From e8fcb93d0f4c100a8b3a550d4ca198750de4b204 Mon Sep 17 00:00:00 2001
From: KonstantinKondrashov <konstantin@espressif.com>
Date: Tue, 24 Jan 2023 18:21:37 +0800
Subject: [PATCH] bootloader_support(esp32c2): Fix
 esp_secure_boot_cfg_verify_release_mode API

When FE and SB keys are set then:
- 128 low bits are read protected
- 128 hi bits are readable
---
 components/bootloader_support/src/secure_boot.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/components/bootloader_support/src/secure_boot.c b/components/bootloader_support/src/secure_boot.c
index 0b5bab46fc..5e9b8832fc 100644
--- a/components/bootloader_support/src/secure_boot.c
+++ b/components/bootloader_support/src/secure_boot.c
@@ -363,7 +363,11 @@ bool esp_secure_boot_cfg_verify_release_mode(void)
             }
 #endif
             ++num_keys;
+#if SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
+            secure = !esp_efuse_read_field_bit(ESP_EFUSE_RD_DIS_KEY0_HI);
+#else
             secure = !esp_efuse_get_key_dis_read(block);
+#endif // !SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
             result &= secure;
             if (!secure) {
                 ESP_LOGE(TAG, "Secure boot key in BLOCK%d must NOT be read-protected (can not be used)", block);