diff --git a/examples/system/efuse/conftest.py b/examples/system/efuse/conftest.py index 38519a35c2..179715fd08 100644 --- a/examples/system/efuse/conftest.py +++ b/examples/system/efuse/conftest.py @@ -1,9 +1,12 @@ -# SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD +# SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD # SPDX-License-Identifier: Apache-2.0 - +import json import logging import os +import tempfile +from typing import Any +import espefuse import pytest from _pytest.fixtures import FixtureRequest from _pytest.monkeypatch import MonkeyPatch @@ -52,6 +55,12 @@ class EfuseFlashEncSerial(IdfSerial): # Restore self.app.flash files to original value self.app.flash_files = prev_flash_files + def erase_field_on_emul_efuse_by_name(self, efuse_names: list) -> None: + pos_of_bits = [] + for name in efuse_names: + pos_of_bits.append(self.get_efuse_offset(name)) + self.erase_field_on_emul_efuse(pos_of_bits) + def erase_field_on_emul_efuse(self, pos_of_bits: list) -> None: emul_efuse_bin_path = os.path.join(self.app.binary_path, 'emul_efuse.bin') self.dump_flash(output=emul_efuse_bin_path, partition='emul_efuse') @@ -86,6 +95,20 @@ class EfuseFlashEncSerial(IdfSerial): self.flash() self.app.flash_files = prev_flash_files + def get_efuse_offset(self, efuse_name: str) -> Any: + with tempfile.NamedTemporaryFile(suffix='.json') as temp_file: + temp_file_path = temp_file.name + espefuse.main(f'--virt -c {self.target} summary --format json --file {temp_file_path}'.split()) + with open(temp_file_path, 'r') as file: + efuse_summary = json.load(file) + if efuse_name in efuse_summary: + data = efuse_summary[efuse_name] + offset = int(data['word'] * 32) + data['pos'] + print(f'{efuse_name} offset = {offset}') + return offset + else: + raise ValueError(f"eFuse '{efuse_name}' not found in the summary.") + @pytest.fixture(scope='module') def monkeypatch_module(request: FixtureRequest) -> MonkeyPatch: diff --git a/examples/system/efuse/main/efuse_main.c b/examples/system/efuse/main/efuse_main.c index 2b6238892f..d36c683b8e 100644 --- a/examples/system/efuse/main/efuse_main.c +++ b/examples/system/efuse/main/efuse_main.c @@ -15,8 +15,14 @@ #include "esp_efuse.h" #include "esp_efuse_table.h" #include "esp_efuse_custom_table.h" + +#if CONFIG_SECURE_BOOT || CONFIG_IDF_TARGET_ESP32C2 #include "esp_secure_boot.h" +#endif + +#if CONFIG_SECURE_FLASH_ENC_ENABLED || CONFIG_IDF_TARGET_ESP32C2 #include "esp_flash_encrypt.h" +#endif #include "sdkconfig.h" static const char* TAG = "example"; @@ -28,7 +34,7 @@ typedef struct { uint8_t setting_1; /*!< Setting 1: length 6 bits */ uint8_t setting_2; /*!< Setting 2: length 5 bits */ size_t custom_secure_version; /*!< Custom secure version: length 16 bits */ - uint16_t reserv; /*!< Reserv */ + uint16_t reserve; /*!< Reserve */ } device_desc_t; diff --git a/examples/system/efuse/pytest_system_efuse_example.py b/examples/system/efuse/pytest_system_efuse_example.py index f5c70f7a16..e3b683de84 100644 --- a/examples/system/efuse/pytest_system_efuse_example.py +++ b/examples/system/efuse/pytest_system_efuse_example.py @@ -1,7 +1,5 @@ # SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD # SPDX-License-Identifier: Unlicense OR CC0-1.0 -from __future__ import unicode_literals - import logging import os @@ -162,20 +160,12 @@ def test_examples_efuse_with_virt_flash_enc_pre_loaded(dut: Dut) -> None: dut.expect('example: Done') if dut.app.target == 'esp32': - print(' - Flash emul_efuse with pre-loaded efuses (FLASH_CRYPT_CNT 1 -> 0)') - # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv - FLASH_CRYPT_CNT = 20 - # Resets eFuse, which enables Flash encryption feature - dut.serial.erase_field_on_emul_efuse([FLASH_CRYPT_CNT]) - elif dut.app.target == 'esp32c2': - FLASH_CRYPT_CNT = 39 - dut.serial.erase_field_on_emul_efuse([FLASH_CRYPT_CNT]) + CRYPT_CNT_EFUSE_NAME = 'FLASH_CRYPT_CNT' else: - # offset of this eFuse is taken from components/efuse/{target}/esp_efuse_table.csv - print(' - Flash emul_efuse with pre-loaded efuses (SPI_BOOT_CRYPT_CNT 1 -> 0)') - SPI_BOOT_CRYPT_CNT = 82 - # Resets eFuse, which enables Flash encryption feature - dut.serial.erase_field_on_emul_efuse([SPI_BOOT_CRYPT_CNT]) + CRYPT_CNT_EFUSE_NAME = 'SPI_BOOT_CRYPT_CNT' + print(f' - Flash emul_efuse with pre-loaded efuses ({CRYPT_CNT_EFUSE_NAME} 1 -> 0)') + # Resets eFuse, which enables Flash encryption feature + dut.serial.erase_field_on_emul_efuse_by_name([CRYPT_CNT_EFUSE_NAME]) print(' - Start app (flash partition_table and app)') dut.serial.write_flash_no_enc() @@ -333,10 +323,8 @@ def test_examples_efuse_with_virt_secure_boot_v1_pre_loaded(dut: Dut) -> None: dut.expect('example: Done') print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_0 