espressif: update secure boot and flash encryption
Adjust secure boot and flash encryption after IDF v5.x updates.
It also allows to enable secure boot on ESP32-C2.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
diff --git a/boot/espressif/port/esp32c2/bootloader.conf b/boot/espressif/port/esp32c2/bootloader.conf
index 286b1a1..54f797e 100644
--- a/boot/espressif/port/esp32c2/bootloader.conf
+++ b/boot/espressif/port/esp32c2/bootloader.conf
@@ -63,6 +63,12 @@
# using imgtool instead of use the existent sample
# CONFIG_ESP_SIGN_KEY_FILE=root-ec-p256.pem
+# Hardware Secure Boot related options
+# CONFIG_SECURE_SIGNED_ON_BOOT=1
+# CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME=1
+# CONFIG_SECURE_BOOT=1
+# CONFIG_SECURE_BOOT_V2_ENABLED=1
+
# Hardware Flash Encryption related options
# CONFIG_SECURE_FLASH_ENC_ENABLED=1
# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=1
@@ -72,6 +78,10 @@
# CONFIG_SECURE_BOOT_ALLOW_JTAG=1
# CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=1
+# This option must be also enabled when enabling both Secure Boot
+# and Flash Encryption at same time
+# CONFIG_SECURE_BOOT_FLASH_ENC_KEYS_BURN_TOGETHER=1
+
# Options for enabling eFuse emulation in Flash
# CONFIG_EFUSE_VIRTUAL=1
# CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=1
diff --git a/boot/espressif/port/esp32c3/ld/bootloader.ld b/boot/espressif/port/esp32c3/ld/bootloader.ld
index 65f15cc..747b549 100644
--- a/boot/espressif/port/esp32c3/ld/bootloader.ld
+++ b/boot/espressif/port/esp32c3/ld/bootloader.ld
@@ -13,8 +13,8 @@
MEMORY
{
iram_seg (RWX) : org = 0x403C7000, len = 0x9000
- iram_loader_seg (RWX) : org = 0x403D0000, len = 0x5000
- dram_seg (RW) : org = 0x3FCD5000, len = 0xA000
+ iram_loader_seg (RWX) : org = 0x403D0000, len = 0x5400
+ dram_seg (RW) : org = 0x3FCD5400, len = 0xA000
}
/* Default entry point: */