Skip to content

Commit 4371348

Browse files
AdityaHPatwardhanAdityaHPatwardhan
committed
Merge branch 'contrib/github_pr_17464' into 'master'
Update the QEMU instructions for the security_features_app example (GitHub PR) Closes IDFGH-16318 and IDFGH-16311 See merge request espressif/esp-idf!41438
2 parents 6e0fd57 + 391de42 commit 4371348

File tree

1 file changed

+24
-10
lines changed
  • examples/security/security_features_app

1 file changed

+24
-10
lines changed

examples/security/security_features_app/README.md

Lines changed: 24 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,14 @@ If you want to enable the security features on a target which has been virtually
6767

6868
The detailed instructions on how to use QEMU can be found in the [QEMU documentation](https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/tools/qemu.html).
6969

70+
For QEMU emulation, the eFuses are emulated and are saved in a file. The default location for this file is `build/qemu_efuse.bin`.
71+
72+
It is possible to save the eFuses in a different location by specifying the `--efuse-file` option when running QEMU commands. This is useful as the build directory may get modified and the flashed eFuse context may get reset.
73+
74+
```sh
75+
idf.py qemu --efuse-file <path_to_efuse.bin>
76+
```
77+
7078
<details>
7179
<summary>Target specific documentation</summary>
7280

@@ -121,7 +129,7 @@ Please follow below steps to enable Secure Boot V2:
121129
For QEMU emulation, the above command can be updated as follows:
122130

123131
```
124-
idf.py qemu efuse-burn-key BLOCK_KEY0 digest.bin SECURE_BOOT_DIGEST0
132+
idf.py qemu --efuse-file qemu_efuse.bin efuse-burn-key BLOCK_KEY0 digest.bin SECURE_BOOT_DIGEST0
125133
```
126134
</details>
127135

@@ -141,7 +149,7 @@ Please follow below steps to enable Secure Boot V2:
141149
For QEMU emulation, the above command can be updated as follows:
142150

143151
```
144-
idf.py qemu efuse-burn SECURE_BOOT_EN
152+
idf.py qemu --efuse-file qemu_efuse.bin efuse-burn SECURE_BOOT_EN
145153
```
146154
</details>
147155

@@ -202,7 +210,7 @@ Follow below steps to enable Flash Encryption:
202210
For QEMU emulation, the above command can be updated as follows:
203211

204212
```
205-
idf.py qemu efuse-burn-key BLOCK_KEY1 my_flash_encryption_key.bin XTS_AES_128_KEY
213+
idf.py qemu --efuse-file qemu_efuse.bin efuse-burn-key BLOCK_KEY1 my_flash_encryption_key.bin XTS_AES_128_KEY
206214
```
207215
</details>
208216

@@ -220,7 +228,7 @@ Follow below steps to enable Flash Encryption:
220228
For QEMU emulation, the above command can be updated as follows:
221229

222230
```
223-
idf.py qemu efuse-burn SPI_BOOT_CRYPT_CNT 7
231+
idf.py qemu --efuse-file qemu_efuse.bin efuse-burn SPI_BOOT_CRYPT_CNT 7
224232
```
225233
</details>
226234

@@ -306,7 +314,7 @@ We shall use the [nvs_partition_gen.py](../../../components/nvs_flash/nvs_partit
306314
For QEMU emulation, the above command can be updated as follows:
307315

308316
```
309-
idf.py qemu efuse-burn-key BLOCK_KEY2 keys/hmac_key.bin HMAC_UP
317+
idf.py qemu --efuse-file qemu_efuse.bin efuse-burn-key BLOCK_KEY2 keys/hmac_key.bin HMAC_UP
310318
```
311319
</details>
312320

@@ -371,7 +379,7 @@ The target provides an ability to disable JTAG access in the device for the soft
371379
For QEMU emulation, the above command can be updated as follows:
372380

373381
```shell
374-
idf.py qemu efuse-burn-key BLOCK_KEY3 secure_jtag_hmac_key.bin HMAC_DOWN_JTAG
382+
idf.py qemu --efuse-file qemu_efuse.bin efuse-burn-key BLOCK_KEY3 secure_jtag_hmac_key.bin HMAC_DOWN_JTAG
375383
```
376384

377385
</details>
@@ -389,7 +397,7 @@ The target provides an ability to disable JTAG access in the device for the soft
389397
For QEMU emulation, the above command can be updated as follows:
390398

391399
```shell
392-
idf.py qemu efuse-burn SOFT_DIS_JTAG 7
400+
idf.py qemu --efuse-file qemu_efuse.bin efuse-burn SOFT_DIS_JTAG 7
393401
```
394402

395403
</details>
@@ -599,20 +607,26 @@ Below are the commands that can be used to to emulate the target device on host
599607
600608
2. Build qemu image
601609
610+
First create a directory to store the merged binary
611+
612+
```sh
613+
mkdir -p build/qemu
614+
```
615+
602616
The qemu image can be built with following command
603617
604618
```sh
605-
idf.py merge-bin --merge-args ../qemu/qemu_flash_args -o qemu/security_features_flash_image.bin
619+
idf.py merge-bin -o qemu/security_features_flash_image.bin --fill-flash-size 4MB @qemu/qemu_flash_args
606620
```
607621
608-
**NOTE: The `idf.py merge-bin` command runs with `build` as the working directory. Make sure the relative path provided are relative to the `build` directory
622+
**NOTE: The `idf.py merge-bin` command runs with `build` as the working directory. Make sure the relative path provided are relative to the `build` directory**
609623
610624
### Run example on QEMU
611625
612626
The following command can be used to run example on qemu
613627
614628
```sh
615-
idf.py qemu --flash-file build/qemu/security_features_flash_image.bin monitor
629+
idf.py qemu --efuse-file qemu_efuse.bin --flash-file build/qemu/security_features_flash_image.bin monitor
616630
```
617631
618632
The qemu session can be closed by pressing `CTRL+ ]`.

0 commit comments

Comments
 (0)