From 67a1fe6373af170c844573f52d86d83569d5bdcd Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Thu, 28 Sep 2023 09:16:03 +0530 Subject: [PATCH] fix(startup): flip the security configuration check order For cases where the bootloader is not enabled with the security features ends up receiving an incorrect application with flash encryption enabled should not really program any security efuses. In the startup sequence, we first used to program the ROM DL mode configuration but now we check for the flash encryption related checks first. If the flash encryption related checks finds that flash encryption is not enabled on the device then it aborts the boot process. This is the case with `CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP` enabled. This would at-least ensure that accidental program of security enabled application does not really program any ROM DL mode efuses and there is chance to recover the device. --- components/esp_system/startup.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/components/esp_system/startup.c b/components/esp_system/startup.c index 44b3ce7cd8..9960ee8ebb 100644 --- a/components/esp_system/startup.c +++ b/components/esp_system/startup.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -353,6 +353,15 @@ static void do_core_init(void) #endif #endif +#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED + esp_flash_encryption_init_checks(); +#endif + +#if defined(CONFIG_SECURE_BOOT) || defined(CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT) + // Note: in some configs this may read flash, so placed after flash init + esp_secure_boot_init_checks(); +#endif + #if CONFIG_SECURE_DISABLE_ROM_DL_MODE err = esp_efuse_disable_rom_download_mode(); assert(err == ESP_OK && "Failed to disable ROM download mode"); @@ -367,15 +376,6 @@ static void do_core_init(void) esp_efuse_disable_basic_rom_console(); #endif -#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED - esp_flash_encryption_init_checks(); -#endif - -#if defined(CONFIG_SECURE_BOOT) || defined(CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT) - // Note: in some configs this may read flash, so placed after flash init - esp_secure_boot_init_checks(); -#endif - #ifdef ROM_LOG_MODE esp_efuse_set_rom_log_scheme(ROM_LOG_MODE); #endif