1 /*
2 * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <strings.h>
8 #include "esp_flash_encrypt.h"
9 #include "esp_secure_boot.h"
10 #include "esp_efuse.h"
11 #include "esp_efuse_table.h"
12 #include "esp_log.h"
13 #include "sdkconfig.h"
14
15 static __attribute__((unused)) const char *TAG = "flash_encrypt";
16
esp_flash_encryption_enable_secure_features(void)17 esp_err_t esp_flash_encryption_enable_secure_features(void)
18 {
19
20 /* CRYPT_CONFIG determines which bits of the AES block key are XORed
21 with bits from the flash address, to provide the key tweak.
22
23 CRYPT_CONFIG == 0 is effectively AES ECB mode (NOT SUPPORTED)
24
25 For now this is hardcoded to XOR all 256 bits of the key.
26
27 If you need to override it, you can pre-burn this efuse to the
28 desired value and then write-protect it, in which case this
29 operation does nothing. Please note this is not recommended!
30 */
31 ESP_LOGI(TAG, "Setting CRYPT_CONFIG efuse to 0xF");
32 uint32_t crypt_config = 0;
33 esp_efuse_read_field_blob(ESP_EFUSE_ENCRYPT_CONFIG, &crypt_config, 4);
34 if (crypt_config == 0) {
35 crypt_config = EFUSE_FLASH_CRYPT_CONFIG;
36 esp_efuse_write_field_blob(ESP_EFUSE_ENCRYPT_CONFIG, &crypt_config, 4);
37 } else if (crypt_config != EFUSE_FLASH_CRYPT_CONFIG) {
38 ESP_LOGE(TAG, "EFUSE_ENCRYPT_CONFIG should be set 0xF but it is 0x%x", crypt_config);
39 }
40
41 #ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
42 ESP_LOGI(TAG, "Disable UART bootloader encryption...");
43 esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT);
44 #else
45 ESP_LOGW(TAG, "Not disabling UART bootloader encryption");
46 #endif
47
48 #ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC
49 ESP_LOGI(TAG, "Disable UART bootloader decryption...");
50 esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT);
51 #else
52 ESP_LOGW(TAG, "Not disabling UART bootloader decryption - SECURITY COMPROMISED");
53 #endif
54
55 #ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE
56 ESP_LOGI(TAG, "Disable UART bootloader MMU cache...");
57 esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_CACHE);
58 #else
59 ESP_LOGW(TAG, "Not disabling UART bootloader MMU cache - SECURITY COMPROMISED");
60 #endif
61
62 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG
63 ESP_LOGI(TAG, "Disable JTAG...");
64 esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_JTAG);
65 #else
66 ESP_LOGW(TAG, "Not disabling JTAG - SECURITY COMPROMISED");
67 #endif
68
69 #ifndef CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC
70 ESP_LOGI(TAG, "Disable ROM BASIC interpreter fallback...");
71 esp_efuse_write_field_bit(ESP_EFUSE_CONSOLE_DEBUG_DISABLE);
72 #else
73 ESP_LOGW(TAG, "Not disabling ROM BASIC fallback - SECURITY COMPROMISED");
74 #endif
75
76 #if defined(CONFIG_SECURE_BOOT_V2_ENABLED) && !defined(CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS)
77 // This bit is set when enabling Secure Boot V2, but we can't enable it until this later point in the first boot
78 // otherwise the Flash Encryption key cannot be read protected
79 esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_EFUSE_RD_DISABLE);
80 #endif
81
82 #ifndef CONFIG_SECURE_FLASH_SKIP_WRITE_PROTECTION_CACHE
83 // Set write-protection for DIS_ICACHE to prevent bricking chip in case it will be set accidentally.
84 // esp32 has DIS_ICACHE. Write-protection bit = 3.
85 // List of eFuses with the same write protection bit:
86 // MAC, MAC_CRC, DISABLE_APP_CPU, DISABLE_BT, DIS_CACHE, VOL_LEVEL_HP_INV.
87 esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE);
88 #endif
89
90 return ESP_OK;
91 }
92