Commit Graph

154 Commits

Author SHA1 Message Date
Aditya Patwardhan
f412149dc9 Merge branch 'feat/enable_secure_boot_for_c5' into 'master'
feat: enable secure boot for c5

Closes IDF-8623 and IDF-9478

See merge request espressif/esp-idf!29774
2024-06-03 15:35:51 +08:00
Roland Dobai
7b7f73ba2a Merge branch 'feat/add_espsecure_subcommands' into 'master'
feat: Add espsecure subcommands into idf.py

See merge request espressif/esp-idf!29424
2024-05-31 18:29:55 +08:00
nilesh.kale
f5dd1074b6 feat: enable secure boot for c5
This MR added suppport for secure boot in ESP32-C5.
2024-05-30 11:43:17 +05:30
nilesh.kale
317f07f22a docs: updated security documents for esp32c5 2024-05-27 16:36:17 +05:30
Jan Beran
981062d54f feat(tools): add often used espsecure subcommands to idf.py 2024-05-20 15:13:35 +02:00
Aditya Patwardhan
530fdacd88
fix(docs): Fix DIS_ICACHE related information in host security workflow 2024-04-19 11:29:21 +05:30
Aditya Patwardhan
1366949c8a
feat(docs): Add workflow for externally enabling NVS Encryption
Fix documentation for host based workflows for flash encryption and
    secure boot v2
2024-04-19 11:29:21 +05:30
Aditya Patwardhan
0dcd692d59 Merge branch 'fix/fix_esp32p4_flash_encryption' into 'master'
fix(bootloader_support): Fix default key usage for flash encryption

See merge request espressif/esp-idf!29968
2024-04-02 19:57:38 +08:00
Aditya Patwardhan
51a91259d7
fix(bootloader_support): Fix default key usage for flash encryption 2024-04-02 12:27:53 +05:30
harshal.patil
1975c1c69e
docs(security): Update security-related docs for ESP32-P4 2024-04-01 17:34:28 +05:30
Marius Vikhammer
f1e65b8373 docs(misc): fixed typos found with codespell 2024-03-28 11:50:58 +08:00
Mahavir Jain
000d1407ea Merge branch 'bugfix/host_security_workflow_docs_update' into 'master'
fix(docs): correct the UART ROM DL mode disable section for ESP32

See merge request espressif/esp-idf!29046
2024-02-23 11:24:29 +08:00
harshal.patil
f4581d7103
docs(secure_boot_v2): Specify the workflow to disable revocation of unused key digests slots 2024-02-15 14:31:41 +05:30
Mahavir Jain
2238e11e90
fix(docs): correct the UART ROM DL mode disable section for ESP32 2024-02-14 14:46:51 +05:30
Marius Vikhammer
4d28524bdb docs(esp32c5): add support for building C5 docs 2024-02-01 10:06:41 +08:00
kirill.chalov
22a053f1fc docs(sphinx-lint): Fix issues reported by sphinx-lint before adding it to pre-commit 2024-01-23 15:22:29 +08:00
Mahavir Jain
25c2cc5f03 Merge branch 'feature/esp32p4_enable_flash_encryption' into 'master'
Enable Flash Encryption for ESP32P4

Closes IDF-7545

See merge request espressif/esp-idf!26959
2023-12-05 21:42:18 +08:00
Aditya Patwardhan
a84234c23f
feat(security): Enable Flash encryption for ESP32P4 2023-12-05 13:10:55 +05:30
Zhang Xiao Yan
4cd0a6a4b1 Merge branch 'docs/remove_wifi_related_documentation_for_esp32h2' into 'master'
docs: remove WiFi related documentation for ESP32-H2

See merge request espressif/esp-idf!27026
2023-12-05 09:58:06 +08:00
Linda
bd1825f9b1 docs: remove WiFi related documentation for ESP32-H2 2023-12-04 11:12:39 +08:00
Mahavir Jain
7bb29086df
docs: add ECDSA peripheral chapter for H2/P4
- Add ECDSA peripheral chapter and instructions to program efuse key block
- Update security guide for ECDSA peripheral mention for device identity
- Link with ESP-TLS guide about using ECDSA peripheral in TLS connection
2023-11-15 09:42:26 +05:30
Mahavir Jain
2a09627d03 Merge branch 'bugfix/secure_boot_v2_docs' into 'master'
fix(docs): correct the target specific macros for secure boot v2 guide

See merge request espressif/esp-idf!26993
2023-11-15 11:17:43 +08:00
Wang Zi Yan
32ce89f3cf docs: Update CN for security docs 2023-11-14 07:41:58 +00:00
Shang Zhou
3cb8e18648 docs: Provide CN translation for security/secure-boot-v1.rst 2023-11-09 17:31:54 +08:00
Mahavir Jain
6b823ddb2a
fix(docs): correct the target specific macros for secure boot v2 guide
It appears that target specific or'ing is not supported through the
docs build. Actual text rendering on the docs site was still using
"default" field from the custom macro, rather than using target
specific.
2023-11-07 19:38:44 +05:30
Mahavir Jain
64cb35deef
docs(security): add section about managing the root certificates 2023-10-29 12:21:23 +05:30
walerii
478879ab0d Update host-based-security-workflows.rst
Fixed typos in the code examples which caused troubles when trying to follow the secure boot workflow and improved the grammar.

