1 /* 2 * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD 3 * 4 * SPDX-License-Identifier: Apache-2.0 5 */ 6 7 #include <strings.h> 8 #include "esp_flash_encrypt.h" 9 #include "esp_secure_boot.h" 10 #include "esp_efuse.h" 11 #include "esp_efuse_table.h" 12 #include "esp_log.h" 13 #include "sdkconfig.h" 14 15 static __attribute__((unused)) const char *TAG = "flash_encrypt"; 16 esp_flash_encryption_enable_secure_features(void)17esp_err_t esp_flash_encryption_enable_secure_features(void) 18 { 19 #ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC 20 ESP_LOGI(TAG, "Disable UART bootloader encryption..."); 21 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT); 22 #else 23 ESP_LOGW(TAG, "Not disabling UART bootloader encryption"); 24 #endif 25 26 #ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE 27 ESP_LOGI(TAG, "Disable UART bootloader cache..."); 28 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE); 29 #else 30 ESP_LOGW(TAG, "Not disabling UART bootloader cache - SECURITY COMPROMISED"); 31 #endif 32 33 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG 34 ESP_LOGI(TAG, "Disable JTAG..."); 35 esp_efuse_write_field_bit(ESP_EFUSE_DIS_PAD_JTAG); 36 #else 37 ESP_LOGW(TAG, "Not disabling JTAG - SECURITY COMPROMISED"); 38 #endif 39 40 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT); 41 42 return ESP_OK; 43 } 44