2020
2121#if SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT
2222#include "hal/key_mgr_ll.h"
23+ #include "hal/key_mgr_types.h"
2324#endif /* SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT */
2425
2526#if SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
@@ -31,14 +32,24 @@ __attribute__((unused)) static const char *TAG = "esp_security";
3132static void esp_key_mgr_init (void )
3233{
3334 // The following code initializes the key manager.
35+ // When Flash Encryption is already enabled, Key Manager is initialized by the
36+ // ROM, and when Flash Encryption is enabled during boot up, Key Manager is
37+ // initialized by the bootloader.
3438#if SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT
35- // Enable key manager clock
36- // Using ll APIs which do not require critical section
37- _key_mgr_ll_enable_bus_clock (true);
38- _key_mgr_ll_enable_peripheral_clock (true);
39- _key_mgr_ll_reset_register ();
40- while (key_mgr_ll_get_state () != ESP_KEY_MGR_STATE_IDLE ) {
41- };
39+ if (!efuse_hal_flash_encryption_enabled ()) {
40+ // Enable key manager clock
41+ key_mgr_ll_power_up ();
42+ // Using ll APIs which do not require critical section
43+ _key_mgr_ll_enable_bus_clock (true);
44+ _key_mgr_ll_enable_peripheral_clock (true);
45+ _key_mgr_ll_reset_register ();
46+
47+ while (key_mgr_ll_get_state () != ESP_KEY_MGR_STATE_IDLE ) {
48+ };
49+
50+ // Force Key Manager to use eFuse key by-default for an XTS-AES operation.
51+ key_mgr_ll_set_key_usage (ESP_KEY_MGR_XTS_AES_128_KEY , ESP_KEY_MGR_USE_EFUSE_KEY );
52+ }
4253#endif /* SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT */
4354}
4455
0 commit comments