Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-05-30 13:27:01 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

esp32s2/esp32c3: Build MCUboot bootloader with Flash Encryption support

Browse Source
This commit is contained in:
Gustavo Henrique Nihei
2021-12-30 11:58:24 -03:00
committed by Xiang Xiao
parent 98899ffe11
commit 9e5e60ba48
8 changed files with 209 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
arch/risc-v/src/esp32c3/Bootloader.mk
+7
View File
@@ -78,7 +78,14 @@ ifeq ($(CONFIG_ESP32C3_APP_FORMAT_MCUBOOT),y)
$(if $(CONFIG_ESP32C3_SECURE_BOOT_ALLOW_JTAG),$(call cfg_en,CONFIG_SECURE_BOOT_ALLOW_JTAG)) \ $(if $(CONFIG_ESP32C3_SECURE_BOOT_ALLOW_JTAG),$(call cfg_en,CONFIG_SECURE_BOOT_ALLOW_JTAG)) \
$(if $(CONFIG_ESP32C3_SECURE_BOOT_ALLOW_EFUSE_RD_DIS),$(call cfg_en,CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS)) \ $(if $(CONFIG_ESP32C3_SECURE_BOOT_ALLOW_EFUSE_RD_DIS),$(call cfg_en,CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS)) \
$(if $(CONFIG_ESP32C3_SECURE_DISABLE_ROM_DL_MODE),$(call cfg_en,CONFIG_SECURE_DISABLE_ROM_DL_MODE)) \ $(if $(CONFIG_ESP32C3_SECURE_DISABLE_ROM_DL_MODE),$(call cfg_en,CONFIG_SECURE_DISABLE_ROM_DL_MODE)) \
$(if $(CONFIG_ESP32C3_SECURE_ENABLE_SECURE_ROM_DL_MODE),$(call cfg_en,CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE)) \
$(if $(CONFIG_ESP32C3_SECURE_INSECURE_ALLOW_DL_MODE),$(call cfg_en,CONFIG_SECURE_INSECURE_ALLOW_DL_MODE)) \ $(if $(CONFIG_ESP32C3_SECURE_INSECURE_ALLOW_DL_MODE),$(call cfg_en,CONFIG_SECURE_INSECURE_ALLOW_DL_MODE)) \
$(if $(CONFIG_ESP32C3_SECURE_FLASH_ENC_ENABLED),$(call cfg_en,CONFIG_SECURE_FLASH_ENC_ENABLED)) \
$(if $(CONFIG_ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT),$(call cfg_en,CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT)) \
$(if $(CONFIG_ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_RELEASE),$(call cfg_en,CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE)) \
$(if $(CONFIG_ESP32C3_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC),$(call cfg_en,CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC)) \
$(if $(CONFIG_ESP32C3_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE),$(call cfg_en,CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE)) \
$(if $(CONFIG_ESP32C3_SECURE_FLASH_REQUIRE_ALREADY_ENABLED),$(call cfg_en,CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED)) \
$(call cfg_val,CONFIG_ESP_BOOTLOADER_SIZE,0xF000) \ $(call cfg_val,CONFIG_ESP_BOOTLOADER_SIZE,0xF000) \
$(call cfg_val,CONFIG_ESP_APPLICATION_PRIMARY_START_ADDRESS,$(CONFIG_ESP32C3_OTA_PRIMARY_SLOT_OFFSET)) \ $(call cfg_val,CONFIG_ESP_APPLICATION_PRIMARY_START_ADDRESS,$(CONFIG_ESP32C3_OTA_PRIMARY_SLOT_OFFSET)) \
$(call cfg_val,CONFIG_ESP_APPLICATION_SIZE,$(CONFIG_ESP32C3_OTA_SLOT_SIZE)) \ $(call cfg_val,CONFIG_ESP_APPLICATION_SIZE,$(CONFIG_ESP32C3_OTA_SLOT_SIZE)) \
arch/risc-v/src/esp32c3/Kconfig
+2
View File
@@ -77,6 +77,8 @@ config ESP32C3_ESPTOOLPY_NO_STUB
The flasher tool sends a precompiled download stub first by default. The flasher tool sends a precompiled download stub first by default.
