mirror of
https://github.com/espressif/esp-idf.git
synced 2024-09-21 06:56:11 -04:00
0ccfa4b0c2
In ESP32-H2, the ECDSA peripheral by default uses the TRNG (hardware) generated k value but it can be overridden to software supplied k. This can happen through by overriding the `ECDSA_SOFTWARE_SET_K` bit in the configuration register. Even though the HAL API is not exposed for this but still it could be achieved by direct register programming. And for this scenario, if sufficiently random k is not supplied by the software then it could posses a security risk. In this change, we are unconditionally programming the efuse `ESP_EFUSE_ECDSA_FORCE_USE_HARDWARE_K` bit during startup security checks itself. Additionally, same is ensured in the `esp_efuse_write_key` API as well. This always enforces the hardware k mode in the ECDSA peripheral and ensures strongest possible security. |
||
|---|---|---|
| .. | ||
| efuse_controller/keys | ||
| esp_efuse_api.c | ||
| esp_efuse_fields.c | ||
| esp_efuse_utility.c | ||