ESP-IDF
Select one of the symbols to view example projects that use it.
 
Outline
#include <strings.h>
#include "sdkconfig.h"
#include "esp_log.h"
#include "esp_efuse.h"
#include "esp_efuse_table.h"
#include "esp_flash_encrypt.h"
#include "esp_secure_boot.h"
#include "hal/efuse_hal.h"
#include "hal/spi_flash_encrypted_ll.h"
#include "hal/spi_flash_encrypt_hal.h"
#include "soc/soc_caps.h"
#define CRYPT_CNT
#define WR_DIS_CRYPT_CNT
#define CRYPT_CNT
#define WR_DIS_CRYPT_CNT
TAG
esp_flash_encryption_init_checks()
esp_flash_encryption_enabled()
esp_flash_write_protect_crypt_cnt()
esp_get_flash_encryption_mode()
esp_flash_encryption_set_release_mode()
esp_flash_encryption_cfg_verify_release_mode()
Files
ESP-IDF
components
app_trace
app_update
bootloader_support
bootloader_flash
include
private_include
src
esp32
idf
bootloader_clock_init.c
bootloader_common_loader.c
bootloader_common.c
bootloader_efuse.c
bootloader_mem.c
bootloader_random_esp32.c
bootloader_random.c
bootloader_utility.c
esp_image_format.c
flash_encrypt.c
flash_partitions.c
secure_boot.c
bt
cmock
console
cxx
driver
efuse
esp_adc
esp_app_format
esp_bootloader_format
esp_coex
esp_common
esp_driver_ana_cmpr
esp_driver_cam
esp_driver_dac
esp_driver_gpio
esp_driver_gptimer
esp_driver_i2c
esp_driver_i2s
esp_driver_jpeg
esp_driver_ledc
esp_driver_mcpwm
esp_driver_parlio
esp_driver_pcnt
esp_driver_rmt
esp_driver_sdio
esp_driver_sdm
esp_driver_sdmmc
esp_driver_sdspi
esp_driver_spi
esp_driver_tsens
esp_driver_uart
esp_driver_usb_serial_jtag
esp_eth
esp_event
esp_gdbstub
esp_hid
esp_http_client
esp_http_server
esp_https_ota
esp_https_server
esp_hw_support
esp_lcd
esp_local_ctrl
esp_mm
esp_netif
esp_partition
esp_phy
esp_pm
esp_psram
esp_ringbuf
esp_rom
esp_security
esp_system
esp_timer
esp_vfs_console
esp_wifi
esp-tls
espcoredump
hal
heap
http_parser
ieee802154
log
mqtt
newlib
nvs_flash
nvs_sec_provider
openthread
perfmon
protobuf-c
protocomm
pthread
rt
sdmmc
soc
spi_flash
spiffs
tcp_transport
ulp
unity
vfs
wear_levelling
wifi_provisioning
wpa_supplicant
xtensa
examples
lwIP
FreeRTOS
cJSON
mbedTLS
SourceVuESP-IDF Framework and ExamplesESP-IDFcomponents/bootloader_support/src/flash_encrypt.c
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
/* * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 *//* ... */ #include <strings.h> #include "sdkconfig.h" #include "esp_log.h" #include "esp_efuse.h" #include "esp_efuse_table.h" #include "esp_flash_encrypt.h" #include "esp_secure_boot.h" #include "hal/efuse_hal.h" #include "hal/spi_flash_encrypted_ll.h" #include "hal/spi_flash_encrypt_hal.h" #include "soc/soc_caps.h"11 includes #if CONFIG_IDF_TARGET_ESP32 #define CRYPT_CNT ESP_EFUSE_FLASH_CRYPT_CNT #define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT/* ... */ #else #define CRYPT_CNT ESP_EFUSE_SPI_BOOT_CRYPT_CNT #define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT/* ... */ #endif static const char *TAG = "flash_encrypt"; #ifndef BOOTLOADER_BUILD void esp_flash_encryption_init_checks() { esp_flash_enc_mode_t mode; #ifdef CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP if (!esp_flash_encryption_enabled()) { ESP_LOGE(TAG, "Flash encryption eFuse bit was not enabled in bootloader but CONFIG_SECURE_FLASH_ENC_ENABLED is on"); abort(); }{...} #endif/* ... */ // CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP // First check is: if Release mode flash encryption & secure boot are enabled then // FLASH_CRYPT_CNT *must* be write protected. This will have happened automatically // if bootloader is IDF V4.0 or newer but may not have happened for previous ESP-IDF bootloaders. #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE #ifdef CONFIG_SECURE_BOOT if (esp_secure_boot_enabled() && esp_flash_encryption_enabled()) { bool flash_crypt_cnt_wr_dis = esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT); if (!flash_crypt_cnt_wr_dis) { uint8_t flash_crypt_cnt = 0; esp_efuse_read_field_blob(CRYPT_CNT, &flash_crypt_cnt, CRYPT_CNT[0]->bit_count); if (flash_crypt_cnt == (1<<(CRYPT_CNT[0]->bit_count))-1) { // If encryption counter is already max, no need to write protect it // (this distinction is important on ESP32 ECO3 where write-procted FLASH_CRYPT_CNT also write-protects UART_DL_DIS) }{...