Chapter 2. API Reference
Available options:
• Development (NOT SECURE) (SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT)
• Release (SECURE_FLASH_ENCRYPTION_MODE_RELEASE)
Potentially insecure options Contains:
• CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS
• CONFIG_SECURE_BOOT_ALLOW_SHORT_APP_PARTITION
• CONFIG_SECURE_BOOT_ALLOW_JTAG
• CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
• CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE
• CONFIG_SECURE_BOOT_ALLOW_UNUSED_DIGEST_SLOTS
• CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
CONFIG_SECURE_BOOT_ALLOW_JTAG
Allow JTAG Debugging
Found in: Security features > Potentially insecure options
If not set (default), the bootloader will permanently disable JTAG (across entire chip) on first boot when
either secure boot or flash encryption is enabled.
Setting this option leaves JTAG on for debugging, which negates all protections of flash encryption and
some of the protections of secure boot.
Only set this option in testing environments.
Default value:
• No (disabled) if CONFIG_SECURE_BOOT_INSECURE || SE-
CURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
CONFIG_SECURE_BOOT_ALLOW_SHORT_APP_PARTITION
Allow app partition length not 64KB aligned
Found in: Security features > Potentially insecure options
If not set (default), app partition size must be a multiple of 64KB. App images are padded to 64KB
length, and the bootloader checks any trailing bytes after the signature (before the next 64KB boundary)
have not been written. This is because flash cache maps entire 64KB pages into the address space. This
prevents an attacker from appending unverified data after the app image in the flash, causing it to be
mapped into the address space.
Setting this option allows the app partition length to be unaligned, and disables padding of the app image
to this length. It is generally not recommended to set this option, unless you have a legacy partitioning
scheme which doesn’t support 64KB aligned partition lengths.
CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS
Allow additional read protecting of efuses
Found in: Security features > Potentially insecure options
If not set (default, recommended), on first boot the bootloader will burn the WR_DIS_RD_DIS efuse
when Secure Boot is enabled. This prevents any more efuses from being read protected.
If this option is set, it will remain possible to write the EFUSE_RD_DIS efuse field after Secure Boot
is enabled. This may allow an attacker to read-protect the BLK2 efuse (for ESP32) and BLOCK4-
BLOCK10 (i.e. BLOCK_KEY0-BLOCK_KEY5)(for other chips) holding the public key digest, caus-
ing an immediate denial of service and possibly allowing an additional fault injection attack to bypass
the signature protection.
Espressif Systems 1073
Submit Document Feedback
Release v4.4
To Next Page
Loading...
Need help?
General