eFuse Manager

Introduction

The eFuse Manager library is designed to structure access to eFuse bits and make using these easy. This library operates eFuse bits by a structure name which is assigned in eFuse table. This sections introduces some concepts used by eFuse Manager.

Hardware Description

The ESP32-P4 has a number of eFuses which can store system and user parameters. Each eFuse is a one-bit field which can be programmed to 1 after which it cannot be reverted back to 0. Some of system parameters are using these eFuse bits directly by hardware modules and have special place (for example EFUSE_BLK0).

For more details, see ESP32-P4 Technical Reference Manual > eFuse Controller (eFuse) [PDF]. Some eFuse bits are available for user applications.

ESP32-P4 has 11 eFuse blocks each of the size of 256 bits (not all bits are available):

  • EFUSE_BLK0 is used entirely for system purposes;

  • EFUSE_BLK1 is used entirely for system purposes;

  • EFUSE_BLK2 is used entirely for system purposes;

  • EFUSE_BLK3 (also named EFUSE_BLK_USER_DATA) can be used for user purposes;

  • EFUSE_BLK4 (also named EFUSE_BLK_KEY0) can be used as key (for secure_boot or flash_encryption) or for user purposes;

  • EFUSE_BLK5 (also named EFUSE_BLK_KEY1) can be used as key (for secure_boot or flash_encryption) or for user purposes;

  • EFUSE_BLK6 (also named EFUSE_BLK_KEY2) can be used as key (for secure_boot or flash_encryption) or for user purposes;

  • EFUSE_BLK7 (also named EFUSE_BLK_KEY3) can be used as key (for secure_boot or flash_encryption) or for user purposes;

  • EFUSE_BLK8 (also named EFUSE_BLK_KEY4) can be used as key (for secure_boot or flash_encryption) or for user purposes;

  • EFUSE_BLK9 (also named EFUSE_BLK_KEY5) can be used as key (for secure_boot or flash_encryption) or for user purposes;

  • EFUSE_BLK10 (also named EFUSE_BLK_SYS_DATA_PART2) is reserved for system purposes.

Each block is divided into 8 32-bits registers.

eFuse Manager Component

The component has API functions for reading and writing fields. Access to the fields is carried out through the structures that describe the location of the eFuse bits in the blocks. The component provides the ability to form fields of any length and from any number of individual bits. The description of the fields is made in a CSV file in a table form. To generate from a tabular form (CSV file) in the C-source uses the tool efuse_table_gen.py. The tool checks the CSV file for uniqueness of field names and bit intersection, in case of using a custom file from the user's project directory, the utility checks with the common CSV file.

CSV files:

  • common (esp_efuse_table.csv) - contains eFuse fields which are used inside the ESP-IDF. C-source generation should be done manually when changing this file (run command idf.py efuse-common-table). Note that changes in this file can lead to incorrect operation.

  • custom - (optional and can be enabled by CONFIG_EFUSE_CUSTOM_TABLE) contains eFuse fields that are used by the user in their application. C-source generation should be done manually when changing this file and running idf.py efuse-custom-table.

Description CSV File

The CSV file contains a description of the eFuse fields. In the simple case, one field has one line of description. Table header:

# field_name,  efuse_block(EFUSE_BLK0..EFUSE_BLK10), bit_start(0..255),    bit_count(1..256),        comment

Individual params in CSV file the following meanings:

field_name

Name of field. The prefix ESP_EFUSE_ is added to the name, and this field name is available in the code. This name is used to access the fields. The name must be unique for all fields. If the line has an empty name, then this line is combined with the previous field. This allows you to set an arbitrary order of bits in the field, and expand the field as well (see MAC_FACTORY field in the common table). The field_name supports structured format using . to show that the field belongs to another field (see WR_DIS and RD_DIS in the common table).

efuse_block

Block number. It determines where the eFuse bits are placed for this field. Available EFUSE_BLK0..EFUSE_BLK10.

bit_start

Start bit number (0..255). The bit_start field can be omitted. In this case, it is set to bit_start + bit_count from the previous record, if it has the same efuse_block. Otherwise (if efuse_block is different, or this is the first entry), an error will be generated.

bit_count

The number of bits to use in this field (1..-). This parameter cannot be omitted. This field also may be MAX_BLK_LEN in this case, the field length has the maximum block length.

comment

This param is using for comment field, it also move to C-header file. The comment field can be omitted.

If a non-sequential bit order is required to describe a field, then the field description in the following lines should be continued without specifying a name, indicating that it belongs to one field. For example two fields MAC_FACTORY and MAC_FACTORY_CRC:

# Factory MAC address #
#######################
MAC_FACTORY,            EFUSE_BLK0,    72,    8,    Factory MAC addr [0]
,                       EFUSE_BLK0,    64,    8,    Factory MAC addr [1]
,                       EFUSE_BLK0,    56,    8,    Factory MAC addr [2]
,                       EFUSE_BLK0,    48,    8,    Factory MAC addr [3]
,                       EFUSE_BLK0,    40,    8,    Factory MAC addr [4]
,                       EFUSE_BLK0,    32,    8,    Factory MAC addr [5]
MAC_FACTORY_CRC,        EFUSE_BLK0,    80,    8,    CRC8 for factory MAC address

This field is available in code as ESP_EFUSE_MAC_FACTORY and ESP_EFUSE_MAC_FACTORY_CRC.

Structured eFuse Fields

WR_DIS,                           EFUSE_BLK0,   0,    32,     Write protection
WR_DIS.RD_DIS,                    EFUSE_BLK0,   0,    1,      Write protection for RD_DIS
WR_DIS.FIELD_1,                   EFUSE_BLK0,   1,    1,      Write protection for FIELD_1
WR_DIS.FIELD_2,                   EFUSE_BLK0,   2,    4,      Write protection for FIELD_2 (includes B1 and B2)
WR_DIS.FIELD_2.B1,                EFUSE_BLK0,   2,    2,      Write protection for FIELD_2.B1
WR_DIS.FIELD_2.B2,                EFUSE_BLK0,   4,    2,      Write protection for FIELD_2.B2
WR_DIS.FIELD_3,                   EFUSE_BLK0,   5,    1,      Write protection for FIELD_3
WR_DIS.FIELD_3.ALIAS,             EFUSE_BLK0,   5,    1,      Write protection for FIELD_3 (just a alias for WR_DIS.FIELD_3)
WR_DIS.FIELD_4,                   EFUSE_BLK0,   7,    1,      Write protection for FIELD_4

The structured eFuse field looks like WR_DIS.RD_DIS where the dot points that this field belongs to the parent field - WR_DIS and cannot be out of the parent's range.

It is possible to use some levels of structured fields as WR_DIS.FIELD_2.B1 and B2. These fields should not be crossed each other and should be in the range of two fields: WR_DIS and WR_DIS.FIELD_2.

It is possible to create aliases for fields with the same range, see WR_DIS.FIELD_3 and WR_DIS.FIELD_3.ALIAS.

The ESP-IDF names for structured eFuse fields should be unique. The efuse_table_gen tool generates the final names where the dot is replaced by _. The names for using in ESP-IDF are ESP_EFUSE_WR_DIS, ESP_EFUSE_WR_DIS_RD_DIS, ESP_EFUSE_WR_DIS_FIELD_2_B1, etc.

The efuse_table_gen tool checks that the fields do not overlap each other and must be within the range of a field if there is a violation, then throws the following error:

Field at USER_DATA, EFUSE_BLK3, 0, 256  intersected with  SERIAL_NUMBER, EFUSE_BLK3, 0, 32

Solution: Describe SERIAL_NUMBER to be included in USER_DATA. (USER_DATA.SERIAL_NUMBER).

Field at FIELD, EFUSE_BLK3, 0, 50  out of range  FIELD.MAJOR_NUMBER, EFUSE_BLK3, 60, 32

Solution: Change bit_start for FIELD.MAJOR_NUMBER from 60 to 0, so MAJOR_NUMBER is in the FIELD range.

efuse_table_gen.py Tool

The tool is designed to generate C-source files from CSV file and validate fields. First of all, the check is carried out on the uniqueness of the names and overlaps of the field bits. If an additional custom file is used, it will be checked with the existing common file (esp_efuse_table.csv). In case of errors, a message will be displayed and the string that caused the error. C-source files contain structures of type esp_efuse_desc_t.

To generate a common files, use the following command idf.py efuse-common-table or:

cd $IDF_PATH/components/efuse/
./efuse_table_gen.py --idf_target esp32p4 esp32p4/esp_efuse_table.csv

After generation in the folder $IDF_PATH/components/efuse/esp32p4 create:

  • esp_efuse_table.c file.

  • In include folder esp_efuse_table.c file.

To generate a custom files, use the following command idf.py efuse-custom-table or:

cd $IDF_PATH/components/efuse/
./efuse_table_gen.py --idf_target esp32p4 esp32p4/esp_efuse_table.csv PROJECT_PATH/main/esp_efuse_custom_table.csv

After generation in the folder PROJECT_PATH/main create:

  • esp_efuse_custom_table.c file.

