secure boot: Rename efuse option for UART bootloader to option for ROM interpreter

2016-11-11 15:14:13 +11:00 · 2016-11-11 15:14:13 +11:00 · 8691b54758
commit 8691b54758
--- a/components/bootloader/Kconfig.projbuild
+++ b/components/bootloader/Kconfig.projbuild
@ -85,31 +85,31 @@ config SECURE_BOOT_SIGNING_KEY
        See docs/security/secure-boot.rst for details.

 config SECURE_BOOT_DISABLE_JTAG
-	   bool "First boot: Permanently disable JTAG"
-	   depends on SECURE_BOOTLOADER_ENABLED
-	   default Y
-	   help
-	      Bootloader permanently disable JTAG (across entire chip) when enabling secure boot. This happens on first boot of the bootloader.
+       bool "First boot: Permanently disable JTAG"
+       depends on SECURE_BOOTLOADER_ENABLED
+       default Y
+       help
+          Bootloader permanently disable JTAG (across entire chip) when enabling secure boot. This happens on first boot of the bootloader.

-		  It is recommended this option remains set for production environments.
+          It is recommended this option remains set for production environments.

-config SECURE_BOOT_DISABLE_UART_BOOTLOADER
- 	   bool "First boot: Permanently disable UART bootloader"
-	   depends on SECURE_BOOTLOADER_ENABLED
-	   default Y
-	   help
-	      Bootloader permanently disables UART and other bootloader modes when enabling secure boot. This happens on first boot.
+config SECURE_BOOT_DISABLE_ROM_BASIC
+       bool "First boot: Permanently disable ROM BASIC fallback"
+       depends on SECURE_BOOTLOADER_ENABLED
+       default Y
+       help
+          Bootloader permanently disables ROM BASIC (on UART console) as a fallback if the bootloader image becomes invalid. This happens on first boot.

-		  It is recommended this option remains set for production environments.
+          It is recommended this option remains set in production environments.

 config SECURE_BOOT_TEST_MODE
-	   bool "Test mode: don't actually enable secure boot"
-	   depends on SECURE_BOOTLOADER_ENABLED
-	   default N
-	   help
-		  If this option is set, all permanent secure boot changes (via Efuse) are disabled.
+       bool "Test mode: don't actually enable secure boot"
+       depends on SECURE_BOOTLOADER_ENABLED
+       default N
+       help
+          If this option is set, all permanent secure boot changes (via Efuse) are disabled.

-		  This option is for testing purposes only - it effectively completely disables secure boot protection.
+          This option is for testing purposes only - it effectively completely disables secure boot protection.

 config SECURE_BOOTLOADER_ENABLED
    bool
--- a/components/bootloader_support/src/secure_boot_signatures.c
+++ b/components/bootloader_support/src/secure_boot_signatures.c
@ -46,7 +46,7 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
    uint8_t digest[32];
    ptrdiff_t keylen;
    const uint8_t *data, *digest_data;
-    uint32_t digest_len, chunk_len;
+    uint32_t digest_len;
    const signature_block_t *sigblock;
    bool is_valid;