1 /*
2  * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
3  *
4  * SPDX-License-Identifier: Apache-2.0
5  */
6 
7 #include <strings.h>
8 #include "esp_flash_encrypt.h"
9 #include "esp_secure_boot.h"
10 #include "esp_efuse.h"
11 #include "esp_efuse_table.h"
12 #include "esp_log.h"
13 #include "sdkconfig.h"
14 
15 static __attribute__((unused)) const char *TAG = "flash_encrypt";
16 
esp_flash_encryption_enable_secure_features(void)17 esp_err_t esp_flash_encryption_enable_secure_features(void)
18 {
19 #ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
20     ESP_LOGI(TAG, "Disable UART bootloader encryption...");
21     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
22 #else
23     ESP_LOGW(TAG, "Not disabling UART bootloader encryption");
24 #endif
25 
26 #ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE
27     ESP_LOGI(TAG, "Disable UART bootloader cache...");
28     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
29 #else
30     ESP_LOGW(TAG, "Not disabling UART bootloader cache - SECURITY COMPROMISED");
31 #endif
32 
33 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG
34     ESP_LOGI(TAG, "Disable JTAG...");
35     esp_efuse_write_field_bit(ESP_EFUSE_DIS_PAD_JTAG);
36 #else
37     ESP_LOGW(TAG, "Not disabling JTAG - SECURITY COMPROMISED");
38 #endif
39 
40     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);
41 
42     return ESP_OK;
43 }
44