From 85b5e6a231d9310358e152807eb711f14336d4ce Mon Sep 17 00:00:00 2001 From: "nilesh.kale" Date: Mon, 23 Mar 2026 11:54:50 +0530 Subject: [PATCH] fix: added reference to example security/security_features_app in docs --- docs/en/security/secure-boot-v2.rst | 1 + docs/en/security/security-features-enablement-workflows.rst | 2 ++ docs/zh_CN/security/secure-boot-v2.rst | 1 + docs/zh_CN/security/security-features-enablement-workflows.rst | 2 ++ tools/ci/check_examples_documented.py | 2 -- 5 files changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/en/security/secure-boot-v2.rst b/docs/en/security/secure-boot-v2.rst index 4edba2e0ba..532930fe14 100644 --- a/docs/en/security/secure-boot-v2.rst +++ b/docs/en/security/secure-boot-v2.rst @@ -519,6 +519,7 @@ How To Enable Secure Boot v2 11. On subsequent boots, the Secure Boot hardware will verify that the second stage bootloader has not changed, and the second stage bootloader will verify the signed app image using the validated public key portion of its appended signature block. +For a comprehensive example that enables Secure Boot v2 along with other security features such as flash encryption and NVS encryption, see :example:`security/security_features_app`. Restrictions After Secure Boot Is Enabled ----------------------------------------- diff --git a/docs/en/security/security-features-enablement-workflows.rst b/docs/en/security/security-features-enablement-workflows.rst index b1d87e244d..d60449722d 100644 --- a/docs/en/security/security-features-enablement-workflows.rst +++ b/docs/en/security/security-features-enablement-workflows.rst @@ -788,3 +788,5 @@ In this case we generate NVS Encryption keys on a host. This key is then flashed The NVS partition (``nvs_encr_partition.bin``) and NVS encryption key (``nvs_encr_key.bin``) can then be flashed to their respective offset using ``esptool``. To see all of the command line options recommended for ``esptool``, check the output print when ``idf.py build`` succeeds. If Flash Encryption is enabled for the chip, then please encrypt the NVS key partition first before flashing. You may refer the flashing related steps of `Flash Encryption workflow `_. + +For a complete example demonstrating the enablement of all security features (Secure Boot v2, flash encryption, NVS encryption, and JTAG with HMAC), see :example:`security/security_features_app`. diff --git a/docs/zh_CN/security/secure-boot-v2.rst b/docs/zh_CN/security/secure-boot-v2.rst index 8eebce7d97..26b6606164 100644 --- a/docs/zh_CN/security/secure-boot-v2.rst +++ b/docs/zh_CN/security/secure-boot-v2.rst @@ -519,6 +519,7 @@ Secure Boot v2 签名验证也可以在 OTA 更新期间验证数据分区镜像 11. 在后续启动过程中,安全启动硬件会验证二级引导加载程序是否更改,二级引导加载程序会使用其附加的签名块中经验证的公钥部分,验证已签名的应用程序镜像。 +关于同时启用安全启动 v2 及其他安全功能(如 flash 加密和 NVS 加密)的完整示例,请参阅 :example:`security/security_features_app`。 启用安全启动后的限制 -------------------- diff --git a/docs/zh_CN/security/security-features-enablement-workflows.rst b/docs/zh_CN/security/security-features-enablement-workflows.rst index 2773fece36..ecc5582018 100644 --- a/docs/zh_CN/security/security-features-enablement-workflows.rst +++ b/docs/zh_CN/security/security-features-enablement-workflows.rst @@ -788,3 +788,5 @@ Secure Boot v2 指南 使用 ``esptool`` 命令,将 NVS 分区 (``nvs_encr_partition.bin``) 和 NVS 加密密钥 (``nvs_encr_key.bin``) 烧录到各自的偏移地址。通过 ``idf.py build`` 成功后打印的输出,可查看所有推荐的 ``esptool`` 命令行选项。 若芯片启用了 flash 加密,请在烧录前先对 NVS 加密密钥分区进行加密。详情请参阅 `flash 加密工作流程 `_ 中与烧录相关的步骤。 + +关于同时启用所有安全功能(安全启动 v2、flash 加密、NVS 加密及基于 HMAC 的 JTAG)的完整示例,请参阅 :example:`security/security_features_app`。 diff --git a/tools/ci/check_examples_documented.py b/tools/ci/check_examples_documented.py index fa40be81c3..863c5d24bf 100644 --- a/tools/ci/check_examples_documented.py +++ b/tools/ci/check_examples_documented.py @@ -25,8 +25,6 @@ KNOWN_MISSING = { 'zigbee/esp_zigbee_gateway', 'zigbee/light_sample/HA_on_off_light', 'zigbee/light_sample/HA_on_off_switch', - # TODO IDF-15376: add :example: reference for security_features_app - 'security/security_features_app', # TODO IDF-15380: add :example: references for bluetooth examples 'bluetooth/bluedroid/ble/ble_acl_latency/cent', 'bluetooth/bluedroid/ble/ble_acl_latency/periph',