Merge branch 'bugfix/disable_coding_scheme_security_features_v3.1' into 'release/v3.1'

bootloader: Don't enable secure boot or flash encryption for 3/4 Coding Scheme (v3.1) See merge request idf/esp-idf!3421
2018-10-08 07:06:40 +08:00 · 2018-10-08 07:06:40 +08:00 · 7930cfdba9
parent 541e02a7e3 1755fba8dc
commit 7930cfdba9
3 changed files with 11 additions and 1 deletions
--- a/components/bootloader_support/src/flash_encrypt.c
+++ b/components/bootloader_support/src/flash_encrypt.c
@ -62,6 +62,11 @@ esp_err_t esp_flash_encrypt_check_and_update(void)

 static esp_err_t initialise_flash_encryption(void)
 {
+    if (REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_CODING_SCHEME_M) {
+        ESP_LOGE(TAG, "Flash Encryption is currently not supported on hardware with 3/4 Coding Scheme (CODING_SCHEME efuse set)");
+        return ESP_ERR_NOT_SUPPORTED;
+    }
+
    /* Before first flash encryption pass, need to initialise key & crypto config */

    /* Generate key */
--- a/components/bootloader_support/src/secure_boot.c
+++ b/components/bootloader_support/src/secure_boot.c
@ -110,6 +110,11 @@ esp_err_t esp_secure_boot_permanently_enable(void) {
        return ESP_OK;
    }

+    if (REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_CODING_SCHEME_M) {
+        ESP_LOGE(TAG, "Secure Boot is currently not supported on hardware with 3/4 Coding Scheme (CODING_SCHEME efuse set)");
+        return ESP_ERR_NOT_SUPPORTED;
+    }
+
    /* Verify the bootloader */
    esp_image_metadata_t bootloader_data = { 0 };
    err = esp_image_verify_bootloader_data(&bootloader_data);
--- a/components/esptool_py/esptool
+++ b/components/esptool_py/esptool
@ -1 +1 @@
-Subproject commit fd8c25d2160505fb9d5abbe56f85116a136afb05
+Subproject commit 59b8dd8bfe3927dc11ffc06603fa082cb0f523bb