From dac77846e53148871cf0994089f08b7dc12c4fc0 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Tue, 3 Dec 2019 16:00:07 +1100 Subject: [PATCH] security: Hide Secure Boot & Flash Encryption config items when using CMake These features are not supported in the CMake build system preview, but previously had to read the notice in the CMake Getting Started guide to know this. Related to https://github.com/espressif/esp-idf/issues/4419 --- components/bootloader/Kconfig.projbuild | 1 + docs/en/security/flash-encryption.rst | 6 +++++- docs/en/security/secure-boot.rst | 4 ++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild index 4d62edc8e..01493b714 100644 --- a/components/bootloader/Kconfig.projbuild +++ b/components/bootloader/Kconfig.projbuild @@ -131,6 +131,7 @@ endmenu # Bootloader menu "Security features" + visible if !IDF_CMAKE # These three are the actual options to check in code, # selected by the displayed options diff --git a/docs/en/security/flash-encryption.rst b/docs/en/security/flash-encryption.rst index 1e10aef1a..dd523ab26 100644 --- a/docs/en/security/flash-encryption.rst +++ b/docs/en/security/flash-encryption.rst @@ -7,7 +7,11 @@ Flash Encryption is separate from the :doc:`Secure Boot ` feature, When using any non-default configuration in production, additional steps may also be needed to ensure effectiveness of flash encryption. See :ref:`securing-flash-encryption` for more details. -**IMPORTANT: Enabling flash encryption limits your options for further updates of your ESP32. Make sure to read this document (including :ref:`flash-encryption-limitations`) and understand the implications of enabling flash encryption.** +.. important:: + Enabling flash encryption limits your options for further updates of your ESP32. Make sure to read this document (including :ref:`flash-encryption-limitations`) and understand the implications of enabling flash encryption. + +.. note:: + Flash encryption is only supported when using the default GNU Make build system. The CMake build system preview in ESP-IDF v3.x does not support flash encryption. Background ---------- diff --git a/docs/en/security/secure-boot.rst b/docs/en/security/secure-boot.rst index 2ac5ca1bc..b2bad7358 100644 --- a/docs/en/security/secure-boot.rst +++ b/docs/en/security/secure-boot.rst @@ -9,6 +9,10 @@ Secure Boot is separate from the :doc:`Flash Encryption ` feat Enabling secure boot limits your options for further updates of your ESP32. Make sure to read this document throughly and understand the implications of enabling secure boot. +.. note:: + + Secure boot is only supported when using the default GNU Make build system. The CMake build system preview in ESP-IDF v3.x does not support secure boot. + Background ----------