That stub allows things like compressed downloads and more. That stub allows things like compressed downloads and more.
Usually you should not need to disable that feature. Usually you should not need to disable that feature.
It is only required to be disabled in certain scenarios when either
Secure Boot V2 or Flash Encryption is enabled.
config ESP32C3_FLASH_DETECT config ESP32C3_FLASH_DETECT
bool "Auto-detect FLASH size" bool "Auto-detect FLASH size"
arch/risc-v/src/esp32c3/Kconfig.security
+90 -4
View File
@@ -21,7 +21,7 @@ config ESP32C3_SECURE_BOOT
if ESP32C3_SECURE_BOOT if ESP32C3_SECURE_BOOT
comment "Secure Boot support requires building bootloader from source (ESP32C3_BOOTLOADER_BUILD_FROM_SOURCE)" comment "Secure Boot support requires building the bootloader from source (ESP32C3_BOOTLOADER_BUILD_FROM_SOURCE)"
depends on !ESP32C3_BOOTLOADER_BUILD_FROM_SOURCE depends on !ESP32C3_BOOTLOADER_BUILD_FROM_SOURCE
config ESP32C3_SECURE_BOOT_BUILD_SIGNED_BINARIES config ESP32C3_SECURE_BOOT_BUILD_SIGNED_BINARIES
@@ -101,8 +101,54 @@ config ESP32C3_SECURE_BOOT_INSECURE
endif # ESP32C3_SECURE_BOOT endif # ESP32C3_SECURE_BOOT
comment "Flash Encryption"
config ESP32C3_SECURE_FLASH_ENC_ENABLED
bool "Enable Flash Encryption on boot (READ HELP FIRST)"
default n
depends on ESP32C3_APP_FORMAT_MCUBOOT
---help---
If this option is set, flash contents will be encrypted by the bootloader on first boot.
Note: After first boot, the system will be permanently encrypted. Re-flashing an encrypted
system is complicated and not always possible.
Read https://docs.espressif.com/projects/esp-idf/en/latest/esp32c3/security/flash-encryption.html
before enabling.
if ESP32C3_SECURE_FLASH_ENC_ENABLED
comment "Flash Encryption support requires building the bootloader from source (ESP32C3_BOOTLOADER_BUILD_FROM_SOURCE)"
depends on !ESP32C3_BOOTLOADER_BUILD_FROM_SOURCE
choice ESP32C3_SECURE_FLASH_ENCRYPTION_MODE
bool "Enable usage mode"
default ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
---help---
By default, Development mode is enabled which allows ROM download mode to perform Flash Encryption
operations (plaintext is sent to the device, and it encrypts it internally and writes ciphertext
to flash). This mode is not secure, it's possible for an attacker to write their own chosen plaintext
to flash.
Release mode should always be selected for production or manufacturing. Once enabled it's no longer
possible for the device in ROM Download Mode to use the Flash Encryption hardware.