  • In include folder esp_efuse_custom_table.c file.

To use the generated fields, you need to include two files:

#include "esp_efuse.h"
#include "esp_efuse_table.h" // or "esp_efuse_custom_table.h"

Supported Coding Scheme

Coding schemes are used to protect against data corruption. ESP32-P4 supports two coding schemes:

  • None. EFUSE_BLK0 is stored with four backups, meaning each bit is stored four times. This backup scheme is automatically applied by the hardware and is not visible to software. EFUSE_BLK0 can be written many times.

  • RS. EFUSE_BLK1 - EFUSE_BLK10 use Reed-Solomon coding scheme that supports up to 5 bytes of automatic error correction. Software encodes the 32-byte EFUSE_BLKx using RS (44, 32) to generate a 12-byte check code, and then burn the EFUSE_BLKx and the check code into eFuse at the same time. The eFuse Controller automatically decodes the RS encoding and applies error correction when reading back the eFuse block. Because the RS check codes are generated across the entire 256-bit eFuse block, each block can only be written to one time.

To write some fields into one block, or different blocks in one time, you need to use the batch writing mode. Firstly set this mode through esp_efuse_batch_write_begin() function then write some fields as usual using the esp_efuse_write_... functions. At the end to burn them, call the esp_efuse_batch_write_commit() function. It burns prepared data to the eFuse blocks and disables the batch recording mode.

备注

If there is already pre-written data in the eFuse block using the Reed-Solomon encoding scheme, then it is not possible to write anything extra (even if the required bits are empty) without breaking the previous encoding data. This encoding data will be overwritten with new encoding data and completely destroyed (however, the payload eFuses are not damaged). It can be related to: CUSTOM_MAC, SPI_PAD_CONFIG_HD, SPI_PAD_CONFIG_CS, etc. Please contact Espressif to order the required pre-burnt eFuses.

FOR TESTING ONLY (NOT RECOMMENDED): You can ignore or suppress errors that violate encoding scheme data in order to burn the necessary bits in the eFuse block.

eFuse API

Access to the fields is via a pointer to the description structure. API functions have some basic operation:

For frequently used fields, special functions are made, like this esp_efuse_get_pkg_ver().

eFuse API for Keys

EFUSE_BLK_KEY0 - EFUSE_BLK_KEY5 are intended to keep up to 6 keys with a length of 256-bits. Each key has an ESP_EFUSE_KEY_PURPOSE_x field which defines the purpose of these keys. The purpose field is described in esp_efuse_purpose_t.

The purposes like ESP_EFUSE_KEY_PURPOSE_XTS_AES_... are used for flash encryption.

The purposes like ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST... are used for secure boot.

There are some eFuse APIs useful to work with states of keys.

How to Add a New Field

  1. Find a free bits for field. Show esp_efuse_table.csv file or run idf.py show-efuse-table or the next command:

$ ./efuse_table_gen.py -t IDF_TARGET_PATH_NAME esp32p4/esp_efuse_table.csv --info

Max number of bits in BLK 256
Parsing efuse CSV input file ../esp32p4/esp_efuse_table.csv ...
Verifying efuse table...
Sorted efuse table:
#       field_name                      efuse_block     bit_start       bit_count
1       WR_DIS                          EFUSE_BLK0         0               32
2       WR_DIS.RD_DIS                   EFUSE_BLK0         0               1
3       WR_DIS.SPI_BOOT_CRYPT_CNT       EFUSE_BLK0         4               1
4       WR_DIS.SECURE_BOOT_KEY_REVOKE0  EFUSE_BLK0         5               1
5       WR_DIS.SECURE_BOOT_KEY_REVOKE1  EFUSE_BLK0         6               1
6       WR_DIS.SECURE_BOOT_KEY_REVOKE2  EFUSE_BLK0         7               1
7       WR_DIS.KEY_PURPOSE_0            EFUSE_BLK0         8               1
8       WR_DIS.KEY_PURPOSE_1            EFUSE_BLK0         9               1
9       WR_DIS.KEY_PURPOSE_2            EFUSE_BLK0         10              1
10      WR_DIS.KEY_PURPOSE_3            EFUSE_BLK0         11              1
11      WR_DIS.KEY_PURPOSE_4            EFUSE_BLK0         12              1
12      WR_DIS.KEY_PURPOSE_5            EFUSE_BLK0         13              1
13      WR_DIS.SECURE_BOOT_EN           EFUSE_BLK0         15              1
14      WR_DIS.BLK1                     EFUSE_BLK0         20              1
15      WR_DIS.MAC                      EFUSE_BLK0         20              1
16      WR_DIS.WAFER_VERSION_MINOR      EFUSE_BLK0         20              1
17      WR_DIS.WAFER_VERSION_MAJOR      EFUSE_BLK0         20              1
18      WR_DIS.DISABLE_WAFER_VERSION_MAJOR      EFUSE_BLK0         20              1
19      WR_DIS.DISABLE_BLK_VERSION_MAJOR        EFUSE_BLK0         20              1
20      WR_DIS.BLK_VERSION_MINOR        EFUSE_BLK0         20              1
21      WR_DIS.BLK_VERSION_MAJOR        EFUSE_BLK0         20              1
22      WR_DIS.FLASH_CAP                EFUSE_BLK0         20              1
23      WR_DIS.FLASH_TEMP               EFUSE_BLK0         20              1
24      WR_DIS.FLASH_VENDOR             EFUSE_BLK0         20              1
25      WR_DIS.PSRAM_CAP                EFUSE_BLK0         20              1
26      WR_DIS.PSRAM_TEMP               EFUSE_BLK0         20              1
27      WR_DIS.PSRAM_VENDOR             EFUSE_BLK0         20              1
28      WR_DIS.PKG_VERSION              EFUSE_BLK0         20              1
29      WR_DIS.OPTIONAL_UNIQUE_ID       EFUSE_BLK0         21              1
30      WR_DIS.BLOCK_USR_DATA           EFUSE_BLK0         22              1
31      WR_DIS.CUSTOM_MAC               EFUSE_BLK0         22              1
32      WR_DIS.BLOCK_KEY0               EFUSE_BLK0         23              1
33      WR_DIS.BLOCK_KEY1               EFUSE_BLK0         24              1
34      WR_DIS.BLOCK_KEY2               EFUSE_BLK0         25              1
35      WR_DIS.BLOCK_KEY3               EFUSE_BLK0         26              1
36      WR_DIS.BLOCK_KEY4               EFUSE_BLK0         27              1
37      WR_DIS.BLOCK_KEY5               EFUSE_BLK0         28              1
38      WR_DIS.BLOCK_SYS_DATA2          EFUSE_BLK0         29              1
39      RD_DIS                          EFUSE_BLK0         32              7
40      RD_DIS.BLOCK_KEY0               EFUSE_BLK0         32              1
41      RD_DIS.BLOCK_KEY1               EFUSE_BLK0         33              1
42      RD_DIS.BLOCK_KEY2               EFUSE_BLK0         34              1
43      RD_DIS.BLOCK_KEY3               EFUSE_BLK0         35              1
44      RD_DIS.BLOCK_KEY4               EFUSE_BLK0         36              1
45      RD_DIS.BLOCK_KEY5               EFUSE_BLK0         37              1
46      RD_DIS.BLOCK_SYS_DATA2          EFUSE_BLK0         38              1
47      USB_DEVICE_EXCHG_PINS           EFUSE_BLK0         39              1
48      USB_OTG11_EXCHG_PINS            EFUSE_BLK0         40              1
49      DIS_USB_JTAG                    EFUSE_BLK0         41              1
50      POWERGLITCH_EN                  EFUSE_BLK0         42              1
51      DIS_FORCE_DOWNLOAD              EFUSE_BLK0         44              1
52      SPI_DOWNLOAD_MSPI_DIS           EFUSE_BLK0         45              1
53      DIS_TWAI                        EFUSE_BLK0         46              1
54      JTAG_SEL_ENABLE                 EFUSE_BLK0         47              1
55      SOFT_DIS_JTAG                   EFUSE_BLK0         48              3
56      DIS_PAD_JTAG                    EFUSE_BLK0         51              1
57      DIS_DOWNLOAD_MANUAL_ENCRYPT     EFUSE_BLK0         52              1
58      USB_PHY_SEL                     EFUSE_BLK0         57              1
59      KM_HUK_GEN_STATE                EFUSE_BLK0         58              9
60      KM_RND_SWITCH_CYCLE             EFUSE_BLK0         67              2
61      KM_DEPLOY_ONLY_ONCE             EFUSE_BLK0         69              4
62      FORCE_USE_KEY_MANAGER_KEY       EFUSE_BLK0         73              4
63      FORCE_DISABLE_SW_INIT_KEY       EFUSE_BLK0         77              1
64      XTS_KEY_LENGTH_256              EFUSE_BLK0         78              1
65      WDT_DELAY_SEL                   EFUSE_BLK0         80              2
66      SPI_BOOT_CRYPT_CNT              EFUSE_BLK0         82              3
67      SECURE_BOOT_KEY_REVOKE0         EFUSE_BLK0         85              1
68      SECURE_BOOT_KEY_REVOKE1         EFUSE_BLK0         86              1
69      SECURE_BOOT_KEY_REVOKE2         EFUSE_BLK0         87              1
70      KEY_PURPOSE_0                   EFUSE_BLK0         88              4
71      KEY_PURPOSE_1                   EFUSE_BLK0         92              4
72      KEY_PURPOSE_2                   EFUSE_BLK0         96              4
73      KEY_PURPOSE_3                   EFUSE_BLK0        100              4
74      KEY_PURPOSE_4                   EFUSE_BLK0        104              4
75      KEY_PURPOSE_5                   EFUSE_BLK0        108              4
76      SEC_DPA_LEVEL                   EFUSE_BLK0        112              2
77      ECDSA_ENABLE_SOFT_K             EFUSE_BLK0        114              1
78      CRYPT_DPA_ENABLE                EFUSE_BLK0        115              1
79      SECURE_BOOT_EN                  EFUSE_BLK0        116              1
80      SECURE_BOOT_AGGRESSIVE_REVOKE   EFUSE_BLK0        117              1
81      FLASH_TYPE                      EFUSE_BLK0        119              1
82      FLASH_PAGE_SIZE                 EFUSE_BLK0        120              2
83      FLASH_ECC_EN                    EFUSE_BLK0        122              1
84      DIS_USB_OTG_DOWNLOAD_MODE       EFUSE_BLK0        123              1
85      FLASH_TPUW                      EFUSE_BLK0        124              4
86      DIS_DOWNLOAD_MODE               EFUSE_BLK0        128              1
87      DIS_DIRECT_BOOT                 EFUSE_BLK0        129              1
88      DIS_USB_SERIAL_JTAG_ROM_PRINT   EFUSE_BLK0        130              1
89      LOCK_KM_KEY                     EFUSE_BLK0        131              1
90      DIS_USB_SERIAL_JTAG_DOWNLOAD_MODE       EFUSE_BLK0        132              1
91      ENABLE_SECURITY_DOWNLOAD        EFUSE_BLK0        133              1
92      UART_PRINT_CONTROL              EFUSE_BLK0        134              2
93      FORCE_SEND_RESUME               EFUSE_BLK0        136              1
94      SECURE_VERSION                  EFUSE_BLK0        137              16
95      SECURE_BOOT_DISABLE_FAST_WAKE   EFUSE_BLK0        153              1
96      HYS_EN_PAD                      EFUSE_BLK0        154              1
97      DCDC_VSET                       EFUSE_BLK0        155              5
98      PXA0_TIEH_SEL_0                 EFUSE_BLK0        160              2
99      PXA0_TIEH_SEL_1                 EFUSE_BLK0        162              2
100     PXA0_TIEH_SEL_2                 EFUSE_BLK0        164              2
101     PXA0_TIEH_SEL_3                 EFUSE_BLK0        166              2
102     KM_DISABLE_DEPLOY_MODE          EFUSE_BLK0        168              4
103     HP_PWR_SRC_SEL                  EFUSE_BLK0        178              1
104     DCDC_VSET_EN                    EFUSE_BLK0        179              1
105     DIS_WDT                         EFUSE_BLK0        180              1
106     DIS_SWD                         EFUSE_BLK0        181              1
107     MAC                             EFUSE_BLK1         0               8
108     MAC                             EFUSE_BLK1         8               8
109     MAC                             EFUSE_BLK1         16              8
110     MAC                             EFUSE_BLK1         24              8
111     MAC                             EFUSE_BLK1         32              8
112     MAC                             EFUSE_BLK1         40              8
113     WAFER_VERSION_MINOR             EFUSE_BLK1         64              4
114     WAFER_VERSION_MAJOR             EFUSE_BLK1         68              2
115     DISABLE_WAFER_VERSION_MAJOR     EFUSE_BLK1         70              1
116     DISABLE_BLK_VERSION_MAJOR       EFUSE_BLK1         71              1
117     BLK_VERSION_MINOR               EFUSE_BLK1         72              3
118     BLK_VERSION_MAJOR               EFUSE_BLK1         75              2
119     FLASH_CAP                       EFUSE_BLK1         77              3
120     FLASH_TEMP                      EFUSE_BLK1         80              2
121     FLASH_VENDOR                    EFUSE_BLK1         82              3
122     PSRAM_CAP                       EFUSE_BLK1         85              2
123     PSRAM_TEMP                      EFUSE_BLK1         87              2
124     PSRAM_VENDOR                    EFUSE_BLK1         89              2
125     PKG_VERSION                     EFUSE_BLK1         91              3
126     SYS_DATA_PART2                  EFUSE_BLK10        0              256
127     OPTIONAL_UNIQUE_ID              EFUSE_BLK2         0              128
128     USER_DATA                       EFUSE_BLK3         0              256
129     USER_DATA.MAC_CUSTOM            EFUSE_BLK3        200              48
130     KEY0                            EFUSE_BLK4         0              256
131     KEY1                            EFUSE_BLK5         0              256
132     KEY2                            EFUSE_BLK6         0              256
133     KEY3                            EFUSE_BLK7         0              256
134     KEY4                            EFUSE_BLK8         0              256
135     KEY5                            EFUSE_BLK9         0              256

