Merge branch 'esp32s3/secure_boot' into 'master'

bootloader: Enable Secure boot V2 for ESP32-S3 Closes IDF-1787 See merge request espressif/esp-idf!14873
2025-08-08 15:14:33 +02:00 · 2021-08-20 06:44:19 +00:00
parent bb87fd8f08 2d82560ed5
commit 85e1258178
6 changed files with 33 additions and 10 deletions
--- a/components/bootloader/Kconfig.projbuild
+++ b/components/bootloader/Kconfig.projbuild
@@ -424,12 +424,12 @@ menu "Security features"
    config SECURE_BOOT_SUPPORTS_RSA
        bool
        default y
-        depends on ESP32_REV_MIN_3 || IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32C3
+        depends on ESP32_REV_MIN_3 || IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32S3

    config SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
        bool
        default y
-        depends on IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32C3
+        depends on IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32S3


    config SECURE_SIGNED_APPS_NO_SECURE_BOOT
@@ -501,7 +501,7 @@ menu "Security features"
    config SECURE_BOOT
        bool "Enable hardware Secure Boot in bootloader (READ DOCS FIRST)"
        default n
-        depends on IDF_TARGET_ESP32 || IDF_TARGET_ESP32S2 || ESP32C3_REV_MIN_3
+        depends on IDF_TARGET_ESP32 || IDF_TARGET_ESP32S2 || ESP32C3_REV_MIN_3 || IDF_TARGET_ESP32S3
        help
            Build a bootloader which enables Secure Boot on first boot.

--- a/components/bootloader_support/src/esp32s3/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32s3/flash_encryption_secure_features.c
@@ -41,5 +41,11 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)

    esp_efuse_write_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT);

+#if defined(CONFIG_SECURE_BOOT_V2_ENABLED) && !defined(CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS)
+    // This bit is set when enabling Secure Boot V2, but we can't enable it until this later point in the first boot
+    // otherwise the Flash Encryption key cannot be read protected
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
+#endif
+
    return ESP_OK;
 }
--- a/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c
+++ b/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c
@@ -27,6 +27,7 @@ esp_err_t esp_secure_boot_enable_secure_features(void)

 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG
    ESP_LOGI(TAG, "Disable hardware & software JTAG...");
+    esp_efuse_write_field_bit(ESP_EFUSE_DIS_USB_JTAG);
    esp_efuse_write_field_bit(ESP_EFUSE_HARD_DIS_JTAG);
    esp_efuse_write_field_cnt(ESP_EFUSE_SOFT_DIS_JTAG, ESP_EFUSE_SOFT_DIS_JTAG[0]->bit_count);
 #else
@@ -39,5 +40,20 @@ esp_err_t esp_secure_boot_enable_secure_features(void)

    esp_efuse_write_field_bit(ESP_EFUSE_SECURE_BOOT_EN);

+#ifndef CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS
+    bool rd_dis_now = true;
+#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED
+    /* If flash encryption is not enabled yet then don't read-disable efuses yet, do it later in the boot
+       when Flash Encryption is being enabled */
+    rd_dis_now = esp_flash_encryption_enabled();
+#endif
+    if (rd_dis_now) {
+        ESP_LOGI(TAG, "Prevent read disabling of additional efuses...");
+        esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
+    }
+#else
+    ESP_LOGW(TAG, "Allowing read disabling of additional efuses - SECURITY COMPROMISED");
+#endif
+
    return ESP_OK;
 }
--- a/components/esp_rom/include/esp32s3/rom/rsa_pss.h
+++ b/components/esp_rom/include/esp32s3/rom/rsa_pss.h
@@ -32,7 +32,7 @@ typedef struct {
    uint32_t mdash;
 } ets_rsa_pubkey_t;

