diff --git a/components/efuse/esp32h2/esp_efuse_table.c b/components/efuse/esp32h2/esp_efuse_table.c index 31482481ed..f0f422b0d4 100644 --- a/components/efuse/esp32h2/esp_efuse_table.c +++ b/components/efuse/esp32h2/esp_efuse_table.c @@ -9,7 +9,7 @@ #include #include "esp_efuse_table.h" -// md5_digest_table 1b79da735c5daed71ed7a91a0c55c5b6 +// md5_digest_table 1dc5045e8a74c32825696ca314128499 // This file was generated from the file esp_efuse_table.csv. DO NOT CHANGE THIS FILE MANUALLY. // If you want to change some fields, you need to change esp_efuse_table.csv file // then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. @@ -59,6 +59,10 @@ static const esp_efuse_desc_t WR_DIS_DIS_DOWNLOAD_MANUAL_ENCRYPT[] = { {EFUSE_BLK0, 2, 1}, // [] wr_dis of DIS_DOWNLOAD_MANUAL_ENCRYPT, }; +static const esp_efuse_desc_t WR_DIS_POWERGLITCH_EN1[] = { + {EFUSE_BLK0, 2, 1}, // [] wr_dis of POWERGLITCH_EN1, +}; + static const esp_efuse_desc_t WR_DIS_WDT_DELAY_SEL[] = { {EFUSE_BLK0, 3, 1}, // [] wr_dis of WDT_DELAY_SEL, }; @@ -103,6 +107,10 @@ static const esp_efuse_desc_t WR_DIS_KEY_PURPOSE_5[] = { {EFUSE_BLK0, 13, 1}, // [WR_DIS.KEY5_PURPOSE] wr_dis of KEY_PURPOSE_5, }; +static const esp_efuse_desc_t WR_DIS_XTS_DPA_PSEUDO_LEVEL[] = { + {EFUSE_BLK0, 14, 1}, // [] wr_dis of XTS_DPA_PSEUDO_LEVEL, +}; + static const esp_efuse_desc_t WR_DIS_SEC_DPA_LEVEL[] = { {EFUSE_BLK0, 14, 1}, // [] wr_dis of SEC_DPA_LEVEL, }; @@ -119,8 +127,12 @@ static const esp_efuse_desc_t WR_DIS_SECURE_BOOT_AGGRESSIVE_REVOKE[] = { {EFUSE_BLK0, 16, 1}, // [] wr_dis of SECURE_BOOT_AGGRESSIVE_REVOKE, }; -static const esp_efuse_desc_t WR_DIS_ECDSA_FORCE_USE_HARDWARE_K[] = { - {EFUSE_BLK0, 17, 1}, // [] wr_dis of ECDSA_FORCE_USE_HARDWARE_K, +static const esp_efuse_desc_t WR_DIS_ECDSA_CURVE_MODE[] = { + {EFUSE_BLK0, 17, 1}, // [] wr_dis of ECDSA_CURVE_MODE, +}; + +static const esp_efuse_desc_t WR_DIS_ECC_FORCE_CONST_TIME[] = { + {EFUSE_BLK0, 17, 1}, // [] wr_dis of ECC_FORCE_CONST_TIME, }; static const esp_efuse_desc_t WR_DIS_FLASH_TPUW[] = { @@ -443,6 +455,18 @@ static const esp_efuse_desc_t VDD_SPI_AS_GPIO[] = { {EFUSE_BLK0, 58, 1}, // [] Represents whether vdd spi pin is functioned as gpio. 1: functioned. 0: not functioned, }; +static const esp_efuse_desc_t ECDSA_CURVE_MODE[] = { + {EFUSE_BLK0, 59, 2}, // [] Configures the curve of ECDSA calculation: 0: only enable P256. 1: only enable P192. 2: both enable P256 and P192. 3: only enable P256, +}; + +static const esp_efuse_desc_t ECC_FORCE_CONST_TIME[] = { + {EFUSE_BLK0, 61, 1}, // [] Set this bit to permanently turn on ECC const-time mode, +}; + +static const esp_efuse_desc_t XTS_DPA_PSEUDO_LEVEL[] = { + {EFUSE_BLK0, 62, 2}, // [] Set this bit to control the xts pseudo-round anti-dpa attack function: 0: controlled by register. 1-3: the higher the value is; the more pseudo-rounds are inserted to the xts-aes calculation, +}; + static const esp_efuse_desc_t WDT_DELAY_SEL[] = { {EFUSE_BLK0, 80, 2}, // [] Represents whether RTC watchdog timeout threshold is selected at startup. 1: selected. 0: not selected, }; @@ -491,10 +515,6 @@ static const esp_efuse_desc_t SEC_DPA_LEVEL[] = { {EFUSE_BLK0, 112, 2}, // [] Represents the spa secure level by configuring the clock random divide mode, }; -static const esp_efuse_desc_t ECDSA_FORCE_USE_HARDWARE_K[] = { - {EFUSE_BLK0, 114, 1}, // [] Represents whether hardware random number k is forced used in ESDCA. 1: force used. 0: not force used, -}; - static const esp_efuse_desc_t CRYPT_DPA_ENABLE[] = { {EFUSE_BLK0, 115, 1}, // [] Represents whether anti-dpa attack is enabled. 1:enabled. 0: disabled, }; @@ -507,6 +527,10 @@ static const esp_efuse_desc_t SECURE_BOOT_AGGRESSIVE_REVOKE[] = { {EFUSE_BLK0, 117, 1}, // [] Represents whether revoking aggressive secure boot is enabled or disabled. 1: enabled. 