espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2026-06-11 11:42:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/secure_features_are_enabled_correctly' into 'master'

Browse Source 
security: Adds new APIs to check that all eFuse security features are enabled correctly

Closes IDF-1814

See merge request espressif/esp-idf!19532
This commit is contained in:
Mahavir Jain
2023-01-13 15:09:55 +08:00
parent db9586c53f df662c30e4
commit fd34bdb70a
25 changed files with 654 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
examples/system/efuse/main/efuse_main.c
+15 -2
View File
@@ -15,10 +15,8 @@
#include "esp_efuse.h"
#include "esp_efuse_table.h"
#include "esp_efuse_custom_table.h"
#if CONFIG_IDF_TARGET_ESP32C2
#include "esp_secure_boot.h"
#include "esp_flash_encrypt.h"
#endif
#include "sdkconfig.h"
static const char* TAG = "example";
@@ -135,6 +133,21 @@ void app_main(void)
{
ESP_LOGI(TAG, "Start eFuse example");
#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED
if (esp_flash_encryption_cfg_verify_release_mode()) {
ESP_LOGI(TAG, "Flash Encryption is in RELEASE mode");
} else {
ESP_LOGW(TAG, "Flash Encryption is NOT in RELEASE mode");
}
#endif
#ifdef CONFIG_SECURE_BOOT
if (esp_secure_boot_cfg_verify_release_mode()) {
ESP_LOGI(TAG, "Secure Boot is in RELEASE mode");
} else {
ESP_LOGW(TAG, "Secure Boot is NOT in RELEASE mode");
}
#endif
esp_efuse_coding_scheme_t coding_scheme = get_coding_scheme();
(void) coding_scheme;
examples/system/efuse/pytest_system_efuse_example.py
+8 -1
View File
@@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
# SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Unlicense OR CC0-1.0
from __future__ import unicode_literals
@@ -248,6 +248,7 @@ def test_examples_efuse_with_virt_flash_enc_release(dut: Dut) -> None:
dut.expect_exact('flash encryption is enabled (0 plaintext flashes left)', timeout=5)
dut.expect('Flash encryption mode is RELEASE')
dut.expect('Start eFuse example')
dut.expect('Flash Encryption is in RELEASE mode')
dut.expect('example: Done')
@@ -772,6 +773,8 @@ def test_examples_efuse_with_virt_sb_v1_and_fe(dut: Dut) -> None:
dut.expect_exact('flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)')
dut.expect('main_task: Calling app_main()')
dut.expect('Start eFuse example')
dut.expect('example: Flash Encryption is NOT in RELEASE mode')
dut.expect('example: Secure Boot is in RELEASE mode')
dut.expect('example: Done')
@@ -851,6 +854,8 @@ def test_examples_efuse_with_virt_sb_v2_and_fe(dut: Dut) -> None:
dut.expect_exact('flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)')
dut.expect('main_task: Calling app_main()')
dut.expect('Start eFuse example')
dut.expect('example: Flash Encryption is NOT in RELEASE mode')
dut.expect('example: Secure Boot is in RELEASE mode')
dut.expect('example: Done')
@@ -938,6 +943,8 @@ def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(dut: Dut) -> None:
dut.expect_exact('flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)')
dut.expect('main_task: Calling app_main()')
dut.expect('Start eFuse example')
dut.expect('example: Flash Encryption is NOT in RELEASE mode')
dut.expect('example: Secure Boot is in RELEASE mode')
dut.expect('example: Done')