esp_efuse_write_keys() function

Program keys to unused efuse blocks The burn of keys, protection bits, and purposes happens in batch mode.

Syntax

Show:

Summary

Declaration

Definition

from esp_efuse.h:754

esp_err_t esp_efuse_write_keys(const esp_efuse_purpose_t purposes[], uint8_t keys[][32], unsigned number_of_keys);

Implemented in esp_efuse_api_key.c:212

Arguments

Argument

Description

purposes

Array of purposes (purpose[number_of_keys]).

keys

Array of keys (uint8_t keys[number_of_keys][32]). Each key is 32 bytes long.

number_of_keys

The number of keys to write (up to 6 keys).

Return value

- ESP_OK: Successful. - ESP_ERR_INVALID_ARG: Error in the passed arguments. - ESP_ERR_INVALID_STATE: Error in efuses state, unused block not found. - ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS: Error not enough unused key blocks available - ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden. - ESP_ERR_CODING: Error range of data does not match the coding scheme.

Notes

This API also enables the read protection efuse bit for certain key blocks like XTS-AES, HMAC, ECDSA etc. This ensures that the key is only accessible to hardware peripheral. For SoC's with capability `SOC_EFUSE_ECDSA_USE_HARDWARE_K` (e.g., ESP32-H2), this API writes an additional efuse bit for ECDSA key purpose to enforce hardware TRNG generated k mode in the peripheral.