0: disabled, }; +static const esp_efuse_desc_t POWERGLITCH_EN1[] = { + {EFUSE_BLK0, 118, 5}, // [] Set these bits to enable power glitch function when chip power on, +}; + static const esp_efuse_desc_t FLASH_TPUW[] = { {EFUSE_BLK0, 124, 4}, // [] Represents the flash waiting time after power-up; in unit of ms. When the value less than 15; the waiting time is the programmed value. Otherwise; the waiting time is 2 times the programmed value, }; @@ -792,6 +816,11 @@ const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_DIS_DOWNLOAD_MANUAL_ENCRYPT[] = { NULL }; +const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_POWERGLITCH_EN1[] = { + &WR_DIS_POWERGLITCH_EN1[0], // [] wr_dis of POWERGLITCH_EN1 + NULL +}; + const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_WDT_DELAY_SEL[] = { &WR_DIS_WDT_DELAY_SEL[0], // [] wr_dis of WDT_DELAY_SEL NULL @@ -847,6 +876,11 @@ const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY_PURPOSE_5[] = { NULL }; +const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_XTS_DPA_PSEUDO_LEVEL[] = { + &WR_DIS_XTS_DPA_PSEUDO_LEVEL[0], // [] wr_dis of XTS_DPA_PSEUDO_LEVEL + NULL +}; + const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SEC_DPA_LEVEL[] = { &WR_DIS_SEC_DPA_LEVEL[0], // [] wr_dis of SEC_DPA_LEVEL NULL @@ -867,8 +901,13 @@ const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SECURE_BOOT_AGGRESSIVE_REVOKE[] = { NULL }; -const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_ECDSA_FORCE_USE_HARDWARE_K[] = { - &WR_DIS_ECDSA_FORCE_USE_HARDWARE_K[0], // [] wr_dis of ECDSA_FORCE_USE_HARDWARE_K +const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE[] = { + &WR_DIS_ECDSA_CURVE_MODE[0], // [] wr_dis of ECDSA_CURVE_MODE + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_ECC_FORCE_CONST_TIME[] = { + &WR_DIS_ECC_FORCE_CONST_TIME[0], // [] wr_dis of ECC_FORCE_CONST_TIME NULL }; @@ -1272,6 +1311,21 @@ const esp_efuse_desc_t* ESP_EFUSE_VDD_SPI_AS_GPIO[] = { NULL }; +const esp_efuse_desc_t* ESP_EFUSE_ECDSA_CURVE_MODE[] = { + &ECDSA_CURVE_MODE[0], // [] Configures the curve of ECDSA calculation: 0: only enable P256. 1: only enable P192. 2: both enable P256 and P192. 3: only enable P256 + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_ECC_FORCE_CONST_TIME[] = { + &ECC_FORCE_CONST_TIME[0], // [] Set this bit to permanently turn on ECC const-time mode + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[] = { + &XTS_DPA_PSEUDO_LEVEL[0], // [] Set this bit to control the xts pseudo-round anti-dpa attack function: 0: controlled by register. 1-3: the higher the value is; the more pseudo-rounds are inserted to the xts-aes calculation + NULL +}; + const esp_efuse_desc_t* ESP_EFUSE_WDT_DELAY_SEL[] = { &WDT_DELAY_SEL[0], // [] Represents whether RTC watchdog timeout threshold is selected at startup. 1: selected. 0: not selected NULL @@ -1332,11 +1386,6 @@ const esp_efuse_desc_t* ESP_EFUSE_SEC_DPA_LEVEL[] = { NULL }; -const esp_efuse_desc_t* ESP_EFUSE_ECDSA_FORCE_USE_HARDWARE_K[] = { - &ECDSA_FORCE_USE_HARDWARE_K[0], // [] Represents whether hardware random number k is forced used in ESDCA. 1: force used. 0: not force used - NULL -}; - const esp_efuse_desc_t* ESP_EFUSE_CRYPT_DPA_ENABLE[] = { &CRYPT_DPA_ENABLE[0], // [] Represents whether anti-dpa attack is enabled. 1:enabled. 0: disabled NULL @@ -1352,6 +1401,11 @@ const esp_efuse_desc_t* ESP_EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE[] = { NULL }; +const esp_efuse_desc_t* ESP_EFUSE_POWERGLITCH_EN1[] = { + &POWERGLITCH_EN1[0], // [] Set these bits to enable power glitch function when chip power on + NULL +}; + const esp_efuse_desc_t* ESP_EFUSE_FLASH_TPUW[] = { &FLASH_TPUW[0], // [] Represents the flash waiting time after power-up; in unit of ms. When the value less than 15; the waiting time is the programmed value. Otherwise; the waiting time is 2 times the programmed value NULL diff --git a/components/efuse/esp32h2/esp_efuse_table.csv b/components/efuse/esp32h2/esp_efuse_table.csv index 20b5cec21d..dfbb77562c 100644 --- a/components/efuse/esp32h2/esp_efuse_table.csv +++ b/components/efuse/esp32h2/esp_efuse_table.csv @@ -9,7 +9,7 @@ # this will generate new source files, next rebuild all the sources. # !!!!!!!!!!! # -# This file was generated by regtools.py based on the efuses.yaml