eFuse 管理器

[English]

简介

eFuse 是一种微型的一次性可编程保险丝,可以通过“烧录”(即编程)将数据存储到 ESP32-C61 中。eFuse 位组成不同的数据字段,用于系统参数(即 ESP32-C61 的 ESP-IDF 使用的数据参数)或用户自定义参数。

eFuse 管理器组件中集合了多种工具和 API,可帮助定义、烧录和访问 eFuse 参数。常用的工具和 API 包括:

  • 表格格式,用于在 CSV 文件中定义 eFuse 数据字段

  • efuse_table_gen.py 工具,用于生成 CSV 文件指定的 eFuse 数据字段对应的 C 结构体

  • 用于读/写 eFuse 数据字段的 C API 集合

eFuse Manager 与 idf.py

idf.py 通过 idf.py efuse-<subcommand> 命令为 eFuse 管理器提供了部分功能。本文档主要使用基于 idf.py 的命令,只有在涉及高级功能或罕见情况时,会使用基于 espefuse.py 的命令。要查看所有可用的命令,请运行 idf.py --help 并搜索以 efuse- 为前缀的命令。

硬件描述

ESP32-C61 有多个 eFuse,可用于存储系统参数和用户参数。每个 eFuse 都是一个一位字段,可以烧写为 1,之后就不能再恢复为 0。eFuse 位被分成了多个 256 位的块,每个块又被分成 8 个 32 位寄存器。部分块保留用于系统参数,其它块可用于用户参数。

如需了解更多内容,请参阅 ESP32-C61 技术参考手册 > eFuse 控制器 (eFuse) [PDF]。

ESP32-C61 有 11 个 eFuse 块,每个块的大小为 256 位(并非所有位都可用于用户参数):

  • EFUSE_BLK0 完全用于系统参数;

  • EFUSE_BLK1 完全用于系统参数;

  • EFUSE_BLK2 完全用于系统参数;

  • EFUSE_BLK3(也称为 EFUSE_BLK_USER_DATA)可用于用户参数;

  • EFUSE_BLK4 至 EFUSE_BLK8(即 EFUSE_BLK_KEY0 至 EFUSE_BLK_KEY4)可以存储安全启动或 flash 加密的密钥。不使用这两个功能时,可以用于用户参数。

  • EFUSE_BLK9(即 EFUSE_BLK_KEY5)可用于存储安全启动或 flash 加密的密钥。不使用这两个功能时,可用于用户参数。

  • EFUSE_BLK10(即 EFUSE_BLK_SYS_DATA_PART2)保留用于系统参数。

定义 eFuse 字段

eFuse 字段通过 CSV 文件中特定格式的表格进行定义。通过这种格式,可定义任意长度和任意位数的 eFuse 字段。

另外,通过这种格式,可以结构化地定义由子字段组成的 eFuse 字段,这意味着一个父 eFuse 字段可能由占用相同 eFuse 位的多个子 eFuse 字段组成。

定义格式

一般情况下,每个记录在定义表格中占据一行,每行包含以下值(也就是列):

# field_name, efuse_block(EFUSE_BLK0..EFUSE_BLK10), bit_start(0..255), bit_count(1..256), comment
  • field_name

    • eFuse 字段的名称。

    • 字段名称前会自动添加 ESP_EFUSE_ 前缀,在 C 代码中,可通过此名称来访问 eFuse 字段。

    • 对于每个 eFuse 字段,field_name 必须唯一。

    • 如果此值为空,说明该行与前一行合并。这样就可以定义任意位排序的 eFuse 字段(例如通用表中的 MAC_FACTORY 字段)。

    • 使用 . 来定义一个子 eFuse 字段。详情请参考 结构化 eFuse 字段

  • efuse_block

    • eFuse 字段的块号。例如 EFUSE_BLK0 到 EFUSE_BLK10。

    • 这一字段决定了 eFuse 字段在哪个块中。

  • bit_start

    • eFuse 字段在块内的位置偏移(0 至 255 位)。

    • bit_start 是可选项,可省略。

      • 当省略时,如果上一条记录位于同一个 eFuse 块中,bit_start 会被设置为上一条记录的 bit_start + bit_count

      • 如果上一条记录位于不同的 eFuse 块中,则会报错。

  • bit_count

    • eFuse 字段的大小,以位为单位(1 至 N)。

    • bit_count 不能省略

    • 如将其设置为 MAX_BLK_LEN,则此 eFuse 字段为块中允许的最大 eFuse 字段大小。

  • comment

    • 描述 eFuse 字段的注释。

    • 此注释会逐字复制到 C 头文件中。

如果一个 eFuse 字段需要非顺序位序,那么该 eFuse 字段将占用多行。应在第一行的 field_name 处定该 eFuse 字段的名称,并且将其他行的 field_name 留空。这样就表明这些行属于同一个 eFuse 字段。

以下示例中定义了两个 eFuse 字段。首先定义非连续的 eFuse 字段 MAC_FACTORY,然后定义了常规 eFuse 字段 MAC_FACTORY_CRC

# Factory MAC address #
#######################
MAC_FACTORY,            EFUSE_BLK0,    72,    8,    Factory MAC addr [0]
,                       EFUSE_BLK0,    64,    8,    Factory MAC addr [1]
,                       EFUSE_BLK0,    56,    8,    Factory MAC addr [2]
,                       EFUSE_BLK0,    48,    8,    Factory MAC addr [3]
,                       EFUSE_BLK0,    40,    8,    Factory MAC addr [4]
,                       EFUSE_BLK0,    32,    8,    Factory MAC addr [5]
MAC_FACTORY_CRC,        EFUSE_BLK0,    80,    8,    CRC8 for factory MAC address

在 C 代码中,可以通过 ESP_EFUSE_MAC_FACTORYESP_EFUSE_MAC_FACTORY_CRC 使用这两个字段。

结构化 eFuse 字段

通常情况下,一个 eFuse 字段代表一个特定的参数。不过,在某些情况下,一个 eFuse 字段可能由多个子字段组成,因此有必要隔离访问这些子字段。例如,如果一个 eFuse 字段包含一个浮点参数,则可以将浮点的符号、指数和尾数字段作为单独的 eFuse 字段进行访问。

因此,可以在 field_name 中使用 . 操作符,以结构化的方式定义 eFuse 字段。例如,XX.YY.ZZ 定义了一个 eFuse 字段 ZZ,它是 eFuse 字段 YY 的子字段,而 YY 又是 eFuse 字段 XX 的子字段。

以下示例展示了如何以定义结构化 eFuse 字段:

WR_DIS,                           EFUSE_BLK0,   0,    32,     Write protection
WR_DIS.RD_DIS,                    EFUSE_BLK0,   0,    1,      Write protection for RD_DIS
WR_DIS.FIELD_1,                   EFUSE_BLK0,   1,    1,      Write protection for FIELD_1
WR_DIS.FIELD_2,                   EFUSE_BLK0,   2,    4,      Write protection for FIELD_2 (includes B1 and B2)
WR_DIS.FIELD_2.B1,                EFUSE_BLK0,   2,    2,      Write protection for FIELD_2.B1
WR_DIS.FIELD_2.B2,                EFUSE_BLK0,   4,    2,      Write protection for FIELD_2.B2
WR_DIS.FIELD_3,                   EFUSE_BLK0,   5,    1,      Write protection for FIELD_3
WR_DIS.FIELD_3.ALIAS,             EFUSE_BLK0,   5,    1,      Write protection for FIELD_3 (just a alias for WR_DIS.FIELD_3)
WR_DIS.FIELD_4,                   EFUSE_BLK0,   7,    1,      Write protection for FIELD_4

在上例中可以看出:

  • WR_DIS 为父 eFuse 字段。其他所有行的 field_name 都具有 WR_DIS. 前缀,因此都是 WR_DIS 的子字段。

  • 子字段必须与父字段使用相同的位。注意子字段和父字段的 bit_startbit_count

    • 子字段的位总是在其父字段范围内。例如,WR_DIS.RD_DISWR_DIS.RD_DIS 占用了 WR_DIS 的第一位和第二位。

    • 子字段使用的位不能重叠(子字段有别名时除外)。

  • 可以将别名创建为子字段。例如,WR_DIS.FIELD_3.ALIAS 既是 WR_DIS.FIELD_3 的子字段,又是别名,因为它们占用的位相同。

所有 eFuse 字段最终都会通过 efuse_table_gen.py 工具转换为 C 结构体。每个 C 结构体从 eFuse 字段的 field_name 中衍生出标识符,并用 _ 替换所有的 . 符号。以 WR_DIS.RD_DISWR_DIS.FIELD_2.B1 为例,这两个 eFuse 字段用 C 语言分别表示为 ESP_EFUSE_WR_DIS_RD_DISESP_EFUSE_WR_DIS_FIELD_2_B1

efuse_table_gen.py 工具还会检查字段是否相互重叠并在字段范围内。如有违反,会生成以下错误:

Field at USER_DATA, EFUSE_BLK3, 0, 256 intersected with SERIAL_NUMBER, EFUSE_BLK3, 0, 32

要解决此问题,可使用 USER_DATA.SERIAL_NUMBER,让 SERIAL_NUMBER 成为 USER_DATA 的子字段。

Field at FIELD, EFUSE_BLK3, 0, 50 out of range  FIELD.MAJOR_NUMBER, EFUSE_BLK3, 60, 32

要解决此问题,可将 FIELD.MAJOR_NUMBERbit_start60 改为 0,使 MAJOR_NUMBERFIELD 重叠。

efuse_table_gen.py 工具

efuse_table_gen.py 工具能够从 CSV 文件生成 C 源文件,其中包含 CSV 文件中定义的 eFuse 字段的对应 C 结构体(类型为 esp_efuse_desc_t)。此外,该工具还会在生成 C 源文件前对 CSV 文件进行检查,以确保:

  • eFuse 字段的名称唯一

  • eFuse 字段使用的位不重叠

如前所述,eFuse 字段可用于存储系统参数或用户参数。由于系统参数 eFuse 字段是 ESP-IDF 和 ESP32-C61 的内在要求,这些 eFuse 字段被定义在 通用 CSV 文件中,即 esp_efuse_table.csv 中,是 ESP-IDF 的一部分。对于用户参数 eFuse 字段,用户应在 自定义 CSV 文件(如 esp_efuse_custom_table.csv)中进行定义。

要从 通用 CSV 文件生成 C 源文件,运行 idf.py efuse-common-table 或以下命令:

cd $IDF_PATH/components/efuse/
./efuse_table_gen.py --idf_target esp32c61 esp32c61/esp_efuse_table.csv

然后,就会在路径 $IDF_PATH/components/efuse/esp32c61 中生成以下 C 源文件/头文件:

  • esp_efuse_table.c 文件,包含系统参数 eFuse 字段的 C 结构体。

  • esp_efuse_table.h 文件,位于 include 文件夹。应用程序可包含该头文件,以使用上述 C 结构体。

要使用 自定义 CSV 文件生成 C 源文件,请运行 idf.py efuse-custom-table 或以下命令:

cd $IDF_PATH/components/efuse/
./efuse_table_gen.py --idf_target esp32c61 esp32c61/esp_efuse_table.csv PROJECT_PATH/main/esp_efuse_custom_table.csv

然后在 PROJECT_PATH/main 路径下生成 C 源/头文件:

  • esp_efuse_custom_table.c 文件,包含用户参数 eFuse 字段的 C 结构体。

  • esp_efuse_custom_table.h 文件,位于 include 文件夹。应用程序可包含该头文件,以使用上述 C 结构体。

要使用生成的字段,需添加以下头文件:

#include "esp_efuse.h"
#include "esp_efuse_table.h" // 或 "esp_efuse_custom_table.h"

支持的编码方式

eFuse 支持各种编码方式,能够检测或纠正错误,保护 eFuse 数据不受损坏。

ESP32-C61 不支持选择编码方式,会自动将以下编码方案应用于各 eFuse 块:

  • 非编码 方式,应用于 EFUSE_BLK0。

  • RS 编码 方式。应用于 EFUSE_BLK1 - EFUSE_BLK10。

非编码 方式

非编码 方式会自动应用于 EFUSE_BLK0。此方式不涉及任何编码,只是在硬件中维护 EFUSE_BLK0 的四个备份,因此,每个位实际存储四次,EFUSE_BLK0 也可以多次写入。

该方案由硬件自动应用,软件中不可见。

RS 编码 方式

  • RS 编码 方式,即 Reed-Solomon 编码方式,会自动应用于 EFUSE_BLK1 至 EFUSE_BLK10。该编码方式支持至多 6 个字节的自动纠错。

软件使用 RS(44, 32) 对 32 字节的 EFUSE_BLKx 进行编码,生成一个 12 字节的校验码,然后将 EFUSE_BLKx 和校验码同时烧录到 eFuse 中。

在回读 eFuse 块时,eFuse 控制器会对 RS 编码 进行自动解码和纠错。因为 RS 校验码是根据整个 256 位 eFuse 块生成的,所以每个块只能写入一次,且必须采用批量写入模式。

批量写入模式

如需在运行时写入 eFuse 字段,可能要采用批量写入模式,具体取决于 eFuse 块使用的编码方案。批量写入模式的使用步骤如下:

  1. 调用 esp_efuse_batch_write_begin() 启用批量写入模式。

  2. 使用各 esp_efuse_write_... 函数,按照常规方法写入 eFuse 字段。

  3. 完成所有写入后,调用 esp_efuse_batch_write_commit() 将准备好的数据烧录到 eFuse 块中。

警告

如果 eFuse 块中已经存在通过 Reed-Solomon 编码方案预先写入的数据,则无法在不破坏先前数据校验和/校验符号的情况下,写入额外的内容(即使需要写入的位为空)。

先前的校验和/校验符号会被新的校验和/校验符号覆盖,并完全销毁。(但不会损坏有效负载 eFuse)。

如发现在 CUSTOM_MAC、SPI_PAD_CONFIG_HD、SPI_PAD_CONFIG_CS 等块中存在预写入数据,请联系乐鑫获取所需的预烧录 eFuse。

仅供测试(不推荐):可以忽略或抑制违反编码方式数据的错误,从而在 eFuse 块中烧录必要的位。

eFuse API

可以通过指向描述结构的指针来访问 eFuse 字段。API 函数可以实现一些基本操作:

经常使用的字段有专门的函数可供使用,例如 esp_efuse_get_pkg_ver()

eFuse 密钥 API

EFUSE_BLK_KEY0 - EFUSE_BLK_KEY5 可以保存 6 个长度为 256 位的密钥。每个密钥都有一个 ESP_EFUSE_KEY_PURPOSE_x 字段说明密钥用途。用途字段描述见 esp_efuse_purpose_t

类似 ESP_EFUSE_KEY_PURPOSE_XTS_AES_... 的用途用于 flash 加密。

类似 ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST... 的用途用于安全启动。

一些 eFuse API 可用于处理密钥状态:

如何添加新字段

  1. 为新字段查找空闲位。运行 idf.py show-efuse-table 查看 esp_efuse_table.csv 文件,或运行以下命令:

$ ./efuse_table_gen.py -t IDF_TARGET_PATH_NAME esp32c61/esp_efuse_table.csv --info

Max number of bits in BLK 256
Parsing efuse CSV input file esp32c61/esp_efuse_table.csv ...
Verifying efuse table...
Sorted efuse table:
#       field_name                              efuse_block     bit_start       bit_count
1       WR_DIS                                  EFUSE_BLK0         0               32
2       WR_DIS.RD_DIS                           EFUSE_BLK0         0               1
3       WR_DIS.DIS_ICACHE                       EFUSE_BLK0         2               1
4       WR_DIS.DIS_USB_JTAG                     EFUSE_BLK0         2               1
5       WR_DIS.DIS_FORCE_DOWNLOAD               EFUSE_BLK0         2               1
6       WR_DIS.JTAG_SEL_ENABLE                  EFUSE_BLK0         2               1
7       WR_DIS.DIS_PAD_JTAG                     EFUSE_BLK0         2               1
8       WR_DIS.DIS_DOWNLOAD_MANUAL_ENCRYPT      EFUSE_BLK0         2               1
9       WR_DIS.WDT_DELAY_SEL                    EFUSE_BLK0         3               1
10      WR_DIS.SPI_BOOT_CRYPT_CNT               EFUSE_BLK0         4               1
11      WR_DIS.SECURE_BOOT_KEY_REVOKE0          EFUSE_BLK0         5               1
12      WR_DIS.SECURE_BOOT_KEY_REVOKE1          EFUSE_BLK0         6               1
13      WR_DIS.SECURE_BOOT_KEY_REVOKE2          EFUSE_BLK0         7               1
14      WR_DIS.KEY_PURPOSE_0                    EFUSE_BLK0         8               1
15      WR_DIS.KEY_PURPOSE_1                    EFUSE_BLK0         9               1
16      WR_DIS.KEY_PURPOSE_2                    EFUSE_BLK0         10              1
17      WR_DIS.KEY_PURPOSE_3                    EFUSE_BLK0         11              1
18      WR_DIS.KEY_PURPOSE_4                    EFUSE_BLK0         12              1
19      WR_DIS.KEY_PURPOSE_5                    EFUSE_BLK0         13              1
20      WR_DIS.SEC_DPA_LEVEL                    EFUSE_BLK0         14              1
21      WR_DIS.SECURE_BOOT_EN                   EFUSE_BLK0         15              1
22      WR_DIS.SECURE_BOOT_AGGRESSIVE_REVOKE    EFUSE_BLK0         16              1
23      WR_DIS.SPI_DOWNLOAD_MSPI_DIS            EFUSE_BLK0         17              1
24      WR_DIS.FLASH_TPUW                       EFUSE_BLK0         18              1
25      WR_DIS.DIS_DOWNLOAD_MODE                EFUSE_BLK0         18              1
26      WR_DIS.DIS_DIRECT_BOOT                  EFUSE_BLK0         18              1
27      WR_DIS.DIS_USB_SERIAL_JTAG_ROM_PRINT    EFUSE_BLK0         18              1
28      WR_DIS.DIS_USB_SERIAL_JTAG_DOWNLOAD_MODE EFUSE_BLK0        18              1
29      WR_DIS.ENABLE_SECURITY_DOWNLOAD         EFUSE_BLK0         18              1
30      WR_DIS.UART_PRINT_CONTROL               EFUSE_BLK0         18              1
31      WR_DIS.FORCE_SEND_RESUME                EFUSE_BLK0         18              1
32      WR_DIS.SECURE_VERSION                   EFUSE_BLK0         18              1
33      WR_DIS.SECURE_BOOT_DISABLE_FAST_WAKE    EFUSE_BLK0         19              1
34      WR_DIS.BLK1                             EFUSE_BLK0         20              1
35      WR_DIS.MAC                              EFUSE_BLK0         20              1
36      WR_DIS.SYS_DATA_PART1                   EFUSE_BLK0         21              1
37      WR_DIS.BLOCK_SYS_DATA1                  EFUSE_BLK0         21              1
38      WR_DIS.BLOCK_USR_DATA                   EFUSE_BLK0         22              1
39      WR_DIS.CUSTOM_MAC                       EFUSE_BLK0         22              1
40      WR_DIS.BLOCK_KEY0                       EFUSE_BLK0         23              1
41      WR_DIS.BLOCK_KEY1                       EFUSE_BLK0         24              1
42      WR_DIS.BLOCK_KEY2                       EFUSE_BLK0         25              1
43      WR_DIS.BLOCK_KEY3                       EFUSE_BLK0         26              1
44      WR_DIS.BLOCK_KEY4                       EFUSE_BLK0         27              1
45      WR_DIS.BLOCK_KEY5                       EFUSE_BLK0         28              1
46      WR_DIS.BLOCK_SYS_DATA2                  EFUSE_BLK0         29              1
47      WR_DIS.USB_EXCHG_PINS                   EFUSE_BLK0         30              1
48      WR_DIS.VDD_SPI_AS_GPIO                  EFUSE_BLK0         30              1
49      RD_DIS                                  EFUSE_BLK0         32              7
50      RD_DIS.BLOCK_KEY0                       EFUSE_BLK0         32              1
51      RD_DIS.BLOCK_KEY1                       EFUSE_BLK0         33              1
52      RD_DIS.BLOCK_KEY2                       EFUSE_BLK0         34              1
53      RD_DIS.BLOCK_KEY3                       EFUSE_BLK0         35              1
54      RD_DIS.BLOCK_KEY4                       EFUSE_BLK0         36              1
55      RD_DIS.BLOCK_KEY5                       EFUSE_BLK0         37              1
56      RD_DIS.BLOCK_SYS_DATA2                  EFUSE_BLK0         38              1
57      DIS_ICACHE                              EFUSE_BLK0         39              1
58      DIS_USB_JTAG                            EFUSE_BLK0         40              1
59      DIS_FORCE_DOWNLOAD                      EFUSE_BLK0         42              1
60      SPI_DOWNLOAD_MSPI_DIS                   EFUSE_BLK0         43              1
61      JTAG_SEL_ENABLE                         EFUSE_BLK0         44              1
62      DIS_PAD_JTAG                            EFUSE_BLK0         45              1
63      DIS_DOWNLOAD_MANUAL_ENCRYPT             EFUSE_BLK0         46              1
64      USB_EXCHG_PINS                          EFUSE_BLK0         51              1
65      VDD_SPI_AS_GPIO                         EFUSE_BLK0         52              1
66      WDT_DELAY_SEL                           EFUSE_BLK0         53              2
67      SPI_BOOT_CRYPT_CNT                      EFUSE_BLK0         55              3
68      SECURE_BOOT_KEY_REVOKE0                 EFUSE_BLK0         58              1
69      SECURE_BOOT_KEY_REVOKE1                 EFUSE_BLK0         59              1
70      SECURE_BOOT_KEY_REVOKE2                 EFUSE_BLK0         60              1
71      KEY_PURPOSE_0                           EFUSE_BLK0         64              4
72      KEY_PURPOSE_1                           EFUSE_BLK0         68              4
73      KEY_PURPOSE_2                           EFUSE_BLK0         72              4
74      KEY_PURPOSE_3                           EFUSE_BLK0         76              4
75      KEY_PURPOSE_4                           EFUSE_BLK0         80              4
76      KEY_PURPOSE_5                           EFUSE_BLK0         84              4
77      SEC_DPA_LEVEL                           EFUSE_BLK0         88              2
78      SECURE_BOOT_EN                          EFUSE_BLK0         90              1
79      SECURE_BOOT_AGGRESSIVE_REVOKE           EFUSE_BLK0         91              1
80      FLASH_TPUW                              EFUSE_BLK0         92              4
81      DIS_DOWNLOAD_MODE                       EFUSE_BLK0         96              1
82      DIS_DIRECT_BOOT                         EFUSE_BLK0         97              1
83      DIS_USB_SERIAL_JTAG_ROM_PRINT           EFUSE_BLK0         98              1
84      DIS_USB_SERIAL_JTAG_DOWNLOAD_MODE       EFUSE_BLK0         99              1
85      ENABLE_SECURITY_DOWNLOAD                EFUSE_BLK0        100              1
86      UART_PRINT_CONTROL                      EFUSE_BLK0        101              2
87      FORCE_SEND_RESUME                       EFUSE_BLK0        103              1
88      SECURE_VERSION                          EFUSE_BLK0        104              16
89      SECURE_BOOT_DISABLE_FAST_WAKE           EFUSE_BLK0        120              1
90      HYS_EN_PAD                              EFUSE_BLK0        121              1
91      XTS_DPA_CLK_ENABLE                      EFUSE_BLK0        122              1
92      XTS_DPA_PSEUDO_LEVEL                    EFUSE_BLK0        123              2
93      DIS_WIFI6                               EFUSE_BLK0        125              1
94      ECDSA_DISABLE_P192                      EFUSE_BLK0        126              1
95      ECC_FORCE_CONST_TIME                    EFUSE_BLK0        127              1
96      MAC                                     EFUSE_BLK1         0               8
97      MAC                                     EFUSE_BLK1         8               8
98      MAC                                     EFUSE_BLK1         16              8
99      MAC                                     EFUSE_BLK1         24              8
100     MAC                                     EFUSE_BLK1         32              8
101     MAC                                     EFUSE_BLK1         40              8
102     SYS_DATA_PART2                          EFUSE_BLK10        0              256
103     BLOCK_SYS_DATA1                         EFUSE_BLK2         0              256
104     USER_DATA                               EFUSE_BLK3         0              256
105     USER_DATA.MAC_CUSTOM                    EFUSE_BLK3        200              48
106     KEY0                                    EFUSE_BLK4         0              256
107     KEY1                                    EFUSE_BLK5         0              256
108     KEY2                                    EFUSE_BLK6         0              256
109     KEY3                                    EFUSE_BLK7         0              256
110     KEY4                                    EFUSE_BLK8         0              256
111     KEY5                                    EFUSE_BLK9         0              256

Used bits in efuse table:
EFUSE_BLK0
[0 31] [0 0] [2 2] ... [20 21] [21 22] [22 30] [30 30] [32 38] [32 40] [42 46] [51 60] [64 127]
EFUSE_BLK1
[0 47]
EFUSE_BLK10
[0 255]
EFUSE_BLK2
[0 255]
EFUSE_BLK3
[0 255] [200 247]
EFUSE_BLK4
[0 255]
EFUSE_BLK5
[0 255]
EFUSE_BLK6
[0 255]
EFUSE_BLK7
[0 255]
EFUSE_BLK8
[0 255]
EFUSE_BLK9
[0 255]
Note: Not printed ranges are free for using. (bits in EFUSE_BLK0 are reserved for Espressif)

不包含在方括号中的位是空闲的(一些位是乐鑫的保留位)。已检查所有字段的位重叠情况。

要在现有字段中添加子字段,请参考 结构化 eFuse 字段。例如,可使用 . 操作符将字段 SERIAL_NUMBERMODEL_NUMBERHARDWARE_REV 添加到现有的 USER_DATA 字段中,如下所示:

USER_DATA.SERIAL_NUMBER,                  EFUSE_BLK3,    0,  32,
USER_DATA.MODEL_NUMBER,                   EFUSE_BLK3,    32, 10,
USER_DATA.HARDWARE_REV,                   EFUSE_BLK3,    42, 10,

通常按照如下步骤添加新的 eFuse 字段:

  1. 在 CSV 文件中为每个 eFuse 字段添加一行记录。

  2. 运行 show_efuse_table 命令检查 eFuse 表。

  3. 如要生成源文件,运行 efuse_common_tableefuse_custom_table 命令。

如果遇到 intersects without of range 等错误,请参阅 结构化 eFuse 字段 中的解决办法。

位序

eFuse 位序采取小字节序(参见下方示例),这说明 eFuse 位按照从 LSB 到 MSB 的顺序进行读写:

$ idf.py efuse-dump

USER_DATA      (BLOCK3          ) [3 ] read_regs: 03020100 07060504 0B0A0908 0F0E0D0C 13121111 17161514 1B1A1918 1F1E1D1C
BLOCK4         (BLOCK4          ) [4 ] read_regs: 03020100 07060504 0B0A0908 0F0E0D0C 13121111 17161514 1B1A1918 1F1E1D1C

where is the register representation:

EFUSE_RD_USR_DATA0_REG = 0x03020100
EFUSE_RD_USR_DATA1_REG = 0x07060504
EFUSE_RD_USR_DATA2_REG = 0x0B0A0908
EFUSE_RD_USR_DATA3_REG = 0x0F0E0D0C
EFUSE_RD_USR_DATA4_REG = 0x13121111
EFUSE_RD_USR_DATA5_REG = 0x17161514
EFUSE_RD_USR_DATA6_REG = 0x1B1A1918
EFUSE_RD_USR_DATA7_REG = 0x1F1E1D1C

where is the byte representation:

byte[0] = 0x00, byte[1] = 0x01, ... byte[3] = 0x03, byte[4] = 0x04, ..., byte[31] = 0x1F

例如,CSV 文件描述了 USER_DATA 字段,该字段占用 256 位,即一个完整的块。

USER_DATA,          EFUSE_BLK3,    0,  256,     User data
USER_DATA.FIELD1,   EFUSE_BLK3,    16,  16,     Field1

ID,                 EFUSE_BLK4,    8,  3,      ID bit[0..2]
,                   EFUSE_BLK4,    16, 2,      ID bit[3..4]
,                   EFUSE_BLK4,    32, 3,      ID bit[5..7]

因此,读取如上 eFuse USER_DATA 块会得到以下结果:

uint8_t buf[32] = { 0 };
esp_efuse_read_field_blob(ESP_EFUSE_USER_DATA, &buf, sizeof(buf) * 8);
// buf[0] = 0x00, buf[1] = 0x01, ... buf[31] = 0x1F

uint32_t field1 = 0;
size_t field1_size = ESP_EFUSE_USER_DATA[0]->bit_count; // 可以用于这种情况,因为它只包含一个条目
esp_efuse_read_field_blob(ESP_EFUSE_USER_DATA, &field1, field1_size);
// field1 = 0x0302

uint32_t field1_1 = 0;
esp_efuse_read_field_blob(ESP_EFUSE_USER_DATA, &field1_1, 2); // 只读取前两位
// field1 = 0x0002

uint8_t id = 0;
size_t id_size = esp_efuse_get_field_size(ESP_EFUSE_ID); // 返回 6
// size_t id_size = ESP_EFUSE_USER_DATA[0]->bit_count; // 不能用于这种情况,因为其中包含 3 个条目,会返回 3 而不是 6
esp_efuse_read_field_blob(ESP_EFUSE_ID, &id, id_size);
// id = 0x91
// b'100 10  001
//   [3] [2] [3]

uint8_t id_1 = 0;
esp_efuse_read_field_blob(ESP_EFUSE_ID, &id_1, 3);
// id = 0x01
// b'001

在构建阶段获取 eFuse 状态

要在项目的构建阶段获取 eFuse 状态,可以使用以下两个 CMake 函数:

  • espefuse_get_json_summary() - 调用 espefuse.py summary --format json 命令并返回一个 JSON 字符串(该字符串不存储在文件中)。

  • espefuse_get_efuse() - 在此 JSON 字符串中找到给定的 eFuse 名称并返回其属性。

该 JSON 字符串具有以下属性:

{
    "MAC": {
        "bit_len": 48,
        "block": 0,
        "category": "identity",
        "description": "Factory MAC Address",
        "efuse_type": "bytes:6",
        "name": "MAC",
        "pos": 0,
        "readable": true,
        "value": "94:b9:7e:5a:6e:58 (CRC 0xe2 OK)",
        "word": 1,
        "writeable": true
    },
}

可以通过项目顶层目录下的 CMakeLists.txt (system/efuse/CMakeLists.txt) 来使用这些函数:

# ...
project(hello_world)

espefuse_get_json_summary(efuse_json)
espefuse_get_efuse(ret_data ${efuse_json} "MAC" "value")
message("MAC:" ${ret_data})

value 属性的格式与 espefuse.py summaryidf.py efuse-summary 中显示的格式相同。

MAC:94:b9:7e:5a:6e:58 (CRC 0xe2 OK)

在示例测试 system/efuse/CMakeLists.txt 中,添加了一个自定义目标 efuse-filter。这样,不仅在项目构建阶段,而在任何时候都可以运行 idf.py efuse-filter 命令读取所需的 eFuse(在 efuse_names 列表中指定)。

调试 eFuse & 单元测试

虚拟 eFuse

Kconfig 选项 CONFIG_EFUSE_VIRTUAL 在 eFuse 管理器中虚拟了 eFuse 值,因此写入操作是仿真操作,不会永久更改 eFuse 值。这对于应用程序调试和单元测试很有用处。

在启动时,eFuses 被复制到 RAM 中。此时,所有的 eFuse 操作(读和写)都是通过 RAM 执行,而不是通过实际的 eFuse 寄存器执行的。

除了 CONFIG_EFUSE_VIRTUAL 选项外,还有 CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH 选项,该选项可将 eFuse 保留在 flash 内存中。要使用此模式,partition_table 在 partition.csv 中包含名为 efuse 的分区:

efuse_em, data, efuse,   ,   0x2000,

在启动阶段,eFuse 会从 flash 中复制到 RAM 中,在 flash 为空的情况下,则从实际的 eFuse 复制到 RAM 中,然后更新 flash。此选项能够在重启后仍然保留 eFuse,用于测试安全启动和 flash 加密功能。

flash 加密测试

flash 加密是一项硬件功能,需要物理烧录 eFuse keyFLASH_CRYPT_CNT。如果 flash 加密实际未启用,那么启用 CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH 选项只是提供了测试的可能性,而不会加密 flash 中的任何内容,即使日志中显示了加密操作。

为此,可使用 bootloader_flash_write() 函数。但是,如果运行应用程序时芯片已启用 flash 加密,或者以 CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH 选项创建了引导加载程序,则 flash 加密/解密操作会正常进行。这意味着数据写入加密 flash 分区时被加密,从加密分区读取时被解密。

espefuse.py

esptool 中包含一个用于读取/写入 ESP32-C61 eFuse 位的有用工具: espefuse.py

idf.py 命令也可以直接提供上述工具的部分功能。例如,运行 idf.py efuse-summary 命令,效果等同于 espefuse.py summary

espefuse.py --virt -c esp32c61 summary
espefuse.py v4.7.0

=== Run "summary" command ===
EFUSE_NAME (Block) Description  = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Config fuses:
WR_DIS (BLOCK0)                                    Disable programming of individual eFuses           = 0 R/W (0x00000000)
RD_DIS (BLOCK0)                                    Disable reading from BlOCK4-10                     = 0 R/W (0b0000000)
DIS_ICACHE (BLOCK0)                                Represents whether icache is disabled or enabled.\ = False R/W (0b0)
                                                   \ 1: disabled\\ 0: enabled\\
DIS_DIRECT_BOOT (BLOCK0)                           Represents whether direct boot mode is disabled or = False R/W (0b0)
                                                   enabled.\\ 1. Disable\\ 0: Enable\\
UART_PRINT_CONTROL (BLOCK0)                        Represents the types of UART printing              = 0 R/W (0b00)
HYS_EN_PAD (BLOCK0)                                Represents whether the hysteresis function of = False R/W (0b0)
                                                   corresponding PAD is enabled.\\ 1: enabled\\ 0:disable
                                                   d\\
DIS_WIFI6 (BLOCK0)                                 Represents whether the WiFi 6 feature is enable or = False R/W (0b0)
                                                   disable.\\ 1: WiFi 6 is disable\\ 0: WiFi 6 is en
                                                   abled.\\
ECC_FORCE_CONST_TIME (BLOCK0)                      Represents whether to force ecc to use const-time  = False R/W (0b0)
                                                   calculation mode. \\ 1: Enable. \\ 0: Disable
BLOCK_SYS_DATA1 (BLOCK2)                           System data part 1 (reserved)
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_USR_DATA (BLOCK3)                            User data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_SYS_DATA2 (BLOCK10)                          System data part 2 (reserved)
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Flash fuses:
FLASH_TPUW (BLOCK0)                                Represents the flash waiting time after power-up;  = 0 R/W (0x0)
                                                   in unit of ms. When the value less than 15; the wa
                                                   iting time is programmed value. Otherwise; the wai
                                                   ting time is 2 times the programmed value
FORCE_SEND_RESUME (BLOCK0)                         Represents whether ROM code is forced to send a re = False R/W (0b0)
                                                   sume command during SPI boot

Jtag fuses:
JTAG_SEL_ENABLE (BLOCK0)                           Represents whether the selection between usb_to_jt = False R/W (0b0)
                                                   ag and pad_to_jtag through strapping gpio15 when b
                                                   oth EFUSE_DIS_PAD_JTAG and EFUSE_DIS_USB_JTAG are
                                                   equal to 0 is enabled or disabled.\\ 1: enabled\\
                                                   0: disabled\\
DIS_PAD_JTAG (BLOCK0)                              Represents whether JTAG is disabled in the hard wa = False R/W (0b0)
                                                   y(permanently).\\ 1: disabled\\ 0: enabled\\

Mac fuses:
MAC (BLOCK1)                                       MAC address
   = 00:00:00:00:00:00 (OK) R/W
CUSTOM_MAC (BLOCK3)                                Custom MAC
   = 00:00:00:00:00:00 (OK) R/W

Security fuses:
DIS_FORCE_DOWNLOAD (BLOCK0)                        Represents whether the function that forces chip i = False R/W (0b0)
                                                   nto download mode is disabled or enabled.\\ 1: dis
                                                   abled\\ 0: enabled\\
SPI_DOWNLOAD_MSPI_DIS (BLOCK0)                     Represents whether SPI0 controller during boot_mod = False R/W (0b0)
                                                   e_download is disabled or enabled.\\ 1: disabled\\
                                                   0: enabled\\
DIS_DOWNLOAD_MANUAL_ENCRYPT (BLOCK0)               Represents whether flash encrypt function is disab = False R/W (0b0)
                                                   led or enabled(except in SPI boot mode).\\ 1: disa
                                                   bled\\ 0: enabled\\
SPI_BOOT_CRYPT_CNT (BLOCK0)                        Enables flash encryption when 1 or 3 bits are set  = Disable R/W (0b000)
                                                   and disables otherwise
SECURE_BOOT_KEY_REVOKE0 (BLOCK0)                   Revoke 1st secure boot key                         = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE1 (BLOCK0)                   Revoke 2nd secure boot key                         = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE2 (BLOCK0)                   Revoke 3rd secure boot key                         = False R/W (0b0)
KEY_PURPOSE_0 (BLOCK0)                             Represents the purpose of Key0                     = USER R/W (0x0)
KEY_PURPOSE_1 (BLOCK0)                             Represents the purpose of Key1                     = USER R/W (0x0)
KEY_PURPOSE_2 (BLOCK0)                             Represents the purpose of Key2                     = USER R/W (0x0)
KEY_PURPOSE_3 (BLOCK0)                             Represents the purpose of Key3                     = USER R/W (0x0)
KEY_PURPOSE_4 (BLOCK0)                             Represents the purpose of Key4                     = USER R/W (0x0)
KEY_PURPOSE_5 (BLOCK0)                             Represents the purpose of Key5                     = USER R/W (0x0)
SEC_DPA_LEVEL (BLOCK0)                             Represents the spa secure level by configuring the = 0 R/W (0b00)
                                                   clock random divide mode
SECURE_BOOT_EN (BLOCK0)                            Represents whether secure boot is enabled or disab = False R/W (0b0)
                                                   led.\\ 1: enabled\\ 0: disabled\\
SECURE_BOOT_AGGRESSIVE_REVOKE (BLOCK0)             Represents whether revoking aggressive secure boot = False R/W (0b0)
                                                   is enabled or disabled.\\ 1: enabled.\\ 0: disabled\\
DIS_DOWNLOAD_MODE (BLOCK0)                         Represents whether Download mode is disable or ena = False R/W (0b0)
                                                   ble.\\ 1. Disable\\ 0: Enable\\
ENABLE_SECURITY_DOWNLOAD (BLOCK0)                  Represents whether security download is enabled or = False R/W (0b0)
                                                   disabled.\\ 1: Enable\\ 0: Disable\\
SECURE_VERSION (BLOCK0)                            Represents the version used by ESP-IDF anti-rollba = 0 R/W (0x0000)
                                                   ck feature
SECURE_BOOT_DISABLE_FAST_WAKE (BLOCK0)             Represents whether FAST_VERIFY_ON_WAKE is disable  = False R/W (0b0)
                                                   or enable when Secure Boot is enable
XTS_DPA_CLK_ENABLE (BLOCK0)                        Represents whether anti-dpa attack clock function  = False R/W (0b0)
                                                   is enabled.\\ 1. Enable\\ 0: Disable\\
XTS_DPA_PSEUDO_LEVEL (BLOCK0)                      Represents the anti-dpa attack pseudo function lev = 0 R/W (0b00)
                                                   el.\\ 3:High\\ 2: Moderate\\ 1: Low\\ 0: Decided b
                                                   y register configuration\\
ECDSA_DISABLE_P192 (BLOCK0)                        Represents whether to disable P192 curve in ECDSA. = False R/W (0b0)
                                                   \\ 1: Disabled.\\ 0: Not disable
BLOCK_KEY0 (BLOCK4)
Purpose: USER
               Key0 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY1 (BLOCK5)
Purpose: USER
               Key1 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY2 (BLOCK6)
Purpose: USER
               Key2 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY3 (BLOCK7)
Purpose: USER
               Key3 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY4 (BLOCK8)
Purpose: USER
               Key4 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY5 (BLOCK9)
Purpose: USER
               Key5 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Usb fuses:
DIS_USB_JTAG (BLOCK0)                              Represents whether the function of usb switch to j = False R/W (0b0)
                                                   tag is disabled or enabled.\\ 1: disabled\\ 0: ena
                                                   bled\\
USB_EXCHG_PINS (BLOCK0)                            Represents whether the D+ and D- pins is exchanged = False R/W (0b0)
                                                   .\\ 1: exchanged\\ 0: not exchanged\\
DIS_USB_SERIAL_JTAG_ROM_PRINT (BLOCK0)             Represents whether print from USB-Serial-JTAG is d = False R/W (0b0)
                                                   isabled or enabled.\\ 1. Disable\\ 0: Enable\\
DIS_USB_SERIAL_JTAG_DOWNLOAD_MODE (BLOCK0)         Represents whether the USB-Serial-JTAG download fu = False R/W (0b0)
                                                   nction is disabled or enabled.\\ 1: Disable\\ 0: E
                                                   nable\\

Vdd fuses:
VDD_SPI_AS_GPIO (BLOCK0)                           Represents whether vdd spi pin is functioned as gp = False R/W (0b0)
                                                   io.\\ 1: functioned\\ 0: not functioned\\

Wdt fuses:
WDT_DELAY_SEL (BLOCK0)                             Represents the threshold level of the RTC watchdog = 0 R/W (0b00)
                                                   STG0 timeout.\\ 0: Original threshold configurati
                                                   on value of STG0 *2 \\1: Original threshold config
                                                   uration value of STG0 *4 \\2: Original threshold c
                                                   onfiguration value of STG0 *8 \\3: Original thresh
                                                   old configuration value of STG0 *16 \\

获取所有 eFuse 寄存器的转储数据。

espefuse.py --virt -c esp32c61 dump

espefuse.py v4.7.0
BLOCK0          (                ) [0 ] dump: 00000000 00000000 00000000 00000000 00000000 00000000
MAC_SPI_8M_0    (BLOCK1          ) [1 ] dump: 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_SYS_DATA  (BLOCK2          ) [2 ] dump: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_USR_DATA  (BLOCK3          ) [3 ] dump: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_KEY0      (BLOCK4          ) [4 ] dump: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_KEY1      (BLOCK5          ) [5 ] dump: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_KEY2      (BLOCK6          ) [6 ] dump: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_KEY3      (BLOCK7          ) [7 ] dump: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_KEY4      (BLOCK8          ) [8 ] dump: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_KEY5      (BLOCK9          ) [9 ] dump: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_SYS_DATA2 (BLOCK10         ) [10] dump: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

=== Run "dump" command ===

应用示例

  • system/efuse 演示了如何在 ESP32-C61 上使用 eFuse API,展示了从通用和自定义 eFuse 表中读取和写入字段的操作,并解释了虚拟 eFuse 在调试中的用途。

API 参考

Header File

  • components/efuse/esp32c61/include/esp_efuse_chip.h

  • This header file can be included with:

    #include "esp_efuse_chip.h"
    
  • This header file is a part of the API provided by the efuse component. To declare that your component depends on efuse, add the following to your CMakeLists.txt:

    REQUIRES efuse
    

    or

    PRIV_REQUIRES efuse
    

Enumerations

enum esp_efuse_block_t

Type of eFuse blocks ESP32C61.

Values:

enumerator EFUSE_BLK0

Number of eFuse BLOCK0. REPEAT_DATA

enumerator EFUSE_BLK1

Number of eFuse BLOCK1. MAC_SPI_8M_SYS

enumerator EFUSE_BLK2

Number of eFuse BLOCK2. SYS_DATA_PART1

enumerator EFUSE_BLK_SYS_DATA_PART1

Number of eFuse BLOCK2. SYS_DATA_PART1

enumerator EFUSE_BLK3

Number of eFuse BLOCK3. USER_DATA

enumerator EFUSE_BLK_USER_DATA

Number of eFuse BLOCK3. USER_DATA

enumerator EFUSE_BLK4

Number of eFuse BLOCK4. KEY0

enumerator EFUSE_BLK_KEY0

Number of eFuse BLOCK4. KEY0

enumerator EFUSE_BLK5

Number of eFuse BLOCK5. KEY1

enumerator EFUSE_BLK_KEY1

Number of eFuse BLOCK5. KEY1

enumerator EFUSE_BLK6

Number of eFuse BLOCK6. KEY2

enumerator EFUSE_BLK_KEY2

Number of eFuse BLOCK6. KEY2

enumerator EFUSE_BLK7

Number of eFuse BLOCK7. KEY3

enumerator EFUSE_BLK_KEY3

Number of eFuse BLOCK7. KEY3

enumerator EFUSE_BLK8

Number of eFuse BLOCK8. KEY4

enumerator EFUSE_BLK_KEY4

Number of eFuse BLOCK8. KEY4

enumerator EFUSE_BLK9

Number of eFuse BLOCK9. KEY5

enumerator EFUSE_BLK_KEY5

Number of eFuse BLOCK9. KEY5

enumerator EFUSE_BLK_KEY_MAX
enumerator EFUSE_BLK10

Number of eFuse BLOCK10. SYS_DATA_PART2

enumerator EFUSE_BLK_SYS_DATA_PART2

Number of eFuse BLOCK10. SYS_DATA_PART2

enumerator EFUSE_BLK_MAX
enum esp_efuse_coding_scheme_t

Type of coding scheme.

Values:

enumerator EFUSE_CODING_SCHEME_NONE

None

enumerator EFUSE_CODING_SCHEME_RS

Reed-Solomon coding

enum esp_efuse_purpose_t

Type of key purpose.

Values:

enumerator ESP_EFUSE_KEY_PURPOSE_USER

User purposes (software-only use)

enumerator ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY

ECDSA private key (Expected in little endian order)

enumerator ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY

XTS_AES_128_KEY (flash/PSRAM encryption)

enumerator ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL

HMAC Downstream mode

enumerator ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG

JTAG soft enable key (uses HMAC Downstream mode)

enumerator ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE

Digital Signature peripheral key (uses HMAC Downstream mode)

enumerator ESP_EFUSE_KEY_PURPOSE_HMAC_UP

HMAC Upstream mode

enumerator ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST0

SECURE_BOOT_DIGEST0 (Secure Boot key digest)

enumerator ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST1

SECURE_BOOT_DIGEST1 (Secure Boot key digest)

enumerator ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST2

SECURE_BOOT_DIGEST2 (Secure Boot key digest)

enumerator ESP_EFUSE_KEY_PURPOSE_MAX

MAX PURPOSE

Header File

  • components/efuse/include/esp_efuse.h

  • This header file can be included with:

    #include "esp_efuse.h"
    
  • This header file is a part of the API provided by the efuse component. To declare that your component depends on efuse, add the following to your CMakeLists.txt:

    REQUIRES efuse
    

    or

    PRIV_REQUIRES efuse
    

Functions

esp_err_t esp_efuse_read_field_blob(const esp_efuse_desc_t *field[], void *dst, size_t dst_size_bits)

Reads bits from EFUSE field and writes it into an array.

The number of read bits will be limited to the minimum value from the description of the bits in "field" structure or "dst_size_bits" required size. Use "esp_efuse_get_field_size()" function to determine the length of the field.

备注

Please note that reading in the batch mode does not show uncommitted changes.

参数
  • field -- [in] A pointer to the structure describing the fields of efuse.

  • dst -- [out] A pointer to array that will contain the result of reading.

  • dst_size_bits -- [in] The number of bits required to read. If the requested number of bits is greater than the field, the number will be limited to the field size.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

bool esp_efuse_read_field_bit(const esp_efuse_desc_t *field[])

Read a single bit eFuse field as a boolean value.

备注

The value must exist and must be a single bit wide. If there is any possibility of an error in the provided arguments, call esp_efuse_read_field_blob() and check the returned value instead.

备注

If assertions are enabled and the parameter is invalid, execution will abort

备注

Please note that reading in the batch mode does not show uncommitted changes.

参数

field -- [in] A pointer to the structure describing the fields of efuse.

返回

  • true: The field parameter is valid and the bit is set.

  • false: The bit is not set, or the parameter is invalid and assertions are disabled.

esp_err_t esp_efuse_read_field_cnt(const esp_efuse_desc_t *field[], size_t *out_cnt)

Reads bits from EFUSE field and returns number of bits programmed as "1".

If the bits are set not sequentially, they will still be counted.

备注

Please note that reading in the batch mode does not show uncommitted changes.

参数
  • field -- [in] A pointer to the structure describing the fields of efuse.

  • out_cnt -- [out] A pointer that will contain the number of programmed as "1" bits.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

esp_err_t esp_efuse_write_field_blob(const esp_efuse_desc_t *field[], const void *src, size_t src_size_bits)

Writes array to EFUSE field.

The number of write bits will be limited to the minimum value from the description of the bits in "field" structure or "src_size_bits" required size. Use "esp_efuse_get_field_size()" function to determine the length of the field. After the function is completed, the writing registers are cleared.

参数
  • field -- [in] A pointer to the structure describing the fields of efuse.

  • src -- [in] A pointer to array that contains the data for writing.

  • src_size_bits -- [in] The number of bits required to write.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_err_t esp_efuse_write_field_cnt(const esp_efuse_desc_t *field[], size_t cnt)

Writes a required count of bits as "1" to EFUSE field.

If there are no free bits in the field to set the required number of bits to "1", ESP_ERR_EFUSE_CNT_IS_FULL error is returned, the field will not be partially recorded. After the function is completed, the writing registers are cleared.

参数
  • field -- [in] A pointer to the structure describing the fields of efuse.

  • cnt -- [in] Required number of programmed as "1" bits.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_CNT_IS_FULL: Not all requested cnt bits is set.

esp_err_t esp_efuse_write_field_bit(const esp_efuse_desc_t *field[])

Write a single bit eFuse field to 1.

For use with eFuse fields that are a single bit. This function will write the bit to value 1 if it is not already set, or does nothing if the bit is already set.

This is equivalent to calling esp_efuse_write_field_cnt() with the cnt parameter equal to 1, except that it will return ESP_OK if the field is already set to 1.

参数

field -- [in] Pointer to the structure describing the efuse field.

返回

  • ESP_OK: The operation was successfully completed, or the bit was already set to value 1.

  • ESP_ERR_INVALID_ARG: Error in the passed arugments, including if the efuse field is not 1 bit wide.

esp_err_t esp_efuse_set_write_protect(esp_efuse_block_t blk)

Sets a write protection for the whole block.

After that, it is impossible to write to this block. The write protection does not apply to block 0.

参数

blk -- [in] Block number of eFuse. (EFUSE_BLK1, EFUSE_BLK2 and EFUSE_BLK3)

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_CNT_IS_FULL: Not all requested cnt bits is set.

  • ESP_ERR_NOT_SUPPORTED: The block does not support this command.

esp_err_t esp_efuse_set_read_protect(esp_efuse_block_t blk)

Sets a read protection for the whole block.

After that, it is impossible to read from this block. The read protection does not apply to block 0.

参数

blk -- [in] Block number of eFuse. (EFUSE_BLK1, EFUSE_BLK2 and EFUSE_BLK3)

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_CNT_IS_FULL: Not all requested cnt bits is set.

  • ESP_ERR_NOT_SUPPORTED: The block does not support this command.

int esp_efuse_get_field_size(const esp_efuse_desc_t *field[])

Returns the number of bits used by field.

参数

field -- [in] A pointer to the structure describing the fields of efuse.

返回

Returns the number of bits used by field.

uint32_t esp_efuse_read_reg(esp_efuse_block_t blk, unsigned int num_reg)

Returns value of efuse register.

This is a thread-safe implementation. Example: EFUSE_BLK2_RDATA3_REG where (blk=2, num_reg=3)

备注

Please note that reading in the batch mode does not show uncommitted changes.

参数
  • blk -- [in] Block number of eFuse.

  • num_reg -- [in] The register number in the block.

返回

Value of register

esp_err_t esp_efuse_write_reg(esp_efuse_block_t blk, unsigned int num_reg, uint32_t val)

Write value to efuse register.

Apply a coding scheme if necessary. This is a thread-safe implementation. Example: EFUSE_BLK3_WDATA0_REG where (blk=3, num_reg=0)

参数
  • blk -- [in] Block number of eFuse.

  • num_reg -- [in] The register number in the block.

  • val -- [in] Value to write.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

esp_efuse_coding_scheme_t esp_efuse_get_coding_scheme(esp_efuse_block_t blk)

Return efuse coding scheme for blocks.

备注

The coding scheme is applicable only to 1, 2 and 3 blocks. For 0 block, the coding scheme is always NONE.

参数

blk -- [in] Block number of eFuse.

返回

Return efuse coding scheme for blocks

esp_err_t esp_efuse_read_block(esp_efuse_block_t blk, void *dst_key, size_t offset_in_bits, size_t size_bits)

Read key to efuse block starting at the offset and the required size.

备注

Please note that reading in the batch mode does not show uncommitted changes.

参数
  • blk -- [in] Block number of eFuse.

  • dst_key -- [in] A pointer to array that will contain the result of reading.

  • offset_in_bits -- [in] Start bit in block.

  • size_bits -- [in] The number of bits required to read.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_err_t esp_efuse_write_block(esp_efuse_block_t blk, const void *src_key, size_t offset_in_bits, size_t size_bits)

Write key to efuse block starting at the offset and the required size.

参数
  • blk -- [in] Block number of eFuse.

  • src_key -- [in] A pointer to array that contains the key for writing.

  • offset_in_bits -- [in] Start bit in block.

  • size_bits -- [in] The number of bits required to write.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits

uint32_t esp_efuse_get_pkg_ver(void)

Returns chip package from efuse.

返回

chip package

void esp_efuse_reset(void)

Reset efuse write registers.

Efuse write registers are written to zero, to negate any changes that have been staged here.

备注

This function is not threadsafe, if calling code updates efuse values from multiple tasks then this is caller's responsibility to serialise.

esp_err_t esp_efuse_disable_rom_download_mode(void)

Disable ROM Download Mode via eFuse.

Permanently disables the ROM Download Mode feature. Once disabled, if the SoC is booted with strapping pins set for ROM Download Mode then an error is printed instead.

备注

Not all SoCs support this option. An error will be returned if called on an ESP32 with a silicon revision lower than 3, as these revisions do not support this option.

备注

If ROM Download Mode is already disabled, this function does nothing and returns success.

返回

  • ESP_OK If the eFuse was successfully burned, or had already been burned.

  • ESP_ERR_NOT_SUPPORTED (ESP32 only) This SoC is not capable of disabling UART download mode

  • ESP_ERR_INVALID_STATE (ESP32 only) This eFuse is write protected and cannot be written

esp_err_t esp_efuse_set_rom_log_scheme(esp_efuse_rom_log_scheme_t log_scheme)

Set boot ROM log scheme via eFuse.

备注

By default, the boot ROM will always print to console. This API can be called to set the log scheme only once per chip, once the value is changed from the default it can't be changed again.

参数

log_scheme -- Supported ROM log scheme

返回

  • ESP_OK If the eFuse was successfully burned, or had already been burned.

  • ESP_ERR_NOT_SUPPORTED (ESP32 only) This SoC is not capable of setting ROM log scheme

  • ESP_ERR_INVALID_STATE This eFuse is write protected or has been burned already

esp_err_t esp_efuse_enable_rom_secure_download_mode(void)

Switch ROM Download Mode to Secure Download mode via eFuse.

Permanently enables Secure Download mode. This mode limits the use of ROM Download Mode functions to simple flash read, write and erase operations, plus a command to return a summary of currently enabled security features.

备注

If Secure Download mode is already enabled, this function does nothing and returns success.

备注

Disabling the ROM Download Mode also disables Secure Download Mode.

返回

  • ESP_OK If the eFuse was successfully burned, or had already been burned.

  • ESP_ERR_INVALID_STATE ROM Download Mode has been disabled via eFuse, so Secure Download mode is unavailable.

uint32_t esp_efuse_read_secure_version(void)

Return secure_version from efuse field.

返回

Secure version from efuse field

bool esp_efuse_check_secure_version(uint32_t secure_version)

Check secure_version from app and secure_version and from efuse field.

参数

secure_version -- Secure version from app.

返回

  • True: If version of app is equal or more then secure_version from efuse.

esp_err_t esp_efuse_update_secure_version(uint32_t secure_version)

Write efuse field by secure_version value.

Update the secure_version value is available if the coding scheme is None. Note: Do not use this function in your applications. This function is called as part of the other API.

参数

secure_version -- [in] Secure version from app.

返回

  • ESP_OK: Successful.

  • ESP_FAIL: secure version of app cannot be set to efuse field.

  • ESP_ERR_NOT_SUPPORTED: Anti rollback is not supported with the 3/4 and Repeat coding scheme.

esp_err_t esp_efuse_batch_write_begin(void)

Set the batch mode of writing fields.

This mode allows you to write the fields in the batch mode when need to burn several efuses at one time. To enable batch mode call begin() then perform as usually the necessary operations read and write and at the end call commit() to actually burn all written efuses. The batch mode can be used nested. The commit will be done by the last commit() function. The number of begin() functions should be equal to the number of commit() functions.

Note: If batch mode is enabled by the first task, at this time the second task cannot write/read efuses. The second task will wait for the first task to complete the batch operation.

// Example of using the batch writing mode.

// set the batch writing mode
esp_efuse_batch_write_begin();

// use any writing functions as usual
esp_efuse_write_field_blob(ESP_EFUSE_...);
esp_efuse_write_field_cnt(ESP_EFUSE_...);
esp_efuse_set_write_protect(EFUSE_BLKx);
esp_efuse_write_reg(EFUSE_BLKx, ...);
esp_efuse_write_block(EFUSE_BLKx, ...);
esp_efuse_write(ESP_EFUSE_1, 3);  // ESP_EFUSE_1 == 1, here we write a new value = 3. The changes will be burn by the commit() function.
esp_efuse_read_...(ESP_EFUSE_1);  // this function returns ESP_EFUSE_1 == 1 because uncommitted changes are not readable, it will be available only after commit.
...

// esp_efuse_batch_write APIs can be called recursively.
esp_efuse_batch_write_begin();
esp_efuse_set_write_protect(EFUSE_BLKx);
esp_efuse_batch_write_commit(); // the burn will be skipped here, it will be done in the last commit().

...

// Write all of these fields to the efuse registers
esp_efuse_batch_write_commit();
esp_efuse_read_...(ESP_EFUSE_1);  // this function returns ESP_EFUSE_1 == 3.

备注

Please note that reading in the batch mode does not show uncommitted changes.

返回

  • ESP_OK: Successful.

esp_err_t esp_efuse_batch_write_cancel(void)

Reset the batch mode of writing fields.

It will reset the batch writing mode and any written changes.

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_STATE: Tha batch mode was not set.

esp_err_t esp_efuse_batch_write_commit(void)

Writes all prepared data for the batch mode.

Must be called to ensure changes are written to the efuse registers. After this the batch writing mode will be reset.

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_STATE: The deferred writing mode was not set.

bool esp_efuse_block_is_empty(esp_efuse_block_t block)

Checks that the given block is empty.

返回

  • True: The block is empty.

  • False: The block is not empty or was an error.

bool esp_efuse_get_key_dis_read(esp_efuse_block_t block)

Returns a read protection for the key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

True: The key block is read protected False: The key block is readable.

esp_err_t esp_efuse_set_key_dis_read(esp_efuse_block_t block)

Sets a read protection for the key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

bool esp_efuse_get_key_dis_write(esp_efuse_block_t block)

Returns a write protection for the key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

True: The key block is write protected False: The key block is writeable.

esp_err_t esp_efuse_set_key_dis_write(esp_efuse_block_t block)

Sets a write protection for the key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

bool esp_efuse_key_block_unused(esp_efuse_block_t block)

Returns true if the key block is unused, false otherwise.

An unused key block is all zero content, not read or write protected, and has purpose 0 (ESP_EFUSE_KEY_PURPOSE_USER)

参数

block -- key block to check.

返回

  • True if key block is unused,

  • False if key block is used or the specified block index is not a key block.

bool esp_efuse_find_purpose(esp_efuse_purpose_t purpose, esp_efuse_block_t *block)

Find a key block with the particular purpose set.

参数
  • purpose -- [in] Purpose to search for.

  • block -- [out] Pointer in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX which will be set to the key block if found. Can be NULL, if only need to test the key block exists.

返回

  • True: If found,

  • False: If not found (value at block pointer is unchanged).

bool esp_efuse_get_keypurpose_dis_write(esp_efuse_block_t block)

Returns a write protection of the key purpose field for an efuse key block.

备注

For ESP32: no keypurpose, it returns always True.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

True: The key purpose is write protected. False: The key purpose is writeable.

esp_efuse_purpose_t esp_efuse_get_key_purpose(esp_efuse_block_t block)

Returns the current purpose set for an efuse key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

  • Value: If Successful, it returns the value of the purpose related to the given key block.

  • ESP_EFUSE_KEY_PURPOSE_MAX: Otherwise.

const esp_efuse_desc_t **esp_efuse_get_purpose_field(esp_efuse_block_t block)

Returns a pointer to a key purpose for an efuse key block.

To get the value of this field use esp_efuse_read_field_blob() or esp_efuse_get_key_purpose().

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

Pointer: If Successful returns a pointer to the corresponding efuse field otherwise NULL.

const esp_efuse_desc_t **esp_efuse_get_key(esp_efuse_block_t block)

Returns a pointer to a key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

Pointer: If Successful returns a pointer to the corresponding efuse field otherwise NULL.

esp_err_t esp_efuse_set_key_purpose(esp_efuse_block_t block, esp_efuse_purpose_t purpose)

Sets a key purpose for an efuse key block.

参数
  • block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

  • purpose -- [in] Key purpose.

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_err_t esp_efuse_set_keypurpose_dis_write(esp_efuse_block_t block)

Sets a write protection of the key purpose field for an efuse key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_efuse_block_t esp_efuse_find_unused_key_block(void)

Search for an unused key block and return the first one found.

See esp_efuse_key_block_unused for a description of an unused key block.

返回

First unused key block, or EFUSE_BLK_KEY_MAX if no unused key block is found.

unsigned esp_efuse_count_unused_key_blocks(void)

Return the number of unused efuse key blocks in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX.

bool esp_efuse_get_digest_revoke(unsigned num_digest)

Returns the status of the Secure Boot public key digest revocation bit.

参数

num_digest -- [in] The number of digest in range 0..2

返回

  • True: If key digest is revoked,

  • False; If key digest is not revoked.

esp_err_t esp_efuse_set_digest_revoke(unsigned num_digest)

Sets the Secure Boot public key digest revocation bit.

参数

num_digest -- [in] The number of digest in range 0..2

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

bool esp_efuse_get_write_protect_of_digest_revoke(unsigned num_digest)

Returns a write protection of the Secure Boot public key digest revocation bit.

参数

num_digest -- [in] The number of digest in range 0..2

返回

True: The revocation bit is write protected. False: The revocation bit is writeable.

esp_err_t esp_efuse_set_write_protect_of_digest_revoke(unsigned num_digest)

Sets a write protection of the Secure Boot public key digest revocation bit.

参数

num_digest -- [in] The number of digest in range 0..2

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpose, const void *key, size_t key_size_bytes)

Program a block of key data to an efuse block.

The burn of a key, protection bits, and a purpose happens in batch mode.

备注

This API also enables the read protection efuse bit for certain key blocks like XTS-AES, HMAC, ECDSA etc. This ensures that the key is only accessible to hardware peripheral.

备注

For SoC's with capability SOC_EFUSE_ECDSA_USE_HARDWARE_K (e.g., ESP32-H2), this API writes an additional efuse bit for ECDSA key purpose to enforce hardware TRNG generated k mode in the peripheral.

参数
  • block -- [in] Block to read purpose for. Must be in range EFUSE_BLK_KEY0 to EFUSE_BLK_KEY_MAX. Key block must be unused (esp_efuse_key_block_unused).

  • purpose -- [in] Purpose to set for this key. Purpose must be already unset.

  • key -- [in] Pointer to data to write.

  • key_size_bytes -- [in] Bytes length of data to write.

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_INVALID_STATE: Error in efuses state, unused block not found.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_err_t esp_efuse_write_keys(const esp_efuse_purpose_t purposes[], uint8_t keys[][32], unsigned number_of_keys)

Program keys to unused efuse blocks.

The burn of keys, protection bits, and purposes happens in batch mode.

备注

This API also enables the read protection efuse bit for certain key blocks like XTS-AES, HMAC, ECDSA etc. This ensures that the key is only accessible to hardware peripheral.

备注

For SoC's with capability SOC_EFUSE_ECDSA_USE_HARDWARE_K (e.g., ESP32-H2), this API writes an additional efuse bit for ECDSA key purpose to enforce hardware TRNG generated k mode in the peripheral.

参数
  • purposes -- [in] Array of purposes (purpose[number_of_keys]).

  • keys -- [in] Array of keys (uint8_t keys[number_of_keys][32]). Each key is 32 bytes long.

  • number_of_keys -- [in] The number of keys to write (up to 6 keys).

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_INVALID_STATE: Error in efuses state, unused block not found.

  • ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS: Error not enough unused key blocks available

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_key_digests)

Read key digests from efuse. Any revoked/missing digests will be marked as NULL.

参数

trusted_key_digests -- [out] Trusted keys digests, stored in this parameter after successfully completing this function. The number of digests depends on the SOC's capabilities.

返回

  • ESP_OK: Successful.

  • ESP_FAIL: If trusted_keys is NULL or there is no valid digest.

esp_err_t esp_efuse_check_errors(void)

Checks eFuse errors in BLOCK0.

It does a BLOCK0 check if eFuse EFUSE_ERR_RST_ENABLE is set. If BLOCK0 has an error, it prints the error and returns ESP_FAIL, which should be treated as esp_restart.

备注

Refers to ESP32-C3 only.

返回

  • ESP_OK: No errors in BLOCK0.

  • ESP_FAIL: Error in BLOCK0 requiring reboot.

esp_err_t esp_efuse_destroy_block(esp_efuse_block_t block)

Destroys the data in the given efuse block, if possible.

Data destruction occurs through the following steps: 1) Destroy data in the block:

  • If write protection is inactive for the block, then unset bits are burned.

  • If write protection is active, the block remains unaltered. 2) Set read protection for the block if possible (check write-protection for RD_DIS). In this case, data becomes inaccessible, and the software reads it as all zeros. If write protection is enabled and read protection can not be set, data in the block remains readable (returns an error).

Do not use the batch mode with this function as it does the burning itself!

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

  • ESP_OK: Successful.

  • ESP_FAIL: Data remained readable because the block is write-protected and read protection can not be set.

Structures

struct esp_efuse_desc_t

Type definition for an eFuse field.

Public Members

esp_efuse_block_t efuse_block

Block of eFuse

uint8_t bit_start

Start bit [0..255]

uint16_t bit_count

Length of bit field [1..-]

struct esp_secure_boot_key_digests_t

Pointers to the trusted key digests.

The number of digests depends on the SOC's capabilities.

Public Members

const void *key_digests[3]

Pointers to the key digests

Macros

ESP_ERR_EFUSE

Base error code for efuse api.

ESP_OK_EFUSE_CNT

OK the required number of bits is set.

ESP_ERR_EFUSE_CNT_IS_FULL

Error field is full.

ESP_ERR_EFUSE_REPEATED_PROG

Error repeated programming of programmed bits is strictly forbidden.

ESP_ERR_CODING

Error while a encoding operation.

ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS

Error not enough unused key blocks available

ESP_ERR_DAMAGED_READING

Error. Burn or reset was done during a reading operation leads to damage read data. This error is internal to the efuse component and not returned by any public API.

Enumerations

enum esp_efuse_rom_log_scheme_t

Type definition for ROM log scheme.

Values:

enumerator ESP_EFUSE_ROM_LOG_ALWAYS_ON

Always enable ROM logging

enumerator ESP_EFUSE_ROM_LOG_ON_GPIO_LOW

ROM logging is enabled when specific GPIO level is low during start up

enumerator ESP_EFUSE_ROM_LOG_ON_GPIO_HIGH

ROM logging is enabled when specific GPIO level is high during start up

enumerator ESP_EFUSE_ROM_LOG_ALWAYS_OFF

Disable ROM logging permanently


此文档对您有帮助吗?