secure boot: Rename efuse option for UART bootloader to option for ROM interpreter

diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild
index 949638594d4c193ab727b9a0c93c8cb413bb57ac..50165d0e586d0a209ea6e92c8a27ac70cbd96320 100644 (file)
--- a/components/bootloader/Kconfig.projbuild
+++ b/components/bootloader/Kconfig.projbuild
@@ -85,31 +85,31 @@ config SECURE_BOOT_SIGNING_KEY
         See docs/security/secure-boot.rst for details.
 
 config SECURE_BOOT_DISABLE_JTAG
-          bool "First boot: Permanently disable JTAG"
-          depends on SECURE_BOOTLOADER_ENABLED
-          default Y
-          help
-             Bootloader permanently disable JTAG (across entire chip) when enabling secure boot. This happens on first boot of the bootloader.
+       bool "First boot: Permanently disable JTAG"
+       depends on SECURE_BOOTLOADER_ENABLED
+       default Y
+       help
+          Bootloader permanently disable JTAG (across entire chip) when enabling secure boot. This happens on first boot of the bootloader.
 
-                 It is recommended this option remains set for production environments.
+          It is recommended this option remains set for production environments.
 
-config SECURE_BOOT_DISABLE_UART_BOOTLOADER
-          bool "First boot: Permanently disable UART bootloader"
-          depends on SECURE_BOOTLOADER_ENABLED
-          default Y
-          help
-             Bootloader permanently disables UART and other bootloader modes when enabling secure boot. This happens on first boot.
+config SECURE_BOOT_DISABLE_ROM_BASIC
+       bool "First boot: Permanently disable ROM BASIC fallback"
+       depends on SECURE_BOOTLOADER_ENABLED
+       default Y
+       help
+          Bootloader permanently disables ROM BASIC (on UART console) as a fallback if the bootloader image becomes invalid. This happens on first boot.
 
-                 It is recommended this option remains set for production environments.
+          It is recommended this option remains set in production environments.
 
 config SECURE_BOOT_TEST_MODE
-          bool "Test mode: don't actually enable secure boot"
-          depends on SECURE_BOOTLOADER_ENABLED
-          default N
-          help
-                 If this option is set, all permanent secure boot changes (via Efuse) are disabled.
+       bool "Test mode: don't actually enable secure boot"
+       depends on SECURE_BOOTLOADER_ENABLED
+       default N
+       help
+          If this option is set, all permanent secure boot changes (via Efuse) are disabled.
 
-                 This option is for testing purposes only - it effectively completely disables secure boot protection.
+          This option is for testing purposes only - it effectively completely disables secure boot protection.
 
 config SECURE_BOOTLOADER_ENABLED
     bool

diff --git a/components/bootloader_support/src/secure_boot_signatures.c b/components/bootloader_support/src/secure_boot_signatures.c
index 5106eb396f8302aed8a313cf2a15d5cf5d360958..6d47651b2f8fd911f89d3254158d035a0476a816 100644 (file)
--- a/components/bootloader_support/src/secure_boot_signatures.c
+++ b/components/bootloader_support/src/secure_boot_signatures.c
@@ -46,7 +46,7 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
     uint8_t digest[32];
     ptrdiff_t keylen;
     const uint8_t *data, *digest_data;
-    uint32_t digest_len, chunk_len;
+    uint32_t digest_len;
     const signature_block_t *sigblock;
     bool is_valid;