1 /*
2 * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <strings.h>
8 #include "sdkconfig.h"
9 #include "esp_log.h"
10 #include "esp_efuse.h"
11 #include "esp_efuse_table.h"
12 #include "esp_flash_encrypt.h"
13 #include "esp_secure_boot.h"
14 #include "hal/efuse_hal.h"
15
16 #if CONFIG_IDF_TARGET_ESP32
17 #define CRYPT_CNT ESP_EFUSE_FLASH_CRYPT_CNT
18 #define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT
19 #else
20 #define CRYPT_CNT ESP_EFUSE_SPI_BOOT_CRYPT_CNT
21 #define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT
22 #endif
23
24 static const char *TAG = "flash_encrypt";
25 #ifndef BOOTLOADER_BUILD
26
esp_flash_encryption_init_checks()27 void esp_flash_encryption_init_checks()
28 {
29 esp_flash_enc_mode_t mode;
30
31 #ifdef CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP
32 if (!esp_flash_encryption_enabled()) {
33 ESP_LOGE(TAG, "Flash encryption eFuse bit was not enabled in bootloader but CONFIG_SECURE_FLASH_ENC_ENABLED is on");
34 abort();
35 }
36 #endif // CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP
37
38 // First check is: if Release mode flash encryption & secure boot are enabled then
39 // FLASH_CRYPT_CNT *must* be write protected. This will have happened automatically
40 // if bootloader is IDF V4.0 or newer but may not have happened for previous ESP-IDF bootloaders.
41 #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
42 #ifdef CONFIG_SECURE_BOOT
43 if (esp_secure_boot_enabled() && esp_flash_encryption_enabled()) {
44 bool flash_crypt_cnt_wr_dis = esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT);
45 if (!flash_crypt_cnt_wr_dis) {
46 uint8_t flash_crypt_cnt = 0;
47 esp_efuse_read_field_blob(CRYPT_CNT, &flash_crypt_cnt, CRYPT_CNT[0]->bit_count);
48 if (flash_crypt_cnt == (1<<(CRYPT_CNT[0]->bit_count))-1) {
49 // If encryption counter is already max, no need to write protect it
50 // (this distinction is important on ESP32 ECO3 where write-procted FLASH_CRYPT_CNT also write-protects UART_DL_DIS)
51 } else {
52 ESP_LOGE(TAG, "Flash encryption & Secure Boot together requires FLASH_CRYPT_CNT efuse to be write protected. Fixing now...");
53 esp_flash_write_protect_crypt_cnt();
54 }
55 }
56 }
57 #endif // CONFIG_SECURE_BOOT
58 #endif // CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
59
60 // Second check is to print a warning or error if the current running flash encryption mode
61 // doesn't match the expectation from project config (due to mismatched bootloader and app, probably)
62 mode = esp_get_flash_encryption_mode();
63 if (mode == ESP_FLASH_ENC_MODE_DEVELOPMENT) {
64 #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
65 ESP_LOGE(TAG, "Flash encryption settings error: app is configured for RELEASE but efuses are set for DEVELOPMENT");
66 ESP_LOGE(TAG, "Mismatch found in security options in bootloader menuconfig and efuse settings. Device is not secure.");
67 #else
68 ESP_LOGW(TAG, "Flash encryption mode is DEVELOPMENT (not secure)");
69 #endif // CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
70 } else if (mode == ESP_FLASH_ENC_MODE_RELEASE) {
71 ESP_LOGI(TAG, "Flash encryption mode is RELEASE");
72 }
73 }
74 #endif // BOOTLOADER_BUILD
75
76 /**
77 * This former inlined function must not be defined in the header file anymore.
78 * As it depends on efuse component, any use of it outside of `bootloader_support`,
79 * would require the caller component to include `efuse` as part of its `REQUIRES` or
80 * `PRIV_REQUIRES` entries.
81 * Attribute IRAM_ATTR must be specified for the app build.