Refer to the Flash Encryption section of the ESP-IDF Programmer's Guide for details:
https://docs.espressif.com/projects/esp-idf/en/latest/esp32c3/security/flash-encryption.html#flash-encryption-configuration
config ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
bool "Development (NOT SECURE)"
select ESP32C3_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
config ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
bool "Release"
endchoice
endif # ESP32C3_SECURE_FLASH_ENC_ENABLED
menu "Potentially insecure options" menu "Potentially insecure options"
visible if ESP32C3_SECURE_BOOT_INSECURE visible if ESP32C3_SECURE_BOOT_INSECURE || ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
# NOTE: Options in this menu NEED to have ESP32C3_SECURE_BOOT_INSECURE # NOTE: Options in this menu NEED to have ESP32C3_SECURE_BOOT_INSECURE
# and/or ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT in "depends on", as the menu # and/or ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT in "depends on", as the menu
@@ -113,7 +159,7 @@ menu "Potentially insecure options"
config ESP32C3_SECURE_BOOT_ALLOW_JTAG config ESP32C3_SECURE_BOOT_ALLOW_JTAG
bool "Allow JTAG Debugging" bool "Allow JTAG Debugging"
default n default n
depends on ESP32C3_SECURE_BOOT_INSECURE depends on ESP32C3_SECURE_BOOT_INSECURE || ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
---help--- ---help---
If not set (default), the bootloader will permanently disable JTAG (across entire chip) on first boot If not set (default), the bootloader will permanently disable JTAG (across entire chip) on first boot
when either Secure Boot or Flash Encryption is enabled. when either Secure Boot or Flash Encryption is enabled.
@@ -143,12 +189,51 @@ config ESP32C3_SECURE_BOOT_ALLOW_EFUSE_RD_DIS
then it is __NOT__ possible to read/write efuses using espefuse.py utility. then it is __NOT__ possible to read/write efuses using espefuse.py utility.
However, efuse can be read/written from the application. However, efuse can be read/written from the application.
config ESP32C3_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
bool "Leave UART bootloader encryption enabled"
default n
depends on ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
---help---
If not set (default), the bootloader will permanently disable UART bootloader encryption access on
first boot. If set, the UART bootloader will still be able to access hardware encryption.
It is recommended to only set this option in testing environments.
config ESP32C3_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE
bool "Leave UART bootloader flash cache enabled"
default n
depends on ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
---help---
If not set (default), the bootloader will permanently disable UART bootloader flash cache access on
first boot. If set, the UART bootloader will still be able to access the flash cache.
Only set this option in testing environments.
config ESP32C3_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
bool "Require Flash Encryption to be already enabled"
default n
depends on ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
---help---
If not set (default), and Flash Encryption is not yet enabled in eFuses, the 2nd stage bootloader
will enable Flash Encryption: generate the Flash Encryption key and program eFuses.
If this option is set, and Flash Encryption is not yet enabled, the bootloader will error out and