} else { ESP_LOGE(TAG, "Flash encryption & Secure Boot together requires FLASH_CRYPT_CNT efuse to be write protected. Fixing now..."); esp_flash_write_protect_crypt_cnt(); }{...} }{...} }{...} #endif/* ... */ // CONFIG_SECURE_BOOT/* ... */ #endif // CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE // Second check is to print a warning or error if the current running flash encryption mode // doesn't match the expectation from project config (due to mismatched bootloader and app, probably) mode = esp_get_flash_encryption_mode(); if (mode == ESP_FLASH_ENC_MODE_DEVELOPMENT) { #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE ESP_LOGE(TAG, "Flash encryption settings error: app is configured for RELEASE but efuses are set for DEVELOPMENT"); ESP_LOGE(TAG, "Mismatch found in security options in bootloader menuconfig and efuse settings. Device is not secure.");/* ... */ #else ESP_LOGW(TAG, "Flash encryption mode is DEVELOPMENT (not secure)"); #endif // CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE }{...} else if (mode == ESP_FLASH_ENC_MODE_RELEASE) { ESP_LOGI(TAG, "Flash encryption mode is RELEASE"); }{...} }{ ... } #endif/* ... */ // BOOTLOADER_BUILD /** * This former inlined function must not be defined in the header file anymore. * As it depends on efuse component, any use of it outside of `bootloader_support`, * would require the caller component to include `efuse` as part of its `REQUIRES` or * `PRIV_REQUIRES` entries. * Attribute IRAM_ATTR must be specified for the app build. *//* ... */ bool IRAM_ATTR esp_flash_encryption_enabled(void) { #ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH return efuse_hal_flash_encryption_enabled(); #else uint32_t flash_crypt_cnt = 0; #if CONFIG_IDF_TARGET_ESP32 esp_efuse_read_field_blob(ESP_EFUSE_FLASH_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count); #else esp_efuse_read_field_blob(ESP_EFUSE_SPI_BOOT_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count); #endif /* __builtin_parity is in flash, so we calculate parity inline */ bool enabled = false; while (flash_crypt_cnt) { if (flash_crypt_cnt & 1) { enabled = !enabled; }{...} flash_crypt_cnt >>= 1; }{...} return enabled;/* ... */ #endif // CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH }{ ... } void esp_flash_write_protect_crypt_cnt(void) { esp_efuse_write_field_bit(WR_DIS_CRYPT_CNT); }{ ... } esp_flash_enc_mode_t esp_get_flash_encryption_mode(void) { bool flash_crypt_cnt_wr_dis = false; esp_flash_enc_mode_t mode = ESP_FLASH_ENC_MODE_DEVELOPMENT; if (esp_flash_encryption_enabled()) { /* Check if FLASH CRYPT CNT is write protected */ flash_crypt_cnt_wr_dis = esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT); if (!flash_crypt_cnt_wr_dis) { uint8_t flash_crypt_cnt = 0; esp_efuse_read_field_blob(CRYPT_CNT, &flash_crypt_cnt, CRYPT_CNT[0]->bit_count); if (flash_crypt_cnt == (1 << (CRYPT_CNT[0]->bit_count)) - 1) { flash_crypt_cnt_wr_dis = true; }{...} }{...} if (flash_crypt_cnt_wr_dis) { #if CONFIG_IDF_TARGET_ESP32 bool dis_dl_cache = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_CACHE); bool dis_dl_enc = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT); bool dis_dl_dec = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT); /* Check if DISABLE_DL_DECRYPT, DISABLE_DL_ENCRYPT & DISABLE_DL_CACHE are set */ if ( dis_dl_cache && dis_dl_enc && dis_dl_dec ) { mode = ESP_FLASH_ENC_MODE_RELEASE; }{...