espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-03 10:30:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(esp_security): Configure the Key Manager to use XTS-AES efuse key by-default

Browse Source
This commit is contained in:
harshal.patil
2025-09-19 10:13:52 +05:30
parent 649741fa9d
commit 8b663ebe4d
2 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
components/esp_security/src/init.c
View File

@@ -20,6 +20,7 @@
#if SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT #if SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT
#include "hal/key_mgr_ll.h" #include "hal/key_mgr_ll.h"
#include "hal/key_mgr_types.h"
#endif /* SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT */ #endif /* SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT */
__attribute__((unused)) static const char *TAG = "esp_security"; __attribute__((unused)) static const char *TAG = "esp_security";
@@ -27,14 +28,24 @@ __attribute__((unused)) static const char *TAG = "esp_security";
static void esp_key_mgr_init(void) static void esp_key_mgr_init(void)
{ {
// The following code initializes the key manager. // The following code initializes the key manager.
// When Flash Encryption is already enabled, Key Manager is initialized by the
// ROM, and when Flash Encryption is enabled during boot up, Key Manager is
// initialized by the bootloader.
#if SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT #if SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT
// Enable key manager clock if (!efuse_hal_flash_encryption_enabled()) {
// Using ll APIs which do not require critical section // Enable key manager clock
_key_mgr_ll_enable_bus_clock(true); key_mgr_ll_power_up();
_key_mgr_ll_enable_peripheral_clock(true); // Using ll APIs which do not require critical section
_key_mgr_ll_reset_register(); _key_mgr_ll_enable_bus_clock(true);
while (key_mgr_ll_get_state() != ESP_KEY_MGR_STATE_IDLE) { _key_mgr_ll_enable_peripheral_clock(true);
}; _key_mgr_ll_reset_register();
while (key_mgr_ll_get_state() != ESP_KEY_MGR_STATE_IDLE) {
};
// Force Key Manager to use eFuse key by-default for an XTS-AES operation.
key_mgr_ll_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
}
#endif /* SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT */ #endif /* SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT */
} }

10
components/hal/esp32p4/include/hal/key_mgr_ll.h
View File

@@ -25,6 +25,16 @@
extern "C" { extern "C" {
#endif #endif
static inline void key_mgr_ll_power_up(void)
{
// TODO: IDF-13524
}
static inline void key_mgr_ll_power_down(void)
{
// TODO: IDF-13524
}
/** /**
* @brief Enable the bus clock for Key Manager peripheral * @brief Enable the bus clock for Key Manager peripheral
* Note: Please use key_mgr_ll_enable_bus_clock which requires the critical section * Note: Please use key_mgr_ll_enable_bus_clock which requires the critical section