diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild index 19a6507d03..917f04cc8c 100644 --- a/components/bootloader/Kconfig.projbuild +++ b/components/bootloader/Kconfig.projbuild @@ -880,11 +880,16 @@ menu "Security features" config SECURE_FLASH_ENCRYPTION_AES128 bool "AES-128 (256-bit key)" - depends on SOC_FLASH_ENCRYPTION_XTS_AES_128 && !(IDF_TARGET_ESP32C2 && SECURE_BOOT) + depends on SOC_FLASH_ENCRYPTION_XTS_AES_128 && \ + ((SECURE_FLASH_ENCRYPTION_KEY_SOURCE_EFUSES && SOC_EFUSE_XTS_AES_KEY_128) || \ + (SECURE_FLASH_ENCRYPTION_KEY_SOURCE_KEY_MGR && SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128)) && \ + !(IDF_TARGET_ESP32C2 && SECURE_BOOT) config SECURE_FLASH_ENCRYPTION_AES256 bool "AES-256 (512-bit key)" - depends on SOC_FLASH_ENCRYPTION_XTS_AES_256 + depends on SOC_FLASH_ENCRYPTION_XTS_AES_256 && \ + ((SECURE_FLASH_ENCRYPTION_KEY_SOURCE_EFUSES && SOC_EFUSE_XTS_AES_KEY_256) || \ + (SECURE_FLASH_ENCRYPTION_KEY_SOURCE_KEY_MGR && SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256)) endchoice choice SECURE_FLASH_ENCRYPTION_MODE diff --git a/components/bootloader_support/src/flash_encrypt.c b/components/bootloader_support/src/flash_encrypt.c index 08a380acef..1169d80910 100644 --- a/components/bootloader_support/src/flash_encrypt.c +++ b/components/bootloader_support/src/flash_encrypt.c @@ -450,11 +450,11 @@ bool esp_flash_encryption_cfg_verify_release_mode(void) #if CONFIG_SECURE_FLASH_ENCRYPTION_KEY_SOURCE_EFUSES esp_efuse_purpose_t purposes[] = { -#if SOC_FLASH_ENCRYPTION_XTS_AES_256 +#if SOC_EFUSE_XTS_AES_KEY_256 ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1, ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2, #endif -#if SOC_FLASH_ENCRYPTION_XTS_AES_128 +#if SOC_EFUSE_XTS_AES_KEY_128 ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY, #endif }; diff --git a/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c b/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c index 12dc361b51..96db76c1df 100644 --- a/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c +++ b/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c @@ -286,7 +286,7 @@ esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpo #if SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK if (block == EFUSE_BLK9 && ( -#if SOC_FLASH_ENCRYPTION_XTS_AES_256 +#if SOC_EFUSE_XTS_AES_KEY_256 purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 || purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2 || #endif @@ -301,10 +301,10 @@ esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpo #endif // SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK if (purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY || -#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_256 +#ifdef SOC_EFUSE_XTS_AES_KEY_256 purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 || purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2 || -#endif //#ifdef SOC_EFUSE_SUPPORT_XTS_AES_256_KEYS +#endif //#ifdef SOC_EFUSE_XTS_AES_KEY_256 #if SOC_EFUSE_ECDSA_KEY purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY || #endif diff --git a/components/efuse/test_apps/main/with_key_purposes/test_efuse_keys.c b/components/efuse/test_apps/main/with_key_purposes/test_efuse_keys.c index f7602bc14e..fc20a64f29 100644 --- a/components/efuse/test_apps/main/with_key_purposes/test_efuse_keys.c +++ b/components/efuse/test_apps/main/with_key_purposes/test_efuse_keys.c @@ -57,7 +57,7 @@ TEST_CASE("Test efuse API blocks burning XTS and ECDSA keys into BLOCK9", "[efus uint8_t key[32] = {0}; esp_efuse_purpose_t purpose = ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY; TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_write_key(EFUSE_BLK9, purpose, &key, sizeof(key))); -#if SOC_FLASH_ENCRYPTION_XTS_AES_256 +#if SOC_EFUSE_XTS_AES_KEY_256 purpose = ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1; TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_write_key(EFUSE_BLK9, purpose, &key, sizeof(key))); purpose = ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2; @@ -86,7 +86,7 @@ static esp_err_t s_check_key(esp_efuse_block_t num_key, void* wr_key) TEST_ASSERT_TRUE(esp_efuse_get_key_dis_write(num_key)); if (purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY || -#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_256 +#ifdef SOC_EFUSE_XTS_AES_KEY_256 purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 || purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2 || #endif @@ -180,7 +180,7 @@ TEST_CASE("Test esp_efuse_write_key for virt mode", "[efuse]") esp_efuse_purpose_t purpose = g_purpose; #if SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK if (num_key == EFUSE_BLK9 && ( -#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_256 +#ifdef SOC_EFUSE_XTS_AES_KEY_256 purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 || purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2 || #endif //#ifdef SOC_EFUSE_SUPPORT_XTS_AES_256_KEYS @@ -224,7 +224,7 @@ TEST_CASE("Test 1 esp_efuse_write_key for FPGA", "[efuse]") #else ESP_EFUSE_KEY_PURPOSE_RESERVED, #endif -#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_256 +#ifdef SOC_EFUSE_XTS_AES_KEY_256 ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1, ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2, #else @@ -300,7 +300,7 @@ TEST_CASE("Test esp_efuse_write_keys", "[efuse]") esp_efuse_block_t key_block = EFUSE_BLK_MAX; enum { BLOCKS_NEEDED1 = 2 }; -#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_256 +#ifdef SOC_EFUSE_XTS_AES_KEY_256 esp_efuse_purpose_t purpose1[BLOCKS_NEEDED1] = { ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1, ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2, diff --git a/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in index a79fd8fa48..fb48fd7d2b 100644 --- a/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in @@ -603,6 +603,10 @@ config SOC_EFUSE_DIS_DIRECT_BOOT bool default y +config SOC_EFUSE_XTS_AES_KEY_128 + bool + default y + config SOC_SECURE_BOOT_V2_ECC bool default y diff --git a/components/soc/esp32c2/include/soc/soc_caps.h b/components/soc/esp32c2/include/soc/soc_caps.h index 701ee2c5ea..a358b7bba2 100644 --- a/components/soc/esp32c2/include/soc/soc_caps.h +++ b/components/soc/esp32c2/include/soc/soc_caps.h @@ -275,6 +275,7 @@ #define SOC_EFUSE_DIS_DOWNLOAD_ICACHE 1 #define SOC_EFUSE_DIS_PAD_JTAG 1 #define SOC_EFUSE_DIS_DIRECT_BOOT 1 +#define SOC_EFUSE_XTS_AES_KEY_128 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_ECC 1 diff --git a/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in index 4472fc985b..c0dd923f1d 100644 --- a/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in @@ -879,6 +879,10 @@ config SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK bool default y +config SOC_EFUSE_XTS_AES_KEY_128 + bool + default y + config SOC_SECURE_BOOT_V2_RSA bool default y diff --git a/components/soc/esp32c3/include/soc/soc_caps.h b/components/soc/esp32c3/include/soc/soc_caps.h index d25c7c661e..76e98a526a 100644 --- a/components/soc/esp32c3/include/soc/soc_caps.h +++ b/components/soc/esp32c3/include/soc/soc_caps.h @@ -374,6 +374,7 @@ #define SOC_EFUSE_SOFT_DIS_JTAG 1 #define SOC_EFUSE_DIS_ICACHE 1 #define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1 // XTS-AES key purpose not supported for this block +#define SOC_EFUSE_XTS_AES_KEY_128 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_RSA 1 diff --git a/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in index 996de61745..99f67ef3da 100644 --- a/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in @@ -1279,6 +1279,10 @@ config SOC_EFUSE_ECDSA_KEY_P384 bool default y +config SOC_EFUSE_XTS_AES_KEY_128 + bool + default y + config SOC_HUK_MEM_NEEDS_RECHARGE bool default y @@ -1347,6 +1351,10 @@ config SOC_FLASH_ENCRYPTION_XTS_AES_128 bool default y +config SOC_FLASH_ENCRYPTION_XTS_AES_256 + bool + default y + config SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND bool default y diff --git a/components/soc/esp32c5/include/soc/soc_caps.h b/components/soc/esp32c5/include/soc/soc_caps.h index 8a2cb6b5c6..0ddd69fde9 100644 --- a/components/soc/esp32c5/include/soc/soc_caps.h +++ b/components/soc/esp32c5/include/soc/soc_caps.h @@ -510,6 +510,7 @@ #define SOC_EFUSE_ECDSA_KEY 1 #define SOC_EFUSE_ECDSA_KEY_P192 1 #define SOC_EFUSE_ECDSA_KEY_P384 1 +#define SOC_EFUSE_XTS_AES_KEY_128 1 /*-------------------------- HUK CAPS----------------------------*/ #define SOC_HUK_MEM_NEEDS_RECHARGE 1 @@ -534,7 +535,8 @@ #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (64) #define SOC_FLASH_ENCRYPTION_XTS_AES 1 #define SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS 1 -#define