82 */
esp_flash_encryption_enabled(void)83 bool IRAM_ATTR esp_flash_encryption_enabled(void)
84 {
85 #ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
86 return efuse_hal_flash_encryption_enabled();
87 #else
88 uint32_t flash_crypt_cnt = 0;
89 #if CONFIG_IDF_TARGET_ESP32
90 esp_efuse_read_field_blob(ESP_EFUSE_FLASH_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count);
91 #else
92 esp_efuse_read_field_blob(ESP_EFUSE_SPI_BOOT_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count);
93 #endif
94 /* __builtin_parity is in flash, so we calculate parity inline */
95 bool enabled = false;
96 while (flash_crypt_cnt) {
97 if (flash_crypt_cnt & 1) {
98 enabled = !enabled;
99 }
100 flash_crypt_cnt >>= 1;
101 }
102 return enabled;
103 #endif // CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
104 }
105
esp_flash_write_protect_crypt_cnt(void)106 void esp_flash_write_protect_crypt_cnt(void)
107 {
108 esp_efuse_write_field_bit(WR_DIS_CRYPT_CNT);
109 }
110
esp_get_flash_encryption_mode(void)111 esp_flash_enc_mode_t esp_get_flash_encryption_mode(void)
112 {
113 bool flash_crypt_cnt_wr_dis = false;
114 esp_flash_enc_mode_t mode = ESP_FLASH_ENC_MODE_DEVELOPMENT;
115
116 if (esp_flash_encryption_enabled()) {
117 /* Check if FLASH CRYPT CNT is write protected */
118
119 flash_crypt_cnt_wr_dis = esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT);
120 if (!flash_crypt_cnt_wr_dis) {
121 uint8_t flash_crypt_cnt = 0;
122 esp_efuse_read_field_blob(CRYPT_CNT, &flash_crypt_cnt, CRYPT_CNT[0]->bit_count);
123 if (flash_crypt_cnt == (1 << (CRYPT_CNT[0]->bit_count)) - 1) {
124 flash_crypt_cnt_wr_dis = true;
125 }
126 }
127
128 if (flash_crypt_cnt_wr_dis) {
129
130 #if CONFIG_IDF_TARGET_ESP32
131 bool dis_dl_cache = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_CACHE);
132 bool dis_dl_enc = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT);
133 bool dis_dl_dec = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT);
134 /* Check if DISABLE_DL_DECRYPT, DISABLE_DL_ENCRYPT & DISABLE_DL_CACHE are set */
135 if ( dis_dl_cache && dis_dl_enc && dis_dl_dec ) {
136 mode = ESP_FLASH_ENC_MODE_RELEASE;
137 }
138 #else
139 if (esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT)
140 #if SOC_EFUSE_DIS_DOWNLOAD_ICACHE
141 && esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE)
142 #endif
143 #if SOC_EFUSE_DIS_DOWNLOAD_DCACHE
144 && esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE)
145 #endif
146 ) {
147 mode = ESP_FLASH_ENC_MODE_RELEASE;
148 #ifdef CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED
149 // This chip supports two types of key: AES128_DERIVED and AES128.
150 // To be in RELEASE mode, it is important for the AES128_DERIVED key that XTS_KEY_LENGTH_256 be write-protected.