Used bits in efuse table:
EFUSE_BLK0
[0 31] [0 0] [4 13] [15 15] [20 20] [20 20] [20 29] [32 38] [32 42] [44 52] [57 78] [80 117] [119 171] [178 181]

EFUSE_BLK1
[0 47] [64 93]

EFUSE_BLK10
[0 255]

EFUSE_BLK2
[0 127]

EFUSE_BLK3
[0 255] [200 247]

EFUSE_BLK4
[0 255]

EFUSE_BLK5
[0 255]

EFUSE_BLK6
[0 255]

EFUSE_BLK7
[0 255]

EFUSE_BLK8
[0 255]

EFUSE_BLK9
[0 255]
Note: Not printed ranges are free for using. (bits in EFUSE_BLK0 are reserved for Espressif)

The number of bits not included in square brackets is free (some bits are reserved for Espressif). All fields are checked for overlapping.

To add fields to an existing field, use the Structured efuse fields technique. For example, adding the fields: SERIAL_NUMBER, MODEL_NUMBER and HARDWARE REV to an existing USER_DATA field. Use . (dot) to show an attachment in a field.

USER_DATA.SERIAL_NUMBER,                  EFUSE_BLK3,    0,  32,
USER_DATA.MODEL_NUMBER,                   EFUSE_BLK3,    32, 10,
USER_DATA.HARDWARE_REV,                   EFUSE_BLK3,    42, 10,
  1. Fill a line for field: field_name, efuse_block, bit_start, bit_count, comment.

  2. Run a show_efuse_table command to check eFuse table. To generate source files run efuse_common_table or efuse_custom_table command.

You may get errors such as intersects with or out of range. Please see how to solve them in the Structured efuse fields article.

Bit Order

The eFuses bit order is little endian (see the example below), it means that eFuse bits are read and written from LSB to MSB:

$ espefuse.py dump

USER_DATA      (BLOCK3          ) [3 ] read_regs: 03020100 07060504 0B0A0908 0F0E0D0C 13121111 17161514 1B1A1918 1F1E1D1C
BLOCK4         (BLOCK4          ) [4 ] read_regs: 03020100 07060504 0B0A0908 0F0E0D0C 13121111 17161514 1B1A1918 1F1E1D1C

where is the register representation:

EFUSE_RD_USR_DATA0_REG = 0x03020100
EFUSE_RD_USR_DATA1_REG = 0x07060504
EFUSE_RD_USR_DATA2_REG = 0x0B0A0908
EFUSE_RD_USR_DATA3_REG = 0x0F0E0D0C
EFUSE_RD_USR_DATA4_REG = 0x13121111
EFUSE_RD_USR_DATA5_REG = 0x17161514
EFUSE_RD_USR_DATA6_REG = 0x1B1A1918
EFUSE_RD_USR_DATA7_REG = 0x1F1E1D1C

where is the byte representation:

byte[0] = 0x00, byte[1] = 0x01, ... byte[3] = 0x03, byte[4] = 0x04, ..., byte[31] = 0x1F

For example, csv file describes the USER_DATA field, which occupies all 256 bits (a whole block).