file with the version: ef562916e77cf77203c1a4c0cff35ac5 +# This file was generated by regtools.py based on the efuses.yaml file with the version: 44563d2af4ebdba4db6c0a34a50c94f9 WR_DIS, EFUSE_BLK0, 0, 32, [] Disable programming of individual eFuses WR_DIS.RD_DIS, EFUSE_BLK0, 0, 1, [] wr_dis of RD_DIS @@ -22,6 +22,7 @@ WR_DIS.DIS_TWAI, EFUSE_BLK0, 2, 1, [WR_DIS.D WR_DIS.JTAG_SEL_ENABLE, EFUSE_BLK0, 2, 1, [] wr_dis of JTAG_SEL_ENABLE WR_DIS.DIS_PAD_JTAG, EFUSE_BLK0, 2, 1, [] wr_dis of DIS_PAD_JTAG WR_DIS.DIS_DOWNLOAD_MANUAL_ENCRYPT, EFUSE_BLK0, 2, 1, [] wr_dis of DIS_DOWNLOAD_MANUAL_ENCRYPT +WR_DIS.POWERGLITCH_EN1, EFUSE_BLK0, 2, 1, [] wr_dis of POWERGLITCH_EN1 WR_DIS.WDT_DELAY_SEL, EFUSE_BLK0, 3, 1, [] wr_dis of WDT_DELAY_SEL WR_DIS.SPI_BOOT_CRYPT_CNT, EFUSE_BLK0, 4, 1, [] wr_dis of SPI_BOOT_CRYPT_CNT WR_DIS.SECURE_BOOT_KEY_REVOKE0, EFUSE_BLK0, 5, 1, [] wr_dis of SECURE_BOOT_KEY_REVOKE0 @@ -33,11 +34,13 @@ WR_DIS.KEY_PURPOSE_2, EFUSE_BLK0, 10, 1, [WR_DIS.K WR_DIS.KEY_PURPOSE_3, EFUSE_BLK0, 11, 1, [WR_DIS.KEY3_PURPOSE] wr_dis of KEY_PURPOSE_3 WR_DIS.KEY_PURPOSE_4, EFUSE_BLK0, 12, 1, [WR_DIS.KEY4_PURPOSE] wr_dis of KEY_PURPOSE_4 WR_DIS.KEY_PURPOSE_5, EFUSE_BLK0, 13, 1, [WR_DIS.KEY5_PURPOSE] wr_dis of KEY_PURPOSE_5 +WR_DIS.XTS_DPA_PSEUDO_LEVEL, EFUSE_BLK0, 14, 1, [] wr_dis of XTS_DPA_PSEUDO_LEVEL WR_DIS.SEC_DPA_LEVEL, EFUSE_BLK0, 14, 1, [] wr_dis of SEC_DPA_LEVEL WR_DIS.CRYPT_DPA_ENABLE, EFUSE_BLK0, 14, 1, [] wr_dis of CRYPT_DPA_ENABLE WR_DIS.SECURE_BOOT_EN, EFUSE_BLK0, 15, 1, [] wr_dis of SECURE_BOOT_EN WR_DIS.SECURE_BOOT_AGGRESSIVE_REVOKE, EFUSE_BLK0, 16, 1, [] wr_dis of SECURE_BOOT_AGGRESSIVE_REVOKE -WR_DIS.ECDSA_FORCE_USE_HARDWARE_K, EFUSE_BLK0, 17, 1, [] wr_dis of ECDSA_FORCE_USE_HARDWARE_K +WR_DIS.ECDSA_CURVE_MODE, EFUSE_BLK0, 17, 1, [] wr_dis of ECDSA_CURVE_MODE +WR_DIS.ECC_FORCE_CONST_TIME, EFUSE_BLK0, 17, 1, [] wr_dis of ECC_FORCE_CONST_TIME WR_DIS.FLASH_TPUW, EFUSE_BLK0, 18, 1, [] wr_dis of FLASH_TPUW WR_DIS.DIS_DOWNLOAD_MODE, EFUSE_BLK0, 18, 1, [] wr_dis of DIS_DOWNLOAD_MODE WR_DIS.DIS_DIRECT_BOOT, EFUSE_BLK0, 18, 1, [] wr_dis of DIS_DIRECT_BOOT @@ -118,6 +121,9 @@ DIS_PAD_JTAG, EFUSE_BLK0, 51, 1, [] Repres DIS_DOWNLOAD_MANUAL_ENCRYPT, EFUSE_BLK0, 52, 1, [] Represents whether flash encrypt function is disabled or enabled(except in SPI boot mode). 1: disabled. 0: enabled USB_EXCHG_PINS, EFUSE_BLK0, 57, 1, [] Represents whether the D+ and D- pins is exchanged. 1: exchanged. 0: not exchanged VDD_SPI_AS_GPIO, EFUSE_BLK0, 58, 1, [] Represents whether vdd spi pin is functioned as gpio. 1: functioned. 0: not functioned +ECDSA_CURVE_MODE, EFUSE_BLK0, 59, 2, [] Configures the curve of ECDSA calculation: 0: only enable P256. 1: only enable P192. 2: both enable P256 and P192. 3: only enable P256 +ECC_FORCE_CONST_TIME, EFUSE_BLK0, 61, 1, [] Set this bit to permanently turn on ECC const-time mode +XTS_DPA_PSEUDO_LEVEL, EFUSE_BLK0, 62, 2, [] Set this bit to control the xts pseudo-round anti-dpa attack function: 0: controlled by register. 1-3: the higher the value is; the more pseudo-rounds are inserted to the xts-aes calculation WDT_DELAY_SEL, EFUSE_BLK0, 80, 2, [] Represents whether RTC watchdog timeout threshold is selected at startup. 1: selected. 0: not selected SPI_BOOT_CRYPT_CNT, EFUSE_BLK0, 82, 3, [] Enables flash encryption when 1 or 3 bits are set and disables otherwise {0: "Disable"; 1: "Enable"; 3: "Disable"; 7: "Enable"} SECURE_BOOT_KEY_REVOKE0, EFUSE_BLK0, 85, 1, [] Revoke 1st secure boot key @@ -130,10 +136,10 @@ KEY_PURPOSE_3, EFUSE_BLK0, 100, 4, [KEY3_PUR KEY_PURPOSE_4, EFUSE_BLK0, 104, 4, [KEY4_PURPOSE] Represents the purpose of Key4 KEY_PURPOSE_5, EFUSE_BLK0, 108, 4, [KEY5_PURPOSE] Represents the purpose of Key5 SEC_DPA_LEVEL, EFUSE_BLK0, 112, 2, [] Represents the spa secure level by configuring the clock random divide mode -ECDSA_FORCE_USE_HARDWARE_K, EFUSE_BLK0, 114, 1, [] Represents whether hardware random number k is forced used in ESDCA. 1: force used. 0: not force used CRYPT_DPA_ENABLE, EFUSE_BLK0, 115, 1, [] Represents whether anti-dpa attack is enabled. 