feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

Merge branch 'feature/burn-security-efuses-again' into fixes

Browse Source
This commit is contained in:
0xFEEDC0DE64
2024-06-17 13:05:52 +02:00
parent 562e52f68e 138a47c750
commit 0770fbe268
1 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
components/bootloader_support/src/bootloader_utility.c
View File

@@ -615,7 +615,25 @@ static void load_image(const esp_image_metadata_t *image_data)
*/ */
ESP_LOGI(TAG, "Checking flash encryption..."); ESP_LOGI(TAG, "Checking flash encryption...");
bool flash_encryption_enabled = esp_flash_encrypt_state(); bool flash_encryption_enabled = esp_flash_encrypt_state();
if (!flash_encryption_enabled) { if (flash_encryption_enabled) {
#if BOOTLOADER_BUILD
/* Ensure security eFuses are burnt */
esp_efuse_batch_write_begin();
esp_err_t err = esp_flash_encryption_enable_secure_features();
if (err != ESP_OK) {
ESP_LOGE(TAG, "Error setting security eFuses (err=0x%x).", err);
esp_efuse_batch_write_cancel();
return;
}
err = esp_efuse_batch_write_commit();
if (err != ESP_OK) {
ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err);
return;
}
ESP_LOGI(TAG, "Security eFuses are burnt");
#endif // BOOTLOADER_BUILD
} else {
#ifdef CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED #ifdef CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
ESP_LOGE(TAG, "flash encryption is not enabled, and SECURE_FLASH_REQUIRE_ALREADY_ENABLED is set, refusing to boot."); ESP_LOGE(TAG, "flash encryption is not enabled, and SECURE_FLASH_REQUIRE_ALREADY_ENABLED is set, refusing to boot.");
return; return;