USER_DATA,          EFUSE_BLK3,    0,  256,     User data
USER_DATA.FIELD1,   EFUSE_BLK3,    16,  16,     Field1

ID,                 EFUSE_BLK4,    8,  3,      ID bit[0..2]
,                   EFUSE_BLK4,    16, 2,      ID bit[3..4]
,                   EFUSE_BLK4,    32, 3,      ID bit[5..7]

Thus, reading the eFuse USER_DATA block written as above gives the following results:

uint8_t buf[32] = { 0 };
esp_efuse_read_field_blob(ESP_EFUSE_USER_DATA, &buf, sizeof(buf) * 8);
// buf[0] = 0x00, buf[1] = 0x01, ... buf[31] = 0x1F

uint32_t field1 = 0;
size_t field1_size = ESP_EFUSE_USER_DATA[0]->bit_count; // can be used for this case because it only consists of one entry
esp_efuse_read_field_blob(ESP_EFUSE_USER_DATA, &field1, field1_size);
// field1 = 0x0302

uint32_t field1_1 = 0;
esp_efuse_read_field_blob(ESP_EFUSE_USER_DATA, &field1_1, 2); // reads only first 2 bits
// field1 = 0x0002

uint8_t id = 0;
size_t id_size = esp_efuse_get_field_size(ESP_EFUSE_ID); // returns 6
// size_t id_size = ESP_EFUSE_USER_DATA[0]->bit_count; // cannot be used because it consists of 3 entries. It returns 3 not 6.
esp_efuse_read_field_blob(ESP_EFUSE_ID, &id, id_size);
// id = 0x91
// b'100 10  001
//   [3] [2] [3]

uint8_t id_1 = 0;
esp_efuse_read_field_blob(ESP_EFUSE_ID, &id_1, 3);
// id = 0x01
// b'001

Get eFuses During Build

There is a way to get the state of eFuses at the build stage of the project. There are two cmake functions for this:

  • espefuse_get_json_summary() - It calls the espefuse.py summary --format json command and returns a json string (it is not stored in a file).

  • espefuse_get_efuse() - It finds a given eFuse name in the json string and returns its property.

The json string has the following properties:

{
    "MAC": {
        "bit_len": 48,
        "block": 0,
        "category": "identity",
        "description": "Factory MAC Address",
        "efuse_type": "bytes:6",
        "name": "MAC",
        "pos": 0,
        "readable": true,
        "value": "94:b9:7e:5a:6e:58 (CRC 0xe2 OK)",
        "word": 1,
        "writeable": true
    },
}

These functions can be used from a top-level project CMakeLists.txt (get-started/hello_world/CMakeLists.txt):

# ...
project(hello_world)

espefuse_get_json_summary(efuse_json)
espefuse_get_efuse(ret_data ${efuse_json} "MAC" "value")
message("MAC:" ${ret_data})

The format of the value property is the same as shown in espefuse.py summary.

MAC:94:b9:7e:5a:6e:58 (CRC 0xe2 OK)

There is an example test system/efuse/CMakeLists.txt which adds a custom target efuse-summary. This allows you to run the idf.py efuse-summary command to read the required eFuses (specified in the efuse_names list) at any time, not just at project build time.

Debug eFuse & Unit Tests

Virtual eFuses

The Kconfig option CONFIG_EFUSE_VIRTUAL virtualizes eFuse values inside the eFuse Manager, so writes are emulated and no eFuse values are permanently changed. This can be useful for debugging app and unit tests. During startup, the eFuses are copied to RAM. All eFuse operations (read and write) are performed with RAM instead of the real eFuse registers.

In addition to the CONFIG_EFUSE_VIRTUAL option there is CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH option that adds a feature to keep eFuses in flash memory. To use this mode the partition_table should have the efuse partition. partition.csv: "efuse_em, data, efuse,   ,   0x2000,". During startup, the eFuses are copied from flash or, in case if flash is empty, from real eFuse to RAM and then update flash. This option allows keeping eFuses after reboots (possible to test secure_boot and flash_encryption features with this option).

Flash Encryption Testing

Flash Encryption (FE) is a hardware feature that requires the physical burning of eFuses: key and FLASH_CRYPT_CNT. If FE is not actually enabled then enabling the CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH option just gives testing possibilities and does not encrypt anything in the flash, even though the logs say encryption happens. The bootloader_flash_write() is adapted for this purpose. But if FE is already enabled on the chip and you run an application or bootloader created with the CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH option then the flash encryption/decryption operations will work properly (data are encrypted as it is written into an encrypted flash partition and decrypted when they are read from an encrypted partition).

espefuse.py

esptool includes a useful tool for reading/writing ESP32-P4 eFuse bits - espefuse.py.

espefuse.py -p PORT summary

espefuse.py v4.7.0
Connecting....
Detecting chip type... ESP32-P4

=== Run "summary" command ===
EFUSE_NAME (Block) Description  = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Config fuses:
WR_DIS (BLOCK0)                                    Disable programming of individual eFuses           = 0 R/W (0x00000000)
RD_DIS (BLOCK0)                                    Disable reading from BlOCK4-10                     = 0 R/W (0b0000000)
POWERGLITCH_EN (BLOCK0)                            Represents whether power glitch function is enable = False R/W (0b0)
                                                   d. 1: enabled. 0: disabled
DIS_TWAI (BLOCK0)                                  Represents whether TWAI function is disabled or en = False R/W (0b0)
                                                   abled. 1: disabled. 0: enabled
KM_HUK_GEN_STATE (BLOCK0)                          Set this bit to control validation of HUK generate = 0 R/W (0b000000000)
                                                    mode. Odd of 1 is invalid; even of 1 is valid
KM_RND_SWITCH_CYCLE (BLOCK0)                       Set bits to control key manager random number swit = 0 R/W (0b00)
                                                   ch cycle. 0: control by register. 1: 8 km clk cycl
                                                   es. 2: 16 km cycles. 3: 32 km cycles
KM_DEPLOY_ONLY_ONCE (BLOCK0)                       Set each bit to control whether corresponding key  = 0 R/W (0x0)
                                                   can only be deployed once. 1 is true; 0 is false.
                                                   Bit0: ecdsa. Bit1: xts. Bit2: hmac. Bit3: ds
DIS_DIRECT_BOOT (BLOCK0)                           Represents whether direct boot mode is disabled or = False R/W (0b0)
                                                    enabled. 1: disabled. 0: enabled
UART_PRINT_CONTROL (BLOCK0)                        Represents the type of UART printing. 00: force en = 0 R/W (0b00)
                                                   able printing. 01: enable printing when GPIO8 is r
                                                   eset at low level. 10: enable printing when GPIO8
                                                   is reset at high level. 11: force disable printing
HYS_EN_PAD (BLOCK0)                                Represents whether the hysteresis function of corr = False R/W (0b0)
                                                   corresponding PAD is enabled. 1: enabled. 0:disabled
DCDC_VSET (BLOCK0)                                 Set the dcdc voltage default                       = 0 R/W (0b00000)
PXA0_TIEH_SEL_0 (BLOCK0)                           TBD                                                = 0 R/W (0b00)
PXA0_TIEH_SEL_1 (BLOCK0)                           TBD                                                = 0 R/W (0b00)
PXA0_TIEH_SEL_2 (BLOCK0)                           TBD                                                = 0 R/W (0b00)
PXA0_TIEH_SEL_3 (BLOCK0)                           TBD                                                = 0 R/W (0b00)
KM_DISABLE_DEPLOY_MODE (BLOCK0)                    TBD                                                = 0 R/W (0x0)
HP_PWR_SRC_SEL (BLOCK0)                            HP system power source select. 0:LDO. 1: DCDC      = False R/W (0b0)
DCDC_VSET_EN (BLOCK0)                              Select dcdc vset use efuse_dcdc_vset               = False R/W (0b0)
DIS_SWD (BLOCK0)                                   Set this bit to disable super-watchdog             = False R/W (0b0)
PSRAM_CAP (BLOCK1)                                 PSRAM capacity                                     = 0 R/W (0b00)
PSRAM_TEMP (BLOCK1)                                PSRAM temperature                                  = 0 R/W (0b00)
PSRAM_VENDOR (BLOCK1)                              PSRAM vendor                                       = 0 R/W (0b00)
BLOCK_USR_DATA (BLOCK3)                            User data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_SYS_DATA2 (BLOCK10)                          System data part 2 (reserved)
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Flash fuses:
FLASH_TYPE (BLOCK0)                                The type of interfaced flash. 0: four data lines;  = False R/W (0b0)
                                                   1: eight data lines
FLASH_PAGE_SIZE (BLOCK0)                           Set flash page size                                = 0 R/W (0b00)
FLASH_ECC_EN (BLOCK0)                              Set this bit to enable ecc for flash boot          = False R/W (0b0)
FLASH_TPUW (BLOCK0)                                Represents the flash waiting time after power-up;  = 0 R/W (0x0)
                                                   in unit of ms. When the value less than 15; the wa
                                                   iting time is the programmed value. Otherwise; the
                                                    waiting time is 2 times the programmed value
FORCE_SEND_RESUME (BLOCK0)                         Represents whether ROM code is forced to send a re = False R/W (0b0)
                                                   sume command during SPI boot. 1: forced. 0:not for
                                                   ced
FLASH_CAP (BLOCK1)                                 Flash capacity                                     = 0 R/W (0b000)
FLASH_TEMP (BLOCK1)                                Flash temperature                                  = 0 R/W (0b00)
FLASH_VENDOR (BLOCK1)                              Flash vendor                                       = 0 R/W (0b000)

