1 /* Flash encryption Example
2 
3    This example code is in the Public Domain (or CC0 licensed, at your option.)
4 
5    Unless required by applicable law or agreed to in writing, this
6    software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
7    CONDITIONS OF ANY KIND, either express or implied.
8 */
9 #include <stdio.h>
10 #include "freertos/FreeRTOS.h"
11 #include "freertos/task.h"
12 #include "soc/efuse_reg.h"
13 #include "esp_efuse.h"
14 #include "esp_secure_boot.h"
15 #include "esp_system.h"
16 #include "esp_spi_flash.h"
17 #include "esp_log.h"
18 #include "esp_efuse_table.h"
19 #include <string.h>
20 
21 static void example_print_chip_info(void);
22 static void example_secure_boot_status(void);
23 
24 #define TAG "example_secure_boot"
25 
app_main(void)26 void app_main(void)
27 {
28     printf("\nExample to check Secure Boot status\n");
29 
30     example_print_chip_info();
31     example_secure_boot_status();
32 }
33 
34 
example_print_chip_info(void)35 static void example_print_chip_info(void)
36 {
37     /* Print chip information */
38     esp_chip_info_t chip_info;
39     esp_chip_info(&chip_info);
40     printf("This is %s chip with %d CPU cores\n", CONFIG_IDF_TARGET, chip_info.cores);
41 
42     printf("silicon revision %d, ", chip_info.revision);
43 
44     printf("%dMB %s flash\n", spi_flash_get_chip_size() / (1024 * 1024),
45             (chip_info.features & CHIP_FEATURE_EMB_FLASH) ? "embedded" : "external");
46 }
47 
48 #define DIGEST_LEN 32
49 
example_secure_boot_status(void)50 static void example_secure_boot_status(void)
51 {
52     ets_secure_boot_key_digests_t trusted_keys = { 0};
53 
54     ESP_LOGI(TAG, "Checking for Secure Boot..");
55     if(esp_secure_boot_enabled()) {
56         ESP_LOGI(TAG, "Secure Boot is enabled");
57         ESP_ERROR_CHECK( esp_secure_boot_read_key_digests(&trusted_keys) );
58 
59         unsigned total = 0;
60         for (int i = 0; i < MAX_KEY_DIGESTS; i++) {
61             ESP_LOGI(TAG, "Key slot %d:", i);
62             if (trusted_keys.key_digests[i]) {
63                 ESP_LOG_BUFFER_HEXDUMP("trusted key", trusted_keys.key_digests[i], DIGEST_LEN, ESP_LOG_INFO);
64                 total++;
65             }
66         }
67         ESP_LOGI(TAG, "Total %d trusted public keys", total);
68     } else {
69         ESP_LOGI(TAG, "Secure Boot not enabled. Enable Secure Boot in menuconfig, build & flash again.");
70     }
71 }
72