reboot.
If Flash Encryption is enabled in eFuses, this option does not change the bootloader behavior.
Only use this option in testing environments, to avoid accidentally enabling Flash Encryption on
the wrong device. The device needs to have Flash Encryption already enabled using espefuse.py.
endmenu # Potentially insecure options endmenu # Potentially insecure options
config ESP32C3_SECURE_ROM_DL_MODE_ENABLED
bool
default y if !ESP32C3_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
choice ESP32C3_SECURE_UART_ROM_DL_MODE choice ESP32C3_SECURE_UART_ROM_DL_MODE
bool "UART ROM download mode" bool "UART ROM download mode"
default ESP32C3_SECURE_ENABLE_SECURE_ROM_DL_MODE if ESP32C3_SECURE_ROM_DL_MODE_ENABLED
default ESP32C3_SECURE_INSECURE_ALLOW_DL_MODE default ESP32C3_SECURE_INSECURE_ALLOW_DL_MODE
depends on ESP32C3_SECURE_BOOT depends on ESP32C3_SECURE_BOOT || ESP32C3_SECURE_FLASH_ENC_ENABLED
config ESP32C3_SECURE_DISABLE_ROM_DL_MODE config ESP32C3_SECURE_DISABLE_ROM_DL_MODE
bool "Permanently disabled (recommended)" bool "Permanently disabled (recommended)"
@@ -167,6 +252,7 @@ choice ESP32C3_SECURE_UART_ROM_DL_MODE
config ESP32C3_SECURE_ENABLE_SECURE_ROM_DL_MODE config ESP32C3_SECURE_ENABLE_SECURE_ROM_DL_MODE
bool "Permanently switch to Secure mode (recommended)" bool "Permanently switch to Secure mode (recommended)"
select ESP32C3_ESPTOOLPY_NO_STUB
---help--- ---help---
If set, during startup the app will burn an eFuse bit to permanently switch the UART ROM If set, during startup the app will burn an eFuse bit to permanently switch the UART ROM
Download Mode into a separate Secure Download mode. This option can only work if Download Mode into a separate Secure Download mode. This option can only work if
arch/xtensa/src/esp32/Kconfig.security
+2 -2
View File
@@ -20,7 +20,7 @@ config ESP32_SECURE_BOOT
if ESP32_SECURE_BOOT if ESP32_SECURE_BOOT
comment "Secure Boot support requires building bootloader from source (ESP32_BOOTLOADER_BUILD_FROM_SOURCE)" comment "Secure Boot support requires building the bootloader from source (ESP32_BOOTLOADER_BUILD_FROM_SOURCE)"
depends on !ESP32_BOOTLOADER_BUILD_FROM_SOURCE depends on !ESP32_BOOTLOADER_BUILD_FROM_SOURCE
config ESP32_SECURE_BOOT_BUILD_SIGNED_BINARIES config ESP32_SECURE_BOOT_BUILD_SIGNED_BINARIES
@@ -117,7 +117,7 @@ config ESP32_SECURE_FLASH_ENC_ENABLED
if ESP32_SECURE_FLASH_ENC_ENABLED if ESP32_SECURE_FLASH_ENC_ENABLED
comment "Flash Encryption support requires building bootloader from source (ESP32_BOOTLOADER_BUILD_FROM_SOURCE)" comment "Flash Encryption support requires building the bootloader from source (ESP32_BOOTLOADER_BUILD_FROM_SOURCE)"
depends on !ESP32_BOOTLOADER_BUILD_FROM_SOURCE depends on !ESP32_BOOTLOADER_BUILD_FROM_SOURCE
choice ESP32_SECURE_FLASH_ENCRYPTION_MODE choice ESP32_SECURE_FLASH_ENCRYPTION_MODE
arch/xtensa/src/esp32s2/Bootloader.mk
+7
View File
@@ -78,7 +78,14 @@ ifeq ($(CONFIG_ESP32S2_APP_FORMAT_MCUBOOT),y)
$(if $(CONFIG_ESP32S2_SECURE_BOOT_ALLOW_JTAG),$(call cfg_en,CONFIG_SECURE_BOOT_ALLOW_JTAG)) \ $(if $(CONFIG_ESP32S2_SECURE_BOOT_ALLOW_JTAG),$(call cfg_en,CONFIG_SECURE_BOOT_ALLOW_JTAG)) \
$(if $(CONFIG_ESP32S2_SECURE_BOOT_ALLOW_EFUSE_RD_DIS),$(call cfg_en,CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS)) \ $(if $(CONFIG_ESP32S2_SECURE_BOOT_ALLOW_EFUSE_RD_DIS),$(call cfg_en,CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS)) \
