Merge branch 'bugfix/fix_efuse_example_c2' into 'master'

KonstantinKondrashov · KonstantinKondrashov · commit efc143bf10c8 · 2024-09-23T15:23:04.000+08:00
fix(efuse): Fix efuse test examples

Closes IDF-11263

See merge request espressif/esp-idf!32575
diff --git a/examples/system/efuse/conftest.py b/examples/system/efuse/conftest.py
@@ -1,9 +1,12 @@
-# SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+# SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
 # SPDX-License-Identifier: Apache-2.0
-
+import json
 import logging
 import os
+import tempfile
+from typing import Any
 
+import espefuse
 import pytest
 from _pytest.fixtures import FixtureRequest
 from _pytest.monkeypatch import MonkeyPatch
@@ -52,6 +55,12 @@ def bootloader_flash(self) -> None:
         # Restore self.app.flash files to original value
         self.app.flash_files = prev_flash_files
 
+    def erase_field_on_emul_efuse_by_name(self, efuse_names: list) -> None:
+        pos_of_bits = []
+        for name in efuse_names:
+            pos_of_bits.append(self.get_efuse_offset(name))
+        self.erase_field_on_emul_efuse(pos_of_bits)
+
     def erase_field_on_emul_efuse(self, pos_of_bits: list) -> None:
         emul_efuse_bin_path = os.path.join(self.app.binary_path, 'emul_efuse.bin')
         self.dump_flash(output=emul_efuse_bin_path, partition='emul_efuse')
@@ -86,6 +95,20 @@ def erase_bit(pos_of_bit: int) -> None:
         self.flash()
         self.app.flash_files = prev_flash_files
 
+    def get_efuse_offset(self, efuse_name: str) -> Any:
+        with tempfile.NamedTemporaryFile(suffix='.json') as temp_file:
+            temp_file_path = temp_file.name
+            espefuse.main(f'--virt -c {self.target} summary --format json --file {temp_file_path}'.split())
+            with open(temp_file_path, 'r') as file:
+                efuse_summary = json.load(file)
+                if efuse_name in efuse_summary:
+                    data = efuse_summary[efuse_name]
+                    offset = int(data['word'] * 32) + data['pos']
+                    print(f'{efuse_name} offset = {offset}')
+                    return offset
+                else:
+                    raise ValueError(f"eFuse '{efuse_name}' not found in the summary.")
+
 
 @pytest.fixture(scope='module')
 def monkeypatch_module(request: FixtureRequest) -> MonkeyPatch:
diff --git a/examples/system/efuse/main/efuse_main.c b/examples/system/efuse/main/efuse_main.c
@@ -17,11 +17,11 @@
 #include "esp_efuse_table.h"
 #include "esp_efuse_custom_table.h"
 
-#if CONFIG_SECURE_BOOT
+#if CONFIG_SECURE_BOOT || CONFIG_IDF_TARGET_ESP32C2
 #include "esp_secure_boot.h"
 #endif
 
-#if CONFIG_SECURE_FLASH_ENC_ENABLED
+#if CONFIG_SECURE_FLASH_ENC_ENABLED || CONFIG_IDF_TARGET_ESP32C2
 #include "esp_flash_encrypt.h"
 #endif
 
diff --git a/examples/system/efuse/pytest_system_efuse_example.py b/examples/system/efuse/pytest_system_efuse_example.py
@@ -174,20 +174,12 @@ def test_examples_efuse_with_virt_flash_enc_pre_loaded(dut: Dut) -> None:
     dut.expect('example: Done')
 
