You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
I have searched the issue tracker for a similar issue and not found a similar issue.
IDF version.
v5.3.1
Espressif SoC revision.
ESP32-S3 (QFN56) (revision v0.1)
Operating System used.
Linux
How did you build your project?
Command line with idf.py
If you are using Windows, please specify command line type.
None
Development Kit.
esp32s3 tdisplay s3
Power Supply used.
USB
What is the expected behavior?
I expect to be able to set some efuses as read protected and have secure boot v2 as a feature.
However it appears that any efuse writing/protection ought to be done before or at the same time as secure boot v2 as after secure boot v2 is enabled efuses can no longer be set as read protected.
What is the suggested way of doing so?
What is the actual behavior?
Not clear what is the best procedure to configure some efuses as read protected and enable secure boot v2
Steps to reproduce.
Enable secure boot v2
set some efuse as read protected fails
Debug Logs.
No response
More Information.
the problem is not in the code per se, it is not clear from the documentation what is the ideal procedure to set some efuses as read protected before secure boot v2.
options explored so far:
(1) flash bootloader and image without secure boot which sets up the efuses as appropriate, then flash secure boot v2 enabled firmware
(2) use support hooks/override of the bootloader to set things up before the efuses are finalized by secure boot v2 (but we do not have access to post initialization freertos facilities)
(3) fork the bootloader to do the above (hooks/override tend to not have access to private includes which may be needed to avoid reimplementing or copy and pasting things)
The text was updated successfully, but these errors were encountered:
github-actionsbot
changed the title
can't set efuses as read protected after secure boot v2 is enabled
can't set efuses as read protected after secure boot v2 is enabled (IDFGH-13716)
Sep 16, 2024
@KonstantinKondrashov Thank you for the quick answer, the documentation indeed gives some options but it felt that using CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS was highly discouraged and we excluded this option by mistake and perhaps it is the best way to setup protected efuses after secure boot v2 is enabled and later secure things by burning ESP_EFUSE_WR_DIS_RD_DIS.
In which case i am satisfied with the answer, want me to close the issue? thanks again
Answers checklist.
IDF version.
v5.3.1
Espressif SoC revision.
ESP32-S3 (QFN56) (revision v0.1)
Operating System used.
Linux
How did you build your project?
Command line with idf.py
If you are using Windows, please specify command line type.
None
Development Kit.
esp32s3 tdisplay s3
Power Supply used.
USB
What is the expected behavior?
I expect to be able to set some efuses as read protected and have secure boot v2 as a feature.
However it appears that any efuse writing/protection ought to be done before or at the same time as secure boot v2 as after secure boot v2 is enabled efuses can no longer be set as read protected.
What is the suggested way of doing so?
What is the actual behavior?
Not clear what is the best procedure to configure some efuses as read protected and enable secure boot v2
Steps to reproduce.
Debug Logs.
No response
More Information.
the problem is not in the code per se, it is not clear from the documentation what is the ideal procedure to set some efuses as read protected before secure boot v2.
options explored so far:
(1) flash bootloader and image without secure boot which sets up the efuses as appropriate, then flash secure boot v2 enabled firmware
(2) use support hooks/override of the bootloader to set things up before the efuses are finalized by secure boot v2 (but we do not have access to post initialization freertos facilities)
(3) fork the bootloader to do the above (hooks/override tend to not have access to private includes which may be needed to avoid reimplementing or copy and pasting things)
The text was updated successfully, but these errors were encountered: