secure boot: Add warnings this feature is not finished yet
This commit is contained in:
Angus Gratton
parent
572f62928b
commit
0b4fe9dd6d
|
|
@ -47,6 +47,16 @@ bootloader-flash: $(BOOTLOADER_BIN)
|
|||
$(BOOTLOADER_MAKE) flash
|
||||
|
||||
else ifdef CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH
|
||||
|
||||
#### TEMPORARILY DISABLE THIS OPTION
|
||||
ifneq ("$(IDF_INSECURE_SECURE_BOOT)","1")
|
||||
bootloader:
|
||||
@echo "Secure boot features are not yet mature, so the current secure bootloader will not properly secure the device"
|
||||
@echo "If you flash this bootloader, you will be left with an non-updateable bootloader that is missing features."
|
||||
@echo "If you really want to do this, set the environment variable IDF_INSECURE_SECURE_BOOT=1 and rerun make."
|
||||
exit 1
|
||||
else
|
||||
|
||||
# One time flashing requires user to run esptool.py command themselves,
|
||||
# and warning is printed about inability to reflash.
|
||||
|
||||
|
|
@ -57,10 +67,20 @@ bootloader: $(BOOTLOADER_BIN)
|
|||
@echo $(SEPARATOR)
|
||||
@echo "* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"
|
||||
|
||||
endif # IDF_INSECURE_SECURE_BOOT
|
||||
else ifdef CONFIG_SECURE_BOOTLOADER_REFLASHABLE
|
||||
# Reflashable secure bootloader
|
||||
# generates a digest binary (bootloader + digest)
|
||||
|
||||
#### TEMPORARILY DISABLE THIS OPTION
|
||||
ifneq ("$(IDF_INSECURE_SECURE_BOOT)","1")
|
||||
bootloader:
|
||||
@echo "Secure boot features are not yet mature, so the current secure bootloader will not properly secure the device."
|
||||
@echo "If using this feature, expect to reflash the bootloader at least one more time."
|
||||
@echo "If you really want to do this, set the environment variable IDF_INSECURE_SECURE_BOOT=1 and rerun make."
|
||||
exit 1
|
||||
else
|
||||
|
||||
BOOTLOADER_DIGEST_BIN := $(BOOTLOADER_BUILD_DIR)/bootloader-reflash-digest.bin
|
||||
SECURE_BOOTLOADER_KEY := $(BOOTLOADER_BUILD_DIR)/secure-bootloader-key.bin
|
||||
|
||||
|
|
@ -83,6 +103,7 @@ $(BOOTLOADER_DIGEST_BIN): $(BOOTLOADER_BIN) $(SECURE_BOOTLOADER_KEY)
|
|||
@echo "DIGEST $(notdir $@)"
|
||||
$(Q) $(ESPSECUREPY) digest_secure_bootloader -k $(SECURE_BOOTLOADER_KEY) -o $@ $<
|
||||
|
||||
endif # IDF_INSECURE_SECURE_BOOT
|
||||
else
|
||||
bootloader:
|
||||
@echo "Invalid bootloader target: bad sdkconfig?"
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ Secure Boot is a feature for ensuring only your code can run on the chip. Data l
|
|||
|
||||
Secure Boot is separate from the Encrypted Flash feature, and you can use secure boot without encrypting the flash contents. However we recommend using both features together for a secure environment.
|
||||
|
||||
**IMPORTANT: As Encrypted Flash feature and related security features are not yet released, Secure Boot should not be considered sufficient for a secure device and we strongly recommend not enabling the one-time secure bootloader feature until it is mature.**
|
||||
|
||||
Background
|
||||
----------
|
||||
|
|
|
|||
Loading…
Reference in a new issue