SOC_FLASH_ENCRYPTION_XTS_AES_128 1 +#define SOC_FLASH_ENCRYPTION_XTS_AES_128 1 /* SOC_EFUSE_XTS_AES_KEY_128 (1) || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 (1) */ +#define SOC_FLASH_ENCRYPTION_XTS_AES_256 1 /* SOC_EFUSE_XTS_AES_KEY_256 (0) || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 (1) */ #define SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND 1 /*-------------------------- PSRAM Encryption CAPS----------------------------*/ diff --git a/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in index f393b198d6..a3053cdd88 100644 --- a/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in @@ -1119,6 +1119,10 @@ config SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK bool default y +config SOC_EFUSE_XTS_AES_KEY_128 + bool + default y + config SOC_SECURE_BOOT_V2_RSA bool default y diff --git a/components/soc/esp32c6/include/soc/soc_caps.h b/components/soc/esp32c6/include/soc/soc_caps.h index a64d07dfdb..f11882a6d4 100644 --- a/components/soc/esp32c6/include/soc/soc_caps.h +++ b/components/soc/esp32c6/include/soc/soc_caps.h @@ -454,6 +454,7 @@ #define SOC_EFUSE_SOFT_DIS_JTAG 1 #define SOC_EFUSE_DIS_ICACHE 1 #define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1 // XTS-AES key purpose not supported for this block +#define SOC_EFUSE_XTS_AES_KEY_128 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_RSA 1 diff --git a/components/soc/esp32c61/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c61/include/soc/Kconfig.soc_caps.in index c07f5dd57b..204ba574be 100644 --- a/components/soc/esp32c61/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c61/include/soc/Kconfig.soc_caps.in @@ -911,6 +911,10 @@ config SOC_EFUSE_ECDSA_KEY bool default y +config SOC_EFUSE_XTS_AES_KEY_128 + bool + default y + config SOC_SECURE_BOOT_V2_RSA bool default n diff --git a/components/soc/esp32c61/include/soc/soc_caps.h b/components/soc/esp32c61/include/soc/soc_caps.h index aa80b52f2c..01d87ea58f 100644 --- a/components/soc/esp32c61/include/soc/soc_caps.h +++ b/components/soc/esp32c61/include/soc/soc_caps.h @@ -378,6 +378,7 @@ #define SOC_EFUSE_SOFT_DIS_JTAG 0 #define SOC_EFUSE_DIS_ICACHE 1 #define SOC_EFUSE_ECDSA_KEY 1 +#define SOC_EFUSE_XTS_AES_KEY_128 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_RSA 0 diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in index 2bec2242c6..f5a88b97c0 100644 --- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in @@ -1131,6 +1131,10 @@ config SOC_EFUSE_ECDSA_KEY bool default y +config SOC_EFUSE_XTS_AES_KEY_128 + bool + default y + config SOC_SECURE_BOOT_V2_RSA bool default y diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index 1c00ce0f0c..cfc025d44e 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -473,6 +473,7 @@ #define SOC_EFUSE_ECDSA_USE_HARDWARE_K 1 // Force use hardware TRNG supplied K for ECDSA #endif #define SOC_EFUSE_ECDSA_KEY 1 +#define SOC_EFUSE_XTS_AES_KEY_128 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_RSA 1 diff --git a/components/soc/esp32h21/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h21/include/soc/Kconfig.soc_caps.in index 1878f56aec..9ff62fe6ba 100644 --- a/components/soc/esp32h21/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h21/include/soc/Kconfig.soc_caps.in @@ -819,6 +819,10 @@ config SOC_EFUSE_ECDSA_KEY bool default y +config SOC_EFUSE_XTS_AES_KEY_128 + bool + default y + config SOC_SECURE_BOOT_V2_RSA bool default y diff --git a/components/soc/esp32h21/include/soc/soc_caps.h b/components/soc/esp32h21/include/soc/soc_caps.h index 471f8c01c8..b51fc05d47 100644 --- a/components/soc/esp32h21/include/soc/soc_caps.h +++ b/components/soc/esp32h21/include/soc/soc_caps.h @@ -451,6 +451,7 @@ #define SOC_EFUSE_DIS_ICACHE 1 // #define SOC_EFUSE_ECDSA_USE_HARDWARE_K 1 // Force use hardware TRNG supplied K for ECDSA #define SOC_EFUSE_ECDSA_KEY 1 +#define SOC_EFUSE_XTS_AES_KEY_128 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_RSA 1 diff --git a/components/soc/esp32h4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h4/include/soc/Kconfig.soc_caps.in index 8b43a903be..17696a453e 100644 --- a/components/soc/esp32h4/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h4/include/soc/Kconfig.soc_caps.in @@ -811,6 +811,10 @@ config SOC_EFUSE_ECDSA_KEY bool default n +config SOC_EFUSE_XTS_AES_KEY_128 + bool + default y + config