From 0a1c68d7b62df769dea506709c0a300e10a65a12 Mon Sep 17 00:00:00 2001 From: Ivan Grokhotkov Date: Wed, 5 Jul 2017 11:35:01 +0800 Subject: [PATCH] docs: fix flash encryption key storage block, use same names as in TRM --- docs/security/flash-encryption.rst | 2 +- docs/security/secure-boot.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/security/flash-encryption.rst b/docs/security/flash-encryption.rst index fd9b620e1..866cff498 100644 --- a/docs/security/flash-encryption.rst +++ b/docs/security/flash-encryption.rst @@ -373,7 +373,7 @@ Flash Encryption Algorithm - AES algorithm is used inverted in flash encryption, so the flash encryption "encrypt" operation is AES decrypt and the "decrypt" operation is AES encrypt. This is for performance reasons and does not alter the effectiveness of the algorithm. -- The main flash encryption key is stored in efuse (BLK2) and by default is protected from further writes or software readout. +- The main flash encryption key is stored in efuse (BLOCK1) and by default is protected from further writes or software readout. - Each 32 byte block (two adjacent 16 byte AES blocks) is encrypted with a unique key. The key is derived from the main flash encryption key in efuse, XORed with the offset of this block in the flash (a "key tweak"). diff --git a/docs/security/secure-boot.rst b/docs/security/secure-boot.rst index 126b8c9d6..0493ee361 100644 --- a/docs/security/secure-boot.rst +++ b/docs/security/secure-boot.rst @@ -14,7 +14,7 @@ Background - Most data is stored in flash. Flash access does not need to be protected from physical access in order for secure boot to function, because critical data is stored (non-software-accessible) in Efuses internal to the chip. -- Efuses are used to store the secure bootloader key (in efuse block 2), and also a single Efuse bit (ABS_DONE_0) is burned (written to 1) to permanently enable secure boot on the chip. For more details about efuse, see the (forthcoming) chapter in the Technical Reference Manual. +- Efuses are used to store the secure bootloader key (in efuse BLOCK2), and also a single Efuse bit (ABS_DONE_0) is burned (written to 1) to permanently enable secure boot on the chip. For more details about efuse, see Chapter 11 "eFuse Controller" in the Technical Referecnce Manual. - To understand the secure boot process, first familiarise yourself with the standard :doc:`ESP-IDF boot process <../api-guides/general-notes>`.