Identity fuses:
WAFER_VERSION_MINOR (BLOCK1)                       Minor chip version                                 = 0 R/W (0x0)
WAFER_VERSION_MAJOR (BLOCK1)                       Major chip version                                 = 0 R/W (0b00)
DISABLE_WAFER_VERSION_MAJOR (BLOCK1)               Disables check of wafer version major              = False R/W (0b0)
DISABLE_BLK_VERSION_MAJOR (BLOCK1)                 Disables check of blk version major                = False R/W (0b0)
BLK_VERSION_MINOR (BLOCK1)                         BLK_VERSION_MINOR of BLOCK2                        = 0 R/W (0b000)
BLK_VERSION_MAJOR (BLOCK1)                         BLK_VERSION_MAJOR of BLOCK2                        = 0 R/W (0b00)
PKG_VERSION (BLOCK1)                               Package version                                    = 0 R/W (0b000)
OPTIONAL_UNIQUE_ID (BLOCK2)                        Optional unique 128-bit ID
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Jtag fuses:
JTAG_SEL_ENABLE (BLOCK0)                           Represents whether the selection between usb_to_jt = False R/W (0b0)
                                                   ag and pad_to_jtag through strapping gpio15 when b
                                                   oth EFUSE_DIS_PAD_JTAG and EFUSE_DIS_USB_JTAG are
                                                   equal to 0 is enabled or disabled. 1: enabled. 0:
                                                   disabled
SOFT_DIS_JTAG (BLOCK0)                             Represents whether JTAG is disabled in soft way. O = 0 R/W (0b000)
                                                   dd number: disabled. Even number: enabled
DIS_PAD_JTAG (BLOCK0)                              Represents whether JTAG is disabled in the hard wa = False R/W (0b0)
                                                   y(permanently). 1: disabled. 0: enabled

Mac fuses:
MAC (BLOCK1)                                       MAC address
   = 60:55:f9:f8:80:40 (OK) R/W
CUSTOM_MAC (BLOCK3)                                Custom MAC
   = 00:00:00:00:00:00 (OK) R/W

Security fuses:
DIS_FORCE_DOWNLOAD (BLOCK0)                        Represents whether the function that forces chip i = False R/W (0b0)
                                                   nto download mode is disabled or enabled. 1: disab
                                                   led. 0: enabled
SPI_DOWNLOAD_MSPI_DIS (BLOCK0)                     Set this bit to disable accessing MSPI flash/MSPI  = False R/W (0b0)
                                                   ram by SYS AXI matrix during boot_mode_download
DIS_DOWNLOAD_MANUAL_ENCRYPT (BLOCK0)               Represents whether flash encrypt function is disab = False R/W (0b0)
                                                   led or enabled(except in SPI boot mode). 1: disable
                                                   ed. 0: enabled
FORCE_USE_KEY_MANAGER_KEY (BLOCK0)                 Set each bit to control whether corresponding key  = 0 R/W (0x0)
                                                   must come from key manager.. 1 is true; 0 is false
                                                   . Bit0: ecdsa. Bit1: xts. Bit2: hmac. Bit3: ds
FORCE_DISABLE_SW_INIT_KEY (BLOCK0)                 Set this bit to disable software written init key; = False R/W (0b0)
                                                    and force use efuse_init_key
XTS_KEY_LENGTH_256 (BLOCK0)                        Set this bit to configure flash encryption use xts = False R/W (0b0)
                                                   -128 key; else use xts-256 key
SPI_BOOT_CRYPT_CNT (BLOCK0)                        Enables flash encryption when 1 or 3 bits are set  = Disable R/W (0b000)
                                                   and disables otherwise
SECURE_BOOT_KEY_REVOKE0 (BLOCK0)                   Revoke 1st secure boot key                         = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE1 (BLOCK0)                   Revoke 2nd secure boot key                         = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE2 (BLOCK0)                   Revoke 3rd secure boot key                         = False R/W (0b0)
KEY_PURPOSE_0 (BLOCK0)                             Represents the purpose of Key0                     = USER R/W (0x0)
KEY_PURPOSE_1 (BLOCK0)                             Represents the purpose of Key1                     = USER R/W (0x0)
KEY_PURPOSE_2 (BLOCK0)                             Represents the purpose of Key2                     = USER R/W (0x0)
KEY_PURPOSE_3 (BLOCK0)                             Represents the purpose of Key3                     = USER R/W (0x0)
KEY_PURPOSE_4 (BLOCK0)                             Represents the purpose of Key4                     = USER R/W (0x0)
KEY_PURPOSE_5 (BLOCK0)                             Represents the purpose of Key5                     = USER R/W (0x0)
SEC_DPA_LEVEL (BLOCK0)                             Represents the spa secure level by configuring the = 0 R/W (0b00)
                                                    clock random divide mode
ECDSA_ENABLE_SOFT_K (BLOCK0)                       Represents whether hardware random number k is for = False R/W (0b0)
                                                   ced used in ESDCA. 1: force used. 0: not force use
                                                   d
CRYPT_DPA_ENABLE (BLOCK0)                          Represents whether anti-dpa attack is enabled. 1:e = False R/W (0b0)
                                                   nabled. 0: disabled
SECURE_BOOT_EN (BLOCK0)                            Represents whether secure boot is enabled or disab = False R/W (0b0)
                                                   led. 1: enabled. 0: disabled
SECURE_BOOT_AGGRESSIVE_REVOKE (BLOCK0)             Represents whether revoking aggressive secure boot = False R/W (0b0)
                                                    is enabled or disabled. 1: enabled. 0: disabled
DIS_DOWNLOAD_MODE (BLOCK0)                         Represents whether Download mode is disabled or en = False R/W (0b0)
                                                   abled. 1: disabled. 0: enabled
LOCK_KM_KEY (BLOCK0)                               TBD                                                = False R/W (0b0)
ENABLE_SECURITY_DOWNLOAD (BLOCK0)                  Represents whether security download is enabled or = False R/W (0b0)
                                                    disabled. 1: enabled. 0: disabled
SECURE_VERSION (BLOCK0)                            Represents the version used by ESP-IDF anti-rollba = 0 R/W (0x0000)
                                                   ck feature
SECURE_BOOT_DISABLE_FAST_WAKE (BLOCK0)             Represents whether FAST VERIFY ON WAKE is disabled = False R/W (0b0)
                                                    or enabled when Secure Boot is enabled. 1: disable
                                                   ed. 0: enabled
BLOCK_KEY0 (BLOCK4)
  Purpose: USER
               Key0 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY1 (BLOCK5)
  Purpose: USER
               Key1 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY2 (BLOCK6)
  Purpose: USER
               Key2 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY3 (BLOCK7)
  Purpose: USER
               Key3 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY4 (BLOCK8)
  Purpose: USER
               Key4 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY5 (BLOCK9)
  Purpose: USER
               Key5 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Usb fuses:
USB_DEVICE_EXCHG_PINS (BLOCK0)                     Enable usb device exchange pins of D+ and D-       = False R/W (0b0)
USB_OTG11_EXCHG_PINS (BLOCK0)                      Enable usb otg11 exchange pins of D+ and D-        = False R/W (0b0)
DIS_USB_JTAG (BLOCK0)                              Represents whether the function of usb switch to j = False R/W (0b0)
                                                   tag is disabled or enabled. 1: disabled. 0: enable
                                                   d
USB_PHY_SEL (BLOCK0)                               TBD                                                = False R/W (0b0)
DIS_USB_OTG_DOWNLOAD_MODE (BLOCK0)                 Set this bit to disable download via USB-OTG       = False R/W (0b0)
DIS_USB_SERIAL_JTAG_ROM_PRINT (BLOCK0)             Represents whether print from USB-Serial-JTAG is d = False R/W (0b0)
                                                   isabled or enabled. 1: disabled. 0: enabled
DIS_USB_SERIAL_JTAG_DOWNLOAD_MODE (BLOCK0)         Represents whether the USB-Serial-JTAG download fu = False R/W (0b0)
                                                   nction is disabled or enabled. 1: disabled. 0: ena
                                                   bled

Wdt fuses:
WDT_DELAY_SEL (BLOCK0)                             Represents whether RTC watchdog timeout threshold  = 0 R/W (0b00)
                                                   is selected at startup. 1: selected. 0: not select
                                                   ed
DIS_WDT (BLOCK0)                                   Set this bit to disable watch dog                  = False R/W (0b0)

To get a dump for all eFuse registers.

espefuse.py v4.7.dev1
Connecting....
Detecting chip type... ESP32-P4
BLOCK0          (                ) [0 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000
MAC_SPI_8M_0    (BLOCK1          ) [1 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_SYS_DATA  (BLOCK2          ) [2 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_USR_DATA  (BLOCK3          ) [3 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_KEY0      (BLOCK4          ) [4 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_KEY1      (BLOCK5          ) [5 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_KEY2      (BLOCK6          ) [6 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_KEY3      (BLOCK7          ) [7 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_KEY4      (BLOCK8          ) [8 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_KEY5      (BLOCK9          ) [9 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK_SYS_DATA2 (BLOCK10         ) [10] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK0          (                ) [0 ] err__regs: 00000000 00000000 00000000 00000000 00000000 00000000
EFUSE_RD_RS_ERR0_REG        0x00000000
EFUSE_RD_RS_ERR1_REG        0x00000000
=== Run "dump" command ===

Header File

  • components/efuse/esp32p4/include/esp_efuse_chip.h

  • This header file can be included with:

    #include "esp_efuse_chip.h"
    
  • This header file is a part of the API provided by the efuse component. To declare that your component depends on efuse, add the following to your CMakeLists.txt:

    REQUIRES efuse
    

    or

    PRIV_REQUIRES efuse
    

Enumerations

enum esp_efuse_block_t

Type of eFuse blocks ESP32P4.

