espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(esp_security): Set WR_DIS_SECURE_BOOT_SHA384_EN by default when

Browse Source 
Flash Encryption Release mode is enabled and Secure Boot P384 scheme not is enabled.
This commit is contained in:
harshal.patil
2025-10-26 15:27:52 +05:30
parent 7168b9f7d3
commit 3090e91e60
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/bootloader/Kconfig.projbuild
+1 -1
View File
@@ -974,7 +974,7 @@ menu "Security features"
config SECURE_BOOT_SKIP_WRITE_PROTECTION_SCA
bool "Skip write-protection of SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH"
default y if SECURE_FLASH_PSEUDO_ROUND_FUNC
default y if SECURE_FLASH_PSEUDO_ROUND_FUNC && !SECURE_FLASH_ENCRYPTION_MODE_RELEASE
default n
depends on SOC_ECDSA_SUPPORT_CURVE_P384 && SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
help
components/esp_security/src/init.c
+1 -1
View File
@@ -94,7 +94,7 @@ ESP_SYSTEM_INIT_FN(esp_security_init, SECONDARY, BIT(0), 103)
#if CONFIG_SECURE_BOOT_V2_ENABLED
// H2, H21
#if SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
// Also write protects the ECDSA_CURVE_MODE efuse bit.
// Also write protects the ECC_FORCE_CONST_TIME efuse bit.
if (ecdsa_ll_is_configurable_curve_supported()) {
err = esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE);
if (err != ESP_OK) {