From 89d11be4a99ac3a67e46284e8a9f344cf37f5f2b Mon Sep 17 00:00:00 2001 From: KonstantinKondrashov Date: Tue, 4 Apr 2023 00:00:56 +0800 Subject: [PATCH 1/3] efuse: Prevent burning XTS_AES and ECDSA keys into BLOCK9 (BLOCK_KEY5) eFuse module has a hardware bug. It is related to ESP32-C3, C6, S3, H2 chips: - BLOCK9 (BLOCK_KEY5) can not be used by XTS_AES keys. For H2 chips, the BLOCK9 (BLOCK_KEY5) can not be used by ECDSA keys. S2 does not have such a hardware bug. --- .../efuse/src/esp_efuse_api_key_esp32xx.c | 14 ++++++++ components/efuse/test/test_efuse_keys.c | 36 +++++++++++++++++-- components/soc/esp32c3/include/soc/soc_caps.h | 3 ++ components/soc/esp32h2/include/soc/soc_caps.h | 3 ++ components/soc/esp32s3/include/soc/soc_caps.h | 2 ++ 5 files changed, 56 insertions(+), 2 deletions(-) diff --git a/components/efuse/src/esp_efuse_api_key_esp32xx.c b/components/efuse/src/esp_efuse_api_key_esp32xx.c index eb745ad769..c11ac3fdf9 100644 --- a/components/efuse/src/esp_efuse_api_key_esp32xx.c +++ b/components/efuse/src/esp_efuse_api_key_esp32xx.c @@ -301,6 +301,20 @@ esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpo unsigned idx = block - EFUSE_BLK_KEY0; ESP_EFUSE_CHK(esp_efuse_write_field_blob(s_table[idx].key, key, key_size_bytes * 8)); ESP_EFUSE_CHK(esp_efuse_set_key_dis_write(block)); + +#if SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK + if (block == EFUSE_BLK9 && ( +#if SOC_FLASH_ENCRYPTION_XTS_AES_256 + purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 || + purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2 || +#endif + purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY)) { + ESP_LOGE(TAG, "BLOCK9 can not have the %d purpose because of HW bug (see TRM for more details)", purpose); + err = ESP_ERR_NOT_SUPPORTED; + goto err_exit; + } +#endif // SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK + if (purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY || #ifdef SOC_FLASH_ENCRYPTION_XTS_AES_256 purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 || diff --git a/components/efuse/test/test_efuse_keys.c b/components/efuse/test/test_efuse_keys.c index 24f3190bed..818cdb349a 100644 --- a/components/efuse/test/test_efuse_keys.c +++ b/components/efuse/test/test_efuse_keys.c @@ -48,6 +48,23 @@ TEST_CASE("Test keys and purposes, rd, wr, wr_key_purposes are in the initial st } } +#if CONFIG_EFUSE_VIRTUAL +#if SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK +TEST_CASE("Test efuse API blocks burning XTS and ECDSA keys into BLOCK9", "[efuse]") +{ + uint8_t key[32] = {0}; + esp_efuse_purpose_t purpose = ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY; + TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_write_key(EFUSE_BLK9, purpose, &key, sizeof(key))); +#if SOC_FLASH_ENCRYPTION_XTS_AES_256 + purpose = ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1; + TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_write_key(EFUSE_BLK9, purpose, &key, sizeof(key))); + purpose = ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2; + TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_efuse_write_key(EFUSE_BLK9, purpose, &key, sizeof(key))); +#endif +} +#endif // SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK +#endif // CONFIG_EFUSE_VIRTUAL + // If using efuse is real, then turn off writing tests. #if CONFIG_EFUSE_VIRTUAL || CONFIG_IDF_ENV_FPGA @@ -117,14 +134,29 @@ TEST_CASE("Test esp_efuse_write_key for virt