From 81c0ccfade94a1137ba4573342aa52c1e876b05d Mon Sep 17 00:00:00 2001
From: Marius Vikhammer <marius.vikhammer@espressif.com>
Date: Mon, 5 Aug 2024 11:18:36 +0800
Subject: [PATCH 1/5] fix(efuse): fix efuse examples not compiling on c2

---
 examples/system/efuse/main/efuse_main.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/examples/system/efuse/main/efuse_main.c b/examples/system/efuse/main/efuse_main.c
index 2b6238892f..9aa0bf232b 100644
--- a/examples/system/efuse/main/efuse_main.c
+++ b/examples/system/efuse/main/efuse_main.c
@@ -15,8 +15,14 @@
 #include "esp_efuse.h"
 #include "esp_efuse_table.h"
 #include "esp_efuse_custom_table.h"
+
+#if CONFIG_SECURE_BOOT || CONFIG_IDF_TARGET_ESP32C2
 #include "esp_secure_boot.h"
+#endif
+
+#if CONFIG_SECURE_FLASH_ENC_ENABLED || CONFIG_IDF_TARGET_ESP32C2
 #include "esp_flash_encrypt.h"
+#endif
 #include "sdkconfig.h"
 
 static const char* TAG = "example";

From f4086e5f92334af3b7059823a8c3d7e66dff1158 Mon Sep 17 00:00:00 2001
From: Konstantin Kondrashov <konstantin@espressif.com>
Date: Mon, 12 Aug 2024 12:00:19 +0300
Subject: [PATCH 2/5] feat(examples): Increases partition table offset for P4
 and C5

---
 examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32p4   | 2 +-
 examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32p4 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32p4 b/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32p4
index 8df40e73f4..27475f7a27 100644
--- a/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32p4
+++ b/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32p4
@@ -2,7 +2,7 @@
 
 CONFIG_IDF_TARGET="esp32p4"
 
-CONFIG_PARTITION_TABLE_OFFSET=0xD000
+CONFIG_PARTITION_TABLE_OFFSET=0xE000
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
 
diff --git a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32p4 b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32p4
index 2847c533c1..5305d602c6 100644
--- a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32p4
+++ b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32p4
@@ -2,7 +2,7 @@
 
 CONFIG_IDF_TARGET="esp32p4"
 
-CONFIG_PARTITION_TABLE_OFFSET=0xC000
+CONFIG_PARTITION_TABLE_OFFSET=0xD000
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
 

From 599419ab627b43de608ec0430efef46d9293e8f5 Mon Sep 17 00:00:00 2001
From: Konstantin Kondrashov <konstantin@espressif.com>
Date: Fri, 20 Sep 2024 11:26:57 +0300
Subject: [PATCH 3/5] fix(examples): Fix SB and FE tests, type of sign

---
 .../system/efuse/pytest_system_efuse_example.py    | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/examples/system/efuse/pytest_system_efuse_example.py b/examples/system/efuse/pytest_system_efuse_example.py
index f5c70f7a16..f107cdaebb 100644
--- a/examples/system/efuse/pytest_system_efuse_example.py
+++ b/examples/system/efuse/pytest_system_efuse_example.py
@@ -173,7 +173,10 @@ def test_examples_efuse_with_virt_flash_enc_pre_loaded(dut: Dut) -> None:
     else:
         # offset of this eFuse is taken from components/efuse/{target}/esp_efuse_table.csv
         print(' - Flash emul_efuse with pre-loaded efuses (SPI_BOOT_CRYPT_CNT 1 -> 0)')
-        SPI_BOOT_CRYPT_CNT = 82
+        if dut.app.target == 'esp32c61':
+            SPI_BOOT_CRYPT_CNT = 55
+        else:
+            SPI_BOOT_CRYPT_CNT = 82
         # Resets eFuse, which enables Flash encryption feature
         dut.serial.erase_field_on_emul_efuse([SPI_BOOT_CRYPT_CNT])
 
@@ -576,7 +579,7 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(dut: Dut) -> None:
 
     dut.expect('Verifying image signature...')
     dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
-    if dut.app.target == 'esp32c2':
+    if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'):
         signed_scheme = 'ECDSA'
     else:
         signed_scheme = 'RSA-PSS'
@@ -665,7 +668,7 @@ def test_example_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(dut: Dut) ->
     dut.expect('Loading virtual efuse blocks from flash')
 
     dut.expect('Verifying image signature...')
-    if dut.app.target == 'esp32c2':
+    if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'):
         signed_scheme = 'ECDSA'
     else:
         signed_scheme = 'RSA-PSS'
@@ -957,7 +960,10 @@ def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(dut: Dut) -> None:
 
     dut.expect('Verifying image signature...')
     dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
-    signed_scheme = 'ECDSA' if dut.app.target == 'esp32c2' else 'RSA-PSS'
+    if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'):
+        signed_scheme = 'ECDSA'
+    else:
+        signed_scheme = 'RSA-PSS'
     dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
     dut.expect('secure_boot_v2: Signature verified successfully!')
 