1:enabled. 0: disabled SECURE_BOOT_EN, EFUSE_BLK0, 116, 1, [] Represents whether secure boot is enabled or disabled. 1: enabled. 0: disabled SECURE_BOOT_AGGRESSIVE_REVOKE, EFUSE_BLK0, 117, 1, [] Represents whether revoking aggressive secure boot is enabled or disabled. 1: enabled. 0: disabled +POWERGLITCH_EN1, EFUSE_BLK0, 118, 5, [] Set these bits to enable power glitch function when chip power on FLASH_TPUW, EFUSE_BLK0, 124, 4, [] Represents the flash waiting time after power-up; in unit of ms. When the value less than 15; the waiting time is the programmed value. Otherwise; the waiting time is 2 times the programmed value DIS_DOWNLOAD_MODE, EFUSE_BLK0, 128, 1, [] Represents whether Download mode is disabled or enabled. 1: disabled. 0: enabled DIS_DIRECT_BOOT, EFUSE_BLK0, 129, 1, [] Represents whether direct boot mode is disabled or enabled. 1: disabled. 0: enabled diff --git a/components/efuse/esp32h2/esp_efuse_table_v0.0_v1.1.c b/components/efuse/esp32h2/esp_efuse_table_v0.0_v1.1.c new file mode 100644 index 0000000000..5b669c7369 --- /dev/null +++ b/components/efuse/esp32h2/esp_efuse_table_v0.0_v1.1.c @@ -0,0 +1,38 @@ +/* + * SPDX-FileCopyrightText: 2017-2024 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include "sdkconfig.h" +#include "esp_efuse.h" +#include +#include "esp_efuse_table_v0.0_v1.1.h" + +// md5_digest_table e0c7039a210d1fb05ea0ef6585afb060 +// This file was generated from the file esp_efuse_table_v0.0_v1.1.csv. DO NOT CHANGE THIS FILE MANUALLY. +// If you want to change some fields, you need to change esp_efuse_table_v0.0_v1.1.csv file +// then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. +// To show efuse_table run the command 'show_efuse_table'. + +static const esp_efuse_desc_t WR_DIS_ECDSA_FORCE_USE_HARDWARE_K[] = { + {EFUSE_BLK0, 17, 1}, // [] wr_dis of ECDSA_FORCE_USE_HARDWARE_K, +}; + +static const esp_efuse_desc_t ECDSA_FORCE_USE_HARDWARE_K[] = { + {EFUSE_BLK0, 114, 1}, // [] Represents whether hardware random number k is forced used in ESDCA. 1: force used. 0: not force used, +}; + + + + + +const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_ECDSA_FORCE_USE_HARDWARE_K[] = { + &WR_DIS_ECDSA_FORCE_USE_HARDWARE_K[0], // [] wr_dis of ECDSA_FORCE_USE_HARDWARE_K + NULL +}; + +const esp_efuse_desc_t* ESP_EFUSE_ECDSA_FORCE_USE_HARDWARE_K[] = { + &ECDSA_FORCE_USE_HARDWARE_K[0], // [] Represents whether hardware random number k is forced used in ESDCA. 1: force used. 0: not force used + NULL +}; diff --git a/components/efuse/esp32h2/esp_efuse_table_v0.0_v1.1.csv b/components/efuse/esp32h2/esp_efuse_table_v0.0_v1.1.csv new file mode 100644 index 0000000000..c0f6eb3179 --- /dev/null +++ b/components/efuse/esp32h2/esp_efuse_table_v0.0_v1.1.csv @@ -0,0 +1,6 @@ +# field_name, efuse_block, bit_start, bit_count, comment + +# eFuses that only exist on ESP32-H2 v0.0 - v1.1. + +WR_DIS_ECDSA_FORCE_USE_HARDWARE_K, EFUSE_BLK0, 17, 1, [] wr_dis of ECDSA_FORCE_USE_HARDWARE_K +ECDSA_FORCE_USE_HARDWARE_K, EFUSE_BLK0, 114, 1, [] Represents whether hardware random number k is forced used in ESDCA. 1: force used. 0: not force used diff --git a/components/efuse/esp32h2/include/esp_efuse_table.h b/components/efuse/esp32h2/include/esp_efuse_table.h index 2aa6a22ee4..ee6d55a945 100644 --- a/components/efuse/esp32h2/include/esp_efuse_table.h +++ b/components/efuse/esp32h2/include/esp_efuse_table.h @@ -9,8 +9,12 @@ extern "C" { #endif #include "esp_efuse.h" +#include "sdkconfig.h" +#if CONFIG_ESP32H2_REV_MIN_FULL < 102 +#include "esp_efuse_table_v0.0_v1.1.h" +#endif -// md5_digest_table 1b79da735c5daed71ed7a91a0c55c5b6 +// md5_digest_table 1dc5045e8a74c32825696ca314128499 // This file was generated from the file esp_efuse_table.csv. DO NOT CHANGE THIS FILE MANUALLY. // If you want to change some fields, you need to change esp_efuse_table.csv file // then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. @@ -29,6 +33,7 @@ extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_DIS_TWAI[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_JTAG_SEL_ENABLE[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_DIS_PAD_JTAG[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_DIS_DOWNLOAD_MANUAL_ENCRYPT[]; +extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_POWERGLITCH_EN1[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_WDT_DELAY_SEL[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SECURE_BOOT_KEY_REVOKE0[]; @@ -46,11 +51,13 @@ extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY_PURPOSE_4[]; #define ESP_EFUSE_WR_DIS_KEY4_PURPOSE ESP_EFUSE_WR_DIS_KEY_PURPOSE_4 extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_KEY_PURPOSE_5[]; #define ESP_EFUSE_WR_DIS_KEY5_PURPOSE ESP_EFUSE_WR_DIS_KEY_PURPOSE_5 +extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_XTS_DPA_PSEUDO_LEVEL[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SEC_DPA_LEVEL[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_CRYPT_DPA_ENABLE[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SECURE_BOOT_EN[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SECURE_BOOT_AGGRESSIVE_REVOKE[]; -extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_ECDSA_FORCE_USE_HARDWARE_K[]; +extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE[]; +extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_ECC_FORCE_CONST_TIME[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_FLASH_TPUW[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_DIS_DOWNLOAD_MODE[]; extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_DIS_DIRECT_BOOT[]; @@ -151,6 +158,9 @@ extern const esp_efuse_desc_t* ESP_EFUSE_DIS_PAD_JTAG[]; extern const esp_efuse_desc_t* ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT[]; extern const esp_efuse_desc_t* ESP_EFUSE_USB_EXCHG_PINS[]; extern const esp_efuse_desc_t* ESP_EFUSE_VDD_SPI_AS_GPIO[]; +extern const esp_efuse_desc_t* ESP_EFUSE_ECDSA_CURVE_MODE[]; +extern const esp_efuse_desc_t* ESP_EFUSE_ECC_FORCE_CONST_TIME[]; +extern const esp_efuse_desc_t* ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[]; extern const esp_efuse_desc_t* ESP_EFUSE_WDT_DELAY_SEL[]; extern const esp_efuse_desc_t* ESP_EFUSE_SPI_BOOT_CRYPT_CNT[]; extern const esp_efuse_desc_t* ESP_EFUSE_SECURE_BOOT_KEY_REVOKE0[]; @@ -169,10 +179,10 @@ extern const esp_efuse_desc_t* ESP_EFUSE_KEY_PURPOSE_4[]; extern const esp_efuse_desc_t* ESP_EFUSE_KEY_PURPOSE_5[]; #define ESP_EFUSE_KEY5_PURPOSE ESP_EFUSE_KEY_PURPOSE_5 extern const esp_efuse_desc_t* ESP_EFUSE_SEC_DPA_LEVEL[]; -extern const esp_efuse_desc_t* ESP_EFUSE_ECDSA_FORCE_USE_HARDWARE_K[]; extern const esp_efuse_desc_t* ESP_EFUSE_CRYPT_DPA_ENABLE[]; extern const esp_efuse_desc_t* ESP_EFUSE_SECURE_BOOT_EN[]; extern const esp_efuse_desc_t* ESP_EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE[]; +extern const esp_efuse_desc_t* ESP_EFUSE_POWERGLITCH_EN1[]; extern const esp_efuse_desc_t* ESP_EFUSE_FLASH_TPUW[]; extern const esp_efuse_desc_t* ESP_EFUSE_DIS_DOWNLOAD_MODE[]; extern const esp_efuse_desc_t* ESP_EFUSE_DIS_DIRECT_BOOT[]; diff --git a/components/efuse/esp32h2/include/esp_efuse_table_v0.0_v1.1.h b/components/efuse/esp32h2/include/esp_efuse_table_v0.0_v1.1.h new file mode 100644 index 0000000000..87bb974549 --- /dev/null +++ b/components/efuse/esp32h2/include/esp_efuse_table_v0.0_v1.1.h @@ -0,0 +1,25 @@ +/* + * SPDX-FileCopyrightText: 2017-2024 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#ifdef __cplusplus +extern "C" { +#endif + +#include "esp_efuse.h" + +// md5_digest_table e0c7039a210d1fb05ea0ef6585afb060 +// This file was generated from the file esp_efuse_table_v0.0_v1.1.csv. DO NOT CHANGE THIS FILE MANUALLY. +// If you want to change some fields, you need to change esp_efuse_table_v0.0_v1.1.csv file +// then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. +// To show efuse_table run the command 'show_efuse_table'. + + +extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_ECDSA_FORCE_USE_HARDWARE_K[]; +extern const esp_efuse_desc_t* ESP_EFUSE_ECDSA_FORCE_USE_HARDWARE_K[]; + +#ifdef __cplusplus +} +#endif diff --git a/components/efuse/esp32h2/sources.cmake