From f3b4050a9f5d8b2f16339d3b07e0ee5d139996bf Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Mon, 28 Apr 2025 18:59:24 +0530 Subject: [PATCH 1/2] fix: Secure boot (ECDSA) build failure for C6 rev0 target Closes https://github.com/espressif/esp-idf/issues/15856 --- components/bootloader_support/CMakeLists.txt | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/components/bootloader_support/CMakeLists.txt b/components/bootloader_support/CMakeLists.txt index d6520afd1d..bae865dc3b 100644 --- a/components/bootloader_support/CMakeLists.txt +++ b/components/bootloader_support/CMakeLists.txt @@ -65,6 +65,9 @@ if(CONFIG_APP_BUILD_TYPE_APP_2NDBOOT) endif() list(APPEND srcs "src/bootloader_sha.c") +if(CONFIG_ESP_ROM_REV0_HAS_NO_ECDSA_INTERFACE) + list(APPEND srcs "src/${IDF_TARGET}/bootloader_ecdsa.c") +endif() if(BOOTLOADER_BUILD OR CONFIG_APP_BUILD_TYPE_RAM) set(include_dirs "include" "bootloader_flash/include" @@ -82,10 +85,6 @@ if(BOOTLOADER_BUILD OR CONFIG_APP_BUILD_TYPE_RAM) list(APPEND srcs "src/bootloader_utility_tee.c") endif() list(APPEND priv_requires hal) - if(CONFIG_ESP_ROM_REV0_HAS_NO_ECDSA_INTERFACE) - list(APPEND srcs - "src/${IDF_TARGET}/bootloader_ecdsa.c") - endif() else() set(include_dirs "include" "bootloader_flash/include") set(priv_include_dirs "private_include") From 6c0d5def85653dc391808d783500f685a42e850a Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Mon, 28 Apr 2025 19:27:08 +0530 Subject: [PATCH 2/2] test: convert C6 secure boot tests to use ECDSA scheme --- examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c6 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c6 b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c6 index 6240aba74d..d14185d53a 100644 --- a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c6 +++ b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c6 @@ -8,7 +8,8 @@ CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv" CONFIG_SECURE_BOOT=y CONFIG_SECURE_BOOT_V2_ENABLED=y -CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem" +CONFIG_SECURE_BOOT_V2_ECDSA_ENABLED=y +CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem" CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y # IMPORTANT: ONLY VIRTUAL eFuse MODE!