feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

Merge branch 'bugfix/fix_efuse_example_c2' into 'master'

Browse Source 
fix(efuse): Fix efuse test examples

Closes IDF-11263

See merge request espressif/esp-idf!32575
This commit is contained in:
Konstantin Kondrashov
2024-09-23 15:23:04 +08:00
parent 3a6a6ecedc cb6e8209e5
commit efc143bf10
9 changed files with 54 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
examples/system/efuse/conftest.py
View File

@@ -1,9 +1,12 @@
# SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD # SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
import json
import logging import logging
import os import os
import tempfile
from typing import Any
import espefuse
import pytest import pytest
from _pytest.fixtures import FixtureRequest from _pytest.fixtures import FixtureRequest
from _pytest.monkeypatch import MonkeyPatch from _pytest.monkeypatch import MonkeyPatch
@@ -52,6 +55,12 @@ class EfuseFlashEncSerial(IdfSerial):
# Restore self.app.flash files to original value # Restore self.app.flash files to original value
self.app.flash_files = prev_flash_files self.app.flash_files = prev_flash_files
def erase_field_on_emul_efuse_by_name(self, efuse_names: list) -> None:
pos_of_bits = []
for name in efuse_names:
pos_of_bits.append(self.get_efuse_offset(name))
self.erase_field_on_emul_efuse(pos_of_bits)
def erase_field_on_emul_efuse(self, pos_of_bits: list) -> None: def erase_field_on_emul_efuse(self, pos_of_bits: list) -> None:
emul_efuse_bin_path = os.path.join(self.app.binary_path, 'emul_efuse.bin') emul_efuse_bin_path = os.path.join(self.app.binary_path, 'emul_efuse.bin')
self.dump_flash(output=emul_efuse_bin_path, partition='emul_efuse') self.dump_flash(output=emul_efuse_bin_path, partition='emul_efuse')
@@ -86,6 +95,20 @@ class EfuseFlashEncSerial(IdfSerial):
self.flash() self.flash()
self.app.flash_files = prev_flash_files self.app.flash_files = prev_flash_files
def get_efuse_offset(self, efuse_name: str) -> Any:
with tempfile.NamedTemporaryFile(suffix='.json') as temp_file:
temp_file_path = temp_file.name
espefuse.main(f'--virt -c {self.target} summary --format json --file {temp_file_path}'.split())
with open(temp_file_path, 'r') as file:
efuse_summary = json.load(file)
if efuse_name in efuse_summary:
data = efuse_summary[efuse_name]
offset = int(data['word'] * 32) + data['pos']
print(f'{efuse_name} offset = {offset}')
return offset
else:
raise ValueError(f"eFuse '{efuse_name}' not found in the summary.")
@pytest.fixture(scope='module') @pytest.fixture(scope='module')
def monkeypatch_module(request: FixtureRequest) -> MonkeyPatch: def monkeypatch_module(request: FixtureRequest) -> MonkeyPatch:

4
examples/system/efuse/main/efuse_main.c
View File

@@ -17,11 +17,11 @@
#include "esp_efuse_table.h" #include "esp_efuse_table.h"
#include "esp_efuse_custom_table.h" #include "esp_efuse_custom_table.h"
#if CONFIG_SECURE_BOOT #if CONFIG_SECURE_BOOT || CONFIG_IDF_TARGET_ESP32C2
#include "esp_secure_boot.h" #include "esp_secure_boot.h"
#endif #endif
#if CONFIG_SECURE_FLASH_ENC_ENABLED #if CONFIG_SECURE_FLASH_ENC_ENABLED || CONFIG_IDF_TARGET_ESP32C2
#include "esp_flash_encrypt.h" #include "esp_flash_encrypt.h"
#endif #endif