b/components/efuse/esp32h2/sources.cmake index 9dffd72008..425f906fef 100644 --- a/components/efuse/esp32h2/sources.cmake +++ b/components/efuse/esp32h2/sources.cmake @@ -1,4 +1,5 @@ set(EFUSE_SOC_SRCS "esp_efuse_table.c" + "esp_efuse_table_v0.0_v1.1.c" "esp_efuse_fields.c" "esp_efuse_rtc_calib.c" "esp_efuse_utility.c") diff --git a/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c b/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c index aa8a464ef9..0530ebb303 100644 --- a/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c +++ b/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c @@ -1,9 +1,11 @@ /* - * SPDX-FileCopyrightText: 2017-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2017-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ +#include "soc/chip_revision.h" +#include "hal/efuse_hal.h" #include "esp_efuse.h" #include "esp_efuse_utility.h" #include "soc/efuse_periph.h" @@ -318,7 +320,9 @@ esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpo #if SOC_EFUSE_ECDSA_USE_HARDWARE_K if (purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY) { // Permanently enable the hardware TRNG supplied k mode (most secure mode) - ESP_EFUSE_CHK(esp_efuse_write_field_bit(ESP_EFUSE_ECDSA_FORCE_USE_HARDWARE_K)); + if (!CONFIG_IDF_TARGET_ESP32H2 || (CONFIG_IDF_TARGET_ESP32H2 && !ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102))) { + ESP_EFUSE_CHK(esp_efuse_write_field_bit(ESP_EFUSE_ECDSA_FORCE_USE_HARDWARE_K)); + } } #endif ESP_EFUSE_CHK(esp_efuse_set_key_purpose(block, purpose)); diff --git a/components/efuse/src/esp_efuse_startup.c b/components/efuse/src/esp_efuse_startup.c index 8a3a746b34..87c3095583 100644 --- a/components/efuse/src/esp_efuse_startup.c +++ b/components/efuse/src/esp_efuse_startup.c @@ -6,6 +6,7 @@ #include "sdkconfig.h" #include "soc/soc_caps.h" +#include "soc/chip_revision.h" #include "hal/efuse_hal.h" #include "rom/efuse.h" #include "esp_efuse.h" @@ -93,7 +94,9 @@ static esp_err_t init_efuse_secure(void) if (esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY, NULL)) { // ECDSA key purpose block is present and hence permanently enable // the hardware TRNG supplied k mode (most secure mode) - ESP_RETURN_ON_ERROR(esp_efuse_write_field_bit(ESP_EFUSE_ECDSA_FORCE_USE_HARDWARE_K), TAG, "Failed to enable hardware k mode"); + if (!CONFIG_IDF_TARGET_ESP32H2 || (CONFIG_IDF_TARGET_ESP32H2 && !ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102))) { + ESP_RETURN_ON_ERROR(esp_efuse_write_field_bit(ESP_EFUSE_ECDSA_FORCE_USE_HARDWARE_K), TAG, "Failed to enable hardware k mode"); + } } #endif diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in index 05347ab3d2..5175ce6d64 100644 --- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in @@ -3,6 +3,10 @@ # using gen_soc_caps_kconfig.py, do not edit manually ##################################################### +config SOC_CAPS_ECO_VER_MAX + int + default 102 + config SOC_ADC_SUPPORTED bool default y diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index 3bcd2de4a2..b87ed996b1 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -16,7 +16,24 @@ #pragma once +#ifdef __has_include +# if __has_include("sdkconfig.h") +# include "sdkconfig.h" +# define SOC_CAPS_ECO_VER CONFIG_ESP32H2_REV_MIN_FULL +# endif +#endif + +#if !defined(SOC_CAPS_ECO_VER) +#define SOC_CAPS_ECO_VER SOC_CAPS_ECO_VER_MAX +#endif + +#ifndef SOC_CAPS_ECO_VER +#warning ECO version not determined. Some ECO related caps will not be available. +#warning Define SOC_CAPS_ECO_VER before including this header. +#endif + /*-------------------------- COMMON CAPS ---------------------------------------*/ +#define SOC_CAPS_ECO_VER_MAX 102 #define SOC_ADC_SUPPORTED 1 #define SOC_ANA_CMPR_SUPPORTED 1 #define SOC_DEDICATED_GPIO_SUPPORTED 1 @@ -474,7 +491,9 @@ #define SOC_EFUSE_SOFT_DIS_JTAG 1 #define SOC_EFUSE_DIS_ICACHE 1 #define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1 // XTS-AES and ECDSA key purposes not supported for this block +#if SOC_CAPS_ECO_VER < 102 #define SOC_EFUSE_ECDSA_USE_HARDWARE_K 