$(if $(CONFIG_ESP32S2_SECURE_DISABLE_ROM_DL_MODE),$(call cfg_en,CONFIG_SECURE_DISABLE_ROM_DL_MODE)) \ $(if $(CONFIG_ESP32S2_SECURE_DISABLE_ROM_DL_MODE),$(call cfg_en,CONFIG_SECURE_DISABLE_ROM_DL_MODE)) \
$(if $(CONFIG_ESP32S2_SECURE_ENABLE_SECURE_ROM_DL_MODE),$(call cfg_en,CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE)) \
$(if $(CONFIG_ESP32S2_SECURE_INSECURE_ALLOW_DL_MODE),$(call cfg_en,CONFIG_SECURE_INSECURE_ALLOW_DL_MODE)) \ $(if $(CONFIG_ESP32S2_SECURE_INSECURE_ALLOW_DL_MODE),$(call cfg_en,CONFIG_SECURE_INSECURE_ALLOW_DL_MODE)) \
$(if $(CONFIG_ESP32S2_SECURE_FLASH_ENC_ENABLED),$(call cfg_en,CONFIG_SECURE_FLASH_ENC_ENABLED)) \
$(if $(CONFIG_ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT),$(call cfg_en,CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT)) \
$(if $(CONFIG_ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_RELEASE),$(call cfg_en,CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE)) \
$(if $(CONFIG_ESP32S2_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC),$(call cfg_en,CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC)) \
$(if $(CONFIG_ESP32S2_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE),$(call cfg_en,CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE)) \
$(if $(CONFIG_ESP32S2_SECURE_FLASH_REQUIRE_ALREADY_ENABLED),$(call cfg_en,CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED)) \
$(call cfg_val,CONFIG_ESP_BOOTLOADER_SIZE,0xF000) \ $(call cfg_val,CONFIG_ESP_BOOTLOADER_SIZE,0xF000) \
$(call cfg_val,CONFIG_ESP_APPLICATION_PRIMARY_START_ADDRESS,$(CONFIG_ESP32S2_OTA_PRIMARY_SLOT_OFFSET)) \ $(call cfg_val,CONFIG_ESP_APPLICATION_PRIMARY_START_ADDRESS,$(CONFIG_ESP32S2_OTA_PRIMARY_SLOT_OFFSET)) \
$(call cfg_val,CONFIG_ESP_APPLICATION_SIZE,$(CONFIG_ESP32S2_OTA_SLOT_SIZE)) \ $(call cfg_val,CONFIG_ESP_APPLICATION_SIZE,$(CONFIG_ESP32S2_OTA_SLOT_SIZE)) \
arch/xtensa/src/esp32s2/Kconfig
+10
View File
@@ -81,6 +81,16 @@ config ESP32S2_FLASH_16M
bool bool
default n default n
config ESP32S2_ESPTOOLPY_NO_STUB
bool "Disable download stub"
default n
---help---
The flasher tool sends a precompiled download stub first by default.
That stub allows things like compressed downloads and more.
Usually you should not need to disable that feature.
It is only required to be disabled in certain scenarios when either
Secure Boot V2 or Flash Encryption is enabled.
config ESP32S2_FLASH_DETECT config ESP32S2_FLASH_DETECT
bool "Auto-detect FLASH size" bool "Auto-detect FLASH size"
default y default y
arch/xtensa/src/esp32s2/Kconfig.security
+90 -4
View File
@@ -20,7 +20,7 @@ config ESP32S2_SECURE_BOOT
if ESP32S2_SECURE_BOOT if ESP32S2_SECURE_BOOT
comment "Secure Boot support requires building bootloader from source (ESP32S2_BOOTLOADER_BUILD_FROM_SOURCE)" comment "Secure Boot support requires building the bootloader from source (ESP32S2_BOOTLOADER_BUILD_FROM_SOURCE)"
depends on !ESP32S2_BOOTLOADER_BUILD_FROM_SOURCE depends on !ESP32S2_BOOTLOADER_BUILD_FROM_SOURCE
config ESP32S2_SECURE_BOOT_BUILD_SIGNED_BINARIES config ESP32S2_SECURE_BOOT_BUILD_SIGNED_BINARIES
@@ -100,8 +100,54 @@ config ESP32S2_SECURE_BOOT_INSECURE
endif # ESP32S2_SECURE_BOOT endif # ESP32S2_SECURE_BOOT
comment "Flash Encryption"
config ESP32S2_SECURE_FLASH_ENC_ENABLED
bool "Enable Flash Encryption on boot (READ HELP FIRST)"
default n
depends on ESP32S2_APP_FORMAT_MCUBOOT
---help---
If this option is set, flash contents will be encrypted by the bootloader on first boot.