Values:

enumerator EFUSE_BLK0

Number of eFuse BLOCK0. REPEAT_DATA

enumerator EFUSE_BLK1

Number of eFuse BLOCK1. MAC_SPI_8M_SYS

enumerator EFUSE_BLK2

Number of eFuse BLOCK2. SYS_DATA_PART1

enumerator EFUSE_BLK_SYS_DATA_PART1

Number of eFuse BLOCK2. SYS_DATA_PART1

enumerator EFUSE_BLK3

Number of eFuse BLOCK3. USER_DATA

enumerator EFUSE_BLK_USER_DATA

Number of eFuse BLOCK3. USER_DATA

enumerator EFUSE_BLK4

Number of eFuse BLOCK4. KEY0

enumerator EFUSE_BLK_KEY0

Number of eFuse BLOCK4. KEY0

enumerator EFUSE_BLK5

Number of eFuse BLOCK5. KEY1

enumerator EFUSE_BLK_KEY1

Number of eFuse BLOCK5. KEY1

enumerator EFUSE_BLK6

Number of eFuse BLOCK6. KEY2

enumerator EFUSE_BLK_KEY2

Number of eFuse BLOCK6. KEY2

enumerator EFUSE_BLK7

Number of eFuse BLOCK7. KEY3

enumerator EFUSE_BLK_KEY3

Number of eFuse BLOCK7. KEY3

enumerator EFUSE_BLK8

Number of eFuse BLOCK8. KEY4

enumerator EFUSE_BLK_KEY4

Number of eFuse BLOCK8. KEY4

enumerator EFUSE_BLK9

Number of eFuse BLOCK9. KEY5

enumerator EFUSE_BLK_KEY5

Number of eFuse BLOCK9. KEY5

enumerator EFUSE_BLK_KEY_MAX
enumerator EFUSE_BLK10

Number of eFuse BLOCK10. SYS_DATA_PART2

enumerator EFUSE_BLK_SYS_DATA_PART2

Number of eFuse BLOCK10. SYS_DATA_PART2

enumerator EFUSE_BLK_MAX
enum esp_efuse_coding_scheme_t

Type of coding scheme.

Values:

enumerator EFUSE_CODING_SCHEME_NONE

None

enumerator EFUSE_CODING_SCHEME_RS

Reed-Solomon coding

enum esp_efuse_purpose_t

Type of key purpose.

Values:

enumerator ESP_EFUSE_KEY_PURPOSE_USER

User purposes (software-only use)

enumerator ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY

ECDSA private key (Expected in little endian order)

enumerator ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1

XTS_AES_256_KEY_1 (flash/PSRAM encryption)

enumerator ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2

XTS_AES_256_KEY_2 (flash/PSRAM encryption)

enumerator ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY

XTS_AES_128_KEY (flash/PSRAM encryption)

enumerator ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL

HMAC Downstream mode

enumerator ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG

JTAG soft enable key (uses HMAC Downstream mode)

enumerator ESP_EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE

Digital Signature peripheral key (uses HMAC Downstream mode)

enumerator ESP_EFUSE_KEY_PURPOSE_HMAC_UP

HMAC Upstream mode

enumerator ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST0

SECURE_BOOT_DIGEST0 (Secure Boot key digest)

enumerator ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST1

SECURE_BOOT_DIGEST1 (Secure Boot key digest)

enumerator ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST2

SECURE_BOOT_DIGEST2 (Secure Boot key digest)

enumerator ESP_EFUSE_KEY_PURPOSE_KM_INIT_KEY

KM_INIT_KEY

enumerator ESP_EFUSE_KEY_PURPOSE_MAX

MAX PURPOSE

Header File

  • components/efuse/include/esp_efuse.h

  • This header file can be included with:

    #include "esp_efuse.h"
    
  • This header file is a part of the API provided by the efuse component. To declare that your component depends on efuse, add the following to your CMakeLists.txt:

    REQUIRES efuse
    

    or

    PRIV_REQUIRES efuse
    

Functions

esp_err_t esp_efuse_read_field_blob(const esp_efuse_desc_t *field[], void *dst, size_t dst_size_bits)

Reads bits from EFUSE field and writes it into an array.

The number of read bits will be limited to the minimum value from the description of the bits in "field" structure or "dst_size_bits" required size. Use "esp_efuse_get_field_size()" function to determine the length of the field.

备注

Please note that reading in the batch mode does not show uncommitted changes.

参数
  • field -- [in] A pointer to the structure describing the fields of efuse.

  • dst -- [out] A pointer to array that will contain the result of reading.

  • dst_size_bits -- [in] The number of bits required to read. If the requested number of bits is greater than the field, the number will be limited to the field size.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

bool esp_efuse_read_field_bit(const esp_efuse_desc_t *field[])

Read a single bit eFuse field as a boolean value.

备注

The value must exist and must be a single bit wide. If there is any possibility of an error in the provided arguments, call esp_efuse_read_field_blob() and check the returned value instead.

备注

If assertions are enabled and the parameter is invalid, execution will abort

备注

Please note that reading in the batch mode does not show uncommitted changes.

参数

field -- [in] A pointer to the structure describing the fields of efuse.

返回

  • true: The field parameter is valid and the bit is set.

  • false: The bit is not set, or the parameter is invalid and assertions are disabled.

esp_err_t esp_efuse_read_field_cnt(const esp_efuse_desc_t *field[], size_t *out_cnt)

Reads bits from EFUSE field and returns number of bits programmed as "1".

If the bits are set not sequentially, they will still be counted.

备注

Please note that reading in the batch mode does not show uncommitted changes.

参数
  • field -- [in] A pointer to the structure describing the fields of efuse.

  • out_cnt -- [out] A pointer that will contain the number of programmed as "1" bits.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

esp_err_t esp_efuse_write_field_blob(const esp_efuse_desc_t *field[], const void *src, size_t src_size_bits)

Writes array to EFUSE field.

The number of write bits will be limited to the minimum value from the description of the bits in "field" structure or "src_size_bits" required size. Use "esp_efuse_get_field_size()" function to determine the length of the field. After the function is completed, the writing registers are cleared.

参数
  • field -- [in] A pointer to the structure describing the fields of efuse.

  • src -- [in] A pointer to array that contains the data for writing.

  • src_size_bits -- [in] The number of bits required to write.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_err_t esp_efuse_write_field_cnt(const esp_efuse_desc_t *field[], size_t cnt)

Writes a required count of bits as "1" to EFUSE field.

If there are no free bits in the field to set the required number of bits to "1", ESP_ERR_EFUSE_CNT_IS_FULL error is returned, the field will not be partially recorded. After the function is completed, the writing registers are cleared.

参数
  • field -- [in] A pointer to the structure describing the fields of efuse.

  • cnt -- [in] Required number of programmed as "1" bits.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_CNT_IS_FULL: Not all requested cnt bits is set.

esp_err_t esp_efuse_write_field_bit(const esp_efuse_desc_t *field[])

Write a single bit eFuse field to 1.

For use with eFuse fields that are a single bit. This function will write the bit to value 1 if it is not already set, or does nothing if the bit is already set.

This is equivalent to calling esp_efuse_write_field_cnt() with the cnt parameter equal to 1, except that it will return ESP_OK if the field is already set to 1.

参数

field -- [in] Pointer to the structure describing the efuse field.

返回

  • ESP_OK: The operation was successfully completed, or the bit was already set to value 1.

  • ESP_ERR_INVALID_ARG: Error in the passed arugments, including if the efuse field is not 1 bit wide.

esp_err_t esp_efuse_set_write_protect(esp_efuse_block_t blk)

Sets a write protection for the whole block.

After that, it is impossible to write to this block. The write protection does not apply to block 0.

参数

blk -- [in] Block number of eFuse. (EFUSE_BLK1, EFUSE_BLK2 and EFUSE_BLK3)

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_CNT_IS_FULL: Not all requested cnt bits is set.

  • ESP_ERR_NOT_SUPPORTED: The block does not support this command.

esp_err_t esp_efuse_set_read_protect(esp_efuse_block_t blk)

Sets a read protection for the whole block.

After that, it is impossible to read from this block. The read protection does not apply to block 0.

参数

blk -- [in] Block number of eFuse. (EFUSE_BLK1, EFUSE_BLK2 and EFUSE_BLK3)

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_CNT_IS_FULL: Not all requested cnt bits is set.