1 // Force use hardware TRNG supplied K for ECDSA +#endif #define SOC_EFUSE_ECDSA_KEY 1 /*-------------------------- Secure Boot CAPS----------------------------*/ diff --git a/components/soc/esp32h2/register/soc/efuse_reg.h b/components/soc/esp32h2/register/soc/efuse_reg.h index 915c37d848..22598f870a 100644 --- a/components/soc/esp32h2/register/soc/efuse_reg.h +++ b/components/soc/esp32h2/register/soc/efuse_reg.h @@ -289,27 +289,30 @@ extern "C" { #define EFUSE_VDD_SPI_AS_GPIO_M (EFUSE_VDD_SPI_AS_GPIO_V << EFUSE_VDD_SPI_AS_GPIO_S) #define EFUSE_VDD_SPI_AS_GPIO_V 0x00000001U #define EFUSE_VDD_SPI_AS_GPIO_S 26 -/** EFUSE_RPT4_RESERVED0_2 : RO; bitpos: [28:27]; default: 0; - * Reserved. +/** EFUSE_ECDSA_CURVE_MODE : R; bitpos: [28:27]; default: 0; + * Configures the curve of ECDSA calculation: 0: only enable P256. 1: only enable + * P192. 2: both enable P256 and P192. 3: only enable P256 */ -#define EFUSE_RPT4_RESERVED0_2 0x00000003U -#define EFUSE_RPT4_RESERVED0_2_M (EFUSE_RPT4_RESERVED0_2_V << EFUSE_RPT4_RESERVED0_2_S) -#define EFUSE_RPT4_RESERVED0_2_V 0x00000003U -#define EFUSE_RPT4_RESERVED0_2_S 27 -/** EFUSE_RPT4_RESERVED0_1 : RO; bitpos: [29]; default: 0; - * Reserved. +#define EFUSE_ECDSA_CURVE_MODE 0x00000003U +#define EFUSE_ECDSA_CURVE_MODE_M (EFUSE_ECDSA_CURVE_MODE_V << EFUSE_ECDSA_CURVE_MODE_S) +#define EFUSE_ECDSA_CURVE_MODE_V 0x00000003U +#define EFUSE_ECDSA_CURVE_MODE_S 27 +/** EFUSE_ECC_FORCE_CONST_TIME : R; bitpos: [29]; default: 0; + * Set this bit to permanently turn on ECC const-time mode */ -#define EFUSE_RPT4_RESERVED0_1 (BIT(29)) -#define EFUSE_RPT4_RESERVED0_1_M (EFUSE_RPT4_RESERVED0_1_V << EFUSE_RPT4_RESERVED0_1_S) -#define EFUSE_RPT4_RESERVED0_1_V 0x00000001U -#define EFUSE_RPT4_RESERVED0_1_S 29 -/** EFUSE_RPT4_RESERVED0_0 : RO; bitpos: [31:30]; default: 0; - * Reserved. +#define EFUSE_ECC_FORCE_CONST_TIME (BIT(29)) +#define EFUSE_ECC_FORCE_CONST_TIME_M (EFUSE_ECC_FORCE_CONST_TIME_V << EFUSE_ECC_FORCE_CONST_TIME_S) +#define EFUSE_ECC_FORCE_CONST_TIME_V 0x00000001U +#define EFUSE_ECC_FORCE_CONST_TIME_S 29 +/** EFUSE_XTS_DPA_PSEUDO_LEVEL : R; bitpos: [31:30]; default: 0; + * Set this bit to control the xts pseudo-round anti-dpa attack function: 0: + * controlled by register. 1-3: the higher the value is, the more pseudo-rounds are + * inserted to the xts-aes calculation */ -#define EFUSE_RPT4_RESERVED0_0 0x00000003U -#define EFUSE_RPT4_RESERVED0_0_M (EFUSE_RPT4_RESERVED0_0_V << EFUSE_RPT4_RESERVED0_0_S) -#define EFUSE_RPT4_RESERVED0_0_V 0x00000003U -#define EFUSE_RPT4_RESERVED0_0_S 30 +#define EFUSE_XTS_DPA_PSEUDO_LEVEL 0x00000003U +#define EFUSE_XTS_DPA_PSEUDO_LEVEL_M (EFUSE_XTS_DPA_PSEUDO_LEVEL_V << EFUSE_XTS_DPA_PSEUDO_LEVEL_S) +#define EFUSE_XTS_DPA_PSEUDO_LEVEL_V 0x00000003U +#define EFUSE_XTS_DPA_PSEUDO_LEVEL_S 30 /** EFUSE_RD_REPEAT_DATA1_REG register * BLOCK0 data register 2. @@ -416,14 +419,13 @@ extern "C" { #define EFUSE_SEC_DPA_LEVEL_M (EFUSE_SEC_DPA_LEVEL_V << EFUSE_SEC_DPA_LEVEL_S) #define EFUSE_SEC_DPA_LEVEL_V 0x00000003U #define EFUSE_SEC_DPA_LEVEL_S 16 -/** EFUSE_ECDSA_FORCE_USE_HARDWARE_K : RO; bitpos: [18]; default: 1; - * Represents whether hardware random number k is forced used in ESDCA. 1: force used. - * 0: not force used. +/** EFUSE_RESERVE_0_114 : RO; bitpos: [18]; default: 1; + * Reserved */ -#define EFUSE_ECDSA_FORCE_USE_HARDWARE_K (BIT(18)) -#define EFUSE_ECDSA_FORCE_USE_HARDWARE_K_M (EFUSE_ECDSA_FORCE_USE_HARDWARE_K_V << EFUSE_ECDSA_FORCE_USE_HARDWARE_K_S) -#define EFUSE_ECDSA_FORCE_USE_HARDWARE_K_V 0x00000001U -#define EFUSE_ECDSA_FORCE_USE_HARDWARE_K_S 18 +#define EFUSE_RESERVE_0_114 (BIT(18)) +#define EFUSE_RESERVE_0_114_M (EFUSE_RESERVE_0_114_V << EFUSE_RESERVE_0_114_S) +#define EFUSE_RESERVE_0_114_V 0x00000001U +#define EFUSE_RESERVE_0_114_S 18 /** EFUSE_CRYPT_DPA_ENABLE : RO; bitpos: [19]; default: 1; * Represents whether anti-dpa attack is enabled. 1:enabled. 