Note: After first boot, the system will be permanently encrypted. Re-flashing an encrypted
system is complicated and not always possible.
Read https://docs.espressif.com/projects/esp-idf/en/latest/esp32s2/security/flash-encryption.html
before enabling.
if ESP32S2_SECURE_FLASH_ENC_ENABLED
comment "Flash Encryption support requires building the bootloader from source (ESP32S2_BOOTLOADER_BUILD_FROM_SOURCE)"
depends on !ESP32S2_BOOTLOADER_BUILD_FROM_SOURCE
choice ESP32S2_SECURE_FLASH_ENCRYPTION_MODE
bool "Enable usage mode"
default ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
---help---
By default, Development mode is enabled which allows ROM download mode to perform Flash Encryption
operations (plaintext is sent to the device, and it encrypts it internally and writes ciphertext
to flash). This mode is not secure, it's possible for an attacker to write their own chosen plaintext
to flash.
Release mode should always be selected for production or manufacturing. Once enabled it's no longer
possible for the device in ROM Download Mode to use the Flash Encryption hardware.
Refer to the Flash Encryption section of the ESP-IDF Programmer's Guide for details:
https://docs.espressif.com/projects/esp-idf/en/latest/esp32s2/security/flash-encryption.html#flash-encryption-configuration
config ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
bool "Development (NOT SECURE)"
select ESP32S2_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
config ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
bool "Release"
endchoice
endif # ESP32S2_SECURE_FLASH_ENC_ENABLED
menu "Potentially insecure options" menu "Potentially insecure options"
visible if ESP32S2_SECURE_BOOT_INSECURE visible if ESP32S2_SECURE_BOOT_INSECURE || ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
# NOTE: Options in this menu NEED to have ESP32S2_SECURE_BOOT_INSECURE # NOTE: Options in this menu NEED to have ESP32S2_SECURE_BOOT_INSECURE
# and/or ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT in "depends on", as the menu # and/or ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT in "depends on", as the menu
@@ -112,7 +158,7 @@ menu "Potentially insecure options"
config ESP32S2_SECURE_BOOT_ALLOW_JTAG config ESP32S2_SECURE_BOOT_ALLOW_JTAG
bool "Allow JTAG Debugging" bool "Allow JTAG Debugging"
default n default n
depends on ESP32S2_SECURE_BOOT_INSECURE depends on ESP32S2_SECURE_BOOT_INSECURE || ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
---help--- ---help---
If not set (default), the bootloader will permanently disable JTAG (across entire chip) on first boot If not set (default), the bootloader will permanently disable JTAG (across entire chip) on first boot
when either Secure Boot or Flash Encryption is enabled. when either Secure Boot or Flash Encryption is enabled.
@@ -142,12 +188,51 @@ config ESP32S2_SECURE_BOOT_ALLOW_EFUSE_RD_DIS
then it is __NOT__ possible to read/write efuses using espefuse.py utility. then it is __NOT__ possible to read/write efuses using espefuse.py utility.
However, efuse can be read/written from the application. However, efuse can be read/written from the application.
config ESP32S2_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
bool "Leave UART bootloader encryption enabled"
default n
depends on ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
---help---
If not set (default), the bootloader will permanently disable UART bootloader encryption access on
first boot. If set, the UART bootloader will still be able to access hardware encryption.
It is recommended to only set this option in testing environments.
config ESP32S2_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE
bool "Leave UART bootloader flash cache enabled"
default n
depends on ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
---help---
If not set (default), the bootloader will permanently disable UART bootloader flash cache access on
first boot. If set, the UART bootloader will still be able to access the flash cache.
Only set this option in testing environments.
config ESP32S2_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
bool "Require Flash Encryption to be already enabled"
default n
depends on ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
---help---
If not set (default), and Flash Encryption is not yet enabled in eFuses, the 2nd stage bootloader
will enable Flash Encryption: generate the Flash Encryption key and program eFuses.
