From 4abc541d6f4e70ba23d7f8f9728a2cadcc38c17a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yann=20Pomar=C3=A8de?= <yann.pomarede@gmail.com>
Date: Thu, 21 Jan 2021 09:46:53 +0100
Subject: [PATCH] bootloader: SECURE_ENABLE_SECURE_ROM_DL_MODE cannot be y when
 SECURE_DISABLE_ROM_DL_MODE=y

Closes: https://github.com/espressif/esp-idf/pull/6442
---
 components/bootloader/Kconfig.projbuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild
index 046389be07..0442895010 100644
--- a/components/bootloader/Kconfig.projbuild
+++ b/components/bootloader/Kconfig.projbuild
@@ -444,7 +444,7 @@ menu "Security features"
         config SECURE_BOOT_V2_ENABLED
             bool "Enable Secure Boot version 2"
             depends on SECURE_BOOT_SUPPORTS_RSA
-            select SECURE_ENABLE_SECURE_ROM_DL_MODE if !IDF_TARGET_ESP32 && !SECURE_INSECURE_ALLOW_DL_MODE
+            select SECURE_ENABLE_SECURE_ROM_DL_MODE if !IDF_TARGET_ESP32 && !SECURE_INSECURE_ALLOW_DL_MODE && !SECURE_DISABLE_ROM_DL_MODE # NOERROR
             select SECURE_DISABLE_ROM_DL_MODE if ESP32_REV_MIN_3 && !SECURE_INSECURE_ALLOW_DL_MODE
             help
                 Build a bootloader which enables Secure Boot version 2 on first boot.
@@ -614,7 +614,7 @@ menu "Security features"
 
         config SECURE_FLASH_ENCRYPTION_MODE_RELEASE
             bool "Release"
-            select SECURE_ENABLE_SECURE_ROM_DL_MODE if SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
+            select SECURE_ENABLE_SECURE_ROM_DL_MODE if SECURE_TARGET_HAS_SECURE_ROM_DL_MODE && !SECURE_DISABLE_ROM_DL_MODE # NOERROR
 
     endchoice