Aditya Patwardhan
e1d429ba30
feat(hal): add ECDSA low-level driver for esp32s31
...
Co-authored-by: Nilesh Kale <nilesh.kale@espressif.com >
2026-05-20 10:17:34 +05:30
nilesh.kale
2267558b15
feat: enabled ECDSA peripheral support for ESSP32-P4
2025-12-16 11:48:06 +05:30
harshal.patil
d6c1184676
fix(bootloader_support): Reorder write protection bits of some shared security efuses
2025-09-19 13:02:00 +05:30
Konstantin Kondrashov
dcf486359e
feat(log): Optimize log tag init for bin logging
2025-09-15 15:59:52 +03:00
harshal.patil
130e72f82b
feat(bootloader_support): Support Secure Boot using ECDSA-P384 curve
2025-07-21 09:19:42 +05:30
nilesh.kale
0fb8c2a9b8
feat: enabled ECDSA-P192 support for ESP32H2
2025-05-22 14:55:03 +05:30
nilesh.kale
c65858287a
feat: enabled secure boot support esp32h21
2025-04-25 17:48:25 +05:30
Aditya Patwardhan
a57aa71190
feat(security): Add security_features_app example to demonstrate security features
2024-06-27 16:56:55 +05:30
Aditya Patwardhan
9e3424709a
fix(bootloader_support): Allow SOFT_DIS_JTAG in verify_release_mode
2024-06-27 15:09:50 +05:30
Harshit Malpani
c19e1b8f72
fix(bootloader_support): Fix condition for SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
...
Fix the condition to verify the image when SECURE_SIGNED_APPS_ECDSA_V2_SCHEME and
SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT are selected.
2023-09-25 12:02:58 +05:30
KonstantinKondrashov
73d756d073
bootloader_support(esp32c2): Fix esp_secure_boot_cfg_verify_release_mode API
...
When FE and SB keys are set then:
- 128 low bits are read protected
- 128 hi bits are readable
2023-01-24 18:16:19 +08:00
KonstantinKondrashov
696f7495a0
security: Adds new APIs to check that all eFuse security features are enabled correctly
2023-01-10 23:35:13 +08:00
KonstantinKondrashov
dd4642b6ba
secure_boot(esp32c2): Fix case when SB key is pre-loaded
2022-05-31 11:12:21 +00:00
KonstantinKondrashov
505e18237a
bootloader: Support Flash Encryption for ESP32-C2
2022-05-31 11:12:21 +00:00
Jan Brudný
dffe49f305
bootloader: update copyright notice
2021-06-02 14:22:09 +02:00
KonstantinKondrashov
7f40717eb2
secure_boot/SIGNED_ON_UPDATE_NO_SECURE_BOOT: Only the first position of signature blocks is used to verify any update
2021-03-25 12:27:05 +00:00
Angus Gratton
d709631393
secure boot: Add boot check for SBV2 "check app signature on update"
...
As this mode uses the public keys attached to the existing app's signatures to
verify the next app, checking that a signature block is found on boot prevents
the possibility of deploying a non-updatable device from the factory.
2021-03-15 12:30:20 +00:00
KonstantinKondrashov
90f2d3199a
secure_boot: Checks secure boot efuses
...
ESP32 V1 and V2 - protection bits.
ESP32xx V2: revoke bits, protection bits
- refactor efuse component
- adds some APIs for esp32 chips as well as for esp32xx chips
2021-02-23 03:56:21 +08:00
suda-morris
3f2d6a0891
make bootloader_support depend on IDF_TARGET
...
1. move chip-specific code(e.g. encryption) into IDF_TARGET directory
2. splict app-only code to idf directory which won't be compiled into bootloader
2019-04-16 17:37:56 +08:00
Anurag Kar
62b0d51c02
Enable secure boot only after encrypting flash
...
This prevents a device from being bricked in case when both secure boot & flash encryption are enabled and encryption gets interrupted during first boot. After interruption, all partitions on the device need to be reflashed (including the bootloader).
List of changes:
* Secure boot key generation and bootloader digest generation logic, implemented inside function esp_secure_boot_permanently_enable(), has been pulled out into new API esp_secure_boot_generate_digest(). The enabling of R/W protection of secure boot key on EFUSE still happens inside esp_secure_boot_permanently_enable()
* Now esp_secure_boot_permanently_enable() is called only after flash encryption process completes
* esp_secure_boot_generate_digest() is called before flash encryption process starts
2019-04-10 18:17:58 +05:30
morris
c159984264
separate rom from esp32 component to esp_rom
...
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
2019-03-21 18:51:45 +08:00
Angus Gratton
f53fef9936
Secure Boot & Flash encryption: Support 3/4 Coding Scheme
...
Includes esptool update to v2.6-beta1
2018-10-16 16:24:10 +11:00
Angus Gratton
326d791ebb
bootloader: Fix secure boot digest generation for image length where (len%128 < 32)
2018-10-02 15:17:14 +10:00
Angus Gratton
ff33406e74
bootloader: Don't enable secure boot or flash encryption for 3/4 Coding Scheme
2018-09-26 18:26:06 +10:00
Angus Gratton
0c8888d68f
bootloader: Combine loading from flash & verifying to save boot time
...
Still needs updating to account for secure boot.
2017-07-19 18:25:17 +10:00
Angus Gratton
3922ce47b2
bootloader: Enable early boot RNG entropy source
...
This reverts commit ceb8566970 .
2017-01-04 17:07:12 +11:00
Angus Gratton
ceb8566970
Flash encryption / secure boot: Temporarily disable on-device key generation
...
Will be enabled after seeding of HWRNG in bootloader is fully tested/qualified.
2016-12-01 23:49:13 -08:00
Angus Gratton
506c8cd964
secure boot & flash encryption: Rework configuration options
...
Add UART bootloader disable options for flash encryption
2016-12-01 23:49:12 -08:00
Angus Gratton
9eb135fd73
Flash encryption: Support enabling flash encryption in bootloader, app support
...
* App access functions are all flash encryption-aware
* Documentation for flash encryption
* Partition read/write is flash aware
* New encrypted write function
2016-12-01 23:49:12 -08:00
Angus Gratton
e459f803da
secure boot: Functional partition table & app signature verification
2016-11-14 11:08:42 +11:00
Angus Gratton
fe66dd85f0
secure boot: Enable based on sdkconfig, remove "secure boot flag" from binary image
2016-11-14 11:08:42 +11:00
Angus Gratton
98a0387854
bootloader_support: Move secure boot code to bootloader_support
2016-11-08 11:13:54 +11:00