bootloader: Don't enable secure boot or flash encryption for 3/4 Coding Scheme

diff --git a/components/bootloader_support/src/flash_encrypt.c b/components/bootloader_support/src/flash_encrypt.c
index a9e8f8f9bacd57fce8c6fec2deae89e7c7e85757..9f02adcbe21a1eac1eeb991ba46cc85f0ca4e239 100644 (file)
--- a/components/bootloader_support/src/flash_encrypt.c
+++ b/components/bootloader_support/src/flash_encrypt.c
@@ -62,6 +62,11 @@ esp_err_t esp_flash_encrypt_check_and_update(void)
 
 static esp_err_t initialise_flash_encryption(void)
 {
+    if (REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_CODING_SCHEME_M) {
+        ESP_LOGE(TAG, "Flash Encryption is currently not supported on hardware with 3/4 Coding Scheme (CODING_SCHEME efuse set)");
+        return ESP_ERR_NOT_SUPPORTED;
+    }
+
     /* Before first flash encryption pass, need to initialise key & crypto config */
 
     /* Generate key */

diff --git a/components/bootloader_support/src/secure_boot.c b/components/bootloader_support/src/secure_boot.c
index 6d8bc6107e0500888e2ab93068b6e27527fbc7b1..36f9ea8c6c09524ce40f9509cad406d75589afd5 100644 (file)
--- a/components/bootloader_support/src/secure_boot.c
+++ b/components/bootloader_support/src/secure_boot.c
@@ -110,6 +110,11 @@ esp_err_t esp_secure_boot_permanently_enable(void) {
         return ESP_OK;
     }
 
+    if (REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_CODING_SCHEME_M) {
+        ESP_LOGE(TAG, "Secure Boot is currently not supported on hardware with 3/4 Coding Scheme (CODING_SCHEME efuse set)");
+        return ESP_ERR_NOT_SUPPORTED;
+    }
+
     /* Verify the bootloader */
     esp_image_metadata_t bootloader_data = { 0 };
     err = esp_image_verify_bootloader_data(&bootloader_data);