1.. _read-write-protections-cmd: 2 3Read Write Protection 4===================== 5 6There are two commands (to get the correct list of eFuse fields that can be protected, specify the chip with ``--chip``): 7 8- ``espefuse.py read_protect_efuse``. It sets read protection for given eFuse names. 9- ``espefuse.py write_protect_efuse``. It sets write protection for given eFuse names. 10 11Positional arguments: 12 13- eFuse name. It can recieve a list of eFuse names (like EFUSE_NAME1 EFUSE_NAME2 etc.). 14 15Read protection prevents software from reading eFuse fields, only hardware can access such eFuses. Such eFuses are read as zero and the data is marked as ``??`` in this tool. 16 17Write protection prevents further changes of eFuse fields. 18 19Not all eFuses have read and write protections. See the help for these commands for the eFuse names that can be protected. 20 21eFuses are often read/write protected as a group, so protecting one of eFuse will result in some related eFuses becoming protected. The tool will show the full list of eFuses that will be protected. 22 23Read and Write Protection Status 24^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 25 26The ``R/W`` output indicates a protection status of a specific eFuse field/block: 27 28- ``-/W`` indicates that read protection is set. Value of such eFuse field will always show all-zeroes, even though hardware may use the correct value. In espefuse v2.6 and newer, read-protected eFuse values are displayed as question marks (``??``). On earlier versions, they are displayed as zeroes. 29 30 .. code-block:: none 31 32 BLOCK1 (BLOCK1): 33 = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/W 34 35- ``R/-`` indicates that write protection is set. No further bits can be set. 36- ``-/-`` means both read and write protection are set. 37 38Usage 39----- 40 41.. code-block:: none 42 43 > espefuse.py read_protect_efuse BLOCK2 BLOCK3 MAC_VERSION 44 45 === Run "read_protect_efuse" command === 46 If Secure Boot V2 is used, BLOCK2 must be readable, please stop this operation! 47 Permanently read-disabling efuse BLOCK2 48 Permanently read-disabling efuses MAC_VERSION, BLOCK3 49 Permanently read-disabling efuses MAC_VERSION, BLOCK3 50 51 Check all blocks for burn... 52 idx, BLOCK_NAME, Conclusion 53 [00] BLOCK0 is empty, will burn the new value 54 . 55 This is an irreversible operation! 56 Type 'BURN' (all capitals) to continue. 57 BURN 58 BURN BLOCK0 - OK (write block == read block) 59 Reading updated efuses... 60 Checking efuses... 61 Successful 62 63.. code-block:: none 64 65 > espefuse.py write_protect_efuse WR_DIS FLASH_CRYPT_CNT 66 67 === Run "write_protect_efuse" command === 68 Permanently write-disabling efuse WR_DIS 69 Permanently write-disabling efuses FLASH_CRYPT_CNT, UART_DOWNLOAD_DIS 70 71 Check all blocks for burn... 72 idx, BLOCK_NAME, Conclusion 73 [00] BLOCK0 is empty, will burn the new value 74 . 75 This is an irreversible operation! 76 Type 'BURN' (all capitals) to continue. 77 BURN 78 BURN BLOCK0 - OK (write block == read block) 79 Reading updated efuses... 80 Checking efuses... 81 Successful 82
