espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-11-02 16:11:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

bootloader/flash_encrypt: added esp32s2 flash encryption code on build system and enabled example

Browse Source 
flash_enctryption: enabled flash encryption example on esp32s2

bootloader: raise WDT overflow value providing sufficient interval to encrypt app partition

flash_ encrypt: Fixed the TODOs on flash encryption key generation for esp32s2

flash_encryption: added secure boot features to flash enctryption for esp32s2

bootloader: leave only esp32s2 compatible potentially insecure options on menuconfig.

flash_encryption: removed secure boot version 1 from esp32s2 encryption code

flash_encryption:  added  CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED option for esp32s2

flash_encryption: fixed the count of left plaintext flash

flash_encryption: disable dcache and icache download when using encryption in release mode

flash_encryption:  add cache potentally insecure options for s2 chips

flash_encryption: fixed bug which bricked some chips in relase mode
This commit is contained in:
Felipe Neves
2020-03-11 14:48:56 -03:00
parent cd1aba595e
commit 7635dce502
5 changed files with 125 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
components/bootloader/Kconfig.projbuild
View File

@@ -180,7 +180,8 @@ menu "Bootloader config"
config BOOTLOADER_WDT_TIME_MS
int "Timeout for RTC watchdog (ms)"
depends on BOOTLOADER_WDT_ENABLE
default 9000
default 9000 if IDF_TARGET_ESP32
default 40000 if IDF_TARGET_ESP32S2
range 0 120000
help
Verify that this parameter is correct and more then the execution time.
@@ -601,7 +602,7 @@ menu "Security features"
config SECURE_BOOT_ALLOW_ROM_BASIC
bool "Leave ROM BASIC Interpreter available on reset"
depends on SECURE_BOOT_INSECURE || SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
depends on SECURE_BOOT_INSECURE || SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT && IDF_TARGET_ESP32
default N
help
By default, the BASIC ROM Console starts on reset if no valid bootloader is
@@ -664,7 +665,7 @@ menu "Security features"
config SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC
bool "Leave UART bootloader decryption enabled"
depends on SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
depends on SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT && IDF_TARGET_ESP32
default N
help
If not set (default), the bootloader will permanently disable UART bootloader decryption access on