     if dut.app.target == 'esp32':
-        print(' - Flash emul_efuse with pre-loaded efuses (FLASH_CRYPT_CNT 1 -> 0)')
-        # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
-        FLASH_CRYPT_CNT = 20
-        # Resets eFuse, which enables Flash encryption feature
-        dut.serial.erase_field_on_emul_efuse([FLASH_CRYPT_CNT])
-    elif dut.app.target == 'esp32c2':
-        FLASH_CRYPT_CNT = 39
-        dut.serial.erase_field_on_emul_efuse([FLASH_CRYPT_CNT])
+        CRYPT_CNT_EFUSE_NAME = 'FLASH_CRYPT_CNT'
     else:
-        # offset of this eFuse is taken from components/efuse/{target}/esp_efuse_table.csv
-        print(' - Flash emul_efuse with pre-loaded efuses (SPI_BOOT_CRYPT_CNT 1 -> 0)')
-        SPI_BOOT_CRYPT_CNT = 82
-        # Resets eFuse, which enables Flash encryption feature
-        dut.serial.erase_field_on_emul_efuse([SPI_BOOT_CRYPT_CNT])
+        CRYPT_CNT_EFUSE_NAME = 'SPI_BOOT_CRYPT_CNT'
+    print(f' - Flash emul_efuse with pre-loaded efuses ({CRYPT_CNT_EFUSE_NAME} 1 -> 0)')
+    # Resets eFuse, which enables Flash encryption feature
+    dut.serial.erase_field_on_emul_efuse_by_name([CRYPT_CNT_EFUSE_NAME])
 
     print(' - Start app (flash partition_table and app)')
     dut.serial.write_flash_no_enc()
@@ -347,10 +339,8 @@ def test_examples_efuse_with_virt_secure_boot_v1_pre_loaded(dut: Dut) -> None:
     dut.expect('example: Done')
 
     print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_0 1 -> 0)')
-    # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
-    ABS_DONE_0 = 196
     # Resets eFuse, which enables Secure boot (V1) feature
-    dut.serial.erase_field_on_emul_efuse([ABS_DONE_0])
+    dut.serial.erase_field_on_emul_efuse_by_name(['ABS_DONE_0'])
 
     print(' - Start app (flash partition_table and app)')
     dut.serial.flash()
@@ -453,10 +443,8 @@ def test_examples_efuse_with_virt_secure_boot_v2(dut: Dut) -> None:
     dut.expect('example: Done')
 
     print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_1 1 -> 0)')
-    # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
-    ABS_DONE_1 = 197
     # Resets eFuse, which enables Secure boot (V2) feature
-    dut.serial.erase_field_on_emul_efuse([ABS_DONE_1])
+    dut.serial.erase_field_on_emul_efuse_by_name(['ABS_DONE_1'])
 
     print(' - Start app (flash partition_table and app)')
     dut.serial.flash()
@@ -518,10 +506,8 @@ def test_examples_efuse_with_virt_secure_boot_v2_pre_loaded(dut: Dut) -> None:
     dut.expect('example: Done')
 
     print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_1 1 -> 0)')
-    # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
-    ABS_DONE_1 = 197
     # Resets eFuse, which enables Secure boot (V2) feature
-    dut.serial.erase_field_on_emul_efuse([ABS_DONE_1])
+    dut.serial.erase_field_on_emul_efuse_by_name(['ABS_DONE_1'])
 
     print(' - Start app (flash partition_table and app)')
     dut.serial.flash()
@@ -594,7 +580,7 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(dut: Dut) -> None:
 
     dut.expect('Verifying image signature...')
     dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
-    if dut.app.target == 'esp32c2':
+    if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'):
         signed_scheme = 'ECDSA'
     else:
         signed_scheme = 'RSA-PSS'
@@ -670,24 +656,19 @@ def test_example_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(dut: Dut) ->
 
