espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-11-07 18:41:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

esp32s2: Disable legacy boot mode & ROM remap modes if either Secure Boot or Flash Encryption is on

Browse Source
This commit is contained in:
Angus Gratton
2020-04-25 15:39:57 +10:00
committed by Angus Gratton
parent e1ec6c86e6
commit 9b822a3d2e
2 changed files with 19 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
components/bootloader_support/src/esp32s2/secure_boot.c
View File

@@ -34,12 +34,20 @@ esp_err_t esp_secure_boot_permanently_enable(void)
return r;
}
ets_efuse_clear_program_registers();
REG_SET_BIT(EFUSE_PGM_DATA3_REG, EFUSE_SECURE_BOOT_EN);
ets_efuse_program(ETS_EFUSE_BLOCK0);
esp_efuse_batch_write_begin(); /* Batch all efuse writes at the end of this function */
assert(ets_efuse_secure_boot_enabled());
ESP_LOGI(TAG, "Secure boot permanently enabled");
esp_efuse_write_field_bit(ESP_EFUSE_SECURE_BOOT_EN);
esp_efuse_write_field_bit(ESP_EFUSE_DIS_BOOT_REMAP);
esp_efuse_write_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT);
// TODO: also disable JTAG here, etc
esp_err_t err = esp_efuse_batch_write_commit();
if (err == ESP_OK) {
assert(ets_efuse_secure_boot_enabled());
ESP_LOGI(TAG, "Secure boot permanently enabled");
}
return ESP_OK;
}