mode", "[efuse]") TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_efuse_write_key(EFUSE_BLK_KEY0, tmp_purpose, &rd_key, 33)); TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_efuse_write_key(EFUSE_BLK10, tmp_purpose, &rd_key, sizeof(rd_key))); - for (esp_efuse_purpose_t purpose = ESP_EFUSE_KEY_PURPOSE_RESERVED; purpose < ESP_EFUSE_KEY_PURPOSE_MAX; ++purpose) { + for (esp_efuse_purpose_t g_purpose = ESP_EFUSE_KEY_PURPOSE_USER; g_purpose < ESP_EFUSE_KEY_PURPOSE_MAX; ++g_purpose) { + if (g_purpose == ESP_EFUSE_KEY_PURPOSE_USER) { + continue; + } esp_efuse_utility_reset(); esp_efuse_utility_update_virt_blocks(); esp_efuse_utility_debug_dump_blocks(); - TEST_ASSERT_FALSE(esp_efuse_find_purpose(purpose, NULL)); + TEST_ASSERT_FALSE(esp_efuse_find_purpose(g_purpose, NULL)); for (esp_efuse_block_t num_key = (EFUSE_BLK_KEY_MAX - 1); num_key >= EFUSE_BLK_KEY0; --num_key) { + esp_efuse_purpose_t purpose = g_purpose; +#if SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK + if (num_key == EFUSE_BLK9 && ( +#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_256 + purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 || + purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2 || +#endif //#ifdef SOC_EFUSE_SUPPORT_XTS_AES_256_KEYS + purpose == ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY)) { + printf("BLOCK9 can not have the %d purpose, use RESERVED instead\n", purpose); + purpose = ESP_EFUSE_KEY_PURPOSE_RESERVED; + } +#endif // SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK int id = num_key - EFUSE_BLK_KEY0; TEST_ASSERT_EQUAL(id + 1, esp_efuse_count_unused_key_blocks()); test_write_key(num_key, purpose); diff --git a/components/soc/esp32c3/include/soc/soc_caps.h b/components/soc/esp32c3/include/soc/soc_caps.h index e0fa714429..430bfd0925 100644 --- a/components/soc/esp32c3/include/soc/soc_caps.h +++ b/components/soc/esp32c3/include/soc/soc_caps.h @@ -266,6 +266,9 @@ #define SOC_TWAI_BRP_MAX 16384 #define SOC_TWAI_SUPPORTS_RX_STATUS 1 +/*-------------------------- eFuse CAPS----------------------------*/ +#define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1 // AES-XTS key purpose not supported for this block + /*-------------------------- Flash Encryption CAPS----------------------------*/ #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (32) diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index 4b03d845e8..57df389f8f 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -250,6 +250,9 @@ #define SOC_TWAI_BRP_MAX 16384 #define SOC_TWAI_SUPPORTS_RX_STATUS 1 +/*-------------------------- eFuse CAPS----------------------------*/ +#define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1 // AES-XTS and ECDSA key purposes not supported for this block + /*-------------------------- Flash Encryption CAPS----------------------------*/ #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (32) diff --git a/components/soc/esp32s3/include/soc/soc_caps.h b/components/soc/esp32s3/include/soc/soc_caps.h index d8fa7e995a..5d82e13749 100644 --- a/components/soc/esp32s3/include/soc/soc_caps.h +++ b/components/soc/esp32s3/include/soc/soc_caps.h @@ -325,6 +325,8 @@ #define SOC_PM_SUPPORT_DEEPSLEEP_VERIFY_STUB_ONLY (1) +/*-------------------------- eFuse CAPS----------------------------*/ +#define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1 // AES-XTS key purpose not supported for this block /*-------------------------- Flash Encryption CAPS----------------------------*/ #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (64) From 