eFuse Manager¶
Introduction¶
The eFuse Manager library is designed to structure access to eFuse bits and make using these easy. This library operates eFuse bits by a structure name which is assigned in eFuse table. This sections introduces some concepts used by eFuse Manager.
Hardware description¶
The ESP32-S3 has a number of eFuses which can store system and user parameters. Each eFuse is a one-bit field which can be programmed to 1 after which it cannot be reverted back to 0. Some of system parameters are using these eFuse bits directly by hardware modules and have special place (for example EFUSE_BLK0).
For more details, see ESP32-S3 Technical Reference Manual > eFuse Controller (eFuse) [PDF]. Some eFuse bits are available for user applications.
ESP32-S3 has 11 eFuse blocks each of the size of 256 bits (not all bits are available):
- EFUSE_BLK0 is used entirely for system purposes; 
- EFUSE_BLK1 is used entirely for system purposes; 
- EFUSE_BLK2 is used entirely for system purposes; 
- EFUSE_BLK3 or EFUSE_BLK_USER_DATA can be used for user purposes; 
- EFUSE_BLK4 or EFUSE_BLK_KEY0 can be used as key (for secure_boot or flash_encryption) or for user purposes; 
- EFUSE_BLK5 or EFUSE_BLK_KEY1 can be used as key (for secure_boot or flash_encryption) or for user purposes; 
- EFUSE_BLK6 or EFUSE_BLK_KEY2 can be used as key (for secure_boot or flash_encryption) or for user purposes; 
- EFUSE_BLK7 or EFUSE_BLK_KEY3 can be used as key (for secure_boot or flash_encryption) or for user purposes; 
- EFUSE_BLK8 or EFUSE_BLK_KEY4 can be used as key (for secure_boot or flash_encryption) or for user purposes; 
- EFUSE_BLK9 or EFUSE_BLK_KEY5 can be used as key (for secure_boot or flash_encryption) or for user purposes; 
- EFUSE_BLK10 or EFUSE_BLK_SYS_DATA_PART2 is reseved for system purposes. 
Each block is divided into 8 32-bits registers.
eFuse Manager component¶
The component has API functions for reading and writing fields. Access to the fields is carried out through the structures that describe the location of the eFuse bits in the blocks. The component provides the ability to form fields of any length and from any number of individual bits. The description of the fields is made in a CSV file in a table form. To generate from a tabular form (CSV file) in the C-source uses the tool efuse_table_gen.py. The tool checks the CSV file for uniqueness of field names and bit intersection, in case of using a custom file from the user’s project directory, the utility will check with the common CSV file.
CSV files:
- common (esp_efuse_table.csv) - contains eFuse fields which are used inside the IDF. C-source generation should be done manually when changing this file (run command - idf.py efuse-common-table). Note that changes in this file can lead to incorrect operation.
- custom - (optional and can be enabled by CONFIG_EFUSE_CUSTOM_TABLE) contains eFuse fields that are used by the user in their application. C-source generation should be done manually when changing this file and running - idf.py efuse-custom-table.
Description CSV file¶
The CSV file contains a description of the eFuse fields. In the simple case, one field has one line of description. Table header:
# field_name,  efuse_block(EFUSE_BLK0..EFUSE_BLK10), bit_start(0..255),    bit_count(1..256),        comment
Individual params in CSV file the following meanings:
- field_name
- Name of field. The prefix ESP_EFUSE_ will be added to the name, and this field name will be available in the code. This name will be used to access the fields. The name must be unique for all fields. If the line has an empty name, then this line is combined with the previous field. This allows you to set an arbitrary order of bits in the field, and expand the field as well (see - MAC_FACTORYfield in the common table). The field_name supports structured format using . to show that the field belongs to another field (see- WR_DISand- RD_DISin the common table).
- efuse_block
- Block number. It determines where the eFuse bits will be placed for this field. Available EFUSE_BLK0..EFUSE_BLK10. 
- bit_start
- Start bit number (0..255). The bit_start field can be omitted. In this case, it will be set to bit_start + bit_count from the previous record, if it has the same efuse_block. Otherwise (if efuse_block is different, or this is the first entry), an error will be generated. 
- bit_count
- The number of bits to use in this field (1..-). This parameter can not be omitted. This field also may be - MAX_BLK_LENin this case, the field length will have the maximum block length.
- comment
- This param is using for comment field, it also move to C-header file. The comment field can be omitted. 
If a non-sequential bit order is required to describe a field, then the field description in the following lines should be continued without specifying a name, this will indicate that it belongs to one field. For example two fields MAC_FACTORY and MAC_FACTORY_CRC:
# Factory MAC address #
#######################
MAC_FACTORY,            EFUSE_BLK0,    72,    8,    Factory MAC addr [0]
,                       EFUSE_BLK0,    64,    8,    Factory MAC addr [1]
,                       EFUSE_BLK0,    56,    8,    Factory MAC addr [2]
,                       EFUSE_BLK0,    48,    8,    Factory MAC addr [3]
,                       EFUSE_BLK0,    40,    8,    Factory MAC addr [4]
,                       EFUSE_BLK0,    32,    8,    Factory MAC addr [5]
MAC_FACTORY_CRC,        EFUSE_BLK0,    80,    8,    CRC8 for factory MAC address
This field will available in code as ESP_EFUSE_MAC_FACTORY and ESP_EFUSE_MAC_FACTORY_CRC.
Structured efuse fields¶
WR_DIS,                           EFUSE_BLK0,   0,    32,     Write protection
WR_DIS.RD_DIS,                    EFUSE_BLK0,   0,    1,      Write protection for RD_DIS
WR_DIS.FIELD_1,                   EFUSE_BLK0,   1,    1,      Write protection for FIELD_1
WR_DIS.FIELD_2,                   EFUSE_BLK0,   2,    4,      Write protection for FIELD_2 (includes B1 and B2)
WR_DIS.FIELD_2.B1,                EFUSE_BLK0,   2,    2,      Write protection for FIELD_2.B1
WR_DIS.FIELD_2.B2,                EFUSE_BLK0,   4,    2,      Write protection for FIELD_2.B2
WR_DIS.FIELD_3,                   EFUSE_BLK0,   5,    1,      Write protection for FIELD_3
WR_DIS.FIELD_3.ALIAS,             EFUSE_BLK0,   5,    1,      Write protection for FIELD_3 (just a alias for WR_DIS.FIELD_3)
WR_DIS.FIELD_4,                   EFUSE_BLK0,   7,    1,      Write protection for FIELD_4
The structured eFuse field looks like WR_DIS.RD_DIS where the dot points that this field belongs to the parent field - WR_DIS and can not be out of the parent’s range.
It is possible to use some levels of structured fields as WR_DIS.FIELD_2.B1 and B2. These fields should not be crossed each other and should be in the range of two fields: WR_DIS and WR_DIS.FIELD_2.
It is possible to create aliases for fields with the same range, see WR_DIS.FIELD_3 and WR_DIS.FIELD_3.ALIAS.
