espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 11:03:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(bootloader_support): Allow pre-programmed XTS-AES psuedo round level efuses

Browse Source 
- The API esp_flash_encryption_set_release_mode() by defualt programs
the XTS-AES pseudo round level efuse to level low but did not considered
any existing value that would have been programmed in the efuse bit.
This commit is contained in:
harshal.patil
2025-09-19 12:51:50 +05:30
committed by Mahavir Jain
parent ad1852424e
commit 18c042abf1
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/bootloader_support/include/esp_flash_encrypt.h
+4
View File
@@ -205,6 +205,10 @@ bool esp_flash_encryption_cfg_verify_release_mode(void);
* It burns:
* - "disable encrypt in dl mode"
* - set FLASH_CRYPT_CNT efuse to max
*
* In case of the targets that support the XTS-AES peripheral's pseudo rounds function,
* this API would configure the pseudo rounds level efuse bit to level low if the efuse bit
* is not set already.
*/
void esp_flash_encryption_set_release_mode(void);
components/bootloader_support/src/esp32h2/flash_encryption_secure_features.c
+1 -1
View File
@@ -36,7 +36,7 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
esp_efuse_write_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);
#if defined(CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC)
#if CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC
if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
ESP_LOGI(TAG, "Enable XTS-AES pseudo rounds function...");
uint8_t xts_pseudo_level = CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH;
components/bootloader_support/src/flash_encrypt.c
+12
View File
@@ -204,6 +204,18 @@ void esp_flash_encryption_set_release_mode(void)
#endif // CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED
#endif // !CONFIG_IDF_TARGET_ESP32
#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
uint8_t xts_pseudo_level = 0;
esp_efuse_read_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
if (xts_pseudo_level == ESP_XTS_AES_PSEUDO_ROUNDS_DISABLE) {
xts_pseudo_level = ESP_XTS_AES_PSEUDO_ROUNDS_LOW;
esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
}
}
#endif
#ifdef CONFIG_IDF_TARGET_ESP32
esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE);
#else