  • ESP_ERR_NOT_SUPPORTED: The block does not support this command.

int esp_efuse_get_field_size(const esp_efuse_desc_t *field[])

Returns the number of bits used by field.

参数

field -- [in] A pointer to the structure describing the fields of efuse.

返回

Returns the number of bits used by field.

uint32_t esp_efuse_read_reg(esp_efuse_block_t blk, unsigned int num_reg)

Returns value of efuse register.

This is a thread-safe implementation. Example: EFUSE_BLK2_RDATA3_REG where (blk=2, num_reg=3)

备注

Please note that reading in the batch mode does not show uncommitted changes.

参数
  • blk -- [in] Block number of eFuse.

  • num_reg -- [in] The register number in the block.

返回

Value of register

esp_err_t esp_efuse_write_reg(esp_efuse_block_t blk, unsigned int num_reg, uint32_t val)

Write value to efuse register.

Apply a coding scheme if necessary. This is a thread-safe implementation. Example: EFUSE_BLK3_WDATA0_REG where (blk=3, num_reg=0)

参数
  • blk -- [in] Block number of eFuse.

  • num_reg -- [in] The register number in the block.

  • val -- [in] Value to write.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

esp_efuse_coding_scheme_t esp_efuse_get_coding_scheme(esp_efuse_block_t blk)

Return efuse coding scheme for blocks.

备注

The coding scheme is applicable only to 1, 2 and 3 blocks. For 0 block, the coding scheme is always NONE.

参数

blk -- [in] Block number of eFuse.

返回

Return efuse coding scheme for blocks

esp_err_t esp_efuse_read_block(esp_efuse_block_t blk, void *dst_key, size_t offset_in_bits, size_t size_bits)

Read key to efuse block starting at the offset and the required size.

备注

Please note that reading in the batch mode does not show uncommitted changes.

参数
  • blk -- [in] Block number of eFuse.

  • dst_key -- [in] A pointer to array that will contain the result of reading.

  • offset_in_bits -- [in] Start bit in block.

  • size_bits -- [in] The number of bits required to read.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_err_t esp_efuse_write_block(esp_efuse_block_t blk, const void *src_key, size_t offset_in_bits, size_t size_bits)

Write key to efuse block starting at the offset and the required size.

参数
  • blk -- [in] Block number of eFuse.

  • src_key -- [in] A pointer to array that contains the key for writing.

  • offset_in_bits -- [in] Start bit in block.

  • size_bits -- [in] The number of bits required to write.

返回

  • ESP_OK: The operation was successfully completed.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits

uint32_t esp_efuse_get_pkg_ver(void)

Returns chip package from efuse.

返回

chip package

void esp_efuse_reset(void)

Reset efuse write registers.

Efuse write registers are written to zero, to negate any changes that have been staged here.

备注

This function is not threadsafe, if calling code updates efuse values from multiple tasks then this is caller's responsibility to serialise.

esp_err_t esp_efuse_disable_rom_download_mode(void)

Disable ROM Download Mode via eFuse.

Permanently disables the ROM Download Mode feature. Once disabled, if the SoC is booted with strapping pins set for ROM Download Mode then an error is printed instead.

备注

Not all SoCs support this option. An error will be returned if called on an ESP32 with a silicon revision lower than 3, as these revisions do not support this option.

备注

If ROM Download Mode is already disabled, this function does nothing and returns success.

返回

  • ESP_OK If the eFuse was successfully burned, or had already been burned.

  • ESP_ERR_NOT_SUPPORTED (ESP32 only) This SoC is not capable of disabling UART download mode

  • ESP_ERR_INVALID_STATE (ESP32 only) This eFuse is write protected and cannot be written

esp_err_t esp_efuse_set_rom_log_scheme(esp_efuse_rom_log_scheme_t log_scheme)

Set boot ROM log scheme via eFuse.

备注

By default, the boot ROM will always print to console. This API can be called to set the log scheme only once per chip, once the value is changed from the default it can't be changed again.

参数

log_scheme -- Supported ROM log scheme

返回

  • ESP_OK If the eFuse was successfully burned, or had already been burned.

  • ESP_ERR_NOT_SUPPORTED (ESP32 only) This SoC is not capable of setting ROM log scheme

  • ESP_ERR_INVALID_STATE This eFuse is write protected or has been burned already

esp_err_t esp_efuse_enable_rom_secure_download_mode(void)

Switch ROM Download Mode to Secure Download mode via eFuse.

Permanently enables Secure Download mode. This mode limits the use of ROM Download Mode functions to simple flash read, write and erase operations, plus a command to return a summary of currently enabled security features.

备注

If Secure Download mode is already enabled, this function does nothing and returns success.

备注

Disabling the ROM Download Mode also disables Secure Download Mode.

返回

  • ESP_OK If the eFuse was successfully burned, or had already been burned.

  • ESP_ERR_INVALID_STATE ROM Download Mode has been disabled via eFuse, so Secure Download mode is unavailable.

uint32_t esp_efuse_read_secure_version(void)

Return secure_version from efuse field.

返回

Secure version from efuse field

bool esp_efuse_check_secure_version(uint32_t secure_version)

Check secure_version from app and secure_version and from efuse field.

参数

secure_version -- Secure version from app.

返回

  • True: If version of app is equal or more then secure_version from efuse.

esp_err_t esp_efuse_update_secure_version(uint32_t secure_version)

Write efuse field by secure_version value.

Update the secure_version value is available if the coding scheme is None. Note: Do not use this function in your applications. This function is called as part of the other API.

参数

secure_version -- [in] Secure version from app.

返回

  • ESP_OK: Successful.

  • ESP_FAIL: secure version of app cannot be set to efuse field.

  • ESP_ERR_NOT_SUPPORTED: Anti rollback is not supported with the 3/4 and Repeat coding scheme.

esp_err_t esp_efuse_batch_write_begin(void)

Set the batch mode of writing fields.

This mode allows you to write the fields in the batch mode when need to burn several efuses at one time. To enable batch mode call begin() then perform as usually the necessary operations read and write and at the end call commit() to actually burn all written efuses. The batch mode can be used nested. The commit will be done by the last commit() function. The number of begin() functions should be equal to the number of commit() functions.

Note: If batch mode is enabled by the first task, at this time the second task cannot write/read efuses. The second task will wait for the first task to complete the batch operation.

// Example of using the batch writing mode.

// set the batch writing mode
esp_efuse_batch_write_begin();

// use any writing functions as usual
esp_efuse_write_field_blob(ESP_EFUSE_...);
esp_efuse_write_field_cnt(ESP_EFUSE_...);
esp_efuse_set_write_protect(EFUSE_BLKx);
esp_efuse_write_reg(EFUSE_BLKx, ...);
esp_efuse_write_block(EFUSE_BLKx, ...);
esp_efuse_write(ESP_EFUSE_1, 3);  // ESP_EFUSE_1 == 1, here we write a new value = 3. The changes will be burn by the commit() function.
esp_efuse_read_...(ESP_EFUSE_1);  // this function returns ESP_EFUSE_1 == 1 because uncommitted changes are not readable, it will be available only after commit.
...

// esp_efuse_batch_write APIs can be called recursively.
esp_efuse_batch_write_begin();
esp_efuse_set_write_protect(EFUSE_BLKx);
esp_efuse_batch_write_commit(); // the burn will be skipped here, it will be done in the last commit().

...

// Write all of these fields to the efuse registers
esp_efuse_batch_write_commit();
esp_efuse_read_...(ESP_EFUSE_1);  // this function returns ESP_EFUSE_1 == 3.

备注

Please note that reading in the batch mode does not show uncommitted changes.

返回

  • ESP_OK: Successful.

esp_err_t esp_efuse_batch_write_cancel(void)

Reset the batch mode of writing fields.

It will reset the batch writing mode and any written changes.

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_STATE: Tha batch mode was not set.

esp_err_t esp_efuse_batch_write_commit(void)

Writes all prepared data for the batch mode.

Must be called to ensure changes are written to the efuse registers. After this the batch writing mode will be reset.

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_STATE: The deferred writing mode was not set.

bool esp_efuse_block_is_empty(esp_efuse_block_t block)

Checks that the given block is empty.

返回

  • True: The block is empty.

  • False: The block is not empty or was an error.

bool esp_efuse_get_key_dis_read(esp_efuse_block_t block)

Returns a read protection for the key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

True: The key block is read protected False: The key block is readable.

esp_err_t esp_efuse_set_key_dis_read(esp_efuse_block_t block)

Sets a read protection for the key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

bool esp_efuse_get_key_dis_write(esp_efuse_block_t block)

Returns a write protection for the key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

True: The key block is write protected False: The key block is writeable.

esp_err_t esp_efuse_set_key_dis_write(esp_efuse_block_t block)

Sets a write protection for the key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

bool esp_efuse_key_block_unused(esp_efuse_block_t block)

Returns true if the key block is unused, false otherwise.

An unused key block is all zero content, not read or write protected, and has purpose 0 (ESP_EFUSE_KEY_PURPOSE_USER)

参数

block -- key block to check.