From 2d65f539032cfe65dde467aa2105ac9063c2f31f Mon Sep 17 00:00:00 2001
From: Konstantin Kondrashov <konstantin@espressif.com>
Date: Fri, 20 Sep 2024 16:28:25 +0300
Subject: [PATCH 4/5] feat(examples): Get offsets for efuses from espefuse.py

---
 examples/system/efuse/conftest.py             | 27 +++++++++-
 .../efuse/pytest_system_efuse_example.py      | 50 +++++--------------
 2 files changed, 38 insertions(+), 39 deletions(-)

diff --git a/examples/system/efuse/conftest.py b/examples/system/efuse/conftest.py
index 38519a35c2..179715fd08 100644
--- a/examples/system/efuse/conftest.py
+++ b/examples/system/efuse/conftest.py
@@ -1,9 +1,12 @@
-# SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+# SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
 # SPDX-License-Identifier: Apache-2.0
-
+import json
 import logging
 import os
+import tempfile
+from typing import Any
 
+import espefuse
 import pytest
 from _pytest.fixtures import FixtureRequest
 from _pytest.monkeypatch import MonkeyPatch
@@ -52,6 +55,12 @@ class EfuseFlashEncSerial(IdfSerial):
         # Restore self.app.flash files to original value
         self.app.flash_files = prev_flash_files
 
+    def erase_field_on_emul_efuse_by_name(self, efuse_names: list) -> None:
+        pos_of_bits = []
+        for name in efuse_names:
+            pos_of_bits.append(self.get_efuse_offset(name))
+        self.erase_field_on_emul_efuse(pos_of_bits)
+
     def erase_field_on_emul_efuse(self, pos_of_bits: list) -> None:
         emul_efuse_bin_path = os.path.join(self.app.binary_path, 'emul_efuse.bin')
         self.dump_flash(output=emul_efuse_bin_path, partition='emul_efuse')
@@ -86,6 +95,20 @@ class EfuseFlashEncSerial(IdfSerial):
         self.flash()
         self.app.flash_files = prev_flash_files
 
+    def get_efuse_offset(self, efuse_name: str) -> Any:
+        with tempfile.NamedTemporaryFile(suffix='.json') as temp_file:
+            temp_file_path = temp_file.name
+            espefuse.main(f'--virt -c {self.target} summary --format json --file {temp_file_path}'.split())
+            with open(temp_file_path, 'r') as file:
+                efuse_summary = json.load(file)
+                if efuse_name in efuse_summary:
+                    data = efuse_summary[efuse_name]
+                    offset = int(data['word'] * 32) + data['pos']
+                    print(f'{efuse_name} offset = {offset}')
+                    return offset
+                else:
+                    raise ValueError(f"eFuse '{efuse_name}' not found in the summary.")
+
 
 @pytest.fixture(scope='module')
 def monkeypatch_module(request: FixtureRequest) -> MonkeyPatch:
diff --git a/examples/system/efuse/pytest_system_efuse_example.py b/examples/system/efuse/pytest_system_efuse_example.py
index f107cdaebb..e3b683de84 100644
--- a/examples/system/efuse/pytest_system_efuse_example.py
+++ b/examples/system/efuse/pytest_system_efuse_example.py
@@ -1,7 +1,5 @@
 # SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
 # SPDX-License-Identifier: Unlicense OR CC0-1.0
-from __future__ import unicode_literals
-
 import logging
 import os
 
@@ -162,23 +160,12 @@ def test_examples_efuse_with_virt_flash_enc_pre_loaded(dut: Dut) -> None:
     dut.expect('example: Done')
 
     if dut.app.target == 'esp32':
-        print(' - Flash emul_efuse with pre-loaded efuses (FLASH_CRYPT_CNT 1 -> 0)')
-        # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
-        FLASH_CRYPT_CNT = 20
-        # Resets eFuse, which enables Flash encryption feature
-        dut.serial.erase_field_on_emul_efuse([FLASH_CRYPT_CNT])
-    elif dut.app.target == 'esp32c2':
-        FLASH_CRYPT_CNT = 39
-        dut.serial.erase_field_on_emul_efuse([FLASH_CRYPT_CNT])
+        CRYPT_CNT_EFUSE_NAME = 'FLASH_CRYPT_CNT'
     else:
-        # offset of this eFuse is taken from components/efuse/{target}/esp_efuse_table.csv
-        print(' - Flash emul_efuse with pre-loaded efuses (SPI_BOOT_CRYPT_CNT 1 -> 0)')
-        if dut.app.target == 'esp32c61':
-            SPI_BOOT_CRYPT_CNT = 55
-        else:
-            SPI_BOOT_CRYPT_CNT = 82
-        # Resets eFuse, which enables Flash encryption feature
-        dut.serial.erase_field_on_emul_efuse([SPI_BOOT_CRYPT_CNT])
+        CRYPT_CNT_EFUSE_NAME = 'SPI_BOOT_CRYPT_CNT'
+    print(f' - Flash emul_efuse with pre-loaded efuses ({CRYPT_CNT_EFUSE_NAME} 1 -> 0)')
+    # Resets eFuse, which enables Flash encryption feature
+    dut.serial.erase_field_on_emul_efuse_by_name([CRYPT_CNT_EFUSE_NAME])
 
