espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-27 16:31:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): Fixed the force constant time ecc mode

Browse Source 
A regression was added through !36587 in which
    the force constant time ecc mode was not added appropriately
    The option gave compile time errors when enabled.
This commit is contained in:
Aditya Patwardhan
2025-02-06 08:45:10 +05:30
parent 546a8c8884
commit 17836ba0f3
2 changed files with 21 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
components/esp_system/port/cpu_start.c
View File

@@ -248,23 +248,6 @@ static void start_other_core(void)
} }
#endif #endif
#if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL
bool force_constant_time = true;
#if CONFIG_IDF_TARGET_ESP32H2
if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) {
force_constant_time = false;
}
#endif
if (!esp_efuse_read_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME) && force_constant_time) {
ESP_EARLY_LOGD(TAG, "Forcefully enabling ECC constant time operations");
esp_err_t err = esp_efuse_write_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME);
if (err != ESP_OK) {
ESP_EARLY_LOGE(TAG, "Enabling ECC constant time operations forcefully failed.");
return err;
}
}
#endif
ets_set_appcpu_boot_addr((uint32_t)call_start_cpu1); ets_set_appcpu_boot_addr((uint32_t)call_start_cpu1);
bool cpus_up = false; bool cpus_up = false;

22
components/esp_system/startup.c
View File

@@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@@ -38,6 +38,12 @@
/***********************************************/ /***********************************************/
// Headers for other components init functions // Headers for other components init functions
#if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL
#include "soc/chip_revision.h"
#include "hal/efuse_hal.h"
#endif
#if CONFIG_SW_COEXIST_ENABLE || CONFIG_EXTERNAL_COEX_ENABLE #if CONFIG_SW_COEXIST_ENABLE || CONFIG_EXTERNAL_COEX_ENABLE
#include "private/esp_coexist_internal.h" #include "private/esp_coexist_internal.h"
#endif #endif
@@ -390,6 +396,20 @@ static void do_core_init(void)
} }
#endif #endif
#if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL
bool force_constant_time = true;
#if CONFIG_IDF_TARGET_ESP32H2
if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) {
force_constant_time = false;
}
#endif
if (!esp_efuse_read_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME) && force_constant_time) {
ESP_EARLY_LOGD(TAG, "Forcefully enabling ECC constant time operations");
esp_err_t err = esp_efuse_write_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME);
assert(err == ESP_OK && "Failed to enable ECC constant time operations");
}
#endif
#if CONFIG_SECURE_DISABLE_ROM_DL_MODE #if CONFIG_SECURE_DISABLE_ROM_DL_MODE
err = esp_efuse_disable_rom_download_mode(); err = esp_efuse_disable_rom_download_mode();
assert(err == ESP_OK && "Failed to disable ROM download mode"); assert(err == ESP_OK && "Failed to disable ROM download mode");