From 2c0081b2868317e5060226e8ec4c40e878f95145 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 11 Nov 2021 10:29:50 +0530 Subject: [PATCH 1/2] secure_boot: Fix warning when UART ROM DL mode is disabled *Additionally use updated calls to enable rom secure download mode --- .../src/esp32/secure_boot_secure_features.c | 2 +- .../src/esp32c3/secure_boot_secure_features.c | 15 +++++++++++++-- .../src/esp32h2/secure_boot.c | 18 +++++++++++++++--- .../src/esp32s2/secure_boot_secure_features.c | 15 +++++++++++++-- .../src/esp32s3/secure_boot_secure_features.c | 15 +++++++++++++-- 5 files changed, 55 insertions(+), 10 deletions(-) diff --git a/components/bootloader_support/src/esp32/secure_boot_secure_features.c b/components/bootloader_support/src/esp32/secure_boot_secure_features.c index b0f10436c9..977a691bf8 100644 --- a/components/bootloader_support/src/esp32/secure_boot_secure_features.c +++ b/components/bootloader_support/src/esp32/secure_boot_secure_features.c @@ -79,7 +79,7 @@ esp_err_t esp_secure_boot_enable_secure_features(void) return err; } #else - ESP_LOGW(TAG, "Not disabling ROM Download mode - SECURITY COMPROMISED"); + ESP_LOGW(TAG, "UART ROM Download mode kept enabled - SECURITY COMPROMISED"); #endif #ifndef CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS diff --git a/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c b/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c index 30098bed32..c1bde8aa39 100644 --- a/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c +++ b/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c @@ -20,9 +20,20 @@ esp_err_t esp_secure_boot_enable_secure_features(void) #ifdef CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE ESP_LOGI(TAG, "Enabling Security download mode..."); - esp_efuse_write_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD); + esp_err_t err = esp_efuse_enable_rom_secure_download_mode(); + if (err != ESP_OK) { + ESP_LOGE(TAG, "Could not enable Security download mode..."); + return err; + } +#elif CONFIG_SECURE_DISABLE_ROM_DL_MODE + ESP_LOGI(TAG, "Disable ROM Download mode..."); + esp_err_t err = esp_efuse_disable_rom_download_mode(); + if (err != ESP_OK) { + ESP_LOGE(TAG, "Could not disable ROM Download mode..."); + return err; + } #else - ESP_LOGW(TAG, "Not enabling Security download mode - SECURITY COMPROMISED"); + ESP_LOGW(TAG, "UART ROM download mode kept enabled - SECURITY COMPROMISED"); #endif #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG diff --git a/components/bootloader_support/src/esp32h2/secure_boot.c b/components/bootloader_support/src/esp32h2/secure_boot.c index 359d7f28c1..85ea55452b 100644 --- a/components/bootloader_support/src/esp32h2/secure_boot.c +++ b/components/bootloader_support/src/esp32h2/secure_boot.c @@ -250,11 +250,23 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag esp_efuse_write_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT); + esp_err_t err = ESP_FAIL; #ifdef CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE ESP_LOGI(TAG, "Enabling Security download mode..."); - esp_efuse_write_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD); + err = esp_efuse_enable_rom_secure_download_mode(); + if (err != ESP_OK) { + ESP_LOGE(TAG, "Could not enable Security download mode..."); + return err; + } +#elif CONFIG_SECURE_DISABLE_ROM_DL_MODE + ESP_LOGI(TAG, "Disable ROM Download mode..."); + err = esp_efuse_disable_rom_download_mode(); + if (err != ESP_OK) { + ESP_LOGE(TAG, "Could not disable ROM Download mode..."); + return err; + } #else - ESP_LOGW(TAG, "Not enabling Security download mode - SECURITY COMPROMISED"); + ESP_LOGW(TAG, "UART download mode kept enabled - SECURITY COMPROMISED"); #endif #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG @@ -272,7 +284,7 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag esp_efuse_write_field_bit(ESP_EFUSE_SECURE_BOOT_EN); - esp_err_t err = esp_efuse_batch_write_commit(); + err = esp_efuse_batch_write_commit(); if (err != ESP_OK) { ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err); return err; diff --git a/components/bootloader_support/src/esp32s2/secure_boot_secure_features.c b/components/bootloader_support/src/esp32s2/secure_boot_secure_features.c index 