0: disabled. */ @@ -446,13 +448,20 @@ extern "C" { #define EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE_M (EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE_V << EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE_S) #define EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE_V 0x00000001U #define EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE_S 21 -/** EFUSE_RPT4_RESERVED2_0 : RO; bitpos: [27:22]; default: 0; - * Reserved. +/** EFUSE_POWERGLITCH_EN1 : R; bitpos: [26:22]; default: 0; + * Set these bits to enable power glitch function when chip power on */ -#define EFUSE_RPT4_RESERVED2_0 0x0000003FU -#define EFUSE_RPT4_RESERVED2_0_M (EFUSE_RPT4_RESERVED2_0_V << EFUSE_RPT4_RESERVED2_0_S) -#define EFUSE_RPT4_RESERVED2_0_V 0x0000003FU -#define EFUSE_RPT4_RESERVED2_0_S 22 +#define EFUSE_POWERGLITCH_EN1 0x0000001FU +#define EFUSE_POWERGLITCH_EN1_M (EFUSE_POWERGLITCH_EN1_V << EFUSE_POWERGLITCH_EN1_S) +#define EFUSE_POWERGLITCH_EN1_V 0x0000001FU +#define EFUSE_POWERGLITCH_EN1_S 22 +/** EFUSE_RESERVED_0_123 : R; bitpos: [27]; default: 0; + * reserved + */ +#define EFUSE_RESERVED_0_123 (BIT(27)) +#define EFUSE_RESERVED_0_123_M (EFUSE_RESERVED_0_123_V << EFUSE_RESERVED_0_123_S) +#define EFUSE_RESERVED_0_123_V 0x00000001U +#define EFUSE_RESERVED_0_123_S 27 /** EFUSE_FLASH_TPUW : RO; bitpos: [31:28]; default: 0; * Represents the flash waiting time after power-up, in unit of ms. When the value * less than 15, the waiting time is the programmed value. Otherwise, the waiting time diff --git a/components/soc/esp32h2/register/soc/efuse_struct.h b/components/soc/esp32h2/register/soc/efuse_struct.h index ab4c17e475..e1f07df653 100644 --- a/components/soc/esp32h2/register/soc/efuse_struct.h +++ b/components/soc/esp32h2/register/soc/efuse_struct.h @@ -252,18 +252,21 @@ typedef union { * functioned. */ uint32_t vdd_spi_as_gpio:1; - /** rpt4_reserved0_2 : RO; bitpos: [28:27]; default: 0; - * Reserved. + /** ecdsa_curve_mode : R; bitpos: [28:27]; default: 0; + * Configures the curve of ECDSA calculation: 0: only enable P256. 1: only enable + * P192. 2: both enable P256 and P192. 3: only enable P256 */ - uint32_t rpt4_reserved0_2:2; - /** rpt4_reserved0_1 : RO; bitpos: [29]; default: 0; - * Reserved. + uint32_t ecdsa_curve_mode:2; + /** ecc_force_const_time : R; bitpos: [29]; default: 0; + * Set this bit to permanently turn on ECC const-time mode */ - uint32_t rpt4_reserved0_1:1; - /** rpt4_reserved0_0 : RO; bitpos: [31:30]; default: 0; - * Reserved. + uint32_t ecc_force_const_time:1; + /** xts_dpa_pseudo_level : R; bitpos: [31:30]; default: 0; + * Set this bit to control the xts pseudo-round anti-dpa attack function: 0: + * controlled by register. 1-3: the higher the value is, the more pseudo-rounds are + * inserted to the xts-aes calculation */ - uint32_t rpt4_reserved0_0:2; + uint32_t xts_dpa_pseudo_level:2; }; uint32_t val; } efuse_rd_repeat_data0_reg_t; @@ -339,11 +342,10 @@ typedef union { * Represents the spa secure level by configuring the clock random divide mode. */ uint32_t sec_dpa_level:2; - /** ecdsa_force_use_hardware_k : RO; bitpos: [18]; default: 1; - * Represents whether hardware random number k is forced used in ESDCA. 1: force used. - * 0: not force used. + /** reserve_0_114 : RO; bitpos: [18]; default: 1; + * Reserved */ - uint32_t ecdsa_force_use_hardware_k:1; + uint32_t reserve_0_114:1; /** crypt_dpa_enable : RO; bitpos: [19]; default: 1; * Represents whether anti-dpa attack is enabled. 1:enabled. 0: disabled. */ @@ -357,10 +359,14 @@ typedef union { * enabled. 0: disabled. */ uint32_t secure_boot_aggressive_revoke:1; - /** rpt4_reserved2_0 : RO; bitpos: [27:22]; default: 0; - * Reserved. + /** powerglitch_en1 : R; bitpos: [26:22]; default: 0; + * Set these bits to enable power glitch function when chip power on */ - uint32_t rpt4_reserved2_0:6; + uint32_t powerglitch_en1:5; + /** reserved_0_123 : R; bitpos: [27]; default: 0; + * reserved + */ + uint32_t reserved_0_123:1; /** flash_tpuw : RO; bitpos: [31:28]; default: 0; * Represents the flash waiting time after power-up, in unit of ms. When the value * less than 15, the waiting time is the programmed value. Otherwise, the waiting time