diff --git a/examples/security/security_features_app/README.md b/examples/security/security_features_app/README.md index cd79f81a84..4ca74af4a8 100644 --- a/examples/security/security_features_app/README.md +++ b/examples/security/security_features_app/README.md @@ -67,6 +67,14 @@ If you want to enable the security features on a target which has been virtually The detailed instructions on how to use QEMU can be found in the [QEMU documentation](https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/tools/qemu.html). +For QEMU emulation, the eFuses are emulated and are saved in a file. The default location for this file is `build/qemu_efuse.bin`. + +It is possible to save the eFuses in a different location by specifying the `--efuse-file` option when running QEMU commands. This is useful as the build directory may get modified and the flashed eFuse context may get reset. + +```sh +idf.py qemu --efuse-file +``` +
Target specific documentation @@ -121,7 +129,7 @@ Please follow below steps to enable Secure Boot V2: For QEMU emulation, the above command can be updated as follows: ``` - idf.py qemu efuse-burn-key BLOCK_KEY0 digest.bin SECURE_BOOT_DIGEST0 + idf.py qemu --efuse-file qemu_efuse.bin efuse-burn-key BLOCK_KEY0 digest.bin SECURE_BOOT_DIGEST0 ```
@@ -141,7 +149,7 @@ Please follow below steps to enable Secure Boot V2: For QEMU emulation, the above command can be updated as follows: ``` - idf.py qemu efuse-burn SECURE_BOOT_EN + idf.py qemu --efuse-file qemu_efuse.bin efuse-burn SECURE_BOOT_EN ``` @@ -202,7 +210,7 @@ Follow below steps to enable Flash Encryption: For QEMU emulation, the above command can be updated as follows: ``` - idf.py qemu efuse-burn-key BLOCK_KEY1 my_flash_encryption_key.bin XTS_AES_128_KEY + idf.py qemu --efuse-file qemu_efuse.bin efuse-burn-key BLOCK_KEY1 my_flash_encryption_key.bin XTS_AES_128_KEY ``` @@ -220,7 +228,7 @@ Follow below steps to enable Flash Encryption: For QEMU emulation, the above command can be updated as follows: ``` - idf.py qemu efuse-burn SPI_BOOT_CRYPT_CNT 7 + idf.py qemu --efuse-file qemu_efuse.bin efuse-burn SPI_BOOT_CRYPT_CNT 7 ``` @@ -306,7 +314,7 @@ We shall use the [nvs_partition_gen.py](../../../components/nvs_flash/nvs_partit For QEMU emulation, the above command can be updated as follows: ``` - idf.py qemu efuse-burn-key BLOCK_KEY2 keys/hmac_key.bin HMAC_UP + idf.py qemu --efuse-file qemu_efuse.bin efuse-burn-key BLOCK_KEY2 keys/hmac_key.bin HMAC_UP ``` @@ -371,7 +379,7 @@ The target provides an ability to disable JTAG access in the device for the soft For QEMU emulation, the above command can be updated as follows: ```shell - idf.py qemu efuse-burn-key BLOCK_KEY3 secure_jtag_hmac_key.bin HMAC_DOWN_JTAG + idf.py qemu --efuse-file qemu_efuse.bin efuse-burn-key BLOCK_KEY3 secure_jtag_hmac_key.bin HMAC_DOWN_JTAG ``` @@ -389,7 +397,7 @@ The target provides an ability to disable JTAG access in the device for the soft For QEMU emulation, the above command can be updated as follows: ```shell - idf.py qemu efuse-burn SOFT_DIS_JTAG 7 + idf.py qemu --efuse-file qemu_efuse.bin efuse-burn SOFT_DIS_JTAG 7 ``` @@ -599,20 +607,26 @@ Below are the commands that can be used to to emulate the target device on host 2. Build qemu image + First create a directory to store the merged binary + + ```sh + mkdir -p build/qemu + ``` + The qemu image can be built with following command ```sh - idf.py merge-bin --merge-args ../qemu/qemu_flash_args -o qemu/security_features_flash_image.bin + idf.py merge-bin -o qemu/security_features_flash_image.bin --fill-flash-size 4MB @qemu/qemu_flash_args ``` -**NOTE: The `idf.py merge-bin` command runs with `build` as the working directory. Make sure the relative path provided are relative to the `build` directory + **NOTE: The `idf.py merge-bin` command runs with `build` as the working directory. Make sure the relative path provided are relative to the `build` directory** ### Run example on QEMU The following command can be used to run example on qemu ```sh -idf.py qemu --flash-file build/qemu/security_features_flash_image.bin monitor +idf.py qemu --efuse-file qemu_efuse.bin --flash-file build/qemu/security_features_flash_image.bin monitor ``` The qemu session can be closed by pressing `CTRL+ ]`.