For ESP32-H2 case, the hardware k mode is always enforced through
efuse settings (done in startup code).
For ESP32-P4 case, the software k mode is not supported in the peripheral
itself and code was redundant.
In ESP32-H2, the ECDSA peripheral by default uses the TRNG (hardware)
generated k value but it can be overridden to software supplied k.
This can happen through by overriding the `ECDSA_SOFTWARE_SET_K` bit
in the configuration register. Even though the HAL API is not exposed
for this but still it could be achieved by direct register
programming. And for this scenario, if sufficiently random k is not
supplied by the software then it could posses a security risk.
In this change, we are unconditionally programming the efuse
`ESP_EFUSE_ECDSA_FORCE_USE_HARDWARE_K` bit during startup security
checks itself. Additionally, same is ensured in the `esp_efuse_write_key`
API as well. This always enforces the hardware k mode in the ECDSA
peripheral and ensures strongest possible security.
From: Arno Moonen <arno.moonen@airios.eu>
Follows original message from Arno Moonen <arno.moonen@airios.eu>
While integrating the ESP-IDF into our existing CMake structure,
I've come across quite some hurdles. Most I've been able to fix
in our CMake files, however this one I could not.
Most of the targets created by the esptool_py component assume
that the EXECUTABLE IDF build property (which contains the name
of the CMake executable target) always equals the name of the
created binary.
This is however not always true. For instance, in our setup we use
CMAKE_EXECUTABLE_SUFFIX_C and CMAKE_EXECUTABLE_SUFFIX_CXX in our
toolchain file (both set to .elf). If we do add_executable(my_app),
the target binary file would actually be my_app.elf.
In order to fix this, I've updated it to use the TARGET_FILE generated
expression. That way we also no longer need the EXECUTABLE_DIR IDF build
property here.
I've fixed this on v5.0.1 (as that's the ESP-IDF version I'm currently
trying to integrate), but I assume it should be easy to apply the same
fix to newer versions and the master branch as well.
Note that this problem might exist in multiple places where EXECUTABLE
is being used. While going through the ESP-IDF code base, I even noticed
that a few places actually already seem to use the TARGET_FILE expression.
To be honest the property name might be somewhat confusing as well, as it
is actually the executable target.
Closes https://github.com/espressif/esp-idf/pull/12558
fix(nimble):Handled the Load access fault crash caused due to an invalid setting of index-variable 'reattempt_idx' (v5.1)
See merge request espressif/esp-idf!26944
1. Added new API functions that can add 32 and 128-bit UUID to the EIR data
when these UUIDs are set in SDP.
The old functions that only work with 16-bit UUIDs have been left
unchanged to avoid having to redo code that already utilizes them.
2. Fixed bug with zero handler return in btc_sdp.c
sdp_create_record.handle in tBTA_SDP struct wasn't saved before.
Because of it Bluetooth stack always returned zero handler to
application callback.
Closes https://github.com/espressif/esp-idf/issues/11529
On ESP32-S3 with the default efuse settings, USB PHY is connected to
the USB_SERIAL_JTAG peripheral. If USB OTG peripheral is used for the
console, we need to additionally switch the PHY to USB OTG, otherwise
we won't get any output.
Closes https://github.com/espressif/esp-idf/issues/12437