Commit Graph

9 Commits

Author SHA1 Message Date
Mahavir Jain
d3b4acf7a0 fix(esp32h2): program use_hardware_k efuse bit for ECDSA key purpose
In ESP32-H2, the ECDSA peripheral by default uses the TRNG (hardware)
generated k value but it can be overridden to software supplied k.
This can happen through by overriding the `ECDSA_SOFTWARE_SET_K` bit
in the configuration register. Even though the HAL API is not exposed
for this but still it could be achieved by direct register
programming. And for this scenario, if sufficiently random k is not
supplied by the software then it could posses a security risk.

In this change, we are unconditionally programming the efuse
`ESP_EFUSE_ECDSA_FORCE_USE_HARDWARE_K` bit during startup security
checks itself. Additionally, same is ensured in the `esp_efuse_write_key`
API as well. This always enforces the hardware k mode in the ECDSA
peripheral and ensures strongest possible security.
2023-11-17 07:13:53 +00:00
KonstantinKondrashov
b29f6d5a40 feat(efuse): Support eFuses and doc for ESP32P4 2023-09-12 17:58:17 +08:00
KonstantinKondrashov
3d695b9768 efuse: Prevent burning XTS_AES and ECDSA keys into BLOCK9 (BLOCK_KEY5)
eFuse module has a hardware bug.
It is related to ESP32-C3, C6, S3, H2 chips:
    - BLOCK9 (BLOCK_KEY5) can not be used by XTS_AES keys.
For H2 chips, the BLOCK9 (BLOCK_KEY5) can not be used by ECDSA keys.
S2 does not have such a hardware bug.
2023-04-04 18:45:48 +08:00
Sachin Parekh
d2940c5ff3 mbedtls: Add port layer for ECDSA peripheral 2023-03-24 10:43:40 +05:30
KonstantinKondrashov
1f9260d790 all: Apply new version logic (major * 100 + minor) 2022-11-03 08:36:23 +00:00
Jakob Hasse
33a3616635 refactor (bootloader_support, efuse)!: remove target-specific rom includes
The following two functions in bootloader_support are private now:
* esp_secure_boot_verify_sbv2_signature_block()
* esp_secure_boot_verify_rsa_signature_block()
They have been moved into private header files
inside bootloader_private/

* Removed bootloader_reset_reason.h and
  bootloader_common_get_reset_reason() completely.
  Alternative in ROM component is available.

* made esp_efuse.h independent of target-specific rom header
2022-07-13 10:29:02 +08:00
KonstantinKondrashov
505e18237a bootloader: Support Flash Encryption for ESP32-C2 2022-05-31 11:12:21 +00:00
KonstantinKondrashov
9605f3eb1a soc: Adds efuse hal
Replaced eFuse ROM funcs with hal layer
2022-02-24 22:20:09 +08:00
KonstantinKondrashov
ebdc52d4e2 efuse(esp32c2): Support eFuse key APIs 2022-02-01 17:30:31 +08:00