} /* ... */#else if (esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT) #if SOC_EFUSE_DIS_DOWNLOAD_MSPI && esp_efuse_read_field_bit(ESP_EFUSE_SPI_DOWNLOAD_MSPI_DIS) #endif #if SOC_EFUSE_DIS_DOWNLOAD_ICACHE && esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE) #endif #if SOC_EFUSE_DIS_DOWNLOAD_DCACHE && esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE) #endif ) { mode = ESP_FLASH_ENC_MODE_RELEASE; #ifdef CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED // This chip supports two types of key: AES128_DERIVED and AES128. // To be in RELEASE mode, it is important for the AES128_DERIVED key that XTS_KEY_LENGTH_256 be write-protected. bool xts_key_len_256_wr_dis = esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT); mode = (xts_key_len_256_wr_dis) ? ESP_FLASH_ENC_MODE_RELEASE : ESP_FLASH_ENC_MODE_DEVELOPMENT;/* ... */ #endif // CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED }{...} #endif/* ... */ // !CONFIG_IDF_TARGET_ESP32 }{...} }{...} else { mode = ESP_FLASH_ENC_MODE_DISABLED; }{...} return mode; }{ ... } void esp_flash_encryption_set_release_mode(void) { esp_flash_enc_mode_t mode = esp_get_flash_encryption_mode(); if (mode == ESP_FLASH_ENC_MODE_RELEASE) { return; }{...} if (mode == ESP_FLASH_ENC_MODE_DISABLED) { ESP_LOGE(TAG, "Flash encryption eFuse is not enabled, abort.."); abort(); return; }{...} // ESP_FLASH_ENC_MODE_DEVELOPMENT -> ESP_FLASH_ENC_MODE_RELEASE esp_efuse_batch_write_begin(); if (!esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT)) { size_t flash_crypt_cnt = 0; esp_efuse_read_field_cnt(CRYPT_CNT, &flash_crypt_cnt); if (flash_crypt_cnt != CRYPT_CNT[0]->bit_count) { esp_efuse_write_field_cnt(CRYPT_CNT, CRYPT_CNT[0]->bit_count - flash_crypt_cnt); }{...} }{...} #if CONFIG_IDF_TARGET_ESP32 esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_CACHE); esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT); esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT);/* ... */ #else esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT); #if SOC_EFUSE_DIS_DOWNLOAD_MSPI esp_efuse_write_field_bit(ESP_EFUSE_SPI_DOWNLOAD_MSPI_DIS); #endif #if SOC_EFUSE_DIS_DOWNLOAD_ICACHE esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE); #endif #if SOC_EFUSE_DIS_DOWNLOAD_DCACHE esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE); #endif #ifdef CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED // For AES128_DERIVED, FE key is 16 bytes and XTS_KEY_LENGTH_256 is 0. // It is important to protect XTS_KEY_LENGTH_256 from further changing it to 1. Set write protection for this bit. // Burning WR_DIS_CRYPT_CNT, blocks further changing of eFuses: DIS_DOWNLOAD_MANUAL_ENCRYPT, SPI_BOOT_CRYPT_CNT, [XTS_KEY_LENGTH_256], SECURE_BOOT_EN. esp_efuse_write_field_bit(WR_DIS_CRYPT_CNT);/* ... */ #endif // CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED/* ... */ #endif // !CONFIG_IDF_TARGET_ESP32 #ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) { uint8_t xts_pseudo_level = ESP_XTS_AES_PSEUDO_ROUNDS_LOW; esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count); }{...} #endif/* ... */ #ifdef CONFIG_IDF_TARGET_ESP32 esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE); #else #if SOC_EFUSE_DIS_ICACHE esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE); #endif/* ... */ #endif // !CONFIG_IDF_TARGET_ESP32 #if CONFIG_SOC_SUPPORTS_SECURE_DL_MODE esp_efuse_enable_rom_secure_download_mode(); #else esp_efuse_disable_rom_download_mode(); #endif esp_efuse_batch_write_commit(); if (esp_get_flash_encryption_mode() != ESP_FLASH_ENC_MODE_RELEASE) { ESP_LOGE(TAG, "Flash encryption mode is DEVELOPMENT, abort.."); abort(); }{...