50
examples/system/efuse/pytest_system_efuse_example.py
View File

@@ -174,20 +174,12 @@ def test_examples_efuse_with_virt_flash_enc_pre_loaded(dut: Dut) -> None:
dut.expect('example: Done') dut.expect('example: Done')
if dut.app.target == 'esp32': if dut.app.target == 'esp32':
print(' - Flash emul_efuse with pre-loaded efuses (FLASH_CRYPT_CNT 1 -> 0)') CRYPT_CNT_EFUSE_NAME = 'FLASH_CRYPT_CNT'
# offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
FLASH_CRYPT_CNT = 20
# Resets eFuse, which enables Flash encryption feature
dut.serial.erase_field_on_emul_efuse([FLASH_CRYPT_CNT])
elif dut.app.target == 'esp32c2':
FLASH_CRYPT_CNT = 39
dut.serial.erase_field_on_emul_efuse([FLASH_CRYPT_CNT])
else: else:
# offset of this eFuse is taken from components/efuse/{target}/esp_efuse_table.csv CRYPT_CNT_EFUSE_NAME = 'SPI_BOOT_CRYPT_CNT'
print(' - Flash emul_efuse with pre-loaded efuses (SPI_BOOT_CRYPT_CNT 1 -> 0)') print(f' - Flash emul_efuse with pre-loaded efuses ({CRYPT_CNT_EFUSE_NAME} 1 -> 0)')
SPI_BOOT_CRYPT_CNT = 82
# Resets eFuse, which enables Flash encryption feature # Resets eFuse, which enables Flash encryption feature
dut.serial.erase_field_on_emul_efuse([SPI_BOOT_CRYPT_CNT]) dut.serial.erase_field_on_emul_efuse_by_name([CRYPT_CNT_EFUSE_NAME])
print(' - Start app (flash partition_table and app)') print(' - Start app (flash partition_table and app)')
dut.serial.write_flash_no_enc() dut.serial.write_flash_no_enc()
@@ -347,10 +339,8 @@ def test_examples_efuse_with_virt_secure_boot_v1_pre_loaded(dut: Dut) -> None:
dut.expect('example: Done') dut.expect('example: Done')
print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_0 1 -> 0)') print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_0 1 -> 0)')
# offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
ABS_DONE_0 = 196
# Resets eFuse, which enables Secure boot (V1) feature # Resets eFuse, which enables Secure boot (V1) feature
dut.serial.erase_field_on_emul_efuse([ABS_DONE_0]) dut.serial.erase_field_on_emul_efuse_by_name(['ABS_DONE_0'])
print(' - Start app (flash partition_table and app)') print(' - Start app (flash partition_table and app)')
dut.serial.flash() dut.serial.flash()
@@ -453,10 +443,8 @@ def test_examples_efuse_with_virt_secure_boot_v2(dut: Dut) -> None:
dut.expect('example: Done') dut.expect('example: Done')
print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_1 1 -> 0)') print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_1 1 -> 0)')
# offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
ABS_DONE_1 = 197
# Resets eFuse, which enables Secure boot (V2) feature # Resets eFuse, which enables Secure boot (V2) feature
dut.serial.erase_field_on_emul_efuse([ABS_DONE_1]) dut.serial.erase_field_on_emul_efuse_by_name(['ABS_DONE_1'])
print(' - Start app (flash partition_table and app)') print(' - Start app (flash partition_table and app)')
dut.serial.flash() dut.serial.flash()
@@ -518,10 +506,8 @@ def test_examples_efuse_with_virt_secure_boot_v2_pre_loaded(dut: Dut) -> None:
dut.expect('example: Done') dut.expect('example: Done')
print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_1 1 -> 0)') print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_1 1 -> 0)')
# offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
ABS_DONE_1 = 197
# Resets eFuse, which enables Secure boot (V2) feature # Resets eFuse, which enables Secure boot (V2) feature
dut.serial.erase_field_on_emul_efuse([ABS_DONE_1]) dut.serial.erase_field_on_emul_efuse_by_name(['ABS_DONE_1'])
print(' - Start app (flash partition_table and app)') print(' - Start app (flash partition_table and app)')
dut.serial.flash() dut.serial.flash()
@@ -594,7 +580,7 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(dut: Dut) -> None:
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set') dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
if dut.app.target == 'esp32c2': if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'):
signed_scheme = 'ECDSA' signed_scheme = 'ECDSA'
else: else:
signed_scheme = 'RSA-PSS' signed_scheme = 'RSA-PSS'
@@ -670,24 +656,19 @@ def test_example_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(dut: Dut) ->
print(' - Flash emul_efuse with pre-loaded efuses (SECURE_BOOT_EN 1 -> 0, SECURE_BOOT_KEY_REVOKE[0..2] -> 0)') print(' - Flash emul_efuse with pre-loaded efuses (SECURE_BOOT_EN 1 -> 0, SECURE_BOOT_KEY_REVOKE[0..2] -> 0)')
# offsets of eFuses are taken from components/efuse/{target}/esp_efuse_table.csv # offsets of eFuses are taken from components/efuse/{target}/esp_efuse_table.csv
if dut.app.target == 'esp32c2':
SECURE_BOOT_EN = 53
dut.serial.erase_field_on_emul_efuse([SECURE_BOOT_EN])
else:
SECURE_BOOT_EN = 116
SECURE_BOOT_KEY_REVOKE0 = 85
SECURE_BOOT_KEY_REVOKE1 = 86
SECURE_BOOT_KEY_REVOKE2 = 87
# Resets eFuse, which enables Secure boot feature # Resets eFuse, which enables Secure boot feature
# Resets eFuses, which control digest slots # Resets eFuses, which control digest slots
dut.serial.erase_field_on_emul_efuse([SECURE_BOOT_EN, SECURE_BOOT_KEY_REVOKE0, SECURE_BOOT_KEY_REVOKE1, SECURE_BOOT_KEY_REVOKE2]) if dut.app.sdkconfig.get('SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS'):
dut.serial.erase_field_on_emul_efuse_by_name(['SECURE_BOOT_EN', 'SECURE_BOOT_KEY_REVOKE0', 'SECURE_BOOT_KEY_REVOKE1', 'SECURE_BOOT_KEY_REVOKE2'])
else:
dut.serial.erase_field_on_emul_efuse_by_name(['SECURE_BOOT_EN'])
print(' - Start app (flash partition_table and app)') print(' - Start app (flash partition_table and app)')
dut.serial.flash() dut.serial.flash()
dut.expect('Loading virtual efuse blocks from flash') dut.expect('Loading virtual efuse blocks from flash')
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
if dut.app.target == 'esp32c2': if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'):
signed_scheme = 'ECDSA' signed_scheme = 'ECDSA'
else: else:
signed_scheme = 'RSA-PSS' signed_scheme = 'RSA-PSS'
@@ -981,7 +962,10 @@ def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(dut: Dut) -> None:
dut.expect('Verifying image signature...') dut.expect('Verifying image signature...')
dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set') dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
signed_scheme = 'ECDSA' if dut.app.target == 'esp32c2' else 'RSA-PSS' if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'):
signed_scheme = 'ECDSA'
else:
signed_scheme = 'RSA-PSS'
dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme) dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
dut.expect('secure_boot_v2: Signature verified successfully!') dut.expect('secure_boot_v2: Signature verified successfully!')