返回

  • True if key block is unused,

  • False if key block is used or the specified block index is not a key block.

bool esp_efuse_find_purpose(esp_efuse_purpose_t purpose, esp_efuse_block_t *block)

Find a key block with the particular purpose set.

参数
  • purpose -- [in] Purpose to search for.

  • block -- [out] Pointer in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX which will be set to the key block if found. Can be NULL, if only need to test the key block exists.

返回

  • True: If found,

  • False: If not found (value at block pointer is unchanged).

bool esp_efuse_get_keypurpose_dis_write(esp_efuse_block_t block)

Returns a write protection of the key purpose field for an efuse key block.

备注

For ESP32: no keypurpose, it returns always True.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

True: The key purpose is write protected. False: The key purpose is writeable.

esp_efuse_purpose_t esp_efuse_get_key_purpose(esp_efuse_block_t block)

Returns the current purpose set for an efuse key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

  • Value: If Successful, it returns the value of the purpose related to the given key block.

  • ESP_EFUSE_KEY_PURPOSE_MAX: Otherwise.

const esp_efuse_desc_t **esp_efuse_get_purpose_field(esp_efuse_block_t block)

Returns a pointer to a key purpose for an efuse key block.

To get the value of this field use esp_efuse_read_field_blob() or esp_efuse_get_key_purpose().

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

Pointer: If Successful returns a pointer to the corresponding efuse field otherwise NULL.

const esp_efuse_desc_t **esp_efuse_get_key(esp_efuse_block_t block)

Returns a pointer to a key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

Pointer: If Successful returns a pointer to the corresponding efuse field otherwise NULL.

esp_err_t esp_efuse_set_key_purpose(esp_efuse_block_t block, esp_efuse_purpose_t purpose)

Sets a key purpose for an efuse key block.

参数
  • block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

  • purpose -- [in] Key purpose.

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_err_t esp_efuse_set_keypurpose_dis_write(esp_efuse_block_t block)

Sets a write protection of the key purpose field for an efuse key block.

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_efuse_block_t esp_efuse_find_unused_key_block(void)

Search for an unused key block and return the first one found.

See esp_efuse_key_block_unused for a description of an unused key block.

返回

First unused key block, or EFUSE_BLK_KEY_MAX if no unused key block is found.

unsigned esp_efuse_count_unused_key_blocks(void)

Return the number of unused efuse key blocks in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX.

bool esp_efuse_get_digest_revoke(unsigned num_digest)

Returns the status of the Secure Boot public key digest revocation bit.

参数

num_digest -- [in] The number of digest in range 0..2

返回

  • True: If key digest is revoked,

  • False; If key digest is not revoked.

esp_err_t esp_efuse_set_digest_revoke(unsigned num_digest)

Sets the Secure Boot public key digest revocation bit.

参数

num_digest -- [in] The number of digest in range 0..2

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

bool esp_efuse_get_write_protect_of_digest_revoke(unsigned num_digest)

Returns a write protection of the Secure Boot public key digest revocation bit.

参数

num_digest -- [in] The number of digest in range 0..2

返回

True: The revocation bit is write protected. False: The revocation bit is writeable.

esp_err_t esp_efuse_set_write_protect_of_digest_revoke(unsigned num_digest)

Sets a write protection of the Secure Boot public key digest revocation bit.

参数

num_digest -- [in] The number of digest in range 0..2

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpose, const void *key, size_t key_size_bytes)

Program a block of key data to an efuse block.

The burn of a key, protection bits, and a purpose happens in batch mode.

备注

This API also enables the read protection efuse bit for certain key blocks like XTS-AES, HMAC, ECDSA etc. This ensures that the key is only accessible to hardware peripheral.

备注

For SoC's with capability SOC_EFUSE_ECDSA_USE_HARDWARE_K (e.g., ESP32-H2), this API writes an additional efuse bit for ECDSA key purpose to enforce hardware TRNG generated k mode in the peripheral.

参数
  • block -- [in] Block to read purpose for. Must be in range EFUSE_BLK_KEY0 to EFUSE_BLK_KEY_MAX. Key block must be unused (esp_efuse_key_block_unused).

  • purpose -- [in] Purpose to set for this key. Purpose must be already unset.

  • key -- [in] Pointer to data to write.

  • key_size_bytes -- [in] Bytes length of data to write.

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_INVALID_STATE: Error in efuses state, unused block not found.

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_err_t esp_efuse_write_keys(const esp_efuse_purpose_t purposes[], uint8_t keys[][32], unsigned number_of_keys)

Program keys to unused efuse blocks.

The burn of keys, protection bits, and purposes happens in batch mode.

备注

This API also enables the read protection efuse bit for certain key blocks like XTS-AES, HMAC, ECDSA etc. This ensures that the key is only accessible to hardware peripheral.

备注

For SoC's with capability SOC_EFUSE_ECDSA_USE_HARDWARE_K (e.g., ESP32-H2), this API writes an additional efuse bit for ECDSA key purpose to enforce hardware TRNG generated k mode in the peripheral.

参数
  • purposes -- [in] Array of purposes (purpose[number_of_keys]).

  • keys -- [in] Array of keys (uint8_t keys[number_of_keys][32]). Each key is 32 bytes long.

  • number_of_keys -- [in] The number of keys to write (up to 6 keys).

返回

  • ESP_OK: Successful.

  • ESP_ERR_INVALID_ARG: Error in the passed arguments.

  • ESP_ERR_INVALID_STATE: Error in efuses state, unused block not found.

  • ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS: Error not enough unused key blocks available

  • ESP_ERR_EFUSE_REPEATED_PROG: Error repeated programming of programmed bits is strictly forbidden.

  • ESP_ERR_CODING: Error range of data does not match the coding scheme.

esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_key_digests)

Read key digests from efuse. Any revoked/missing digests will be marked as NULL.

参数

trusted_key_digests -- [out] Trusted keys digests, stored in this parameter after successfully completing this function. The number of digests depends on the SOC's capabilities.

返回

  • ESP_OK: Successful.

  • ESP_FAIL: If trusted_keys is NULL or there is no valid digest.

esp_err_t esp_efuse_check_errors(void)

Checks eFuse errors in BLOCK0.

It does a BLOCK0 check if eFuse EFUSE_ERR_RST_ENABLE is set. If BLOCK0 has an error, it prints the error and returns ESP_FAIL, which should be treated as esp_restart.

备注

Refers to ESP32-C3 only.

返回

  • ESP_OK: No errors in BLOCK0.

  • ESP_FAIL: Error in BLOCK0 requiring reboot.

esp_err_t esp_efuse_destroy_block(esp_efuse_block_t block)

Destroys the data in the given efuse block, if possible.

Data destruction occurs through the following steps: 1) Destroy data in the block:

  • If write protection is inactive for the block, then unset bits are burned.

  • If write protection is active, the block remains unaltered. 2) Set read protection for the block if possible (check write-protection for RD_DIS). In this case, data becomes inaccessible, and the software reads it as all zeros. If write protection is enabled and read protection can not be set, data in the block remains readable (returns an error).

Do not use the batch mode with this function as it does the burning itself!

参数

block -- [in] A key block in the range EFUSE_BLK_KEY0..EFUSE_BLK_KEY_MAX

返回

  • ESP_OK: Successful.

  • ESP_FAIL: Data remained readable because the block is write-protected and read protection can not be set.

Structures

struct esp_efuse_desc_t

Type definition for an eFuse field.

Public Members

esp_efuse_block_t efuse_block

Block of eFuse

uint8_t bit_start

Start bit [0..255]

uint16_t bit_count

Length of bit field [1..-]

struct esp_secure_boot_key_digests_t

Pointers to the trusted key digests.

The number of digests depends on the SOC's capabilities.

Public Members

const void *key_digests[3]

Pointers to the key digests

Macros

ESP_ERR_EFUSE

Base error code for efuse api.

ESP_OK_EFUSE_CNT

OK the required number of bits is set.

ESP_ERR_EFUSE_CNT_IS_FULL

Error field is full.

ESP_ERR_EFUSE_REPEATED_PROG

Error repeated programming of programmed bits is strictly forbidden.

ESP_ERR_CODING

Error while a encoding operation.

ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS

Error not enough unused key blocks available

ESP_ERR_DAMAGED_READING

Error. Burn or reset was done during a reading operation leads to damage read data. This error is internal to the efuse component and not returned by any public API.

Enumerations

enum esp_efuse_rom_log_scheme_t

Type definition for ROM log scheme.

Values:

enumerator ESP_EFUSE_ROM_LOG_ALWAYS_ON

Always enable ROM logging

enumerator ESP_EFUSE_ROM_LOG_ON_GPIO_LOW

ROM logging is enabled when specific GPIO level is low during start up

enumerator ESP_EFUSE_ROM_LOG_ON_GPIO_HIGH

ROM logging is enabled when specific GPIO level is high during start up

enumerator ESP_EFUSE_ROM_LOG_ALWAYS_OFF

Disable ROM logging permanently