The IDF names for structured efuse fields should be unique. The efuse_table_gen tool will generate the final names where the dot will be replaced by _. The names for using in IDF are ESP_EFUSE_WR_DIS, ESP_EFUSE_WR_DIS_RD_DIS, ESP_EFUSE_WR_DIS_FIELD_2_B1, etc.
efuse_table_gen.py tool¶
The tool is designed to generate C-source files from CSV file and validate fields. First of all, the check is carried out on the uniqueness of the names and overlaps of the field bits. If an additional custom file is used, it will be checked with the existing common file (esp_efuse_table.csv). In case of errors, a message will be displayed and the string that caused the error. C-source files contain structures of type esp_efuse_desc_t.
To generate a common files, use the following command idf.py efuse-common-table or:
cd $IDF_PATH/components/efuse/
./efuse_table_gen.py esp32s3/esp_efuse_table.csv
After generation in the folder $IDF_PATH/components/efuse/esp32s3 create:
- esp_efuse_table.c file. 
- In include folder esp_efuse_table.c file. 
To generate a custom files, use the following command idf.py efuse-custom-table or:
cd $IDF_PATH/components/efuse/
./efuse_table_gen.py esp32s3/esp_efuse_table.csv PROJECT_PATH/main/esp_efuse_custom_table.csv
After generation in the folder PROJECT_PATH/main create:
- esp_efuse_custom_table.c file. 
- In include folder esp_efuse_custom_table.c file. 
To use the generated fields, you need to include two files:
#include "esp_efuse.h"
#include "esp_efuse_table.h" or "esp_efuse_custom_table.h"
Supported coding scheme¶
Coding schemes are used to protect against data corruption. ESP32-S3 supports two coding schemes:
- None. EFUSE_BLK0 is stored with four backups, meaning each bit is stored four times. This backup scheme is automatically applied by the hardware and is not visible to software. EFUSE_BLK0 can be written many times.
- RS. EFUSE_BLK1 - EFUSE_BLK10 use Reed-Solomon coding scheme that supports up to 5 bytes of automatic error correction. Software will encode the 32-byte EFUSE_BLKx using RS (44, 32) to generate a 12-byte check code, and then burn the EFUSE_BLKx and the check code into eFuse at the same time. The eFuse Controller automatically decodes the RS encoding and applies error correction when reading back the eFuse block. Because the RS check codes are generated across the entire 256-bit eFuse block, each block can only be written to one time.
To write some fields into one block, or different blocks in one time, you need to use the batch writing mode. Firstly set this mode through esp_efuse_batch_write_begin() function then write some fields as usual using the esp_efuse_write_... functions. At the end to burn them, call the esp_efuse_batch_write_commit() function. It burns prepared data to the eFuse blocks and disables the batch recording mode.
eFuse API¶
Access to the fields is via a pointer to the description structure. API functions have some basic operation:
- esp_efuse_read_field_blob()- returns an array of read eFuse bits.
- esp_efuse_read_field_cnt()- returns the number of bits programmed as “1”.
- esp_efuse_write_field_blob()- writes an array.
- esp_efuse_write_field_cnt()- writes a required count of bits as “1”.
- esp_efuse_get_field_size()- returns the number of bits by the field name.
- esp_efuse_read_reg()- returns value of eFuse register.
- esp_efuse_write_reg()- writes value to eFuse register.
- esp_efuse_get_coding_scheme()- returns eFuse coding scheme for blocks.
- esp_efuse_read_block()- reads key to eFuse block starting at the offset and the required size.
- esp_efuse_write_block()- writes key to eFuse block starting at the offset and the required size.
- esp_efuse_batch_write_begin()- set the batch mode of writing fields.
- esp_efuse_batch_write_commit()- writes all prepared data for batch writing mode and reset the batch writing mode.
- esp_efuse_batch_write_cancel()- reset the batch writing mode and prepared data.
- esp_efuse_get_key_dis_read()- Returns a read protection for the key block.
- esp_efuse_set_key_dis_read()- Sets a read protection for the key block.
- esp_efuse_get_key_dis_write()- Returns a write protection for the key block.
- esp_efuse_set_key_dis_write()- Sets a write protection for the key block.
- esp_efuse_get_key_purpose()- Returns the current purpose set for an eFuse key block.
- esp_efuse_write_key()- Programs a block of key data to an eFuse block
- esp_efuse_write_keys()- Programs keys to unused eFuse blocks
- esp_efuse_find_purpose()- Finds a key block with the particular purpose set.
- esp_efuse_get_keypurpose_dis_write()- Returns a write protection of the key purpose field for an eFuse key block (for esp32 always true).
- esp_efuse_key_block_unused()- Returns true if the key block is unused, false otherwise.
For frequently used fields, special functions are made, like this esp_efuse_get_chip_ver(), esp_efuse_get_pkg_ver().
eFuse API for keys¶
EFUSE_BLK_KEY0 - EFUSE_BLK_KEY5 are intended to keep up to 6 keys with a length of 256-bits. Each key has an ESP_EFUSE_KEY_PURPOSE_x field which defines the purpose of these keys. The purpose field is described in esp_efuse_purpose_t.
The purposes like ESP_EFUSE_KEY_PURPOSE_XTS_AES_... are used for flash encryption.
The purposes like ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST... are used for secure boot.
There are some eFuse APIs useful to work with states of keys.
- esp_efuse_get_purpose_field()- Returns a pointer to a key purpose for an eFuse key block.
- esp_efuse_get_key()- Returns a pointer to a key block.
- esp_efuse_set_key_purpose()- Sets a key purpose for an eFuse key block.
- esp_efuse_set_keypurpose_dis_write()- Sets a write protection of the key purpose field for an eFuse key block.
- esp_efuse_find_unused_key_block()- Search for an unused key block and return the first one found.
- esp_efuse_count_unused_key_blocks()- Returns the number of unused eFuse key blocks in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX
- esp_efuse_get_digest_revoke()- Returns the status of the Secure Boot public key digest revocation bit.
- esp_efuse_set_digest_revoke()- Sets the Secure Boot public key digest revocation bit.
- esp_efuse_get_write_protect_of_digest_revoke()- Returns a write protection of the Secure Boot public key digest revocation bit.
- esp_efuse_set_write_protect_of_digest_revoke()- Sets a write protection of the Secure Boot public key digest revocation bit.
How to add a new field¶
- Find a free bits for field. Show esp_efuse_table.csv file or run - idf.py show-efuse-tableor the next command:
$ ./efuse_table_gen.py esp32s3/esp_efuse_table.csv --info
eFuse coding scheme: NONE
#       field_name                      efuse_block     bit_start       bit_count
1       WR_DIS_FLASH_CRYPT_CNT          EFUSE_BLK0         2               1
2       WR_DIS_BLK1                     EFUSE_BLK0         7               1
3       WR_DIS_BLK2                     EFUSE_BLK0         8               1
4       WR_DIS_BLK3                     EFUSE_BLK0         9               1
5       RD_DIS_BLK1                     EFUSE_BLK0         16              1
6       RD_DIS_BLK2                     EFUSE_BLK0         17              1
7       RD_DIS_BLK3                     EFUSE_BLK0         18              1
8       FLASH_CRYPT_CNT                 EFUSE_BLK0         20              7
9       MAC_FACTORY                     EFUSE_BLK0         32              8
10      MAC_FACTORY                     EFUSE_BLK0         40              8
11      MAC_FACTORY                     EFUSE_BLK0         48              8
12      MAC_FACTORY                     EFUSE_BLK0         56              8
13      MAC_FACTORY                     EFUSE_BLK0         64              8
14      MAC_FACTORY                     EFUSE_BLK0         72              8
15      MAC_FACTORY_CRC                 EFUSE_BLK0         80              8
16      CHIP_VER_DIS_APP_CPU            EFUSE_BLK0         96              1
17      CHIP_VER_DIS_BT                 EFUSE_BLK0         97              1
18      CHIP_VER_PKG                    EFUSE_BLK0        105              3
19      CHIP_CPU_FREQ_LOW               EFUSE_BLK0        108              1
20      CHIP_CPU_FREQ_RATED             EFUSE_BLK0        109              1
21      CHIP_VER_REV1                   EFUSE_BLK0        111              1
22      ADC_VREF_AND_SDIO_DREF          EFUSE_BLK0        136              6
23      XPD_SDIO_REG                    EFUSE_BLK0        142              1
24      SDIO_TIEH                       EFUSE_BLK0        143              1
25      SDIO_FORCE                      EFUSE_BLK0        144              1
26      ENCRYPT_CONFIG                  EFUSE_BLK0        188              4
27      CONSOLE_DEBUG_DISABLE           EFUSE_BLK0        194              1
28      ABS_DONE_0                      EFUSE_BLK0        196              1
29      DISABLE_JTAG                    EFUSE_BLK0        198              1
30      DISABLE_DL_ENCRYPT              EFUSE_BLK0        199              1
31      DISABLE_DL_DECRYPT              EFUSE_BLK0        200              1
32      DISABLE_DL_CACHE                EFUSE_BLK0        201              1
33      ENCRYPT_FLASH_KEY               EFUSE_BLK1         0              256
34      SECURE_BOOT_KEY                 EFUSE_BLK2         0              256
35      MAC_CUSTOM_CRC                  EFUSE_BLK3         0               8
36      MAC_CUSTOM                      EFUSE_BLK3         8               48
37      ADC1_TP_LOW                     EFUSE_BLK3         96              7
38      ADC1_TP_HIGH                    EFUSE_BLK3        103              9
39      ADC2_TP_LOW                     EFUSE_BLK3        112              7
40      ADC2_TP_HIGH                    EFUSE_BLK3        119              9
41      SECURE_VERSION                  EFUSE_BLK3        128              32
42      MAC_CUSTOM_VER                  EFUSE_BLK3        184              8
Used bits in eFuse table:
EFUSE_BLK0
[2 2] [7 9] [16 18] [20 27] [32 87] [96 97] [105 109] [111 111] [136 144] [188 191] [194 194] [196 196] [198 201]
EFUSE_BLK1
[0 255]
EFUSE_BLK2
[0 255]
EFUSE_BLK3
[0 55] [96 159] [184 191]
Note: Not printed ranges are free for using. (bits in EFUSE_BLK0 are reserved for Espressif)
Parsing eFuse CSV input file $IDF_PATH/components/efuse/esp32s3/esp_efuse_table.csv ...
Verifying eFuse table...
The number of bits not included in square brackets is free (bits in EFUSE_BLK0 are reserved for Espressif). All fields are checked for overlapping.
- Fill a line for field: field_name, efuse_block, bit_start, bit_count, comment. 
- Run a - show_efuse_tablecommand to check eFuse table. To generate source files run- efuse_common_tableor- efuse_custom_tablecommand.
Debug eFuse & Unit tests¶
Virtual eFuses¶
The Kconfig option CONFIG_EFUSE_VIRTUAL will virtualize eFuse values inside the eFuse Manager, so writes are emulated and no eFuse values are permanently changed. This can be useful for debugging app and unit tests. During startup, the eFuses are copied to RAM. All eFuse operations (read and write) are performed with RAM instead of the real eFuse registers.
In addition to the CONFIG_EFUSE_VIRTUAL option there is CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH option that adds a feature to keep eFuses in flash memory. To use this mode the partition_table should have the efuse partition. partition.csv: "efuse_em, data, efuse,   ,   0x2000,".
During startup, the eFuses are copied from flash or, in case if flash is empty, from real eFuse to RAM and then update flash. This option allows keeping eFuses after reboots (possible to test secure_boot and flash_encryption features with this option).
espefuse.py¶
esptool includes a useful tool for reading/writing ESP32-S3 eFuse bits - espefuse.py.
espefuse.py -p PORT summary Connecting.... Detecting chip type... ESP32-S3 espefuse.py v3.1-dev EFUSE_NAME (Block) Description = [Meaningful Value] [Readable/Writeable] (Hex Value) ---------------------------------------------------------------------------------------- Calibration fuses: TEMP_SENSOR_CAL (BLOCK2) Temperature calibration = -9.200000000000001 R/W (0b101011100) ADC1_MODE0_D2 (BLOCK2) ADC1 calibration 1 = -28 R/W (0x87) ADC1_MODE1_D2 (BLOCK2) ADC1 calibration 2 = -28 R/W (0x87) ADC1_MODE2_D2 (BLOCK2) ADC1 calibration 3 = -28 R/W (0x87) ADC1_MODE3_D2 (BLOCK2) ADC1 calibration 4 = -24 R/W (0x86) ADC2_MODE0_D2 (BLOCK2) ADC2 calibration 5 = 12 R/W (0x03) ADC2_MODE1_D2 (BLOCK2) ADC2 calibration 6 = 8 R/W (0x02) ADC2_MODE2_D2 (BLOCK2) ADC2 calibration 7 = 12 R/W (0x03) ADC2_MODE3_D2 (BLOCK2) ADC2 calibration 8 = 16 R/W (0x04) ADC1_MODE0_D1 (BLOCK2) ADC1 calibration 9 = -20 R/W (0b100101) ADC1_MODE1_D1 (BLOCK2) ADC1 calibration 10 = -12 R/W (0b100011) ADC1_MODE2_D1 (BLOCK2) ADC1 calibration 11 = -12 R/W (0b100011) ADC1_MODE3_D1 (BLOCK2) ADC1 calibration 12 = -4 R/W (0b100001) ADC2_MODE0_D1 (BLOCK2) ADC2 calibration 13 = -12 R/W (0b100011) ADC2_MODE1_D1 (BLOCK2) ADC2 calibration 14 = -8 R/W (0b100010) ADC2_MODE2_D1 (BLOCK2) ADC2 calibration 15 = -8 R/W (0b100010) ADC2_MODE3_D1 (BLOCK2) ADC2 calibration 16 = -4 R/W (0b100001) Config fuses: DIS_ICACHE (BLOCK0) Disables ICache = False R/W (0b0) DIS_DCACHE (BLOCK0) Disables DCache = False R/W (0b0) DIS_DOWNLOAD_ICACHE (BLOCK0) Disables Icache when SoC is in Download mode = False R/W (0b0) DIS_DOWNLOAD_DCACHE (BLOCK0) Disables Dcache when SoC is in Download mode = False R/W (0b0) DIS_FORCE_DOWNLOAD (BLOCK0) Disables forcing chip into Download mode = False R/W (0b0) DIS_CAN (BLOCK0) Disables the TWAI Controller hardware = False R/W (0b0) DIS_BOOT_REMAP (BLOCK0) Disables capability to Remap RAM to ROM address sp = False R/W (0b0) ace FLASH_TPUW (BLOCK0) Configures flash startup delay after SoC power-up, = 0 R/W (0x0) unit is (ms/2). When the value is 15, delay is 7. 5 ms DIS_LEGACY_SPI_BOOT (BLOCK0) Disables Legacy SPI boot mode = False R/W (0b0) UART_PRINT_CHANNEL (BLOCK0) Selects the default UART for printing boot msg = UART0 R/W (0b0) DIS_USB_DOWNLOAD_MODE (BLOCK0) Disables use of USB in UART download boot mode = False R/W (0b0) UART_PRINT_CONTROL (BLOCK0) Sets the default UART boot message output mode = Enabled R/W (0b00) FLASH_TYPE (BLOCK0) Selects SPI flash type = 4 data lines R/W (0b0) FORCE_SEND_RESUME (BLOCK0) Forces ROM code to send an SPI flash resume comman = False R/W (0b0) d during SPI boot BLOCK_USR_DATA (BLOCK3) User data = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W Efuse fuses: WR_DIS (BLOCK0) Disables programming of individual eFuses = 0 R/W (0x00000000) RD_DIS (BLOCK0) Disables software reading from BLOCK4-10 = 0 R/W (0b0000000) Identity fuses: BLOCK0_VERSION (BLOCK0) BLOCK0 efuse version = 0 R/W (0b00) SECURE_VERSION (BLOCK0) Secure version (used by ESP-IDF anti-rollback feat = 0 R/W (0x0000) ure) MAC (BLOCK1) Factory MAC Address = 7c:df:a1:00:3a:6e: (OK) R/W WAFER_VERSION (BLOCK1) WAFER version = A R/W (0b000) PKG_VERSION (BLOCK1) Package version = ESP32-S3, QFN 7x7 56 pins R/W (0x0) BLOCK1_VERSION (BLOCK1) BLOCK1 efuse version = 0 R/W (0b000) OPTIONAL_UNIQUE_ID (BLOCK2)(0 errors): Optional unique 128-bit ID = 7d 33 b8 bb 0b 13 b3 c8 71 37 0e e8 7c ab d5 92 R/W BLOCK2_VERSION (BLOCK2) Version of BLOCK2 = With calibration R/W (0b001) CUSTOM_MAC (BLOCK3) Custom MAC Address = 00:00:00:00:00:00 (OK) R/W Security fuses: SOFT_DIS_JTAG (BLOCK0) Software disables JTAG. When software disabled, JT = False R/W (0b000) AG can be activated temporarily by HMAC peripheral HARD_DIS_JTAG (BLOCK0) Hardware disables JTAG permanently = False R/W (0b0) DIS_DOWNLOAD_MANUAL_ENCRYPT (BLOCK0) Disables flash encryption when in download boot mo = False R/W (0b0) des SPI_BOOT_CRYPT_CNT (BLOCK0) Enables encryption and decryption, when an SPI boo = Disable R/W (0b000) t mode is set. Enabled when 1 or 3 bits are set,di sabled otherwise SECURE_BOOT_KEY_REVOKE0 (BLOCK0) If set, revokes use of secure boot key digest 0 = False R/W (0b0) SECURE_BOOT_KEY_REVOKE1 (BLOCK0) If set, revokes use of secure boot key digest 1 = False R/W (0b0) SECURE_BOOT_KEY_REVOKE2 (BLOCK0) If set, revokes use of secure boot key digest 2 = False R/W (0b0) KEY_PURPOSE_0 (BLOCK0) KEY0 purpose = USER R/W (0x0) KEY_PURPOSE_1 (BLOCK0) KEY1 purpose = USER R/W (0x0) KEY_PURPOSE_2 (BLOCK0) KEY2 purpose = USER R/W (0x0) KEY_PURPOSE_3 (BLOCK0) KEY3 purpose = USER R/W (0x0) KEY_PURPOSE_4 (BLOCK0) KEY4 purpose = USER R/W (0x0) KEY_PURPOSE_5 (BLOCK0) KEY5 purpose = USER R/W (0x0) SECURE_BOOT_EN (BLOCK0) Enables secure boot = False R/W (0b0) SECURE_BOOT_AGGRESSIVE_REVOKE (BLOCK0) Enables aggressive secure boot key revocation mode = False R/W (0b0) DIS_DOWNLOAD_MODE (BLOCK0) Disables all Download boot modes = False R/W (0b0) ENABLE_SECURITY_DOWNLOAD (BLOCK0) Enables secure UART download mode (read/write flas = False R/W (0b0) h only) BLOCK_KEY0 (BLOCK4)(0 errors): Purpose: USER Encryption key0 or user data = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W BLOCK_KEY1 (BLOCK5)(0 errors): Purpose: USER Encryption key1 or user data = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W BLOCK_KEY2 (BLOCK6)(0 errors): Purpose: USER Encryption key2 or user data = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W BLOCK_KEY3 (BLOCK7)(0 errors): Purpose: USER Encryption key3 or user data = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W BLOCK_KEY4 (BLOCK8)(0 errors): Purpose: USER Encryption key4 or user data = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W BLOCK_KEY5 (BLOCK9)(0 errors): Purpose: USER Encryption key5 or user data = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W BLOCK_SYS_DATA2 (BLOCK10) System data (part 2) = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W Spi_Pad_Config fuses: SPI_PAD_CONFIG_CLK (BLOCK1) SPI CLK pad = 0 R/W (0b000000) SPI_PAD_CONFIG_Q (BLOCK1) SPI Q (D1) pad = 0 R/W (0b000000) SPI_PAD_CONFIG_D (BLOCK1) SPI D (D0) pad = 0 R/W (0b000000) SPI_PAD_CONFIG_CS (BLOCK1) SPI CS pad = 0 R/W (0b000000) SPI_PAD_CONFIG_HD (BLOCK1) SPI HD (D3) pad = 0 R/W (0b000000) SPI_PAD_CONFIG_WP (BLOCK1) SPI WP (D2) pad = 0 R/W (0b000000) SPI_PAD_CONFIG_DQS (BLOCK1) SPI DQS pad = 0 R/W (0b000000) SPI_PAD_CONFIG_D4 (BLOCK1) SPI D4 pad = 0 R/W (0b000000) SPI_PAD_CONFIG_D5 (BLOCK1) SPI D5 pad = 0 R/W (0b000000) SPI_PAD_CONFIG_D6 (BLOCK1) SPI D6 pad = 0 R/W (0b000000) SPI_PAD_CONFIG_D7 (BLOCK1) SPI D7 pad = 0 R/W (0b000000) Usb Config fuses: DIS_USB (BLOCK0) Disables the USB OTG hardware = False R/W (0b0) USB_EXCHG_PINS (BLOCK0) Exchanges USB D+ and D- pins = False R/W (0b0) EXT_PHY_ENABLE (BLOCK0) Enables external USB PHY = False R/W (0b0) USB_FORCE_NOPERSIST (BLOCK0) Forces to set USB BVALID to 1 = False R/W (0b0) Vdd_Spi Config fuses: VDD_SPI_FORCE (BLOCK0) Force using VDD_SPI_XPD and VDD_SPI_TIEH to config = False R/W (0b0) ure VDD_SPI LDO VDD_SPI_XPD (BLOCK0) The VDD_SPI regulator is powered on = False R/W (0b0) VDD_SPI_TIEH (BLOCK0) The VDD_SPI power supply voltage at reset = Connect to 1.8V LDO R/W (0b0) PIN_POWER_SELECTION (BLOCK0) Sets default power supply for GPIO33..37, set when = VDD3P3_CPU R/W (0b0) SPI flash is initialized Wdt Config fuses: WDT_DELAY_SEL (BLOCK0) Selects RTC WDT timeout threshold at startup = 0 R/W (0b00) Flash voltage (VDD_SPI) determined by GPIO45 on reset (GPIO45=High: VDD_SPI pin is powered from internal 1.8V LDO GPIO45=Low or NC: VDD_SPI pin is powered directly from VDD3P3_RTC_IO via resistor Rspi. Typically this voltage is 3.3 V).To get a dump for all eFuse registers.
espefuse.py -p PORT dump Connecting.... Detecting chip type... ESP32-S3 BLOCK0 ( ) [0 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 MAC_SPI_8M_0 (BLOCK1 ) [1 ] read_regs: a1003a6e 00007cdf 00000000 00000000 00000000 00000000 BLOCK_SYS_DATA (BLOCK2 ) [2 ] read_regs: bbb8337d c8b3130b e80e3771 92d5ab7c 8787ae10 02038687 38e50403 8628a386 BLOCK_USR_DATA (BLOCK3 ) [3 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 BLOCK_KEY0 (BLOCK4 ) [4 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 BLOCK_KEY1 (BLOCK5 ) [5 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 BLOCK_KEY2 (BLOCK6 ) [6 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 BLOCK_KEY3 (BLOCK7 ) [7 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 BLOCK_KEY4 (BLOCK8 ) [8 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 BLOCK_KEY5 (BLOCK9 ) [9 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 BLOCK_SYS_DATA2 (BLOCK10 ) [10] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 espefuse.py v3.1-dev
Header File¶
Functions¶
- 
esp_err_t esp_efuse_read_field_blob(const esp_efuse_desc_t *field[], void *dst, size_t dst_size_bits)¶
- Reads bits from EFUSE field and writes it into an array. - The number of read bits will be limited to the minimum value from the description of the bits in “field” structure or “dst_size_bits” required size. Use “esp_efuse_get_field_size()” function to determine the length of the field. - Note
- Please note that reading in the batch mode does not show uncommitted changes. 
- Return
- ESP_OK: The operation was successfully completed. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
 
- Parameters
- [in] field: A pointer to the structure describing the fields of efuse.
- [out] dst: A pointer to array that will contain the result of reading.
- [in] dst_size_bits: The number of bits required to read. If the requested number of bits is greater than the field, the number will be limited to the field size.
 
 
- 
bool esp_efuse_read_field_bit(const esp_efuse_desc_t *field[])¶
- Read a single bit eFuse field as a boolean value. - Note
- The value must exist and must be a single bit wide. If there is any possibility of an error in the provided arguments, call esp_efuse_read_field_blob() and check the returned value instead. 
- Note
- If assertions are enabled and the parameter is invalid, execution will abort 
- Note
- Please note that reading in the batch mode does not show uncommitted changes. 
- Return
- true: The field parameter is valid and the bit is set. 
- false: The bit is not set, or the parameter is invalid and assertions are disabled. 
 
- Parameters
- [in] field: A pointer to the structure describing the fields of efuse.
 
 
- 
esp_err_t esp_efuse_read_field_cnt(const esp_efuse_desc_t *field[], size_t *out_cnt)¶
- Reads bits from EFUSE field and returns number of bits programmed as “1”. - If the bits are set not sequentially, they will still be counted. - Note
- Please note that reading in the batch mode does not show uncommitted changes. 
- Return
- ESP_OK: The operation was successfully completed. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
 
- Parameters
- [in] field: A pointer to the structure describing the fields of efuse.
- [out] out_cnt: A pointer that will contain the number of programmed as “1” bits.
 
 
- 
esp_err_t esp_efuse_write_field_blob(const esp_efuse_desc_t *field[], const void *src, size_t src_size_bits)¶
- Writes array to EFUSE field. - The number of write bits will be limited to the minimum value from the description of the bits in “field” structure or “src_size_bits” required size. Use “esp_efuse_get_field_size()” function to determine the length of the field. After the function is completed, the writing registers are cleared. - Return
- ESP_OK: The operation was successfully completed. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden. 
- ESP_ERR_CODING: Error range of data does not match the coding scheme. 
 
- Parameters
- [in] field: A pointer to the structure describing the fields of efuse.
- [in] src: A pointer to array that contains the data for writing.
- [in] src_size_bits: The number of bits required to write.
 
 
- 
esp_err_t esp_efuse_write_field_cnt(const esp_efuse_desc_t *field[], size_t cnt)¶
- Writes a required count of bits as “1” to EFUSE field. - If there are no free bits in the field to set the required number of bits to “1”, ESP_ERR_EFUSE_CNT_IS_FULL error is returned, the field will not be partially recorded. After the function is completed, the writing registers are cleared. - Return
- ESP_OK: The operation was successfully completed. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_EFUSE_CNT_IS_FULL: Not all requested cnt bits is set. 
 
- Parameters
- [in] field: A pointer to the structure describing the fields of efuse.
- [in] cnt: Required number of programmed as “1” bits.
 
 
- 
esp_err_t esp_efuse_write_field_bit(const esp_efuse_desc_t *field[])¶
- Write a single bit eFuse field to 1. - For use with eFuse fields that are a single bit. This function will write the bit to value 1 if it is not already set, or does nothing if the bit is already set. - This is equivalent to calling esp_efuse_write_field_cnt() with the cnt parameter equal to 1, except that it will return ESP_OK if the field is already set to 1. - Return
- ESP_OK: The operation was successfully completed, or the bit was already set to value 1. 
- ESP_ERR_INVALID_ARG: Error in the passed arugments, including if the efuse field is not 1 bit wide. 
 
- Parameters
- [in] field: Pointer to the structure describing the efuse field.
 
 
- 
esp_err_t esp_efuse_set_write_protect(esp_efuse_block_t blk)¶
- Sets a write protection for the whole block. - After that, it is impossible to write to this block. The write protection does not apply to block 0. - Return
- ESP_OK: The operation was successfully completed. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_EFUSE_CNT_IS_FULL: Not all requested cnt bits is set. 
- ESP_ERR_NOT_SUPPORTED: The block does not support this command. 
 
- Parameters
- [in] blk: Block number of eFuse. (EFUSE_BLK1, EFUSE_BLK2 and EFUSE_BLK3)
 
 
- 
esp_err_t esp_efuse_set_read_protect(esp_efuse_block_t blk)¶
- Sets a read protection for the whole block. - After that, it is impossible to read from this block. The read protection does not apply to block 0. - Return
- ESP_OK: The operation was successfully completed. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_EFUSE_CNT_IS_FULL: Not all requested cnt bits is set. 
- ESP_ERR_NOT_SUPPORTED: The block does not support this command. 
 
- Parameters
- [in] blk: Block number of eFuse. (EFUSE_BLK1, EFUSE_BLK2 and EFUSE_BLK3)
 
 
- 
int esp_efuse_get_field_size(const esp_efuse_desc_t *field[])¶
- Returns the number of bits used by field. - Return
- Returns the number of bits used by field. 
- Parameters
- [in] field: A pointer to the structure describing the fields of efuse.
 
 
- 
uint32_t esp_efuse_read_reg(esp_efuse_block_t blk, unsigned int num_reg)¶
- Returns value of efuse register. - This is a thread-safe implementation. Example: EFUSE_BLK2_RDATA3_REG where (blk=2, num_reg=3) - Note
- Please note that reading in the batch mode does not show uncommitted changes. 
- Return
- Value of register 
- Parameters
- [in] blk: Block number of eFuse.
- [in] num_reg: The register number in the block.
 
 
- 
esp_err_t esp_efuse_write_reg(esp_efuse_block_t blk, unsigned int num_reg, uint32_t val)¶
- Write value to efuse register. - Apply a coding scheme if necessary. This is a thread-safe implementation. Example: EFUSE_BLK3_WDATA0_REG where (blk=3, num_reg=0) - Return
- ESP_OK: The operation was successfully completed. 
- ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden. 
 
- Parameters
- [in] blk: Block number of eFuse.
- [in] num_reg: The register number in the block.
- [in] val: Value to write.
 
 
- 
esp_efuse_coding_scheme_t esp_efuse_get_coding_scheme(esp_efuse_block_t blk)¶
- Return efuse coding scheme for blocks. - Note: The coding scheme is applicable only to 1, 2 and 3 blocks. For 0 block, the coding scheme is always - NONE.- Return
- Return efuse coding scheme for blocks 
- Parameters
- [in] blk: Block number of eFuse.
 
 
- 
esp_err_t esp_efuse_read_block(esp_efuse_block_t blk, void *dst_key, size_t offset_in_bits, size_t size_bits)¶
- Read key to efuse block starting at the offset and the required size. - Note
- Please note that reading in the batch mode does not show uncommitted changes. 
- Return
- ESP_OK: The operation was successfully completed. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_CODING: Error range of data does not match the coding scheme. 
 
- Parameters
- [in] blk: Block number of eFuse.
- [in] dst_key: A pointer to array that will contain the result of reading.
- [in] offset_in_bits: Start bit in block.
- [in] size_bits: The number of bits required to read.
 
 
- 
esp_err_t esp_efuse_write_block(esp_efuse_block_t blk, const void *src_key, size_t offset_in_bits, size_t size_bits)¶
- Write key to efuse block starting at the offset and the required size. - Return
- ESP_OK: The operation was successfully completed. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_CODING: Error range of data does not match the coding scheme. 
- ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits 
 
- Parameters
- [in] blk: Block number of eFuse.
- [in] src_key: A pointer to array that contains the key for writing.
- [in] offset_in_bits: Start bit in block.
- [in] size_bits: The number of bits required to write.
 
 
- 
uint8_t esp_efuse_get_chip_ver(void)¶
- Returns chip version from efuse. - Return
- chip version 
 
- 
uint32_t esp_efuse_get_pkg_ver(void)¶
- Returns chip package from efuse. - Return
- chip package 
 
- 
void esp_efuse_reset(void)¶
- Reset efuse write registers. - Efuse write registers are written to zero, to negate any changes that have been staged here. - Note
- This function is not threadsafe, if calling code updates efuse values from multiple tasks then this is caller’s responsibility to serialise. 
 
- 
esp_err_t esp_efuse_disable_rom_download_mode(void)¶
- Disable ROM Download Mode via eFuse. - Permanently disables the ROM Download Mode feature. Once disabled, if the SoC is booted with strapping pins set for ROM Download Mode then an error is printed instead. - Note
- Not all SoCs support this option. An error will be returned if called on an ESP32 with a silicon revision lower than 3, as these revisions do not support this option. 
- Note
- If ROM Download Mode is already disabled, this function does nothing and returns success. 
- Return
- ESP_OK If the eFuse was successfully burned, or had already been burned. 
- ESP_ERR_NOT_SUPPORTED (ESP32 only) This SoC is not capable of disabling UART download mode 
- ESP_ERR_INVALID_STATE (ESP32 only) This eFuse is write protected and cannot be written 
 
 
- 
esp_err_t esp_efuse_set_rom_log_scheme(esp_efuse_rom_log_scheme_t log_scheme)¶
- Set boot ROM log scheme via eFuse. - Note
- By default, the boot ROM will always print to console. This API can be called to set the log scheme only once per chip, once the value is changed from the default it can’t be changed again. 
- Return
- ESP_OK If the eFuse was successfully burned, or had already been burned. 
- ESP_ERR_NOT_SUPPORTED (ESP32 only) This SoC is not capable of setting ROM log scheme 
- ESP_ERR_INVALID_STATE This eFuse is write protected or has been burned already 
 
- Parameters
- log_scheme: Supported ROM log scheme
 
 
- 
esp_err_t esp_efuse_enable_rom_secure_download_mode(void)¶
- Switch ROM Download Mode to Secure Download mode via eFuse. - Permanently enables Secure Download mode. This mode limits the use of ROM Download Mode functions to simple flash read, write and erase operations, plus a command to return a summary of currently enabled security features. - Note
- If Secure Download mode is already enabled, this function does nothing and returns success. 
- Note
- Disabling the ROM Download Mode also disables Secure Download Mode. 
- Return
- ESP_OK If the eFuse was successfully burned, or had already been burned. 
- ESP_ERR_INVALID_STATE ROM Download Mode has been disabled via eFuse, so Secure Download mode is unavailable. 
 
 
- 
uint32_t esp_efuse_read_secure_version(void)¶
- Return secure_version from efuse field. - Return
- Secure version from efuse field 
 
- 
bool esp_efuse_check_secure_version(uint32_t secure_version)¶
- Check secure_version from app and secure_version and from efuse field. - Return
- True: If version of app is equal or more then secure_version from efuse. 
 
- Parameters
- secure_version: Secure version from app.
 
 
- 
esp_err_t esp_efuse_update_secure_version(uint32_t secure_version)¶
- Write efuse field by secure_version value. - Update the secure_version value is available if the coding scheme is None. Note: Do not use this function in your applications. This function is called as part of the other API. - Return
- ESP_OK: Successful. 
- ESP_FAIL: secure version of app cannot be set to efuse field. 
- ESP_ERR_NOT_SUPPORTED: Anti rollback is not supported with the 3/4 and Repeat coding scheme. 
 
- Parameters
- [in] secure_version: Secure version from app.
 
 
- 
esp_err_t esp_efuse_batch_write_begin(void)¶
- Set the batch mode of writing fields. - This mode allows you to write the fields in the batch mode when need to burn several efuses at one time. To enable batch mode call begin() then perform as usually the necessary operations read and write and at the end call commit() to actually burn all written efuses. The batch mode can be used nested. The commit will be done by the last commit() function. The number of begin() functions should be equal to the number of commit() functions. - Note: If batch mode is enabled by the first task, at this time the second task cannot write/read efuses. The second task will wait for the first task to complete the batch operation. - Note
- Please note that reading in the batch mode does not show uncommitted changes. 
 - // Example of using the batch writing mode. // set the batch writing mode esp_efuse_batch_write_begin(); // use any writing functions as usual esp_efuse_write_field_blob(ESP_EFUSE_...); esp_efuse_write_field_cnt(ESP_EFUSE_...); esp_efuse_set_write_protect(EFUSE_BLKx); esp_efuse_write_reg(EFUSE_BLKx, ...); esp_efuse_write_block(EFUSE_BLKx, ...); esp_efuse_write(ESP_EFUSE_1, 3); // ESP_EFUSE_1 == 1, here we write a new value = 3. The changes will be burn by the commit() function. esp_efuse_read_...(ESP_EFUSE_1); // this function returns ESP_EFUSE_1 == 1 because uncommitted changes are not readable, it will be available only after commit. ... // esp_efuse_batch_write APIs can be called recursively. esp_efuse_batch_write_begin(); esp_efuse_set_write_protect(EFUSE_BLKx); esp_efuse_batch_write_commit(); // the burn will be skipped here, it will be done in the last commit(). ... // Write all of these fields to the efuse registers esp_efuse_batch_write_commit(); esp_efuse_read_...(ESP_EFUSE_1); // this function returns ESP_EFUSE_1 == 3. - Return
- ESP_OK: Successful. 
 
 
- 
esp_err_t esp_efuse_batch_write_cancel(void)¶
- Reset the batch mode of writing fields. - It will reset the batch writing mode and any written changes. - Return
- ESP_OK: Successful. 
- ESP_ERR_INVALID_STATE: Tha batch mode was not set. 
 
 
- 
esp_err_t esp_efuse_batch_write_commit(void)¶
- Writes all prepared data for the batch mode. - Must be called to ensure changes are written to the efuse registers. After this the batch writing mode will be reset. - Return
- ESP_OK: Successful. 
- ESP_ERR_INVALID_STATE: The deferred writing mode was not set. 
 
 
- 
bool esp_efuse_block_is_empty(esp_efuse_block_t block)¶
- Checks that the given block is empty. - Return
- True: The block is empty. 
- False: The block is not empty or was an error. 
 
 
- 
bool esp_efuse_get_key_dis_read(esp_efuse_block_t block)¶
- Returns a read protection for the key block. - Return
- True: The key block is read protected False: The key block is readable. 
- Parameters
- [in] block: A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX
 
 
- 
esp_err_t esp_efuse_set_key_dis_read(esp_efuse_block_t block)¶
- Sets a read protection for the key block. - Return
- ESP_OK: Successful. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden. 
- ESP_ERR_CODING: Error range of data does not match the coding scheme. 
 
- Parameters
- [in] block: A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX
 
 
- 
bool esp_efuse_get_key_dis_write(esp_efuse_block_t block)¶
- Returns a write protection for the key block. - Return
- True: The key block is write protected False: The key block is writeable. 
- Parameters
- [in] block: A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX
 
 
- 
esp_err_t esp_efuse_set_key_dis_write(esp_efuse_block_t block)¶
- Sets a write protection for the key block. - Return
- ESP_OK: Successful. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden. 
- ESP_ERR_CODING: Error range of data does not match the coding scheme. 
 
- Parameters
- [in] block: A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX
 
 
- 
bool esp_efuse_key_block_unused(esp_efuse_block_t block)¶
- Returns true if the key block is unused, false otherwise. - An unused key block is all zero content, not read or write protected, and has purpose 0 (ESP_EFUSE_KEY_PURPOSE_USER) - Return
- True if key block is unused, 
- False if key block is used or the specified block index is not a key block. 
 
- Parameters
- block: key block to check.
 
 
- 
bool esp_efuse_find_purpose(esp_efuse_purpose_t purpose, esp_efuse_block_t *block)¶
- Find a key block with the particular purpose set. - Return
- True: If found, 
- False: If not found (value at block pointer is unchanged). 
 
- Parameters
- [in] purpose: Purpose to search for.
- [out] block: Pointer in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX which will be set to the key block if found. Can be NULL, if only need to test the key block exists.
 
 
- 
bool esp_efuse_get_keypurpose_dis_write(esp_efuse_block_t block)¶
- Returns a write protection of the key purpose field for an efuse key block. - Note
- For ESP32: no keypurpose, it returns always True. 
- Return
- True: The key purpose is write protected. False: The key purpose is writeable. 
- Parameters
- [in] block: A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX
 
 
- 
esp_efuse_purpose_t esp_efuse_get_key_purpose(esp_efuse_block_t block)¶
- Returns the current purpose set for an efuse key block. - Return
- Value: If Successful, it returns the value of the purpose related to the given key block. 
- ESP_EFUSE_KEY_PURPOSE_MAX: Otherwise. 
 