151 bool xts_key_len_256_wr_dis = esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT);
152 mode = (xts_key_len_256_wr_dis) ? ESP_FLASH_ENC_MODE_RELEASE : ESP_FLASH_ENC_MODE_DEVELOPMENT;
153 #endif // CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED
154 }
155 #endif // !CONFIG_IDF_TARGET_ESP32
156 }
157 } else {
158 mode = ESP_FLASH_ENC_MODE_DISABLED;
159 }
160
161 return mode;
162 }
163
esp_flash_encryption_set_release_mode(void)164 void esp_flash_encryption_set_release_mode(void)
165 {
166 esp_flash_enc_mode_t mode = esp_get_flash_encryption_mode();
167 if (mode == ESP_FLASH_ENC_MODE_RELEASE) {
168 return;
169 }
170 if (mode == ESP_FLASH_ENC_MODE_DISABLED) {
171 ESP_LOGE(TAG, "Flash encryption eFuse is not enabled, abort..");
172 abort();
173 return;
174 }
175 // ESP_FLASH_ENC_MODE_DEVELOPMENT -> ESP_FLASH_ENC_MODE_RELEASE
176 esp_efuse_batch_write_begin();
177 if (!esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT)) {
178 size_t flash_crypt_cnt = 0;
179 esp_efuse_read_field_cnt(CRYPT_CNT, &flash_crypt_cnt);
180 if (flash_crypt_cnt != CRYPT_CNT[0]->bit_count) {
181 esp_efuse_write_field_cnt(CRYPT_CNT, CRYPT_CNT[0]->bit_count - flash_crypt_cnt);
182 }
183 }
184 #if CONFIG_IDF_TARGET_ESP32
185 esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_CACHE);
186 esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT);
187 esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT);
188 #else
189 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
190 #if SOC_EFUSE_DIS_DOWNLOAD_ICACHE
191 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
192 #endif
193 #if SOC_EFUSE_DIS_DOWNLOAD_DCACHE
194 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE);
195 #endif
196 #ifdef CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED
197 // For AES128_DERIVED, FE key is 16 bytes and XTS_KEY_LENGTH_256 is 0.
198 // It is important to protect XTS_KEY_LENGTH_256 from further changing it to 1. Set write protection for this bit.
199 // Burning WR_DIS_CRYPT_CNT, blocks further changing of eFuses: DIS_DOWNLOAD_MANUAL_ENCRYPT, SPI_BOOT_CRYPT_CNT, [XTS_KEY_LENGTH_256], SECURE_BOOT_EN.
200 esp_efuse_write_field_bit(WR_DIS_CRYPT_CNT);
201 #endif // CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED
202 #endif // !CONFIG_IDF_TARGET_ESP32
203
204 #ifdef CONFIG_IDF_TARGET_ESP32
205 esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE);
206 #else
207 #if SOC_EFUSE_DIS_ICACHE
208 esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE);
209 #endif
210 #endif // !CONFIG_IDF_TARGET_ESP32
211
212 #if CONFIG_SOC_SUPPORTS_SECURE_DL_MODE
213 esp_efuse_enable_rom_secure_download_mode();
214 #else
215 esp_efuse_disable_rom_download_mode();
216 #endif
217 esp_efuse_batch_write_commit();
218
219 if (esp_get_flash_encryption_mode() != ESP_FLASH_ENC_MODE_RELEASE) {
220 ESP_LOGE(TAG, "Flash encryption mode is DEVELOPMENT, abort..");
221 abort();
222 }
223 ESP_LOGI(TAG, "Flash encryption mode is RELEASE");
224 }
225
226 #ifdef CONFIG_IDF_TARGET_ESP32
esp_flash_encryption_cfg_verify_release_mode(void)227 bool esp_flash_encryption_cfg_verify_release_mode(void)
228 {
229 bool result = false;
230 bool secure;
231
232 secure = esp_flash_encryption_enabled();
233 result = secure;
234 if (!secure) {
235 ESP_LOGW(TAG, "Not enabled Flash Encryption (FLASH_CRYPT_CNT->1 or max)");
236 }
237
238 uint8_t crypt_config = 0;
239 esp_efuse_read_field_blob(ESP_EFUSE_ENCRYPT_CONFIG, &crypt_config, 4);
240 if (crypt_config != EFUSE_FLASH_CRYPT_CONFIG) {
241 result &= false;