     print(' - Flash emul_efuse with pre-loaded efuses (SECURE_BOOT_EN 1 -> 0, SECURE_BOOT_KEY_REVOKE[0..2] -> 0)')
     # offsets of eFuses are taken from components/efuse/{target}/esp_efuse_table.csv
-    if dut.app.target == 'esp32c2':
-        SECURE_BOOT_EN = 53
-        dut.serial.erase_field_on_emul_efuse([SECURE_BOOT_EN])
+    # Resets eFuse, which enables Secure boot feature
+    # Resets eFuses, which control digest slots
+    if dut.app.sdkconfig.get('SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS'):
+        dut.serial.erase_field_on_emul_efuse_by_name(['SECURE_BOOT_EN', 'SECURE_BOOT_KEY_REVOKE0', 'SECURE_BOOT_KEY_REVOKE1', 'SECURE_BOOT_KEY_REVOKE2'])
     else:
-        SECURE_BOOT_EN = 116
-        SECURE_BOOT_KEY_REVOKE0 = 85
-        SECURE_BOOT_KEY_REVOKE1 = 86
-        SECURE_BOOT_KEY_REVOKE2 = 87
-        # Resets eFuse, which enables Secure boot feature
-        # Resets eFuses, which control digest slots
-        dut.serial.erase_field_on_emul_efuse([SECURE_BOOT_EN, SECURE_BOOT_KEY_REVOKE0, SECURE_BOOT_KEY_REVOKE1, SECURE_BOOT_KEY_REVOKE2])
+        dut.serial.erase_field_on_emul_efuse_by_name(['SECURE_BOOT_EN'])
 
     print(' - Start app (flash partition_table and app)')
     dut.serial.flash()
     dut.expect('Loading virtual efuse blocks from flash')
 
     dut.expect('Verifying image signature...')
-    if dut.app.target == 'esp32c2':
+    if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'):
         signed_scheme = 'ECDSA'
     else:
         signed_scheme = 'RSA-PSS'
@@ -981,7 +962,10 @@ def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(dut: Dut) -> None:
 
     dut.expect('Verifying image signature...')
     dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
-    signed_scheme = 'ECDSA' if dut.app.target == 'esp32c2' else 'RSA-PSS'
+    if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'):
+        signed_scheme = 'ECDSA'
+    else:
+        signed_scheme = 'RSA-PSS'
     dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
     dut.expect('secure_boot_v2: Signature verified successfully!')
 
diff --git a/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c5 b/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c5
@@ -2,13 +2,13 @@
 
 CONFIG_IDF_TARGET="esp32c5"
 
-CONFIG_PARTITION_TABLE_OFFSET=0xD000
+CONFIG_PARTITION_TABLE_OFFSET=0xE000
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
 
 CONFIG_SECURE_BOOT=y
 CONFIG_SECURE_BOOT_V2_ENABLED=y
-CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
+CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem"
 CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE=y
 
 CONFIG_SECURE_FLASH_ENC_ENABLED=y
diff --git a/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c61 b/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c61
@@ -8,7 +8,7 @@ CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
 
 CONFIG_SECURE_BOOT=y
 CONFIG_SECURE_BOOT_V2_ENABLED=y
-CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
+CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem"
 CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE=y
 
 CONFIG_SECURE_FLASH_ENC_ENABLED=y
diff --git a/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32p4 b/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32p4
@@ -2,7 +2,7 @@
 
 CONFIG_IDF_TARGET="esp32p4"
 
-CONFIG_PARTITION_TABLE_OFFSET=0xD000
+CONFIG_PARTITION_TABLE_OFFSET=0xE000
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
 
diff --git a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c5 b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c5
@@ -2,13 +2,13 @@
 
 CONFIG_IDF_TARGET="esp32c5"
 
-CONFIG_PARTITION_TABLE_OFFSET=0xC000
+CONFIG_PARTITION_TABLE_OFFSET=0xD000
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
 
 CONFIG_SECURE_BOOT=y
 CONFIG_SECURE_BOOT_V2_ENABLED=y
-CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
+CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem"
 CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
 
 # IMPORTANT: ONLY VIRTUAL eFuse MODE!
diff --git a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c61 b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c61
@@ -8,7 +8,7 @@ CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
 
 CONFIG_SECURE_BOOT=y
 CONFIG_SECURE_BOOT_V2_ENABLED=y
-CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem"
+CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem"
 CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
 
 # IMPORTANT: ONLY VIRTUAL eFuse MODE!
diff --git a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32p4 b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32p4
@@ -2,7 +2,7 @@
 
 CONFIG_IDF_TARGET="esp32p4"
 
-CONFIG_PARTITION_TABLE_OFFSET=0xC000
+CONFIG_PARTITION_TABLE_OFFSET=0xD000
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv"
 
