|
20 | 20 |
|
21 | 21 | #if SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT |
22 | 22 | #include "hal/key_mgr_ll.h" |
| 23 | +#include "hal/key_mgr_types.h" |
23 | 24 | #endif /* SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT */ |
24 | 25 |
|
25 | 26 | __attribute__((unused)) static const char *TAG = "esp_security"; |
26 | 27 |
|
27 | 28 | static void esp_key_mgr_init(void) |
28 | 29 | { |
29 | 30 | // The following code initializes the key manager. |
| 31 | + // When Flash Encryption is already enabled, Key Manager is initialized by the |
| 32 | + // ROM, and when Flash Encryption is enabled during boot up, Key Manager is |
| 33 | + // initialized by the bootloader. |
30 | 34 | #if SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT |
31 | | - // Enable key manager clock |
32 | | - // Using ll APIs which do not require critical section |
33 | | - _key_mgr_ll_enable_bus_clock(true); |
34 | | - _key_mgr_ll_enable_peripheral_clock(true); |
35 | | - _key_mgr_ll_reset_register(); |
36 | | - while (key_mgr_ll_get_state() != ESP_KEY_MGR_STATE_IDLE) { |
37 | | - }; |
| 35 | + if (!efuse_hal_flash_encryption_enabled()) { |
| 36 | + // Enable key manager clock |
| 37 | + key_mgr_ll_power_up(); |
| 38 | + // Using ll APIs which do not require critical section |
| 39 | + _key_mgr_ll_enable_bus_clock(true); |
| 40 | + _key_mgr_ll_enable_peripheral_clock(true); |
| 41 | + _key_mgr_ll_reset_register(); |
| 42 | + |
| 43 | + while (key_mgr_ll_get_state() != ESP_KEY_MGR_STATE_IDLE) { |
| 44 | + }; |
| 45 | + |
| 46 | + // Force Key Manager to use eFuse key by-default for an XTS-AES operation. |
| 47 | + key_mgr_ll_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); |
| 48 | + } |
38 | 49 | #endif /* SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT */ |
39 | 50 | } |
40 | 51 |
|
|
0 commit comments