espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-11-22 18:29:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(bootloader_support): Permanently enable pseudo rounds function for XTS-AES during start-up

Browse Source
This commit is contained in:
harshal.patil
2024-11-28 16:04:54 +05:30
parent fba8ab89da
commit f02dc64ce6
6 changed files with 106 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
components/bootloader_support/src/esp32c61/flash_encryption_secure_features.c
View File

@@ -40,6 +40,12 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
esp_efuse_write_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);
#if defined(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE) && defined(SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND)
ESP_LOGI(TAG, "Enable XTS-AES pseudo rounds function...");
uint8_t xts_pseudo_level = CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH;
esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
#endif
#if defined(CONFIG_SECURE_BOOT_V2_ENABLED) && !defined(CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS)
// This bit is set when enabling Secure Boot V2, but we can't enable it until this later point in the first boot
// otherwise the Flash Encryption key cannot be read protected