     print(' - Start app (flash partition_table and app)')
     dut.serial.write_flash_no_enc()
@@ -336,10 +323,8 @@ def test_examples_efuse_with_virt_secure_boot_v1_pre_loaded(dut: Dut) -> None:
     dut.expect('example: Done')
 
     print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_0 1 -> 0)')
-    # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
-    ABS_DONE_0 = 196
     # Resets eFuse, which enables Secure boot (V1) feature
-    dut.serial.erase_field_on_emul_efuse([ABS_DONE_0])
+    dut.serial.erase_field_on_emul_efuse_by_name(['ABS_DONE_0'])
 
     print(' - Start app (flash partition_table and app)')
     dut.serial.flash()
@@ -442,10 +427,8 @@ def test_examples_efuse_with_virt_secure_boot_v2(dut: Dut) -> None:
     dut.expect('example: Done')
 
     print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_1 1 -> 0)')
-    # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
-    ABS_DONE_1 = 197
     # Resets eFuse, which enables Secure boot (V2) feature
-    dut.serial.erase_field_on_emul_efuse([ABS_DONE_1])
+    dut.serial.erase_field_on_emul_efuse_by_name(['ABS_DONE_1'])
 
     print(' - Start app (flash partition_table and app)')
     dut.serial.flash()
@@ -507,10 +490,8 @@ def test_examples_efuse_with_virt_secure_boot_v2_pre_loaded(dut: Dut) -> None:
     dut.expect('example: Done')
 
     print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_1 1 -> 0)')
-    # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
-    ABS_DONE_1 = 197
     # Resets eFuse, which enables Secure boot (V2) feature
-    dut.serial.erase_field_on_emul_efuse([ABS_DONE_1])
+    dut.serial.erase_field_on_emul_efuse_by_name(['ABS_DONE_1'])
 
     print(' - Start app (flash partition_table and app)')
     dut.serial.flash()
@@ -651,17 +632,12 @@ def test_example_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(dut: Dut) ->
 
     print(' - Flash emul_efuse with pre-loaded efuses (SECURE_BOOT_EN 1 -> 0, SECURE_BOOT_KEY_REVOKE[0..2] -> 0)')
     # offsets of eFuses are taken from components/efuse/{target}/esp_efuse_table.csv
-    if dut.app.target == 'esp32c2':
-        SECURE_BOOT_EN = 53
-        dut.serial.erase_field_on_emul_efuse([SECURE_BOOT_EN])
+    # Resets eFuse, which enables Secure boot feature
+    # Resets eFuses, which control digest slots
+    if dut.app.sdkconfig.get('SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS'):
+        dut.serial.erase_field_on_emul_efuse_by_name(['SECURE_BOOT_EN', 'SECURE_BOOT_KEY_REVOKE0', 'SECURE_BOOT_KEY_REVOKE1', 'SECURE_BOOT_KEY_REVOKE2'])
     else:
-        SECURE_BOOT_EN = 116
-        SECURE_BOOT_KEY_REVOKE0 = 85
-        SECURE_BOOT_KEY_REVOKE1 = 86
-        SECURE_BOOT_KEY_REVOKE2 = 87
-        # Resets eFuse, which enables Secure boot feature
-        # Resets eFuses, which control digest slots
-        dut.serial.erase_field_on_emul_efuse([SECURE_BOOT_EN, SECURE_BOOT_KEY_REVOKE0, SECURE_BOOT_KEY_REVOKE1, SECURE_BOOT_KEY_REVOKE2])
+        dut.serial.erase_field_on_emul_efuse_by_name(['SECURE_BOOT_EN'])
 
     print(' - Start app (flash partition_table and app)')
     dut.serial.flash()

From 5ff61c0913bd39c871f43ddf5b0793d1cb5a1b26 Mon Sep 17 00:00:00 2001
From: Konstantin Kondrashov <konstantin@espressif.com>
Date: Mon, 23 Sep 2024 11:00:46 +0300
Subject: [PATCH 5/5] fix(examples): Fix codespell check for efuse example

---
 examples/system/efuse/main/efuse_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/system/efuse/main/efuse_main.c b/examples/system/efuse/main/efuse_main.c
index 9aa0bf232b..d36c683b8e 100644
--- a/examples/system/efuse/main/efuse_main.c
+++ b/examples/system/efuse/main/efuse_main.c
@@ -34,7 +34,7 @@ typedef struct {
     uint8_t setting_1;             /*!< Setting 1: length 6 bits */
     uint8_t setting_2;             /*!< Setting 2: length 5 bits */
     size_t custom_secure_version;  /*!< Custom secure version: length 16 bits */
-    uint16_t reserv;               /*!< Reserv */
+    uint16_t reserve;               /*!< Reserve */
 } device_desc_t;