From f607f19296e5991a64cbc54040dcfb96e7457037 Mon Sep 17 00:00:00 2001 From: KonstantinKondrashov Date: Tue, 7 Nov 2023 16:44:28 +0800 Subject: [PATCH] fix(espefuse): Fix ECDSA_FORCE_USE_HARDWARE_K for ECDSA key (esp32h2) --- espefuse/efuse/esp32h2/operations.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/espefuse/efuse/esp32h2/operations.py b/espefuse/efuse/esp32h2/operations.py index d9445d152..6debd0911 100644 --- a/espefuse/efuse/esp32h2/operations.py +++ b/espefuse/efuse/esp32h2/operations.py @@ -323,6 +323,15 @@ def burn_key(esp, efuses, args, digest=None): if efuses[block.key_purpose_name].is_writeable(): disable_wr_protect_key_purpose = True + if keypurpose == "ECDSA_KEY": + if efuses["ECDSA_FORCE_USE_HARDWARE_K"].get() == 0: + # For ECDSA key purpose block permanently enable + # the hardware TRNG supplied k mode (most secure mode) + print("\tECDSA_FORCE_USE_HARDWARE_K: 0 -> 1") + efuses["ECDSA_FORCE_USE_HARDWARE_K"].save(1) + else: + print("\tECDSA_FORCE_USE_HARDWARE_K is already '1'") + if disable_wr_protect_key_purpose: print("\tDisabling write to '%s'." % block.key_purpose_name) efuses[block.key_purpose_name].disable_write()