} ESP_LOGI(TAG, "Flash encryption mode is RELEASE"); }{ ... } #ifdef CONFIG_IDF_TARGET_ESP32 bool esp_flash_encryption_cfg_verify_release_mode(void) { bool result = false; bool secure; secure = esp_flash_encryption_enabled(); result = secure; if (!secure) { ESP_LOGW(TAG, "Not enabled Flash Encryption (FLASH_CRYPT_CNT->1 or max)"); }{...} uint8_t crypt_config = 0; esp_efuse_read_field_blob(ESP_EFUSE_ENCRYPT_CONFIG, &crypt_config, 4); if (crypt_config != EFUSE_FLASH_CRYPT_CONFIG) { result &= false; ESP_LOGW(TAG, "ENCRYPT_CONFIG must be set 0xF (set ENCRYPT_CONFIG->0xF)"); }{...} uint8_t flash_crypt_cnt = 0; esp_efuse_read_field_blob(ESP_EFUSE_FLASH_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count); if (flash_crypt_cnt != (1 << (ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count)) - 1) { if (!esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT)) { result &= false; ESP_LOGW(TAG, "Not release mode of Flash Encryption (set FLASH_CRYPT_CNT->max or WR_DIS_FLASH_CRYPT_CNT->1)"); }{...} }{...} secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled UART bootloader encryption (set DISABLE_DL_ENCRYPT->1)"); }{...} secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled UART bootloader decryption (set DISABLE_DL_DECRYPT->1)"); }{...} secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_CACHE); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled UART bootloader MMU cache (set DISABLE_DL_CACHE->1)"); }{...} secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_JTAG); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled JTAG (set DISABLE_JTAG->1)"); }{...} secure = esp_efuse_read_field_bit(ESP_EFUSE_CONSOLE_DEBUG_DISABLE); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled ROM BASIC interpreter fallback (set CONSOLE_DEBUG_DISABLE->1)"); }{...} secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not write-protected DIS_CACHE (set WR_DIS_DIS_CACHE->1)"); }{...} secure = esp_efuse_read_field_bit(ESP_EFUSE_RD_DIS_BLK1); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not read-protected flash ecnryption key (set RD_DIS_BLK1->1)"); }{...} secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_BLK1); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not write-protected flash ecnryption key (set WR_DIS_BLK1->1)"); }{...} return result; }{ ... } /* ... */#else // not CONFIG_IDF_TARGET_ESP32 bool esp_flash_encryption_cfg_verify_release_mode(void) { bool result = false; bool secure; secure = esp_flash_encryption_enabled(); result = secure; if (!secure) { ESP_LOGW(TAG, "Not enabled Flash Encryption (SPI_BOOT_CRYPT_CNT->1 or max)"); }{...} uint8_t flash_crypt_cnt = 0; esp_efuse_read_field_blob(ESP_EFUSE_SPI_BOOT_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count); if (flash_crypt_cnt != (1 << (ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count)) - 1) { if (!esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT)) { result &= false; ESP_LOGW(TAG, "Not release mode of Flash Encryption (set SPI_BOOT_CRYPT_CNT->max or WR_DIS_SPI_BOOT_CRYPT_CNT->1)"); }{...} }{...} secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled UART bootloader encryption (set DIS_DOWNLOAD_MANUAL_ENCRYPT->1)"); }{...} #if SOC_EFUSE_DIS_DOWNLOAD_DCACHE secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled UART bootloader Dcache (set DIS_DOWNLOAD_DCACHE->1)"); }{...} /* ... */#endif #if SOC_EFUSE_DIS_DOWNLOAD_MSPI secure = esp_efuse_read_field_bit(ESP_EFUSE_SPI_DOWNLOAD_MSPI_DIS); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled UART bootloader download mspi (set DIS_DOWNLOAD_MSPI->1)"); }{...} /* ... */#endif #if SOC_EFUSE_DIS_DOWNLOAD_ICACHE secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled UART bootloader cache (set DIS_DOWNLOAD_ICACHE->1)"); }{...