-bool ets_rsa_pss_verify(const ets_rsa_pubkey_t *key, const uint8_t *sig, const uint8_t *digest);
+bool ets_rsa_pss_verify(const ets_rsa_pubkey_t *key, const uint8_t *sig, const uint8_t *digest, uint8_t *verified_digest);

 void ets_mgf1_sha256(const uint8_t *mgfSeed, size_t seedLen, size_t maskLen, uint8_t *mask);

--- a/components/soc/esp32s3/include/soc/soc_caps.h
+++ b/components/soc/esp32s3/include/soc/soc_caps.h
@@ -21,6 +21,7 @@
 #define SOC_DIG_SIGN_SUPPORTED          0
 #define SOC_HMAC_SUPPORTED              1
 #define SOC_ASYNC_MEMCPY_SUPPORTED      1
+#define SOC_SUPPORTS_SECURE_DL_MODE     1
 #define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 3
 #define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS 1
 #define SOC_SDMMC_HOST_SUPPORTED        1
--- a/docs/en/security/secure-boot-v2.rst
+++ b/docs/en/security/secure-boot-v2.rst
@@ -26,7 +26,7 @@ Background
 ----------

 Secure Boot protects a device from running unsigned code (verification at time of load). A new RSA based secure boot
-verification scheme (Secure Boot V2) has been introduced for ESP32-S2, ESP32-C3 ECO3 onwards, and ESP32 ECO3 onwards.
+verification scheme (Secure Boot V2) has been introduced for ESP32-S2, ESP32-S3, ESP32-C3 ECO3 onwards, and ESP32 ECO3 onwards.

 - The software bootloader’s RSA-PSS signature is verified by the Mask ROM and it is executed post successful verification.
 - The verified software bootloader verifies the RSA-PSS signature of the application image before it is executed.
@@ -40,7 +40,7 @@ Advantages

    - Only one public key can be generated and stored in ESP32 ECO3 during manufacturing.

-.. only:: esp32s2 or esp32c3
+.. only:: esp32s2 or esp32c3 or esp32s3

    - Up to three public keys can be generated and stored in the chip during manufacturing.

@@ -117,7 +117,7 @@ A signature block is “valid” if the first byte is 0xe7 and a valid CRC32 is

    Only one signature block can be appended to the bootloader or application image in ESP32 ECO3.

-  .. only:: esp32s2 or esp32c3
+  .. only:: esp32s2 or esp32c3 or esp32s3

    Upto 3 signature blocks can be appended to the bootloader or application image in {IDF_TARGET_NAME}.

@@ -154,7 +154,7 @@ eFuse usage

    - BLK2 - Stores the SHA-256 digest of the public key. SHA-256 hash of public key modulus, exponent, precalculated R & M’ values (represented as 776 bytes – offsets 36 to 812 - as per the :ref:`signature-block-format`) is written to an eFuse key block. The write-protection bit must be set, but the read-protection bit must not.

-.. only:: esp32s2 or esp32c3
+.. only:: esp32s2 or esp32c3 or esp32s3

    - SECURE_BOOT_EN - Enables secure boot protection on boot.

@@ -185,7 +185,7 @@ How To Enable Secure Boot V2

    4. Select the desired UART ROM download mode in "UART ROM download mode". By default the UART ROM download mode has been kept enabled in order to prevent permanently disabling it in the development phase, this option is a potentially insecure option. It is recommended to disable the UART download mode for better security.

-.. only:: esp32s2 or esp32c3
+.. only:: esp32s2 or esp32c3 or esp32s3

    2. The "Secure Boot V2" option will be selected and the "App Signing Scheme" would be set to RSA by default.

@@ -269,7 +269,7 @@ Secure Boot Best Practices
 * Enable all secure boot options in the Secure Boot Configuration. These include flash encryption, disabling of JTAG, disabling BASIC ROM interpeter, and disabling the UART bootloader encrypted flash access.
 * Use secure boot in combination with :doc:`flash encryption<flash-encryption>` to prevent local readout of the flash contents.

-.. only:: esp32s2 or esp32c3
+.. only:: esp32s2 or esp32c3 or esp32s3

    Key Management
    --------------