forked from espressif/esp-idf
fix(bootloader_support): Allow SOFT_DIS_JTAG in verify_release_mode
This commit is contained in:
Aditya Patwardhan
@@ -357,23 +357,48 @@ bool esp_flash_encryption_cfg_verify_release_mode(void)
|
||||
ESP_LOGW(TAG, "Not disabled UART bootloader cache (set DIS_DOWNLOAD_ICACHE->1)");
|
||||
}
|
||||
#endif
|
||||
|
||||
#if SOC_EFUSE_DIS_PAD_JTAG
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_PAD_JTAG);
|
||||
result &= secure;
|
||||
if (!secure) {
|
||||
ESP_LOGW(TAG, "Not disabled JTAG PADs (set DIS_PAD_JTAG->1)");
|
||||
bool soft_dis_jtag = false;
|
||||
#if SOC_EFUSE_SOFT_DIS_JTAG
|
||||
size_t soft_dis_jtag_cnt_val = 0;
|
||||
esp_efuse_read_field_cnt(ESP_EFUSE_SOFT_DIS_JTAG, &soft_dis_jtag_cnt_val);
|
||||
soft_dis_jtag = (soft_dis_jtag_cnt_val == ESP_EFUSE_SOFT_DIS_JTAG[0]->bit_count);
|
||||
if (soft_dis_jtag) {
|
||||
bool hmac_key_found = false;
|
||||
hmac_key_found = esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG, NULL);
|
||||
hmac_key_found |= esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL, NULL);
|
||||
if (!hmac_key_found) {
|
||||
ESP_LOGW(TAG, "SOFT_DIS_JTAG is set but HMAC key with respective purpose not found");
|
||||
soft_dis_jtag = false;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!soft_dis_jtag) {
|
||||
#if SOC_EFUSE_DIS_PAD_JTAG
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_PAD_JTAG);
|
||||
result &= secure;
|
||||
if (!secure) {
|
||||
ESP_LOGW(TAG, "Not disabled JTAG PADs (set DIS_PAD_JTAG->1)");
|
||||
}
|
||||
#endif
|
||||
|
||||
#if SOC_EFUSE_DIS_USB_JTAG
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_USB_JTAG);
|
||||
result &= secure;
|
||||
if (!secure) {
|
||||
ESP_LOGW(TAG, "Not disabled USB JTAG (set DIS_USB_JTAG->1)");
|
||||
}
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_USB_JTAG);
|
||||
result &= secure;
|
||||
if (!secure) {
|
||||
ESP_LOGW(TAG, "Not disabled USB JTAG (set DIS_USB_JTAG->1)");
|
||||
}
|
||||
#endif
|
||||
|
||||
#if SOC_EFUSE_HARD_DIS_JTAG
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_HARD_DIS_JTAG);
|
||||
result &= secure;
|
||||
if (!secure) {
|
||||
ESP_LOGW(TAG, "Not disabled JTAG (set HARD_DIS_JTAG->1)");
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#if SOC_EFUSE_DIS_DIRECT_BOOT
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);
|
||||
result &= secure;
|
||||
@@ -382,14 +407,6 @@ bool esp_flash_encryption_cfg_verify_release_mode(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if SOC_EFUSE_HARD_DIS_JTAG
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_HARD_DIS_JTAG);
|
||||
result &= secure;
|
||||
if (!secure) {
|
||||
ESP_LOGW(TAG, "Not disabled JTAG (set HARD_DIS_JTAG->1)");
|
||||
}
|
||||
#endif
|
||||
|
||||
#if SOC_EFUSE_DIS_BOOT_REMAP
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_BOOT_REMAP);
|
||||
result &= secure;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
|
||||
* SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
|
||||
*
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
@@ -298,38 +298,47 @@ bool esp_secure_boot_cfg_verify_release_mode(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if SOC_EFUSE_HARD_DIS_JTAG
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_HARD_DIS_JTAG);
|
||||
result &= secure;
|
||||
if (!secure) {
|
||||
ESP_LOGW(TAG, "Not disabled JTAG (set HARD_DIS_JTAG->1)");
|
||||
}
|
||||
#endif
|
||||
|
||||
bool soft_dis_jtag = false;
|
||||
#if SOC_EFUSE_SOFT_DIS_JTAG
|
||||
size_t soft_dis_jtag_cnt_val = 0;
|
||||
esp_efuse_read_field_cnt(ESP_EFUSE_SOFT_DIS_JTAG, &soft_dis_jtag_cnt_val);
|
||||
if (soft_dis_jtag_cnt_val != ESP_EFUSE_SOFT_DIS_JTAG[0]->bit_count) {
|
||||
result &= secure;
|
||||
ESP_LOGW(TAG, "Not disabled JTAG in the soft way (set SOFT_DIS_JTAG->max)");
|
||||
soft_dis_jtag = (soft_dis_jtag_cnt_val == ESP_EFUSE_SOFT_DIS_JTAG[0]->bit_count);
|
||||
if (soft_dis_jtag) {
|
||||
bool hmac_key_found = false;
|
||||
hmac_key_found = esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG, NULL);
|
||||
hmac_key_found |= esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL, NULL);
|
||||
if (!hmac_key_found) {
|
||||
ESP_LOGW(TAG, "SOFT_DIS_JTAG is set but HMAC key with respective purpose not found");
|
||||
soft_dis_jtag = false;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!soft_dis_jtag) {
|
||||
#if SOC_EFUSE_HARD_DIS_JTAG
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_HARD_DIS_JTAG);
|
||||
result &= secure;
|
||||
if (!secure) {
|
||||
ESP_LOGW(TAG, "Not disabled JTAG (set HARD_DIS_JTAG->1)");
|
||||
}
|
||||
#endif
|
||||
|
||||
#if SOC_EFUSE_DIS_PAD_JTAG
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_PAD_JTAG);
|
||||
result &= secure;
|
||||
if (!secure) {
|
||||
ESP_LOGW(TAG, "Not disabled JTAG PADs (set DIS_PAD_JTAG->1)");
|
||||
}
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_PAD_JTAG);
|
||||
result &= secure;
|
||||
if (!secure) {
|
||||
ESP_LOGW(TAG, "Not disabled JTAG PADs (set DIS_PAD_JTAG->1)");
|
||||
}
|
||||
#endif
|
||||
|
||||
#if SOC_EFUSE_DIS_USB_JTAG
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_USB_JTAG);
|
||||
result &= secure;
|
||||
if (!secure) {
|
||||
ESP_LOGW(TAG, "Not disabled USB JTAG (set DIS_USB_JTAG->1)");
|
||||
}
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_USB_JTAG);
|
||||
result &= secure;
|
||||
if (!secure) {
|
||||
ESP_LOGW(TAG, "Not disabled USB JTAG (set DIS_USB_JTAG->1)");
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef CONFIG_SECURE_BOOT_ENABLE_AGGRESSIVE_KEY_REVOKE
|
||||
secure = esp_efuse_read_field_bit(ESP_EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE);
|
||||
|
||||
Reference in New Issue
Block a user