espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2026-06-11 11:42:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/secure_boot_revoke_check' into 'master'

Browse Source 
secure_boot: Checks secure boot efuses

Closes IDF-2609

See merge request espressif/esp-idf!12148
This commit is contained in:
Angus Gratton
2021-02-25 22:38:42 +00:00
parent eb29d8dbda 90f2d3199a
commit 501af6dfa2
55 changed files with 877 additions and 767 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/en/security/secure-boot-v2.rst
+2
View File
@@ -157,6 +157,8 @@ eFuse usage
- SECURE_BOOT_AGGRESSIVE_REVOKE - Enables aggressive revocation of keys. The key is revoked as soon as verification with this key fails.
To ensure no trusted keys can be added later by an attacker, each unused key digest slot should be revoked (KEY_REVOKEX). It will be checked during app startup in :cpp:func:`esp_secure_boot_init_checks` and fixed unless :ref:`CONFIG_SECURE_BOOT_ALLOW_UNUSED_DIGEST_SLOTS` is enabled.
.. _secure-boot-v2-howto:
How To Enable Secure Boot V2