Closes https://github.com/espressif/esp-idf/pull/12262
2023-10-17 14:27:30 +05:30
Mahavir Jain
eea2536dc4 Merge branch 'feature/conservative_key_revocation_in_secure_boot_v2' into 'master'
feat: Add API to verify the bootloader and application image before revoking...

Closes IDF-7078

See merge request espressif/esp-idf!24572
2023-10-16 12:42:49 +08:00
Mahavir Jain
1501aef1b3 Merge branch 'feature/enable_secure_boot_esp32p4' into 'master'
feat(secure_boot): add secure boot support for esp32p4

Closes IDF-7544 and IDF-7745

See merge request espressif/esp-idf!26335
2023-10-16 11:07:14 +08:00
harshal.patil
6cf9cc2c9b
docs(secure_boot_v1): add missing digest byte swap information
- In the secure bootloader digest algorithm section, the final
four byte word byte-swap information was not mentioned.
2023-10-12 17:35:10 +05:30
Harshit Malpani
1df186d4e1
feat: Add API to verify the bootloader and app image
Added an API to verify the bootloader and app image before revoking the key in Secure Boot V2.
This will help in preventing the device to be bricked if the bootloader/application cannot be
verified by any other keys in efuse
2023-10-12 14:53:57 +05:30
harshal.patil
f46a93e565
feat(secure_boot): add secure boot support for esp32p4 2023-10-12 10:12:54 +05:30
renpeiying
6fba4113cc docs: Update Chinese translation for security/flash-encryption.rst and index.rst 2023-10-09 14:31:07 +08:00
KonstantinKondrashov
3b440adfab fix(doc): Fix incorrect description for xts_key_length_256 efuse 2023-08-31 04:06:47 +08:00
Mahavir Jain
77fb44a489 Merge branch 'fix/fix_host_based_security_workflow_documentation' into 'master'
fix(security): Fixed the host-based security workflows

See merge request espressif/esp-idf!25460
2023-08-23 23:25:58 +08:00
Cai Xin Ying
bcb87c4b8f docs: update format issues for both EN and CN under security and contribute folder 2023-08-22 23:59:44 +08:00
Aditya Patwardhan
388a61c7b7 fix(security): Fixed the host-based security workflows 2023-08-22 15:05:14 +05:30
Marius Vikhammer
27baef2424 docs(esp32p4): added building docs for ESP32-P4 2023-08-16 10:13:47 +08:00
Aditya Patwardhan
083e943704 docs(security): Added host based workflow to enable secure boot externally
* Styling changes for the host-based workflow document
* Fix formatting for the document for host based security wofkflows
2023-07-19 10:11:30 +05:30
Wang Zi Yan
3e4152cdcf docs: Update CN for nvs_flash.rst and flash-encryption.rst 2023-07-14 04:05:53 +00:00
Doc-intern2
37af2b7a22 Docs: add CN translation for security/security.rst 2023-07-07 17:16:37 +08:00
Aditya Patwardhan
d9b66226cd docs/security: Separate documents under different subsection 2023-06-23 08:15:13 +05:30
Aditya Patwardhan
2a4fddb48b docs/Security:Add references to second stage bootloader to avoid confusion bettwen
bootloader and 2nd stage bootloader
2023-06-22 17:18:08 +05:30
Aditya Patwardhan
253d80f560 docs/security: Move security related docs in a separate section 2023-06-17 10:04:01 +05:30
Aditya Patwardhan
b078541ca5 docs/Flash encryption: Add encrypted partitions section 2023-06-17 10:04:01 +05:30
Aditya Patwardhan
6d4a116625 docs: Added documentation about enabling the Security Features
externally with help of espefuse tool

flash_encryption_doc: Fix the document to also inform users about what
happens in case of host generated private key in the Flash encryption process
2023-06-17 10:04:01 +05:30
Mahavir Jain
1696be719c
crypto: add support for DPA protection configuration in C6/H2
- Technical details covered in section "15.3.2 Anti-DPA Attack Security
Control" chapter of the ESP32-C6 TRM
- Default configuration sets the security level low for the DPA
protection
- This change applies to all the crypto peripherals where the clock
frequency is dynamically adjusted to create randomness in the power
consumption trajectory
- This configuration helps to make the SCA attacks difficult on the
crypto peripherals
2023-06-08 11:09:23 +05:30
KonstantinKondrashov
56b966829d docs: update CN trans for flash-encryption 2023-05-26 16:06:49 +08:00
Laukik Hase
a06118012e
docs: Update nvs_flash docs for the HMAC-based NVS encr-keys protection scheme
- Also updated the `nvs_partition_generator` and `mass_mfg` tools
  documentation
2023-05-23 13:55:57 +05:30
Linda
65ee4992ce docs: update the algorithm and key name from AES-XTS to XTS-AES 2023-05-15 17:54:50 +08:00