} /* ... */#endif bool soft_dis_jtag_complete = false; #if SOC_EFUSE_SOFT_DIS_JTAG size_t soft_dis_jtag_cnt_val = 0; esp_efuse_read_field_cnt(ESP_EFUSE_SOFT_DIS_JTAG, &soft_dis_jtag_cnt_val); soft_dis_jtag_complete = (soft_dis_jtag_cnt_val == ESP_EFUSE_SOFT_DIS_JTAG[0]->bit_count); if (soft_dis_jtag_complete) { bool hmac_key_found = false; hmac_key_found = esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG, NULL); hmac_key_found |= esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL, NULL); if (!hmac_key_found) { ESP_LOGW(TAG, "SOFT_DIS_JTAG is set but HMAC key with respective purpose not found"); soft_dis_jtag_complete = false; }{...} }{...} /* ... */#endif if (!soft_dis_jtag_complete) { #if SOC_EFUSE_DIS_PAD_JTAG secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_PAD_JTAG); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled JTAG PADs (set DIS_PAD_JTAG->1)"); }{...} /* ... */#endif #if SOC_EFUSE_DIS_USB_JTAG secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_USB_JTAG); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled USB JTAG (set DIS_USB_JTAG->1)"); }{...} /* ... */#endif #if SOC_EFUSE_HARD_DIS_JTAG secure = esp_efuse_read_field_bit(ESP_EFUSE_HARD_DIS_JTAG); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled JTAG (set HARD_DIS_JTAG->1)"); }{...} /* ... */#endif }{...} #if SOC_EFUSE_DIS_DIRECT_BOOT secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled direct boot mode (set DIS_DIRECT_BOOT->1)"); }{...} /* ... */#endif #if SOC_EFUSE_DIS_BOOT_REMAP secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_BOOT_REMAP); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled boot from RAM (set DIS_BOOT_REMAP->1)"); }{...} /* ... */#endif #if SOC_EFUSE_DIS_LEGACY_SPI_BOOT secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not disabled Legcy SPI boot (set DIS_LEGACY_SPI_BOOT->1)"); }{...} /* ... */#endif #if SOC_EFUSE_DIS_ICACHE secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not write-protected DIS_ICACHE (set WR_DIS_DIS_ICACHE->1)"); }{...} /* ... */#endif esp_efuse_purpose_t purposes[] = { #if SOC_FLASH_ENCRYPTION_XTS_AES_256 ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1, ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2,/* ... */ #endif #if SOC_FLASH_ENCRYPTION_XTS_AES_128 ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY, #endif }{...}; // S2 and S3 chips have both XTS_AES_128_KEY and XTS_AES_256_KEY_1/2. // The check below does not take into account that XTS_AES_128_KEY and XTS_AES_256_KEY_1/2 // are mutually exclusive because this will make the chip not functional. // Only one type key must be configured in eFuses. secure = false; for (unsigned i = 0; i < sizeof(purposes) / sizeof(esp_efuse_purpose_t); i++) { esp_efuse_block_t block; if (esp_efuse_find_purpose(purposes[i], &block)) { secure = esp_efuse_get_key_dis_read(block); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not read-protected Flash encryption key in BLOCK%d (set RD_DIS_KEY%d->1)", block, block - EFUSE_BLK_KEY0); }{...} secure = esp_efuse_get_key_dis_write(block); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not write-protected Flash encryption key in BLOCK%d (set WR_DIS_KEY%d->1)", block, block - EFUSE_BLK_KEY0); }{...} #if SOC_EFUSE_KEY_PURPOSE_FIELD secure = esp_efuse_get_keypurpose_dis_write(block); result &= secure; if (!secure) { ESP_LOGW(TAG, "Not write-protected KEY_PURPOSE for BLOCK%d (set WR_DIS_KEY_PURPOSE%d->1)", block, block - EFUSE_BLK_KEY0); }{...} /* ... */#endif }{...} }{...} result &= secure; #if SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) { uint8_t xts_pseudo_level = 0; esp_efuse_read_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count); if (!xts_pseudo_level) { result &= false; ESP_LOGW(TAG, "Not enabled XTS-AES pseudo rounds function (set XTS_DPA_PSEUDO_LEVEL->1 or more)"); }{...} }{...} /* ... */#endif return result; }{...} /* ... */#endif // not CONFIG_IDF_TARGET_ESP32
Details
Show:
from
Types: Columns: