Merge branch 'fix/fix_esp32p4_key_mgr_efuse_key_rev_le_3_v6.0' into 'release/v6.0'

fix(esp_hal_security): fixes failing hmac_hal_configure with efuse_key for p4 rev < 3 (v6.0) See merge request espressif/esp-idf!46892
2026-04-27 11:03:11 +00:00 · 2026-03-25 10:38:30 +08:00
parent 3bd7ec9fe9 1db26df63d
commit 6e08270b4a
4 changed files with 15 additions and 9 deletions
@@ -45,7 +45,6 @@ static void configure_ecdsa_periph(ecdsa_hal_config_t *conf)
        ecdsa_hal_set_efuse_key(conf->curve, conf->efuse_key_blk);

 #if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
-
        // Force Key Manager to use eFuse key for ECDSA operation
        key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
 #endif
@@ -38,7 +38,7 @@ uint32_t hmac_hal_configure(hmac_hal_output_t config, uint32_t key_id)
            // No other HMAC output type is allowed when using key manager
            return 1;
        }
-    } else {
+    } else if (key_mgr_ll_is_supported()) {
        key_mgr_hal_set_key_usage(ESP_KEY_MGR_HMAC_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
    }
 #endif
@@ -24,6 +24,7 @@ ESP_LOG_ATTR_TAG(TAG, "test_ds");
 #include "rom/hmac.h"

 #if SOC_KEY_MANAGER_DS_KEY_DEPLOY
+#include "hal/key_mgr_hal.h"
 #include "hal/key_mgr_ll.h"
 #endif

@@ -92,11 +93,15 @@ static esp_err_t esp_ds_start_sign(const void *message, const esp_ds_data_t *dat
 #if SOC_KEY_MANAGER_DS_KEY_DEPLOY
    if (key_id == HMAC_KEY_KM) {
        if (!key_mgr_ll_is_supported()) {
-            HAL_ASSERT(false && "Key manager is not supported");
+            ds_disable_release();
+            assert(false && "Key manager is not supported");
        }
-
+        key_mgr_hal_set_key_usage(ESP_KEY_MGR_DS_KEY, ESP_KEY_MGR_USE_OWN_KEY);
        ds_hal_set_key_source(DS_KEY_SOURCE_KEY_MGR);
    } else {
+        if (key_mgr_ll_is_supported()) {
+            key_mgr_hal_set_key_usage(ESP_KEY_MGR_DS_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
+        }
        ds_hal_set_key_source(DS_KEY_SOURCE_EFUSE);
 #endif
        hmac_hal_start();
@@ -332,15 +332,17 @@ esp_err_t esp_ds_start_sign(const void *message,
    ds_acquire_enable();

 #if SOC_KEY_MANAGER_DS_KEY_DEPLOY
-    if (!key_mgr_ll_is_supported()) {
-        assert(false && "Key manager is not supported");
-    }
-
    if (key_id == HMAC_KEY_KM) {
+        if (!key_mgr_ll_is_supported()) {
+            ds_disable_release();
+            assert(false && "Key manager is not supported");
+        }
        key_mgr_hal_set_key_usage(ESP_KEY_MGR_DS_KEY, ESP_KEY_MGR_USE_OWN_KEY);
        ds_hal_set_key_source(DS_KEY_SOURCE_KEY_MGR);
    } else {
-        key_mgr_hal_set_key_usage(ESP_KEY_MGR_DS_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
+        if (key_mgr_ll_is_supported()) {
+            key_mgr_hal_set_key_usage(ESP_KEY_MGR_DS_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
+        }
        ds_hal_set_key_source(DS_KEY_SOURCE_EFUSE);
 #endif
        // initiate hmac