Chapter 2. API Reference
4. Burn the “soft JTAG disable”bit by esp_efuse_write_field_bit(ESP_EFUSE_SOFT_DIS_JTAG). This will
permanently disable JTAG unless the correct key value is provided by software.
JTAG enable
1. The key to re-enable JTAG is the output of the HMAC-SHA256 function using the secret key in eFuse and
32 0x00 bytes as the message.
2. Pass this key value when calling the esp_hmac_jtag_enable() function from the firmware.
3. To re-disable JTAG in the firmware, reset the system or call esp_hmac_jtag_disable().
For more details, see ESP32-S2 Technical Reference Manual > HMAC Accelerator (HMAC) [PDF].
Application Outline
Following code is an outline of how to set an eFuse key and then use it to calculate an HMAC for software usage.
We use ets_efuse_write_key to set physical key block 4 in the eFuse for the HMAC module together with its purpose.
ETS_EFUSE_KEY_PURPOSE_HMAC_UP (8) means that this key can only be used for HMAC generation for software
usage:
#include "esp32s2/rom/efuse.h"
const uint8_t key_data[32] = { ... };
int ets_status = ets_efuse_write_key(ETS_EFUSE_BLOCK_KEY4,
ETS_EFUSE_KEY_PURPOSE_HMAC_UP,
key_data, sizeof(key_data));
if (ets_status == ESP_OK) {
// written key
} else {
// writing key failed, maybe written already
}
Now we can use the saved key to calculate an HMAC for software usage.
#include "esp_hmac.h"
uint8_t hmac[32];
const char *message = "Hello, HMAC!";
const size_t msg_len = 12;
esp_err_t result = esp_hmac_calculate(HMAC_KEY4, message, msg_len, hmac);
if (result == ESP_OK) {
// HMAC written to hmac now
} else {
// failure calculating HMAC
}
API Reference
Header File
• components/esp_hw_support/include/soc/esp32s2/esp_hmac.h
Functions
esp_err_t esp_hmac_calculate(hmac_key_id_t key_id, const void *message, size_t message_len,
uint8_t *hmac)
Calculate the HMAC of a given message.
Espressif Systems 274
Submit Document Feedback
Release v4.4
To Next Page
Loading...
Need help?
General