From 6281b910d17c78bcb838a6f773d2dcd8015579e0 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Tue, 3 Dec 2019 16:00:07 +1100 Subject: [PATCH] security: Hide Secure Boot & Flash Encryption config items when using CMake These features are not supported in the CMake build system preview, but previously had to read the notice in the CMake Getting Started guide to know this. Related to https://github.com/espressif/esp-idf/issues/4419 --- components/bootloader/Kconfig.projbuild | 1 + docs/en/security/flash-encryption.rst | 5 ++++- docs/en/security/secure-boot.rst | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild index 2bf32a730..e8c2eed44 100644 --- a/components/bootloader/Kconfig.projbuild +++ b/components/bootloader/Kconfig.projbuild @@ -163,6 +163,7 @@ endmenu # Bootloader menu "Security features" + visible if !IDF_CMAKE # These three are the actual options to check in code, # selected by the displayed options diff --git a/docs/en/security/flash-encryption.rst b/docs/en/security/flash-encryption.rst index 166046678..65f05f60b 100644 --- a/docs/en/security/flash-encryption.rst +++ b/docs/en/security/flash-encryption.rst @@ -8,7 +8,10 @@ Flash Encryption is separate from the :doc:`Secure Boot ` feature, When using any non-default configuration in production, additional steps may also be needed to ensure effectiveness of flash encryption. See :ref:`securing-flash-encryption` for more details. .. important:: - Enabling flash encryption limits your options for further updates of your ESP32. Make sure to read this document (including :ref:`flash-encryption-limitations`) and understand the implications of enabling flash encryption. + Enabling flash encryption limits your options for further updates of your ESP32. Make sure to read this document (including :ref:`flash-encryption-limitations`) and understand the implications of enabling flash encryption. + +.. note:: + Flash encryption is only supported when using the default GNU Make build system. The CMake build system preview in ESP-IDF v3.x does not support flash encryption. Background ---------- diff --git a/docs/en/security/secure-boot.rst b/docs/en/security/secure-boot.rst index 79baa8725..ef5e62c38 100644 --- a/docs/en/security/secure-boot.rst +++ b/docs/en/security/secure-boot.rst @@ -9,6 +9,10 @@ Secure Boot is separate from the :doc:`Flash Encryption ` feat Enabling secure boot limits your options for further updates of your ESP32. Make sure to read this document throughly and understand the implications of enabling secure boot. +.. note:: + + Secure boot is only supported when using the default GNU Make build system. The CMake build system preview in ESP-IDF v3.x does not support secure boot. + Background ----------