242 ESP_LOGW(TAG, "ENCRYPT_CONFIG must be set 0xF (set ENCRYPT_CONFIG->0xF)");
243 }
244
245 uint8_t flash_crypt_cnt = 0;
246 esp_efuse_read_field_blob(ESP_EFUSE_FLASH_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count);
247 if (flash_crypt_cnt != (1 << (ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count)) - 1) {
248 if (!esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT)) {
249 result &= false;
250 ESP_LOGW(TAG, "Not release mode of Flash Encryption (set FLASH_CRYPT_CNT->max or WR_DIS_FLASH_CRYPT_CNT->1)");
251 }
252 }
253
254 secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT);
255 result &= secure;
256 if (!secure) {
257 ESP_LOGW(TAG, "Not disabled UART bootloader encryption (set DISABLE_DL_ENCRYPT->1)");
258 }
259
260 secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT);
261 result &= secure;
262 if (!secure) {
263 ESP_LOGW(TAG, "Not disabled UART bootloader decryption (set DISABLE_DL_DECRYPT->1)");
264 }
265
266 secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_CACHE);
267 result &= secure;
268 if (!secure) {
269 ESP_LOGW(TAG, "Not disabled UART bootloader MMU cache (set DISABLE_DL_CACHE->1)");
270 }
271
272 secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_JTAG);
273 result &= secure;
274 if (!secure) {
275 ESP_LOGW(TAG, "Not disabled JTAG (set DISABLE_JTAG->1)");
276 }
277
278 secure = esp_efuse_read_field_bit(ESP_EFUSE_CONSOLE_DEBUG_DISABLE);
279 result &= secure;
280 if (!secure) {
281 ESP_LOGW(TAG, "Not disabled ROM BASIC interpreter fallback (set CONSOLE_DEBUG_DISABLE->1)");
282 }
283
284 secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE);
285 result &= secure;
286 if (!secure) {
287 ESP_LOGW(TAG, "Not write-protected DIS_CACHE (set WR_DIS_DIS_CACHE->1)");
288 }
289
290 secure = esp_efuse_read_field_bit(ESP_EFUSE_RD_DIS_BLK1);
291 result &= secure;
292 if (!secure) {
293 ESP_LOGW(TAG, "Not read-protected flash ecnryption key (set RD_DIS_BLK1->1)");
294 }
295
296 secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_BLK1);
297 result &= secure;
298 if (!secure) {
299 ESP_LOGW(TAG, "Not write-protected flash ecnryption key (set WR_DIS_BLK1->1)");
300 }
301 return result;
302 }
303 #else // not CONFIG_IDF_TARGET_ESP32
esp_flash_encryption_cfg_verify_release_mode(void)304 bool esp_flash_encryption_cfg_verify_release_mode(void)
305 {
306 bool result = false;
307 bool secure;
308
309 secure = esp_flash_encryption_enabled();
310 result = secure;
311 if (!secure) {
312 ESP_LOGW(TAG, "Not enabled Flash Encryption (SPI_BOOT_CRYPT_CNT->1 or max)");
313 }
314
315 uint8_t flash_crypt_cnt = 0;
316 esp_efuse_read_field_blob(ESP_EFUSE_SPI_BOOT_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count);
317 if (flash_crypt_cnt != (1 << (ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count)) - 1) {
318 if (!esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT)) {
319 result &= false;
320 ESP_LOGW(TAG, "Not release mode of Flash Encryption (set SPI_BOOT_CRYPT_CNT->max or WR_DIS_SPI_BOOT_CRYPT_CNT->1)");
321 }
322 }
323
324 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
325 result &= secure;
326 if (!secure) {
327 ESP_LOGW(TAG, "Not disabled UART bootloader encryption (set DIS_DOWNLOAD_MANUAL_ENCRYPT->1)");
328 }
329
330 #if SOC_EFUSE_DIS_DOWNLOAD_DCACHE
331 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE);
332 result &= secure;
333 if (!secure) {
334 ESP_LOGW(TAG, "Not disabled UART bootloader Dcache (set DIS_DOWNLOAD_DCACHE->1)");
335 }
336 #endif
337