4
examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c5
View File

@@ -2,13 +2,13 @@
CONFIG_IDF_TARGET="esp32c5" CONFIG_IDF_TARGET="esp32c5"
CONFIG_PARTITION_TABLE_OFFSET=0xD000 CONFIG_PARTITION_TABLE_OFFSET=0xE000
CONFIG_PARTITION_TABLE_CUSTOM=y CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv" CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
CONFIG_SECURE_BOOT=y CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem" CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem"
CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE=y CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE=y
CONFIG_SECURE_FLASH_ENC_ENABLED=y CONFIG_SECURE_FLASH_ENC_ENABLED=y

2
examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c61
View File

@@ -8,7 +8,7 @@ CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
CONFIG_SECURE_BOOT=y CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem" CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem"
CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE=y CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE=y
CONFIG_SECURE_FLASH_ENC_ENABLED=y CONFIG_SECURE_FLASH_ENC_ENABLED=y

2
examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32p4
View File

@@ -2,7 +2,7 @@
CONFIG_IDF_TARGET="esp32p4" CONFIG_IDF_TARGET="esp32p4"
CONFIG_PARTITION_TABLE_OFFSET=0xD000 CONFIG_PARTITION_TABLE_OFFSET=0xE000
CONFIG_PARTITION_TABLE_CUSTOM=y CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv" CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"

4
examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c5
View File

@@ -2,13 +2,13 @@
CONFIG_IDF_TARGET="esp32c5" CONFIG_IDF_TARGET="esp32c5"
CONFIG_PARTITION_TABLE_OFFSET=0xC000 CONFIG_PARTITION_TABLE_OFFSET=0xD000
CONFIG_PARTITION_TABLE_CUSTOM=y CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv" CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
CONFIG_SECURE_BOOT=y CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem" CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem"
CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
# IMPORTANT: ONLY VIRTUAL eFuse MODE! # IMPORTANT: ONLY VIRTUAL eFuse MODE!

2
examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c61
View File

@@ -8,7 +8,7 @@ CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
CONFIG_SECURE_BOOT=y CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem" CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem"
CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
# IMPORTANT: ONLY VIRTUAL eFuse MODE! # IMPORTANT: ONLY VIRTUAL eFuse MODE!

2
examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32p4
View File

@@ -2,7 +2,7 @@
CONFIG_IDF_TARGET="esp32p4" CONFIG_IDF_TARGET="esp32p4"
CONFIG_PARTITION_TABLE_OFFSET=0xC000 CONFIG_PARTITION_TABLE_OFFSET=0xD000
CONFIG_PARTITION_TABLE_CUSTOM=y CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv" CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"