Merge branch 'fix/change_write_protection_bit_of_shared_security_efuses_v5.4' into 'release/v5.4'

Reorder write protection bits of some shared security efuses (v5.4)

See merge request espressif/esp-idf!42328

Author: mahavirj

components/bootloader/Kconfig.projbuild

@@ -1136,8 +1136,9 @@ menu "Security features"
 
     config SECURE_FLASH_PSEUDO_ROUND_FUNC
         bool "Permanently enable XTS-AES's pseudo rounds function"
-        default y
-        depends on SECURE_FLASH_ENCRYPTION_MODE_RELEASE && SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+        default y if SECURE_FLASH_ENCRYPTION_MODE_RELEASE
+        default n
+        depends on SECURE_FLASH_ENC_ENABLED && SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
         help
             If set (default), the bootloader will permanently enable the XTS-AES peripheral's pseudo rounds function.
             Note: Enabling this config would burn an efuse.

components/bootloader_support/include/esp_flash_encrypt.h

@@ -215,6 +215,10 @@ bool esp_flash_encryption_cfg_verify_release_mode(void);
  * It burns:
  *  - "disable encrypt in dl mode"
  *  - set FLASH_CRYPT_CNT efuse to max
+ *
+ * In case of the targets that support the XTS-AES peripheral's pseudo rounds function,
+ * this API would configure the pseudo rounds level efuse bit to level low if the efuse bit
+ * is not set already.
  */
 void esp_flash_encryption_set_release_mode(void);
 

components/bootloader_support/src/esp32h2/flash_encryption_secure_features.c

@@ -36,7 +36,7 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
 
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);
 
-#if defined(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE) && defined(SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND)
+#if CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC
     if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
         ESP_LOGI(TAG, "Enable XTS-AES pseudo rounds function...");
         uint8_t xts_pseudo_level = CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH;

components/bootloader_support/src/flash_encrypt.c

@@ -212,8 +212,13 @@ void esp_flash_encryption_set_release_mode(void)
 
 #ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
     if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
-        uint8_t xts_pseudo_level = ESP_XTS_AES_PSEUDO_ROUNDS_LOW;
-        esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
+        uint8_t xts_pseudo_level = 0;
+        esp_efuse_read_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
+
+        if (xts_pseudo_level == ESP_XTS_AES_PSEUDO_ROUNDS_DISABLE) {
+            xts_pseudo_level = ESP_XTS_AES_PSEUDO_ROUNDS_LOW;
+            esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
+        }
     }
 #endif
 

components/esp_security/src/init.c

@@ -13,6 +13,9 @@
 #include "esp_security_priv.h"
 #include "esp_err.h"
 #include "hal/efuse_hal.h"
+#if SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+#include "hal/ecdsa_ll.h"
+#endif
 
 #if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY || SOC_KEY_MANAGER_FE_KEY_DEPLOY
 #include "hal/key_mgr_ll.h"
@@ -42,6 +45,8 @@ ESP_SYSTEM_INIT_FN(esp_security_init, SECONDARY, BIT(0), 103)
     esp_crypto_dpa_protection_startup();
 #endif
 
+    esp_err_t err = ESP_FAIL;
+
 #if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL
     bool force_constant_time = true;
 #if CONFIG_IDF_TARGET_ESP32H2
@@ -51,7 +56,7 @@ ESP_SYSTEM_INIT_FN(esp_security_init, SECONDARY, BIT(0), 103)
 #endif
     if (!esp_efuse_read_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME) && force_constant_time) {
         ESP_EARLY_LOGD(TAG, "Forcefully enabling ECC constant time operations");
-        esp_err_t err = esp_efuse_write_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME);
+        err = esp_efuse_write_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME);
         if (err != ESP_OK) {
             ESP_EARLY_LOGE(TAG, "Enabling ECC constant time operations forcefully failed.");
             return err;
@@ -60,14 +65,25 @@ ESP_SYSTEM_INIT_FN(esp_security_init, SECONDARY, BIT(0), 103)
 #endif
 
 #if CONFIG_ESP_ECDSA_ENABLE_P192_CURVE
-    esp_err_t err;
     err = esp_efuse_enable_ecdsa_p192_curve_mode();
     if (err != ESP_OK) {
         return err;
     }
 #endif
 
-    return ESP_OK;
+#if CONFIG_SECURE_BOOT_V2_ENABLED && SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+    // Also write protect the ECDSA_CURVE_MODE efuse bit.
+    if (ecdsa_ll_is_configurable_curve_supported()) {
+        err = esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE);
+        if (err != ESP_OK) {
+            ESP_LOGE(TAG, "Failed to write protect the ECDSA_CURVE_MODE efuse bit.");
+            return err;
+        }
+    }
+#endif
+
+    err = ESP_OK;
+    return err;
 }
 
 void esp_security_init_include_impl(void)

docs/en/security/security-features-enablement-workflows.rst

@@ -485,6 +485,7 @@ In this workflow we shall use ``espsecure`` tool to generate signing keys and us
         :SOC_EFUSE_DIS_USB_JTAG: - ``DIS_USB_JTAG``: Disable USB switch to JTAG.
         :SOC_EFUSE_DIS_PAD_JTAG: - ``DIS_PAD_JTAG``: Disable JTAG permanently.
         :SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS: - ``SECURE_BOOT_AGGRESSIVE_REVOKE``: Aggressive revocation of key digests, see :ref:`secure-boot-v2-aggressive-key-revocation` for more details.
+        :SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED: - ``WR_DIS_ECDSA_CURVE_MODE``: Disable writing to the ECDSA curve mode eFuse bit. As this write protection bit is shared with ``ECC_FORCE_CONST_TIME``, it is recommended to write protect this bit only after configuring the ``ECC_FORCE_CONST_TIME`` eFuse.
 
     The respective eFuses can be burned by running:
 

docs/zh_CN/security/security-features-enablement-workflows.rst

@@ -485,6 +485,7 @@ flash 加密指南
         :SOC_EFUSE_DIS_USB_JTAG: - ``DIS_USB_JTAG``：禁止从 USB 切换到 JTAG
         :SOC_EFUSE_DIS_PAD_JTAG: - ``DIS_PAD_JTAG``：永久禁用 JTAG。
         :SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS: - ``SECURE_BOOT_AGGRESSIVE_REVOKE``：主动吊销密钥摘要。详请请参阅 :ref:`secure-boot-v2-aggressive-key-revocation`。
+        :SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED: - ``WR_DIS_ECDSA_CURVE_MODE``：禁止写入 ECDSA 曲线模式的 eFuse 位。由于此写保护位与 ``ECC_FORCE_CONST_TIME`` 共享，建议先配置好 ``ECC_FORCE_CONST_TIME`` eFuse 字段后，再设置此写保护位）。
 
     运行以下命令烧录相应的 eFuse：