9e6e5ba0ef3201f3891c3b2b8bbf660b8749ed0c Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Wed, 5 Apr 2023 14:19:32 +0530 Subject: [PATCH 2/3] docs: add a note regarding EFuse Block9 key purpose quirk for some chips --- docs/en/api-reference/system/efuse.rst | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/docs/en/api-reference/system/efuse.rst b/docs/en/api-reference/system/efuse.rst index 9e90131bb6..d84f4863a3 100644 --- a/docs/en/api-reference/system/efuse.rst +++ b/docs/en/api-reference/system/efuse.rst @@ -27,19 +27,22 @@ For more details, see *{IDF_TARGET_NAME} Technical Reference Manual* > *eFuse Co .. only:: not esp32 + .. list:: + {IDF_TARGET_NAME} has 11 eFuse blocks each of the size of 256 bits (not all bits are available): * EFUSE_BLK0 is used entirely for system purposes; * EFUSE_BLK1 is used entirely for system purposes; * EFUSE_BLK2 is used entirely for system purposes; - * EFUSE_BLK3 or EFUSE_BLK_USER_DATA can be used for user purposes; - * EFUSE_BLK4 or EFUSE_BLK_KEY0 can be used as key (for secure_boot or flash_encryption) or for user purposes; - * EFUSE_BLK5 or EFUSE_BLK_KEY1 can be used as key (for secure_boot or flash_encryption) or for user purposes; - * EFUSE_BLK6 or EFUSE_BLK_KEY2 can be used as key (for secure_boot or flash_encryption) or for user purposes; - * EFUSE_BLK7 or EFUSE_BLK_KEY3 can be used as key (for secure_boot or flash_encryption) or for user purposes; - * EFUSE_BLK8 or EFUSE_BLK_KEY4 can be used as key (for secure_boot or flash_encryption) or for user purposes; - * EFUSE_BLK9 or EFUSE_BLK_KEY5 can be used as key (for secure_boot or flash_encryption) or for user purposes; - * EFUSE_BLK10 or EFUSE_BLK_SYS_DATA_PART2 is reseved for system purposes. + * EFUSE_BLK3 (also named EFUSE_BLK_USER_DATA) can be used for user purposes; + * EFUSE_BLK4 (also named EFUSE_BLK_KEY0) can be used as key (for secure_boot or flash_encryption) or for user purposes; + * EFUSE_BLK5 (also named EFUSE_BLK_KEY1) can be used as key (for secure_boot or flash_encryption) or for user purposes; + * EFUSE_BLK6 (also named EFUSE_BLK_KEY2) can be used as key (for secure_boot or flash_encryption) or for user purposes; + * EFUSE_BLK7 (also named EFUSE_BLK_KEY3) can be used as key (for secure_boot or flash_encryption) or for user purposes; + * EFUSE_BLK8 (also named EFUSE_BLK_KEY4) can be used as key (for secure_boot or flash_encryption) or for user purposes; + :SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK: * EFUSE_BLK9 (also named EFUSE_BLK_KEY5) can be used for any purpose except for flash encryption (due to a HW bug); + :not SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK: * EFUSE_BLK9 (also named EFUSE_BLK_KEY5) can be used as key (for secure_boot or flash_encryption) or for user purposes; + * EFUSE_BLK10 (also named EFUSE_BLK_SYS_DATA_PART2) is reseved for system purposes. Each block is divided into 8 32-bits registers. From 363c21891c7c8aea2191fc2f45b3c182801506a9 Mon Sep 17 00:00:00 2001 From: KonstantinKondrashov Date: Wed, 19 Apr 2023 20:20:17 +0800 Subject: [PATCH 3/3] esptool: Update esptool Prevent burning XTS_AES and ECDSA keys into BLOCK9 (BLOCK_KEY5) --- components/esptool_py/esptool | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/esptool_py/esptool b/components/esptool_py/esptool index 0299c38f10..ed3af0f60b 160000 --- a/components/esptool_py/esptool +++ b/components/esptool_py/esptool @@ -1 +1 @@ -Subproject commit 0299c38f103d38a61bc1715abe8965cf88fab4b7 +Subproject commit ed3af0f60b04ea7d02f995abad9bfb0c8f9b1e1a