ECDSA based Secure Boot V2 is not functional for certain input vectors on
ESP32-C5/C61/H2/P4 and on the preview targets ESP32-H4/H21. RSA based Secure
Boot V2 is the recommended scheme where the SoC supports it. This issue will be
fixed in a future hardware ECO revision; more details will be shared through the
hardware errata document.
A new hidden Kconfig option SECURE_BOOT_V2_ECDSA_INSECURE marks the affected
mass-production SoCs (ESP32-C5/C61/H2/P4). On these SoCs, when hardware Secure
Boot V2 is enabled, the ECDSA (V2) signing scheme is no longer offered by
default; it must be turned on explicitly via SECURE_BOOT_V2_FORCE_ENABLE_ECDSA
under "Allow potentially insecure options" (CONFIG_SECURE_BOOT_INSECURE). App
signing without hardware Secure Boot is not affected. Note that ESP32-C61 has no
RSA based Secure Boot V2, so it has no Secure Boot scheme enabled by default.
The preview targets ESP32-H4 and ESP32-H21 mark ECDSA Secure Boot V2 as not
supported in their SoC capabilities instead of using the option above. As
ESP32-H4 has no other Secure Boot V2 scheme, Secure Boot is disabled entirely on
it; ESP32-H21 retains RSA based Secure Boot V2.
The security documentation keeps the ECDSA Secure Boot V2 content visible and
adds a warning describing the limitation (including that ECDSA Secure Boot V2 on
ESP32-C61 is not recommended for production). CI apps that exercise ECDSA Secure
Boot V2 on the affected SoCs set CONFIG_SECURE_BOOT_V2_FORCE_ENABLE_ECDSA
accordingly.
Recovery bootloader support increased the ESP32-P4 bootloader image enough
that it no longer fits before 0xe000. Moving the partition table to 0x10000
restores slack for CI builds using secure boot and flash encryption together.
Co-authored-by: Cursor <cursoragent@cursor.com>
The otatool pytest calls dut.serial.close() and then immediately
launches otatool_example.py as a subprocess that re-opens the same
serial port via esptool. This fails intermittently because:
1. pytest-embedded's QueueFeederThread still holds a reference to
the serial port file descriptor when close() returns, causing
'argument must be an int, or have a fileno() method' error.
2. The OS has not fully released the serial port by the time the
subprocess tries to open it.
Add a delay after serial close and retry logic for the subprocess
to handle transient serial port contention.
Made-with: Cursor
The hw-reference/modules-and-boards page was removed from esp-idf docs
and moved to esp-dev-kits. The ESP32-S2-Saola-1 user guide similarly
moved. The configure-builtin-jtag link used the now-obsolete chip-less
stable URL format.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Modified test for storage data, reduced the size to 500 bytes,
less than IMAGE_HEADER_SIZE (1024), to check the workflow, if the
custom partition other than APP and BOOTLOADER less IMAGE_HEADER_SIZE
performed OTA
This commit also added config option to set default buffer size for OTA.
This testcase mainly checks if OTA resumption fails if data written is
not 16 byte aligned when Flash Encryption is enabled.