blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-09 09:09:10 -04:00
Code Issues Projects Releases Wiki Activity

fix(esp_tee): TEE otadata partition default encrypted for flash-enc case

Browse Source
This commit is contained in:
Mahavir Jain 2025-02-04 14:55:05 +05:30
parent eb5c2485e2
commit 3821d6cb97
3 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
components/bootloader_support/src/flash_encryption/flash_encrypt.c
View File

@ -437,6 +437,7 @@ static esp_err_t encrypt_partition(int index, const esp_partition_info_t *partit
err = read_and_verify_partition_table(partition->pos.offset, partition_table, &num_partitions); err = read_and_verify_partition_table(partition->pos.offset, partition_table, &num_partitions);
should_encrypt = (err == ESP_OK && num_partitions != 0); should_encrypt = (err == ESP_OK && num_partitions != 0);
} else if ((partition->type == PART_TYPE_DATA && partition->subtype == PART_SUBTYPE_DATA_OTA) } else if ((partition->type == PART_TYPE_DATA && partition->subtype == PART_SUBTYPE_DATA_OTA)
|| (partition->type == PART_TYPE_DATA && partition->subtype == PART_SUBTYPE_DATA_TEE_OTA)
|| (partition->type == PART_TYPE_DATA && partition->subtype == PART_SUBTYPE_DATA_NVS_KEYS)) { || (partition->type == PART_TYPE_DATA && partition->subtype == PART_SUBTYPE_DATA_NVS_KEYS)) {
/* check if we have ota data partition and the partition should be encrypted unconditionally */ /* check if we have ota data partition and the partition should be encrypted unconditionally */
should_encrypt = true; should_encrypt = true;

1
components/esp_partition/partition.c
View File

@ -88,6 +88,7 @@ static bool is_partition_encrypted(bool encryption_config, esp_partition_type_t
|| (type == ESP_PARTITION_TYPE_BOOTLOADER) || (type == ESP_PARTITION_TYPE_BOOTLOADER)
|| (type == ESP_PARTITION_TYPE_PARTITION_TABLE) || (type == ESP_PARTITION_TYPE_PARTITION_TABLE)
|| (type == ESP_PARTITION_TYPE_DATA && subtype == ESP_PARTITION_SUBTYPE_DATA_OTA) || (type == ESP_PARTITION_TYPE_DATA && subtype == ESP_PARTITION_SUBTYPE_DATA_OTA)
|| (type == ESP_PARTITION_TYPE_DATA && subtype == ESP_PARTITION_SUBTYPE_DATA_TEE_OTA)
|| (type == ESP_PARTITION_TYPE_DATA && subtype == ESP_PARTITION_SUBTYPE_DATA_NVS_KEYS)) { || (type == ESP_PARTITION_TYPE_DATA && subtype == ESP_PARTITION_SUBTYPE_DATA_NVS_KEYS)) {
/* If encryption is turned on, all app partitions and OTA data /* If encryption is turned on, all app partitions and OTA data
are always encrypted */ are always encrypted */

2
components/esptool_py/project_include.cmake
View File

@ -289,12 +289,14 @@ function(esptool_py_partition_needs_encryption retencrypted partition_name)
# - DATA 0x01 # - DATA 0x01
# Subtypes: # Subtypes:
# - ota 0x00 # - ota 0x00
# - TEE ota 0x90
# - nvs_keys 0x04 # - nvs_keys 0x04
# If the partition is an app, an OTA or an NVS keys partition, then it should # If the partition is an app, an OTA or an NVS keys partition, then it should
# be encrypted # be encrypted
if( if(
(${type} EQUAL 0) OR (${type} EQUAL 0) OR
(${type} EQUAL 1 AND ${subtype} EQUAL 0) OR (${type} EQUAL 1 AND ${subtype} EQUAL 0) OR
(${type} EQUAL 1 AND ${subtype} EQUAL 144) OR
(${type} EQUAL 1 AND ${subtype} EQUAL 4) (${type} EQUAL 1 AND ${subtype} EQUAL 4)
) )
set(encrypted TRUE) set(encrypted TRUE)