espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-02 18:10:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

docs(security_features_app): Update the QEMU instructions for the security_features_app example

Browse Source 
Closes https://github.com/espressif/esp-idf/issues/17458
Closes https://github.com/espressif/esp-idf/pull/17464
This commit is contained in:
Soren Friis
2025-08-20 11:11:34 +03:00
committed by Ashish Sharma
parent 453bd60576
commit 391de423fd
1 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
examples/security/security_features_app/README.md
View File

@@ -67,6 +67,14 @@ If you want to enable the security features on a target which has been virtually
The detailed instructions on how to use QEMU can be found in the [QEMU documentation](https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/tools/qemu.html). The detailed instructions on how to use QEMU can be found in the [QEMU documentation](https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/tools/qemu.html).
For QEMU emulation, the eFuses are emulated and are saved in a file. The default location for this file is `build/qemu_efuse.bin`.
It is possible to save the eFuses in a different location by specifying the `--efuse-file` option when running QEMU commands. This is useful as the build directory may get modified and the flashed eFuse context may get reset.
```sh
idf.py qemu --efuse-file <path_to_efuse.bin>
```
<details> <details>
<summary>Target specific documentation</summary> <summary>Target specific documentation</summary>
@@ -121,7 +129,7 @@ Please follow below steps to enable Secure Boot V2:
For QEMU emulation, the above command can be updated as follows: For QEMU emulation, the above command can be updated as follows:
``` ```
idf.py qemu efuse-burn-key BLOCK_KEY0 digest.bin SECURE_BOOT_DIGEST0 idf.py qemu --efuse-file qemu_efuse.bin efuse-burn-key BLOCK_KEY0 digest.bin SECURE_BOOT_DIGEST0
``` ```
</details> </details>
@@ -141,7 +149,7 @@ Please follow below steps to enable Secure Boot V2:
For QEMU emulation, the above command can be updated as follows: For QEMU emulation, the above command can be updated as follows:
``` ```
idf.py qemu efuse-burn SECURE_BOOT_EN idf.py qemu --efuse-file qemu_efuse.bin efuse-burn SECURE_BOOT_EN
``` ```
</details> </details>
@@ -202,7 +210,7 @@ Follow below steps to enable Flash Encryption:
For QEMU emulation, the above command can be updated as follows: For QEMU emulation, the above command can be updated as follows:
``` ```
idf.py qemu efuse-burn-key BLOCK_KEY1 my_flash_encryption_key.bin XTS_AES_128_KEY idf.py qemu --efuse-file qemu_efuse.bin efuse-burn-key BLOCK_KEY1 my_flash_encryption_key.bin XTS_AES_128_KEY
``` ```
</details> </details>
@@ -220,7 +228,7 @@ Follow below steps to enable Flash Encryption:
For QEMU emulation, the above command can be updated as follows: For QEMU emulation, the above command can be updated as follows:
``` ```
idf.py qemu efuse-burn SPI_BOOT_CRYPT_CNT 7 idf.py qemu --efuse-file qemu_efuse.bin efuse-burn SPI_BOOT_CRYPT_CNT 7
``` ```
</details> </details>
@@ -306,7 +314,7 @@ We shall use the [nvs_partition_gen.py](../../../components/nvs_flash/nvs_partit
For QEMU emulation, the above command can be updated as follows: For QEMU emulation, the above command can be updated as follows:
``` ```
idf.py qemu efuse-burn-key BLOCK_KEY2 keys/hmac_key.bin HMAC_UP idf.py qemu --efuse-file qemu_efuse.bin efuse-burn-key BLOCK_KEY2 keys/hmac_key.bin HMAC_UP
``` ```
</details> </details>
@@ -371,7 +379,7 @@ The target provides an ability to disable JTAG access in the device for the soft
For QEMU emulation, the above command can be updated as follows: For QEMU emulation, the above command can be updated as follows:
```shell ```shell
idf.py qemu efuse-burn-key BLOCK_KEY3 secure_jtag_hmac_key.bin HMAC_DOWN_JTAG idf.py qemu --efuse-file qemu_efuse.bin efuse-burn-key BLOCK_KEY3 secure_jtag_hmac_key.bin HMAC_DOWN_JTAG
``` ```
</details> </details>
@@ -389,7 +397,7 @@ The target provides an ability to disable JTAG access in the device for the soft
For QEMU emulation, the above command can be updated as follows: For QEMU emulation, the above command can be updated as follows:
```shell ```shell
idf.py qemu efuse-burn SOFT_DIS_JTAG 7 idf.py qemu --efuse-file qemu_efuse.bin efuse-burn SOFT_DIS_JTAG 7
``` ```
</details> </details>
@@ -599,20 +607,26 @@ Below are the commands that can be used to to emulate the target device on host
2. Build qemu image 2. Build qemu image
First create a directory to store the merged binary
```sh
mkdir -p build/qemu
```
The qemu image can be built with following command The qemu image can be built with following command
```sh ```sh
idf.py merge-bin --merge-args ../qemu/qemu_flash_args -o qemu/security_features_flash_image.bin idf.py merge-bin -o qemu/security_features_flash_image.bin --fill-flash-size 4MB @qemu/qemu_flash_args
``` ```
**NOTE: The `idf.py merge-bin` command runs with `build` as the working directory. Make sure the relative path provided are relative to the `build` directory **NOTE: The `idf.py merge-bin` command runs with `build` as the working directory. Make sure the relative path provided are relative to the `build` directory**
### Run example on QEMU ### Run example on QEMU
The following command can be used to run example on qemu The following command can be used to run example on qemu
```sh ```sh
idf.py qemu --flash-file build/qemu/security_features_flash_image.bin monitor idf.py qemu --efuse-file qemu_efuse.bin --flash-file build/qemu/security_features_flash_image.bin monitor
``` ```
The qemu session can be closed by pressing `CTRL+ ]`. The qemu session can be closed by pressing `CTRL+ ]`.