Table of Contents
Advertisement
Chapter 2. API Reference
The security version is worth increasing if in previous versions there is a significant vulnerability and
their use is not acceptable.
Your partition table should has a scheme with ota_0 + ota_1 (without factory).
Default value:
• 0 if
CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD
Size of the efuse secure version field
Found in:
Bootloader config
FIG_BOOTLOADER_APP_ANTI_ROLLBACK
The size of the efuse secure version field. Its length is limited to 32 bits for ESP32 and 16 bits for
ESP32-S2. This determines how many times the security version can be increased.
Range:
• from 1 to 16 if
Default value:
• 16 if
CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE
Emulate operations with efuse secure version(only test)
Found in:
Bootloader config
FIG_BOOTLOADER_APP_ANTI_ROLLBACK
This option allows to emulate read/write operations with all eFuses and efuse secure version. It allows
to test anti-rollback implemention without permanent write eFuse bits. There should be an entry in
partition table with following details: emul_efuse, data, efuse, , 0x2000.
This option enables: EFUSE_VIRTUAL and EFUSE_VIRTUAL_KEEP_IN_FLASH.
Default value:
• No (disabled) if
CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP
Skip image validation when exiting deep sleep
Found in:
Bootloader config
This option disables the normal validation of an image coming out of deep sleep (checksums, SHA256,
and signature). This is a trade-off between wakeup performance from deep sleep, and image integrity
checks.
Only enable this if you know what you are doing. It should not be used in conjunction with using
deep_sleep() entry and changing the active OTA partition as this would skip the validation upon first
load of the new OTA partition.
It is possible to enable this option with Secure Boot if "allow insecure options"is enabled, however it'
s strongly recommended to NOT enable it as it may allow a Secure Boot bypass.
Default value:
• No (disabled) if
CONFIG_SECURE_BOOT
Espressif Systems
>
CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
>
CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
(CONFIG_SECURE_BOOT
1067
Submit Document Feedback
&& CONFIG_SECURE_BOOT_INSECURE) ||
>
CON-
>
CON-
Release v4.4
Advertisement
Table of Contents
Need help?
Do you have a question about the ESP32-S2 and is the answer not in the manual?