1 -> 0)') - # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv - ABS_DONE_0 = 196 # Resets eFuse, which enables Secure boot (V1) feature - dut.serial.erase_field_on_emul_efuse([ABS_DONE_0]) + dut.serial.erase_field_on_emul_efuse_by_name(['ABS_DONE_0']) print(' - Start app (flash partition_table and app)') dut.serial.flash() @@ -439,10 +427,8 @@ def test_examples_efuse_with_virt_secure_boot_v2(dut: Dut) -> None: dut.expect('example: Done') print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_1 1 -> 0)') - # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv - ABS_DONE_1 = 197 # Resets eFuse, which enables Secure boot (V2) feature - dut.serial.erase_field_on_emul_efuse([ABS_DONE_1]) + dut.serial.erase_field_on_emul_efuse_by_name(['ABS_DONE_1']) print(' - Start app (flash partition_table and app)') dut.serial.flash() @@ -504,10 +490,8 @@ def test_examples_efuse_with_virt_secure_boot_v2_pre_loaded(dut: Dut) -> None: dut.expect('example: Done') print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_1 1 -> 0)') - # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv - ABS_DONE_1 = 197 # Resets eFuse, which enables Secure boot (V2) feature - dut.serial.erase_field_on_emul_efuse([ABS_DONE_1]) + dut.serial.erase_field_on_emul_efuse_by_name(['ABS_DONE_1']) print(' - Start app (flash partition_table and app)') dut.serial.flash() @@ -576,7 +560,7 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(dut: Dut) -> None: dut.expect('Verifying image signature...') dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set') - if dut.app.target == 'esp32c2': + if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'): signed_scheme = 'ECDSA' else: signed_scheme = 'RSA-PSS' @@ -648,24 +632,19 @@ def test_example_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(dut: Dut) -> print(' - Flash emul_efuse with pre-loaded efuses (SECURE_BOOT_EN 1 -> 0, SECURE_BOOT_KEY_REVOKE[0..2] -> 0)') # offsets of eFuses are taken from components/efuse/{target}/esp_efuse_table.csv - if dut.app.target == 'esp32c2': - SECURE_BOOT_EN = 53 - dut.serial.erase_field_on_emul_efuse([SECURE_BOOT_EN]) + # Resets eFuse, which enables Secure boot feature + # Resets eFuses, which control digest slots + if dut.app.sdkconfig.get('SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS'): + dut.serial.erase_field_on_emul_efuse_by_name(['SECURE_BOOT_EN', 'SECURE_BOOT_KEY_REVOKE0', 'SECURE_BOOT_KEY_REVOKE1', 'SECURE_BOOT_KEY_REVOKE2']) else: - SECURE_BOOT_EN = 116 - SECURE_BOOT_KEY_REVOKE0 = 85 - SECURE_BOOT_KEY_REVOKE1 = 86 - SECURE_BOOT_KEY_REVOKE2 = 87 - # Resets eFuse, which enables Secure boot feature - # Resets eFuses, which control digest slots - dut.serial.erase_field_on_emul_efuse([SECURE_BOOT_EN, SECURE_BOOT_KEY_REVOKE0, SECURE_BOOT_KEY_REVOKE1, SECURE_BOOT_KEY_REVOKE2]) + dut.serial.erase_field_on_emul_efuse_by_name(['SECURE_BOOT_EN']) print(' - Start app (flash partition_table and app)') dut.serial.flash() dut.expect('Loading virtual efuse blocks from flash') dut.expect('Verifying image signature...') - if dut.app.target == 'esp32c2': + if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'): signed_scheme = 'ECDSA' else: signed_scheme = 'RSA-PSS' @@ -957,7 +936,10 @@ def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(dut: Dut) -> None: dut.expect('Verifying image signature...') dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set') - signed_scheme = 'ECDSA' if dut.app.target == 'esp32c2' else 'RSA-PSS' + if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'): + signed_scheme = 'ECDSA' + else: + signed_scheme = 'RSA-PSS' dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme) dut.expect('secure_boot_v2: Signature verified successfully!') diff --git a/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32p4 b/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32p4 index 8df40e73f4..27475f7a27 100644 --- a/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32p4 +++ b/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32p4 @@ -2,7 +2,7 @@ CONFIG_IDF_TARGET="esp32p4" -CONFIG_PARTITION_TABLE_OFFSET=0xD000 +CONFIG_PARTITION_TABLE_OFFSET=0xE000 CONFIG_PARTITION_TABLE_CUSTOM=y CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv" diff --git a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32p4 b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32p4 index 2847c533c1..5305d602c6 100644 --- a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32p4 +++ b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32p4 @@ -2,7 +2,7 @@ CONFIG_IDF_TARGET="esp32p4" -CONFIG_PARTITION_TABLE_OFFSET=0xC000 +CONFIG_PARTITION_TABLE_OFFSET=0xD000 CONFIG_PARTITION_TABLE_CUSTOM=y CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"