From 6f27992430fcc3e129948c06c49a4a9fb46a6a80 Mon Sep 17 00:00:00 2001 From: Felipe Neves Date: Tue, 31 Mar 2020 16:09:31 -0300 Subject: [PATCH] flash_encryption: return more clear error codes when bootloader encryption fails --- components/bootloader/Kconfig.projbuild | 2 +- components/bootloader_support/src/esp32s2/flash_encrypt.c | 4 ++-- examples/security/flash_encryption/CMakeLists.txt | 1 - 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild index e04913db6..e47f80986 100644 --- a/components/bootloader/Kconfig.projbuild +++ b/components/bootloader/Kconfig.projbuild @@ -601,7 +601,7 @@ menu "Security features" config SECURE_BOOT_ALLOW_ROM_BASIC bool "Leave ROM BASIC Interpreter available on reset" - depends on SECURE_BOOT_INSECURE || SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT && IDF_TARGET_ESP32 + depends on (SECURE_BOOT_INSECURE || SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT) && IDF_TARGET_ESP32 default N help By default, the BASIC ROM Console starts on reset if no valid bootloader is diff --git a/components/bootloader_support/src/esp32s2/flash_encrypt.c b/components/bootloader_support/src/esp32s2/flash_encrypt.c index 8cff97faa..a2c4a0db1 100644 --- a/components/bootloader_support/src/esp32s2/flash_encrypt.c +++ b/components/bootloader_support/src/esp32s2/flash_encrypt.c @@ -233,7 +233,7 @@ static esp_err_t encrypt_bootloader(void) image_length += FLASH_SECTOR_SIZE; if (ESP_BOOTLOADER_OFFSET + image_length > ESP_PARTITION_TABLE_OFFSET) { ESP_LOGE(TAG, "Bootloader is too large to fit Secure Boot V2 signature sector and partition table (configured offset 0x%x)", ESP_PARTITION_TABLE_OFFSET); - return ESP_ERR_INVALID_STATE; + return ESP_ERR_INVALID_SIZE; } #endif // CONFIG_SECURE_BOOT_V2_ENABLED @@ -248,7 +248,7 @@ static esp_err_t encrypt_bootloader(void) } else { ESP_LOGW(TAG, "no valid bootloader was found"); - return ESP_ERR_INVALID_STATE; + return ESP_ERR_NOT_FOUND; } } diff --git a/examples/security/flash_encryption/CMakeLists.txt b/examples/security/flash_encryption/CMakeLists.txt index 08764b824..27f6bc4e3 100644 --- a/examples/security/flash_encryption/CMakeLists.txt +++ b/examples/security/flash_encryption/CMakeLists.txt @@ -2,6 +2,5 @@ # CMakeLists in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.5) -# Flash encryption not currently supported for ESP32-S2 include($ENV{IDF_PATH}/tools/cmake/project.cmake) project(flash_encryption)