ECDSA based Secure Boot V2 is not functional for certain input vectors on ESP32-C5/C61/H2/P4 and on the preview targets ESP32-H4/H21. RSA based Secure Boot V2 is the recommended scheme where the SoC supports it. This issue will be fixed in a future hardware ECO revision; more details will be shared through the hardware errata document. A new hidden Kconfig option SECURE_BOOT_V2_ECDSA_INSECURE marks the affected mass-production SoCs (ESP32-C5/C61/H2/P4). On these SoCs, when hardware Secure Boot V2 is enabled, the ECDSA (V2) signing scheme is no longer offered by default; it must be turned on explicitly via SECURE_BOOT_V2_FORCE_ENABLE_ECDSA under "Allow potentially insecure options" (CONFIG_SECURE_BOOT_INSECURE). App signing without hardware Secure Boot is not affected. Note that ESP32-C61 has no RSA based Secure Boot V2, so it has no Secure Boot scheme enabled by default. The preview targets ESP32-H4 and ESP32-H21 mark ECDSA Secure Boot V2 as not supported in their SoC capabilities instead of using the option above. As ESP32-H4 has no other Secure Boot V2 scheme, Secure Boot is disabled entirely on it; ESP32-H21 retains RSA based Secure Boot V2. The security documentation keeps the ECDSA Secure Boot V2 content visible and adds a warning describing the limitation (including that ECDSA Secure Boot V2 on ESP32-C61 is not recommended for production). CI apps that exercise ECDSA Secure Boot V2 on the affected SoCs set CONFIG_SECURE_BOOT_V2_FORCE_ENABLE_ECDSA accordingly.
Test Apps
This directory contains a set of ESP-IDF projects to be used as tests only, which aim to exercise various configuration of components to check completely arbitrary functionality should it be building only, executing under various conditions or combination with other components, including custom test frameworks.
The test apps are not intended to demonstrate the ESP-IDF functionality in any way.
Test Apps projects
Test applications are treated the same way as ESP-IDF examples, so each project directory shall contain
- Build recipe in cmake and the main component with app sources
- Configuration files,
sdkconfig.ciand similar (see below) - Python test scripts,
pytest_....py(optional)
Test Apps layout
The test apps should be grouped into subdirectories by category. Categories are:
protocolscontains test of protocol interactions.networkcontains system network testssystemcontains tests on the internal chip features, debugging and development tools.securitycontains tests on the chip security features.
CI Behavior
Configuration Files
For each project in test_apps (and also examples):
- If a file
sdkconfig.ciexists then it's built as thedefaultCI config. - If any additional files
sdkconfig.ci.<CONFIG>exist then these are built as alternative configs, with the specified<CONFIG>name.
The CI system expects to see at least a "default" config, so add sdkconfig.ci before adding any sdkconfig.ci.CONFIG files.
- By default, every CI configurations is built for every target SoC (an
m * nconfiguration matrix). However if anysdkconfig.ci.*file contains a line of the formCONFIG_IDF_TARGET="targetname"then that CI config is only built for that one target. This only works insdkconfig.ci.CONFIG, not in the defaultsdkconfig.ci. - Each configuration is also built with the contents of any
sdkconfig.defaultsfile or a file namedsdkconfig.defaults.<TARGET>appended. (Same as a normal ESP-IDF project build.)
Test Apps local execution
Some of the examples have pytest_....py scripts that are using the pytest as the test framework. For detailed information, please refer to the "Run the Tests Locally" Section under ESP-IDF tests in Pytest documentation