If this option is set, and Flash Encryption is not yet enabled, the bootloader will error out and
reboot.
If Flash Encryption is enabled in eFuses, this option does not change the bootloader behavior.
Only use this option in testing environments, to avoid accidentally enabling Flash Encryption on
the wrong device. The device needs to have Flash Encryption already enabled using espefuse.py.
endmenu # Potentially insecure options endmenu # Potentially insecure options
config ESP32S2_SECURE_ROM_DL_MODE_ENABLED
bool
default y if !ESP32S2_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
choice ESP32S2_SECURE_UART_ROM_DL_MODE choice ESP32S2_SECURE_UART_ROM_DL_MODE
bool "UART ROM download mode" bool "UART ROM download mode"
default ESP32S2_SECURE_ENABLE_SECURE_ROM_DL_MODE if ESP32S2_SECURE_ROM_DL_MODE_ENABLED
default ESP32S2_SECURE_INSECURE_ALLOW_DL_MODE default ESP32S2_SECURE_INSECURE_ALLOW_DL_MODE
depends on ESP32S2_SECURE_BOOT depends on ESP32S2_SECURE_BOOT || ESP32S2_SECURE_FLASH_ENC_ENABLED
config ESP32S2_SECURE_DISABLE_ROM_DL_MODE config ESP32S2_SECURE_DISABLE_ROM_DL_MODE
bool "Permanently disabled (recommended)" bool "Permanently disabled (recommended)"
@@ -166,6 +251,7 @@ choice ESP32S2_SECURE_UART_ROM_DL_MODE
config ESP32S2_SECURE_ENABLE_SECURE_ROM_DL_MODE config ESP32S2_SECURE_ENABLE_SECURE_ROM_DL_MODE
bool "Permanently switch to Secure mode (recommended)" bool "Permanently switch to Secure mode (recommended)"
select ESP32S2_ESPTOOLPY_NO_STUB
---help--- ---help---
If set, during startup the app will burn an eFuse bit to permanently switch the UART ROM If set, during startup the app will burn an eFuse bit to permanently switch the UART ROM
Download Mode into a separate Secure Download mode. This option can only work if Download Mode into a separate Secure Download mode. This option can only work if
tools/esp32s2/Config.mk
+1 -1
View File
@@ -253,7 +253,7 @@ define FLASH
echo "USAGE: make flash ESPTOOL_PORT=<port> [ ESPTOOL_BAUD=<baud> ] [ ESPTOOL_BINDIR=<dir> ]"; \ echo "USAGE: make flash ESPTOOL_PORT=<port> [ ESPTOOL_BAUD=<baud> ] [ ESPTOOL_BINDIR=<dir> ]"; \
exit 1; \ exit 1; \
fi fi
$(eval ESPTOOL_OPTS := -c esp32s2 -p $(ESPTOOL_PORT) -b $(ESPTOOL_BAUD) $(ESPTOOL_RESET_OPTS)) $(eval ESPTOOL_OPTS := -c esp32s2 -p $(ESPTOOL_PORT) -b $(ESPTOOL_BAUD) $(ESPTOOL_RESET_OPTS) $(if $(CONFIG_ESP32S2_ESPTOOLPY_NO_STUB),--no-stub))
esptool.py $(ESPTOOL_OPTS) write_flash $(ESPTOOL_WRITEFLASH_OPTS) $(ESPTOOL_BINS) esptool.py $(ESPTOOL_OPTS) write_flash $(ESPTOOL_WRITEFLASH_OPTS) $(ESPTOOL_BINS)
$(if $(CONFIG_ESP32S2_SECURE_BOOT),$(call HELP_FLASH_BOOTLOADER)) $(if $(CONFIG_ESP32S2_SECURE_BOOT),$(call HELP_FLASH_BOOTLOADER))