on SECURE_SIGNED_ON_BOOT || SECURE_SIGNED_ON_UPDATE

+    config SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
+        bool
+        default y
+        depends on IDF_TARGET_ESP32S2
+

    config SECURE_SIGNED_APPS_NO_SECURE_BOOT
        bool "Require signed app images"
@ -587,7 +592,7 @@ menu "Security features"

        config SECURE_FLASH_ENCRYPTION_MODE_RELEASE
            bool "Release"
-            select SECURE_ENABLE_SECURE_ROM_DL_MODE
+            select SECURE_ENABLE_SECURE_ROM_DL_MODE if SECURE_TARGET_HAS_SECURE_ROM_DL_MODE

    endchoice

@ -719,7 +724,7 @@ menu "Security features"

    config SECURE_ENABLE_SECURE_ROM_DL_MODE
        bool "Permanently switch to ROM UART Secure Download mode"
-        depends on IDF_TARGET_ESP32S2 && !SECURE_DISABLE_ROM_DL_MODE
+        depends on SECURE_TARGET_HAS_SECURE_ROM_DL_MODE && !SECURE_DISABLE_ROM_DL_MODE
        help
            If set, during startup the app will burn an eFuse bit to permanently switch the UART ROM
            Download Mode into a separate Secure Download mode. This option can only work if
--- a/components/esp_system/startup.c
+++ b/components/esp_system/startup.c
@ -229,6 +229,8 @@ static void IRAM_ATTR do_core_init(void)
    esp_flash_encryption_init_checks();
 #endif

+    esp_err_t err;
+
 #if CONFIG_SECURE_DISABLE_ROM_DL_MODE
    err = esp_efuse_disable_rom_download_mode();
    assert(err == ESP_OK && "Failed to disable ROM download mode");
@ -243,8 +245,6 @@ static void IRAM_ATTR do_core_init(void)
    esp_efuse_disable_basic_rom_console();
 #endif

-    esp_err_t err;
-
    esp_timer_init();
    esp_set_time_from_rtc();

--- a/tools/test_apps/system/build_test/sdkconfig.ci.flash_encryption_release
+++ b/tools/test_apps/system/build_test/sdkconfig.ci.flash_encryption_release
@ -0,0 +1,2 @@
+CONFIG_SECURE_FLASH_ENC_ENABLED=y
+CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE=y