espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-02 20:24:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/startup_secure_options' into 'master'

Browse Source 
esp_system: fix compilation error when security features are enabled

See merge request espressif/esp-idf!9678
This commit is contained in:
Angus Gratton
2020-07-20 15:08:17 +08:00
parent f092054f3d eff6a1eaab
commit eb77e1b11a
3 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
components/bootloader/Kconfig.projbuild
View File

@@ -320,6 +320,11 @@ menu "Security features"
select MBEDTLS_ECDSA_C select MBEDTLS_ECDSA_C
depends on SECURE_SIGNED_ON_BOOT || SECURE_SIGNED_ON_UPDATE depends on SECURE_SIGNED_ON_BOOT || SECURE_SIGNED_ON_UPDATE
config SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
bool
default y
depends on IDF_TARGET_ESP32S2
config SECURE_SIGNED_APPS_NO_SECURE_BOOT config SECURE_SIGNED_APPS_NO_SECURE_BOOT
bool "Require signed app images" bool "Require signed app images"
@@ -587,7 +592,7 @@ menu "Security features"
config SECURE_FLASH_ENCRYPTION_MODE_RELEASE config SECURE_FLASH_ENCRYPTION_MODE_RELEASE
bool "Release" bool "Release"
select SECURE_ENABLE_SECURE_ROM_DL_MODE select SECURE_ENABLE_SECURE_ROM_DL_MODE if SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
endchoice endchoice
@@ -719,7 +724,7 @@ menu "Security features"
config SECURE_ENABLE_SECURE_ROM_DL_MODE config SECURE_ENABLE_SECURE_ROM_DL_MODE
bool "Permanently switch to ROM UART Secure Download mode" bool "Permanently switch to ROM UART Secure Download mode"
depends on IDF_TARGET_ESP32S2 && !SECURE_DISABLE_ROM_DL_MODE depends on SECURE_TARGET_HAS_SECURE_ROM_DL_MODE && !SECURE_DISABLE_ROM_DL_MODE
help help
If set, during startup the app will burn an eFuse bit to permanently switch the UART ROM If set, during startup the app will burn an eFuse bit to permanently switch the UART ROM
Download Mode into a separate Secure Download mode. This option can only work if Download Mode into a separate Secure Download mode. This option can only work if

4
components/esp_system/startup.c
View File

@@ -229,6 +229,8 @@ static void IRAM_ATTR do_core_init(void)
esp_flash_encryption_init_checks(); esp_flash_encryption_init_checks();
#endif #endif
esp_err_t err;
#if CONFIG_SECURE_DISABLE_ROM_DL_MODE #if CONFIG_SECURE_DISABLE_ROM_DL_MODE
err = esp_efuse_disable_rom_download_mode(); err = esp_efuse_disable_rom_download_mode();
assert(err == ESP_OK && "Failed to disable ROM download mode"); assert(err == ESP_OK && "Failed to disable ROM download mode");
@@ -243,8 +245,6 @@ static void IRAM_ATTR do_core_init(void)
esp_efuse_disable_basic_rom_console(); esp_efuse_disable_basic_rom_console();
#endif #endif
esp_err_t err;
esp_timer_init(); esp_timer_init();
esp_set_time_from_rtc(); esp_set_time_from_rtc();

2
tools/test_apps/system/build_test/sdkconfig.ci.flash_encryption_release Normal file
View File

@@ -0,0 +1,2 @@
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE=y