From adbf182bc5a1e1a07fd1efff7375fddc00a6c3c3 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Tue, 22 Dec 2020 18:51:13 +1100 Subject: [PATCH] bootloder_support: esp32c3 only supports XTS-AES-128 flash encryption --- .../src/esp32c3/flash_encrypt.c | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/components/bootloader_support/src/esp32c3/flash_encrypt.c b/components/bootloader_support/src/esp32c3/flash_encrypt.c index cc45a5fbf3..7145a273ba 100644 --- a/components/bootloader_support/src/esp32c3/flash_encrypt.c +++ b/components/bootloader_support/src/esp32c3/flash_encrypt.c @@ -68,16 +68,7 @@ static esp_err_t initialise_flash_encryption(void) /* Before first flash encryption pass, need to initialise key & crypto config */ /* Find out if a key is already set */ - bool has_aes128 = ets_efuse_find_purpose(ETS_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY, NULL); - bool has_aes256_1 = ets_efuse_find_purpose(ETS_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1, NULL); - bool has_aes256_2 = ets_efuse_find_purpose(ETS_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2, NULL); - - bool has_key = has_aes128 || (has_aes256_1 && has_aes256_2); - - if (!has_key && (has_aes256_1 || has_aes256_2)) { - ESP_LOGE(TAG, "Invalid efuse key blocks: Both AES-256 key blocks must be set."); - return ESP_ERR_INVALID_STATE; - } + bool has_key = ets_efuse_find_purpose(ETS_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY, NULL); if (has_key) { ESP_LOGI(TAG, "Using pre-existing key in efuse"); @@ -85,15 +76,9 @@ static esp_err_t initialise_flash_encryption(void) ESP_LOGE(TAG, "TODO: Check key is read & write protected"); // TODO } else { ESP_LOGI(TAG, "Generating new flash encryption key..."); -#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_AES256 - const unsigned BLOCKS_NEEDED = 2; - const ets_efuse_purpose_t PURPOSE_START = ETS_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1; - const ets_efuse_purpose_t PURPOSE_END = ETS_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2; -#else const unsigned BLOCKS_NEEDED = 1; const ets_efuse_purpose_t PURPOSE_START = ETS_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY; const ets_efuse_purpose_t PURPOSE_END = ETS_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY; -#endif if (ets_efuse_count_unused_key_blocks() < BLOCKS_NEEDED) { ESP_LOGE(TAG, "Not enough free efuse key blocks (need %d) to continue", BLOCKS_NEEDED);