From 46a7409965121a50e5b63c861dae26713136b8ee Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Tue, 3 Dec 2019 16:00:07 +1100 Subject: [PATCH] security: Hide Secure Boot & Flash Encryption config items when using CMake These features are not supported in the CMake build system preview, but previously had to read the notice in the CMake Getting Started guide to know this. Related to https://github.com/espressif/esp-idf/issues/4419 --- components/bootloader/Kconfig.projbuild | 1 + docs/en/security/flash-encryption.rst | 5 ++++- docs/en/security/secure-boot.rst | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild index a9342ebb6a..450cb459e1 100644 --- a/components/bootloader/Kconfig.projbuild +++ b/components/bootloader/Kconfig.projbuild @@ -223,6 +223,7 @@ endmenu # Bootloader menu "Security features" + visible if !IDF_CMAKE # These three are the actual options to check in code, # selected by the displayed options diff --git a/docs/en/security/flash-encryption.rst b/docs/en/security/flash-encryption.rst index 8f527e093c..f73561c08f 100644 --- a/docs/en/security/flash-encryption.rst +++ b/docs/en/security/flash-encryption.rst @@ -8,7 +8,10 @@ Flash Encryption is separate from the :doc:`Secure Boot ` feature, When using any non-default configuration in production, additional steps may also be needed to ensure effectiveness of flash encryption. See :ref:`securing-flash-encryption` for more details. .. important:: - Enabling flash encryption limits your options for further updates of your ESP32. Make sure to read this document (including :ref:`flash-encryption-limitations`) and understand the implications of enabling flash encryption. + Enabling flash encryption limits your options for further updates of your ESP32. Make sure to read this document (including :ref:`flash-encryption-limitations`) and understand the implications of enabling flash encryption. + +.. note:: + Flash encryption is only supported when using the default GNU Make build system. The CMake build system preview in ESP-IDF v3.x does not support flash encryption. Background ---------- diff --git a/docs/en/security/secure-boot.rst b/docs/en/security/secure-boot.rst index 79baa87255..ef5e62c38e 100644 --- a/docs/en/security/secure-boot.rst +++ b/docs/en/security/secure-boot.rst @@ -9,6 +9,10 @@ Secure Boot is separate from the :doc:`Flash Encryption ` feat Enabling secure boot limits your options for further updates of your ESP32. Make sure to read this document throughly and understand the implications of enabling secure boot. +.. note:: + + Secure boot is only supported when using the default GNU Make build system. The CMake build system preview in ESP-IDF v3.x does not support secure boot. + Background ----------