418a932209..71dbc64c2e 100644 --- a/components/bootloader_support/src/esp32s2/secure_boot_secure_features.c +++ b/components/bootloader_support/src/esp32s2/secure_boot_secure_features.c @@ -21,9 +21,20 @@ esp_err_t esp_secure_boot_enable_secure_features(void) #ifdef CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE ESP_LOGI(TAG, "Enabling Security download mode..."); - esp_efuse_write_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD); + esp_err_t err = esp_efuse_enable_rom_secure_download_mode(); + if (err != ESP_OK) { + ESP_LOGE(TAG, "Could not enable Security download mode..."); + return err; + } +#elif CONFIG_SECURE_DISABLE_ROM_DL_MODE + ESP_LOGI(TAG, "Disable ROM Download mode..."); + esp_err_t err = esp_efuse_disable_rom_download_mode(); + if (err != ESP_OK) { + ESP_LOGE(TAG, "Could not disable ROM Download mode..."); + return err; + } #else - ESP_LOGW(TAG, "Not enabling Security download mode - SECURITY COMPROMISED"); + ESP_LOGW(TAG, "UART ROM download mode kept enabled - SECURITY COMPROMISED"); #endif #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG diff --git a/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c b/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c index 4284626a73..2081e81e2f 100644 --- a/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c +++ b/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c @@ -20,9 +20,20 @@ esp_err_t esp_secure_boot_enable_secure_features(void) #ifdef CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE ESP_LOGI(TAG, "Enabling Security download mode..."); - esp_efuse_write_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD); + esp_err_t err = esp_efuse_enable_rom_secure_download_mode(); + if (err != ESP_OK) { + ESP_LOGE(TAG, "Could not enable Security download mode..."); + return err; + } +#elif CONFIG_SECURE_DISABLE_ROM_DL_MODE + ESP_LOGI(TAG, "Disable ROM Download mode..."); + esp_err_t err = esp_efuse_disable_rom_download_mode(); + if (err != ESP_OK) { + ESP_LOGE(TAG, "Could not disable ROM Download mode..."); + return err; + } #else - ESP_LOGW(TAG, "Not enabling Security download mode - SECURITY COMPROMISED"); + ESP_LOGW(TAG, "UART ROM download mode kept enabled - SECURITY COMPROMISED"); #endif #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG From 2a2d8f5cbc7fec3c211c2b7daa8d20154290c815 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 23 Nov 2021 14:46:38 +0530 Subject: [PATCH 2/2] efuse_example_test: Fix the example test *Unify the log messages when UART ROM Download mode is kept enabled --- .../src/esp32c3/secure_boot_secure_features.c | 2 +- .../bootloader_support/src/esp32h2/secure_boot.c | 2 +- .../src/esp32s2/secure_boot_secure_features.c | 2 +- .../src/esp32s3/secure_boot_secure_features.c | 2 +- examples/system/efuse/example_test.py | 12 ++++++------ 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c b/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c index c1bde8aa39..4226493ce1 100644 --- a/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c +++ b/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c @@ -33,7 +33,7 @@ esp_err_t esp_secure_boot_enable_secure_features(void) return err; } #else - ESP_LOGW(TAG, "UART ROM download mode kept enabled - SECURITY COMPROMISED"); + ESP_LOGW(TAG, "UART ROM Download mode kept enabled - SECURITY COMPROMISED"); #endif #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG diff --git a/components/bootloader_support/src/esp32h2/secure_boot.c b/components/bootloader_support/src/esp32h2/secure_boot.c index 85ea55452b..f5a44d259e 100644 --- a/components/bootloader_support/src/esp32h2/secure_boot.c +++ b/components/bootloader_support/src/esp32h2/secure_boot.c @@ -266,7 +266,7 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag return err; } #else - ESP_LOGW(TAG, "UART download mode kept enabled - SECURITY COMPROMISED"); + ESP_LOGW(TAG, "UART ROM Download mode kept enabled - SECURITY COMPROMISED"); #endif #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG diff --git a/components/bootloader_support/src/esp32s2/secure_boot_secure_features.c b/components/bootloader_support/src/esp32s2/secure_boot_secure_features.c index 71dbc64c2e..fd034aa452 100644 --- a/components/bootloader_support/src/esp32s2/secure_boot_secure_features.c +++ b/components/bootloader_support/src/esp32s2/secure_boot_secure_features.c @@ -34,7 +34,7 @@ esp_err_t esp_secure_boot_enable_secure_features(void) return err; } #else - ESP_LOGW(TAG, "UART ROM download mode kept enabled - SECURITY COMPROMISED"); + ESP_LOGW(TAG, "UART ROM Download mode kept enabled - SECURITY COMPROMISED"); #endif #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG diff --git a/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c b/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c index 2081e81e2f..9be4c8edd4 100644 --- a/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c +++ b/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c @@ -33,7 +33,7 @@ esp_err_t esp_secure_boot_enable_secure_features(void) return err; } #else - ESP_LOGW(TAG, "UART ROM download mode kept enabled - SECURITY COMPROMISED"); + ESP_LOGW(TAG, "UART ROM Download mode kept enabled - SECURITY COMPROMISED"); #endif #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG diff --git a/examples/system/efuse/example_test.py b/examples/system/efuse/example_test.py index 1d430c8ba4..868b2266f2 100644 --- a/examples/system/efuse/example_test.py +++ b/examples/system/efuse/example_test.py @@ -385,7 +385,7 @@ def test_examples_efuse_with_virt_secure_boot_v2(env, _): # type: (ttfw_idf.Tin dut.expect('secure_boot_v2: blowing secure boot efuse...') dut.expect('Disable JTAG...') dut.expect('Disable ROM BASIC interpreter fallback...') - dut.expect('Not disabling ROM Download mode - SECURITY COMPROMISED') + dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED') dut.expect('Prevent read disabling of additional efuses...') dut.expect('secure_boot_v2: Secure boot permanently enabled') @@ -449,7 +449,7 @@ def test_examples_efuse_with_virt_secure_boot_v2_pre_loaded(env, _): # type: (t dut.expect('secure_boot_v2: blowing secure boot efuse...') dut.expect('Disable JTAG...') dut.expect('Disable ROM BASIC interpreter fallback...') - dut.expect('Not disabling ROM Download mode - SECURITY COMPROMISED') + dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED') dut.expect('Prevent read disabling of additional efuses...') dut.expect('secure_boot_v2: Secure boot permanently enabled') @@ -508,7 +508,7 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(env, _): # type: (ttfw dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...') dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...') dut.expect('secure_boot_v2: blowing secure boot efuse...') - dut.expect('Not enabling Security download mode - SECURITY COMPROMISED') + dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED') dut.expect('Disable hardware & software JTAG...') dut.expect('secure_boot_v2: Secure boot permanently enabled') @@ -570,7 +570,7 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(env, _): # dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...') dut.expect('secure_boot_v2: blowing secure boot efuse...') - dut.expect('Not enabling Security download mode - SECURITY COMPROMISED') + dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED') dut.expect('Disable hardware & software JTAG...') dut.expect('secure_boot_v2: Secure boot permanently enabled') @@ -691,7 +691,7 @@ def test_examples_efuse_with_virt_sb_v2_and_fe(env, _): # type: (ttfw_idf.TinyF dut.expect('secure_boot_v2: blowing secure boot efuse...') dut.expect('Disable JTAG...') dut.expect('Disable ROM BASIC interpreter fallback...') - dut.expect('Not disabling ROM Download mode - SECURITY COMPROMISED') + dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED') dut.expect('secure_boot_v2: Secure boot permanently enabled') dut.expect('Checking flash encryption...') @@ -769,7 +769,7 @@ def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(env, _): # type: (ttfw_i dut.expect('secure_boot_v2: Revoking empty key digest slot (1)...') dut.expect('secure_boot_v2: Revoking empty key digest slot (2)...') dut.expect('secure_boot_v2: blowing secure boot efuse...') - dut.expect('Not enabling Security download mode - SECURITY COMPROMISED') + dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED') dut.expect('Disable hardware & software JTAG...') dut.expect('secure_boot_v2: Secure boot permanently enabled')