feat(tools): Add often used espefuse subcommands to idf.py
This commit is contained in:
@@ -22,11 +22,11 @@ ECDSA on {IDF_TARGET_NAME}
|
||||
|
||||
On {IDF_TARGET_NAME}, the ECDSA module works with a secret key burnt into an eFuse block. This eFuse key is made completely inaccessible (default mode) for any resources outside the cryptographic modules, thus avoiding key leakage.
|
||||
|
||||
ECDSA key can be programmed externally through ``espefuse.py`` script using:
|
||||
ECDSA key can be programmed externally through ``idf.py`` script. Here is an example of how to program the ECDSA key:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
espefuse.py burn_key <BLOCK_NUM> </path/to/ecdsa_private_key.pem> ECDSA_KEY
|
||||
idf.py efuse-burn-key <BLOCK_NUM> </path/to/ecdsa_private_key.pem> ECDSA_KEY
|
||||
|
||||
.. only:: SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK
|
||||
|
||||
@@ -63,7 +63,7 @@ Following code snippet uses :cpp:func:`esp_efuse_write_key` to set physical key
|
||||
|
||||
.. only:: SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
|
||||
|
||||
Determinisitic Signature Generation
|
||||
Deterministic Signature Generation
|
||||
-----------------------------------
|
||||
|
||||
The ECDSA peripheral of {IDF_TARGET_NAME} also supports generation of deterministic signatures using deterministic derivation of the parameter K as specified in the `RFC 6979 <https://tools.ietf.org/html/rfc6979>`_ section 3.2.
|
||||
|
||||
@@ -98,7 +98,7 @@ Following is the procedure to re-enable the JTAG:
|
||||
**Stage 1: Setup**
|
||||
|
||||
1. Generate a 256-bit HMAC secret key to use for JTAG re-enable.
|
||||
2. Write the key to an eFuse block with key purpose HMAC_DOWN_ALL (5) or HMAC_DOWN_JTAG (6). This can be done using the ``esp_efuse_write_key()`` function in the firmware or using ``espefuse.py`` from the host.
|
||||
2. Write the key to an eFuse block with key purpose HMAC_DOWN_ALL (5) or HMAC_DOWN_JTAG (6). This can be done using the ``esp_efuse_write_key()`` function in the firmware or using ``idf.py efuse-burn-key`` from the host.
|
||||
3. Configure the eFuse key block to be read-protected using the ``esp_efuse_set_read_protect()``, so that software cannot read back the value.
|
||||
4. Burn the ``soft JTAG disable`` bit/bits on {IDF_TARGET_NAME}. This will permanently disable JTAG unless the correct key value is provided by the software.
|
||||
|
||||
|
||||
@@ -199,7 +199,7 @@ If you use a development board without pull-ups, you can do the following:
|
||||
|
||||
Burning eFuses is irreversible! The issue list above might be out of date, so please make sure that the module you are burning has a 3.3 V flash chip by checking the information on https://www.espressif.com/. If you burn the 3.3 V eFuses on a module with a 1.8 V flash chip, the module will stop functioning.
|
||||
|
||||
If you are sure that you need to irreversibly burn eFuses, go to your ESP-IDF directory and run the following command:
|
||||
If you are sure that you need to irreversibly burn eFuses, go to your ESP-IDF directory and run the following command using ``espefuse.py`` tool:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
@@ -221,9 +221,11 @@ If you use a development board without pull-ups, you can do the following:
|
||||
|
||||
To check the status of the eFuses, run::
|
||||
|
||||
``components/esptool_py/esptool/espefuse.py summary``
|
||||
.. code-block::
|
||||
|
||||
If running from an automated flashing script, ``espefuse.py`` has an option ``--do-not-confirm``.
|
||||
idf.py efuse-summary
|
||||
|
||||
If running from an automated flashing script, it is better to use standalone eFuse tool, ``espefuse.py``. This tool also has an option ``--do-not-confirm`` to burn eFuses without confirmation.
|
||||
|
||||
For more details, see **{IDF_TARGET_NAME} Technical Reference Manual** [`PDF <{IDF_TARGET_TRM_EN_URL}#efuse>`__].
|
||||
|
||||
|
||||
Reference in New Issue
Block a user