338 #if SOC_EFUSE_DIS_DOWNLOAD_ICACHE
339 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
340 result &= secure;
341 if (!secure) {
342 ESP_LOGW(TAG, "Not disabled UART bootloader cache (set DIS_DOWNLOAD_ICACHE->1)");
343 }
344 #endif
345
346 #if SOC_EFUSE_DIS_PAD_JTAG
347 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_PAD_JTAG);
348 result &= secure;
349 if (!secure) {
350 ESP_LOGW(TAG, "Not disabled JTAG PADs (set DIS_PAD_JTAG->1)");
351 }
352 #endif
353
354 #if SOC_EFUSE_DIS_USB_JTAG
355 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_USB_JTAG);
356 result &= secure;
357 if (!secure) {
358 ESP_LOGW(TAG, "Not disabled USB JTAG (set DIS_USB_JTAG->1)");
359 }
360 #endif
361
362 #if SOC_EFUSE_DIS_DIRECT_BOOT
363 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);
364 result &= secure;
365 if (!secure) {
366 ESP_LOGW(TAG, "Not disabled direct boot mode (set DIS_DIRECT_BOOT->1)");
367 }
368 #endif
369
370 #if SOC_EFUSE_HARD_DIS_JTAG
371 secure = esp_efuse_read_field_bit(ESP_EFUSE_HARD_DIS_JTAG);
372 result &= secure;
373 if (!secure) {
374 ESP_LOGW(TAG, "Not disabled JTAG (set HARD_DIS_JTAG->1)");
375 }
376 #endif
377
378 #if SOC_EFUSE_DIS_BOOT_REMAP
379 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_BOOT_REMAP);
380 result &= secure;
381 if (!secure) {
382 ESP_LOGW(TAG, "Not disabled boot from RAM (set DIS_BOOT_REMAP->1)");
383 }
384 #endif
385
386 #if SOC_EFUSE_DIS_LEGACY_SPI_BOOT
387 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT);
388 result &= secure;
389 if (!secure) {
390 ESP_LOGW(TAG, "Not disabled Legcy SPI boot (set DIS_LEGACY_SPI_BOOT->1)");
391 }
392 #endif
393
394 #if SOC_EFUSE_DIS_ICACHE
395 secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE);
396 result &= secure;
397 if (!secure) {
398 ESP_LOGW(TAG, "Not write-protected DIS_ICACHE (set WR_DIS_DIS_ICACHE->1)");
399 }
400 #endif
401
402 esp_efuse_purpose_t purposes[] = {
403 #if SOC_FLASH_ENCRYPTION_XTS_AES_256
404 ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1,
405 ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2,
406 #endif
407 #if SOC_FLASH_ENCRYPTION_XTS_AES_128
408 ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY,
409 #endif
410 };
411 // S2 and S3 chips have both XTS_AES_128_KEY and XTS_AES_256_KEY_1/2.
412 // The check below does not take into account that XTS_AES_128_KEY and XTS_AES_256_KEY_1/2
413 // are mutually exclusive because this will make the chip not functional.
414 // Only one type key must be configured in eFuses.
415 secure = false;
416 for (unsigned i = 0; i < sizeof(purposes) / sizeof(esp_efuse_purpose_t); i++) {
417 esp_efuse_block_t block;
418 if (esp_efuse_find_purpose(purposes[i], &block)) {
419 secure = esp_efuse_get_key_dis_read(block);
420 result &= secure;
421 if (!secure) {
422 ESP_LOGW(TAG, "Not read-protected Flash encryption key in BLOCK%d (set RD_DIS_KEY%d->1)", block, block - EFUSE_BLK_KEY0);
423 }
424 secure = esp_efuse_get_key_dis_write(block);
425 result &= secure;
426 if (!secure) {
427 ESP_LOGW(TAG, "Not write-protected Flash encryption key in BLOCK%d (set WR_DIS_KEY%d->1)", block, block - EFUSE_BLK_KEY0);
428 }
429
430 #if SOC_EFUSE_KEY_PURPOSE_FIELD
431 secure = esp_efuse_get_keypurpose_dis_write(block);
432 result &= secure;
433 if (!secure) {
434 ESP_LOGW(TAG, "Not write-protected KEY_PURPOSE for BLOCK%d (set WR_DIS_KEY_PURPOSE%d->1)", block, block - EFUSE_BLK_KEY0);
435 }
436 #endif
437 }
438 }
439 result &= secure;
440
441 return result;
442 }
443 #endif // not CONFIG_IDF_TARGET_ESP32
444