- Parameters
- [in] block: A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX
 
 
- 
const esp_efuse_desc_t **esp_efuse_get_purpose_field(esp_efuse_block_t block)¶
- Returns a pointer to a key purpose for an efuse key block. - To get the value of this field use esp_efuse_read_field_blob() or esp_efuse_get_key_purpose(). - Parameters
- [in] block: A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX
 
 - Return
- Pointer: If Successful returns a pointer to the corresponding efuse field otherwise NULL. 
 
- 
const esp_efuse_desc_t **esp_efuse_get_key(esp_efuse_block_t block)¶
- Returns a pointer to a key block. - Return
- Pointer: If Successful returns a pointer to the corresponding efuse field otherwise NULL. 
- Parameters
- [in] block: A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX
 
 
- 
esp_err_t esp_efuse_set_key_purpose(esp_efuse_block_t block, esp_efuse_purpose_t purpose)¶
- Sets a key purpose for an efuse key block. - Return
- ESP_OK: Successful. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden. 
- ESP_ERR_CODING: Error range of data does not match the coding scheme. 
 
- Parameters
- [in] block: A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX
- [in] purpose: Key purpose.
 
 
- 
esp_err_t esp_efuse_set_keypurpose_dis_write(esp_efuse_block_t block)¶
- Sets a write protection of the key purpose field for an efuse key block. - Return
- ESP_OK: Successful. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden. 
- ESP_ERR_CODING: Error range of data does not match the coding scheme. 
 
- Parameters
- [in] block: A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX
 
 
- 
esp_efuse_block_t esp_efuse_find_unused_key_block(void)¶
- Search for an unused key block and return the first one found. - See esp_efuse_key_block_unused for a description of an unused key block. - Return
- First unused key block, or EFUSE_BLK_KEY_MAX if no unused key block is found. 
 
- 
unsigned esp_efuse_count_unused_key_blocks(void)¶
- Return the number of unused efuse key blocks in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX. 
- 
bool esp_efuse_get_digest_revoke(unsigned num_digest)¶
- Returns the status of the Secure Boot public key digest revocation bit. - Return
- True: If key digest is revoked, 
- False; If key digest is not revoked. 
 
- Parameters
- [in] num_digest: The number of digest in range 0..2
 
 
- 
esp_err_t esp_efuse_set_digest_revoke(unsigned num_digest)¶
- Sets the Secure Boot public key digest revocation bit. - Return
- ESP_OK: Successful. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden. 
- ESP_ERR_CODING: Error range of data does not match the coding scheme. 
 
- Parameters
- [in] num_digest: The number of digest in range 0..2
 
 
- 
bool esp_efuse_get_write_protect_of_digest_revoke(unsigned num_digest)¶
- Returns a write protection of the Secure Boot public key digest revocation bit. - Return
- True: The revocation bit is write protected. False: The revocation bit is writeable. 
- Parameters
- [in] num_digest: The number of digest in range 0..2
 
 
- 
esp_err_t esp_efuse_set_write_protect_of_digest_revoke(unsigned num_digest)¶
- Sets a write protection of the Secure Boot public key digest revocation bit. - Return
- ESP_OK: Successful. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden. 
- ESP_ERR_CODING: Error range of data does not match the coding scheme. 
 
- Parameters
- [in] num_digest: The number of digest in range 0..2
 
 
- 
esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpose, const void *key, size_t key_size_bytes)¶
- Program a block of key data to an efuse block. - The burn of a key, protection bits, and a purpose happens in batch mode. - Return
- ESP_OK: Successful. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_INVALID_STATE: Error in efuses state, unused block not found. 
- ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden. 
- ESP_ERR_CODING: Error range of data does not match the coding scheme. 
 
- Parameters
- [in] block: Block to read purpose for. Must be in range EFUSE_BLK_KEY0 to EFUSE_BLK_KEY_MAX. Key block must be unused (esp_efuse_key_block_unused).
- [in] purpose: Purpose to set for this key. Purpose must be already unset.
- [in] key: Pointer to data to write.
- [in] key_size_bytes: Bytes length of data to write.
 
 
- 
esp_err_t esp_efuse_write_keys(const esp_efuse_purpose_t purposes[], uint8_t keys[][32], unsigned number_of_keys)¶
- Program keys to unused efuse blocks. - The burn of keys, protection bits, and purposes happens in batch mode. - Return
- ESP_OK: Successful. 
- ESP_ERR_INVALID_ARG: Error in the passed arguments. 
- ESP_ERR_INVALID_STATE: Error in efuses state, unused block not found. 
- ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS: Error not enough unused key blocks available 
- ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden. 
- ESP_ERR_CODING: Error range of data does not match the coding scheme. 
 
- Parameters
- [in] purposes: Array of purposes (purpose[number_of_keys]).
- [in] keys: Array of keys (uint8_t keys[number_of_keys][32]). Each key is 32 bytes long.
- [in] number_of_keys: The number of keys to write (up to 6 keys).
 
 
- 
esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys)¶
- Read key digests from efuse. Any revoked/missing digests will be marked as NULL. - Return
- ESP_OK: Successful. 
- ESP_FAIL: If trusted_keys is NULL or there is no valid digest. 
 
- Parameters
- [out] trusted_keys: The number of digest in range 0..2
 
 
Macros¶
- 
ESP_ERR_EFUSE¶
- Base error code for efuse api. 
- 
ESP_OK_EFUSE_CNT¶
- OK the required number of bits is set. 
- 
ESP_ERR_EFUSE_CNT_IS_FULL¶
- Error field is full. 
- 
ESP_ERR_EFUSE_REPEATED_PROG¶
- Error repeated programming of programmed bits is strictly forbidden. 
- 
ESP_ERR_CODING¶
- Error while a encoding operation. 
- 
ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS¶
- Error not enough unused key blocks available 
- 
ESP_ERR_DAMAGED_READING¶
- Error. Burn or reset was done during a reading operation leads to damage read data. This error is internal to the efuse component and not returned by any public API. 
Enumerations¶
- 
enum esp_efuse_rom_log_scheme_t¶
- Type definition for ROM log scheme. - Values: - 
ESP_EFUSE_ROM_LOG_ALWAYS_ON¶
- Always enable ROM logging 
 - 
ESP_EFUSE_ROM_LOG_ON_GPIO_LOW¶
- ROM logging is enabled when specific GPIO level is low during start up 
 - 
ESP_EFUSE_ROM_LOG_ON_GPIO_HIGH¶
- ROM logging is enabled when specific GPIO level is high during start up 
 - 
ESP_EFUSE_ROM_LOG_ALWAYS_OFF¶
- Disable ROM logging permanently 
 
-