Commit Graph

24 Commits

Author SHA1 Message Date
Xiao Xufeng
0a6c922059 fix(esp_system): limit CPU clock to 160MHz in ESP32-C5 for flash encryption
This reverts commit 7145fc9558.
2026-01-28 11:15:30 +05:30
Aditya Patwardhan
eb4a871eca refactor(esp_hal_security): Updated esp_hal_security build and includes 2026-01-21 10:02:44 +05:30
Xiao Xufeng
7145fc9558 Revert "fix(esp_system): limit CPU clock to 160MHz in ESP32-C5 for flash encryption"
This reverts commit 3c5d2e6b58.
2025-12-16 17:43:58 +08:00
harshal.patil
1f2cbde525 change(esp_key_mgr): Store key_len field in the key_info
- Update the Key Manager key types to be generic
- Define a new enum to determine the length of the keys
- Refactor the Key Manager driver support generic key types and key lengths
- Also store key deployment mode in the key recovery info
2025-11-17 12:34:09 +05:30
Mahavir Jain
3c5d2e6b58 fix(esp_system): limit CPU clock to 160MHz in ESP32-C5 for flash encryption
Encrypted flash write operation sometimes result in random corruption in
certain bytes. Root cause points to sudden current surge due to involvement of
encryption block overwhelming LDO supply. More details will be provided
in the ESP32-C5 SoC Errata document.

This fix limits the CPU clock to 160MHz for flash encryption enabled
case. Failing encrypted flash write tests could successfully pass in
this configuration. Going ahead, a dynamic clock adjustment in flash
driver will be considered to mitigate this issue.
2025-11-12 19:14:55 +05:30
harshal.patil
3090e91e60 fix(esp_security): Set WR_DIS_SECURE_BOOT_SHA384_EN by default when
Flash Encryption Release mode is enabled and Secure Boot P384 scheme not is enabled.
2025-11-05 08:39:55 +05:30
harshal.patil
7168b9f7d3 fix(esp_security): Fix undefined efuse build failure in case of ESP32-P4
- The `wr_dis` efuse bit corresponding to `SECURE_BOOT_SHA384_EN` is absent in P4
2025-11-05 08:39:55 +05:30
harshal.patil
609d52c6bf feat(esp32p4): Support newer Key Manager key sources for ESP32-P4 V3 2025-10-15 15:49:20 +05:30
Harshal Patil
fd7d9c9ee9 Merge branch 'fix/key_mgr_use_default_efuse_key' into 'master'
Configure the Key Manager to use XTS-AES efuse key by-default

Closes IDFCI-3135 and IDFCI-3136

See merge request espressif/esp-idf!42032
2025-09-26 12:34:19 +05:30
harshal.patil
8b663ebe4d fix(esp_security): Configure the Key Manager to use XTS-AES efuse key by-default 2025-09-22 12:22:07 +05:30
harshal.patil
5aa5366e7f fix(bootloader_support): Reorder write disabling ECDSA_CURVE_MODE 2025-09-19 17:01:23 +05:30
harshal.patil
d6c1184676 fix(bootloader_support): Reorder write protection bits of some shared security efuses 2025-09-19 13:02:00 +05:30
harshal.patil
8ab6b4d694 fix(esp_security/esp_key_mgr): Recharge HUK before the first usage 2025-06-27 15:15:26 +05:30
harshal.patil
a7c7b75dfd feat(soc): Update ESP32-C5's key manager reg and struct files to ECO2
- Also added a new soc_cap to denote if key manager key deployment is available
2025-06-27 15:15:26 +05:30
nilesh.kale
c65858287a feat: enabled secure boot support esp32h21 2025-04-25 17:48:25 +05:30
nilesh.kale
aae4bfb6f3 feat: enable ecdsa support for esp32h21
This commit enabled suppot for ECDSA peripheral in ESP32H21.
2025-04-14 10:26:46 +05:30
laokaiyao
9269b785f8 refactor(ecdsa): rely on efuse to get chip revision 2025-01-24 11:50:17 +08:00
Aditya Patwardhan
d8d9ba3dc2 fix(soc): Fixed ECDSA register compatibility 2025-01-24 11:50:17 +08:00
Aditya Patwardhan
bef2a72ecb fix(hal): Make the ECDSA countermeasure dynamically applicable
This commit makes the ECDSA countermeasure dynamically applicable
    across different revisions of the ESP32H2 SoC.
2025-01-24 11:50:17 +08:00
Mahavir Jain
6875cbf022 feat(ecc): enable ECC constant time mode for ESP32-H2 ECO5 2025-01-24 11:50:17 +08:00
Aditya Patwardhan
82db0feab2 fix(security): Update key manager specific initializations for esp32c5 2024-10-28 11:13:43 +08:00
Mahavir Jain
e52e2d282a refactor(startup): move key manager specific code to esp_security component 2024-09-25 14:21:19 +05:30
harshal.patil
39872a5575 feat(esp_security): Config to forcefully enable ECC constant-time operations during bootup 2024-09-20 18:46:55 +05:30
Mahavir Jain
79f9c7d157 feat(esp_security): Move DS, HMAC, DPA and crypto lock implementation 2024-08-20 12:35:22 +08:00