SOC_SECURE_BOOT_V2_RSA bool default y diff --git a/components/soc/esp32h4/include/soc/soc_caps.h b/components/soc/esp32h4/include/soc/soc_caps.h index 429546053c..7d0719c9e3 100644 --- a/components/soc/esp32h4/include/soc/soc_caps.h +++ b/components/soc/esp32h4/include/soc/soc_caps.h @@ -437,6 +437,7 @@ #define SOC_EFUSE_DIS_ICACHE 0 #define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1 // XTS-AES key purpose not supported for this block #define SOC_EFUSE_ECDSA_KEY 0 // TODO: [ESP32H4] IDF-12259 +#define SOC_EFUSE_XTS_AES_KEY_128 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_RSA 1 diff --git a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in index 404baad1fb..c6049b7eda 100644 --- a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in @@ -1679,6 +1679,14 @@ config SOC_EFUSE_ECDSA_KEY bool default y +config SOC_EFUSE_XTS_AES_KEY_128 + bool + default y + +config SOC_EFUSE_XTS_AES_KEY_256 + bool + default y + config SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT bool default y diff --git a/components/soc/esp32p4/include/soc/soc_caps.h b/components/soc/esp32p4/include/soc/soc_caps.h index a2896b7e6b..0b15149554 100644 --- a/components/soc/esp32p4/include/soc/soc_caps.h +++ b/components/soc/esp32p4/include/soc/soc_caps.h @@ -634,6 +634,8 @@ /* Capability to disable the MSPI access in download mode */ #define SOC_EFUSE_DIS_DOWNLOAD_MSPI 1 #define SOC_EFUSE_ECDSA_KEY 1 +#define SOC_EFUSE_XTS_AES_KEY_128 1 +#define SOC_EFUSE_XTS_AES_KEY_256 1 /*-------------------------- Key Manager CAPS----------------------------*/ #define SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT 1 /*!< Key manager supports key deployment */ @@ -655,8 +657,8 @@ #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (64) #define SOC_FLASH_ENCRYPTION_XTS_AES 1 #define SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS 1 -#define SOC_FLASH_ENCRYPTION_XTS_AES_128 1 -#define SOC_FLASH_ENCRYPTION_XTS_AES_256 1 +#define SOC_FLASH_ENCRYPTION_XTS_AES_128 1 /* SOC_EFUSE_XTS_AES_KEY_128 (1) || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 (1) */ +#define SOC_FLASH_ENCRYPTION_XTS_AES_256 1 /* SOC_EFUSE_XTS_AES_KEY_256 (1) || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 (1) */ /*-------------------------- MEMPROT CAPS ------------------------------------*/ /*-------------------------- UART CAPS ---------------------------------------*/ diff --git a/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in index 186d2ae2b6..2df36f9b13 100644 --- a/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in @@ -915,6 +915,14 @@ config SOC_EFUSE_DIS_ICACHE bool default y +config SOC_EFUSE_XTS_AES_KEY_128 + bool + default y + +config SOC_EFUSE_XTS_AES_KEY_256 + bool + default y + config SOC_SECURE_BOOT_V2_RSA bool default y diff --git a/components/soc/esp32s2/include/soc/soc_caps.h b/components/soc/esp32s2/include/soc/soc_caps.h index 6376fe2a58..7f96f49c9c 100644 --- a/components/soc/esp32s2/include/soc/soc_caps.h +++ b/components/soc/esp32s2/include/soc/soc_caps.h @@ -396,6 +396,8 @@ #define SOC_EFUSE_DIS_BOOT_REMAP 1 #define SOC_EFUSE_DIS_LEGACY_SPI_BOOT 1 #define SOC_EFUSE_DIS_ICACHE 1 +#define SOC_EFUSE_XTS_AES_KEY_128 1 +#define SOC_EFUSE_XTS_AES_KEY_256 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_RSA 1 diff --git a/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in b/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in index 1af3e5af9a..1bc0940b15 100644 --- a/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in @@ -1163,6 +1163,14 @@ config SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK bool default y +config SOC_EFUSE_XTS_AES_KEY_128 + bool + default y + +config SOC_EFUSE_XTS_AES_KEY_256 + bool + default y + config SOC_SECURE_BOOT_V2_RSA bool default y diff --git a/components/soc/esp32s3/include/soc/soc_caps.h b/components/soc/esp32s3/include/soc/soc_caps.h index bb599f0381..2c9c3e3fb2 100644 --- a/components/soc/esp32s3/include/soc/soc_caps.h +++ b/components/soc/esp32s3/include/soc/soc_caps.h @@ -470,6 +470,8 @@ #define SOC_EFUSE_DIS_DIRECT_BOOT 1 #define SOC_EFUSE_DIS_ICACHE 1 #define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1 // XTS-AES key purpose not supported for this block +#define SOC_EFUSE_XTS_AES_KEY_128 1 +#define SOC_EFUSE_XTS_AES_KEY_256 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_RSA 1