From 223c0d5f9d289bfb1a07e8cb3865234d646f26f2 Mon Sep 17 00:00:00 2001
From: Laukik Hase <laukik.hase@espressif.com>
Date: Thu, 20 Mar 2025 22:19:44 +0530
Subject: [PATCH] feat(esp_tee): Use the ROM TLSF implementation for the TEE
 build

---
 components/esp_rom/CMakeLists.txt             |  1 +
 components/esp_rom/include/esp_rom_tlsf.h     | 56 ++++++++++++++++++-
 components/esp_rom/patches/esp_rom_tlsf.c     |  8 +--
 .../esp_tee/subproject/main/CMakeLists.txt    |  5 +-
 .../subproject/main/common/multi_heap.c       | 17 +++---
 .../test_apps/tee_test_fw/sdkconfig.ci.ota    |  3 +-
 .../test_apps/tee_test_fw/sdkconfig.defaults  |  1 -
 7 files changed, 67 insertions(+), 24 deletions(-)

diff --git a/components/esp_rom/CMakeLists.txt b/components/esp_rom/CMakeLists.txt
index 75dd12d4d8..ad638e1b1c 100644
--- a/components/esp_rom/CMakeLists.txt
+++ b/components/esp_rom/CMakeLists.txt
@@ -133,6 +133,7 @@ endif()
 if(ESP_TEE_BUILD)
     if(target STREQUAL "esp32c6")
         rom_linker_script("spiflash")
+        rom_linker_script("heap")
     endif()
 endif()
 
diff --git a/components/esp_rom/include/esp_rom_tlsf.h b/components/esp_rom/include/esp_rom_tlsf.h
index 0f5e5c138d..dc9481d0e2 100644
--- a/components/esp_rom/include/esp_rom_tlsf.h
+++ b/components/esp_rom/include/esp_rom_tlsf.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -11,6 +11,60 @@
 extern "C" {
 #endif
 
+/* tlsf_t: a TLSF structure. Can contain 1 to N pools. */
+/* pool_t: a block of memory that TLSF can manage. */
+typedef void* tlsf_t;
+typedef void* pool_t;
+
+/* Create/destroy a memory pool. */
+tlsf_t tlsf_create(void* mem);
+tlsf_t tlsf_create_with_pool(void* mem, size_t bytes);
+pool_t tlsf_get_pool(tlsf_t tlsf);
+
+/* Add/remove memory pools. */
+pool_t tlsf_add_pool(tlsf_t tlsf, void* mem, size_t bytes);
+void tlsf_remove_pool(tlsf_t tlsf, pool_t pool);
+
+/* malloc/memalign/realloc/free replacements. */
+void* tlsf_malloc(tlsf_t tlsf, size_t size);
+void* tlsf_memalign(tlsf_t tlsf, size_t align, size_t size);
+void* tlsf_memalign_offs(tlsf_t tlsf, size_t align, size_t size, size_t offset);
+void* tlsf_realloc(tlsf_t tlsf, void* ptr, size_t size);
+void tlsf_free(tlsf_t tlsf, void* ptr);
+
+/* Returns internal block size, not original request size */
+size_t tlsf_block_size(void* ptr);
+
+/* Overheads/limits of internal structures. */
+size_t tlsf_size(void);
+size_t tlsf_pool_overhead(void);
+size_t tlsf_alloc_overhead(void);
+
+#if ESP_TEE_BUILD
+/* NOTE: These declarations are only needed for the TEE build, since these
+ * functions are (static inline) defined in tlsf_control_functions.h for
+ * IDF builds.
+ */
+size_t tlsf_align_size(void);
+size_t tlsf_block_size_min(void);
+size_t tlsf_block_size_max(void);
+
+/* NOTE: The consumer of this callback function (tlsf_walk_pool) is patched
+ * in IDF builds to address issues in the ROM implementation. For TEE build,
+ * the ROM declarations can be used directly, as heap integrity checking is not
+ * supported.
+ */
+typedef void (*tlsf_walker)(void* ptr, size_t size, int used, void* user);
+#else
+typedef bool (*tlsf_walker)(void* ptr, size_t size, int used, void* user);
+#endif
+
+/* Debugging. */
+void tlsf_walk_pool(pool_t pool, tlsf_walker walker, void* user);
+/* Returns nonzero if any internal consistency check fails. */
+int tlsf_check(tlsf_t tlsf);
+int tlsf_check_pool(pool_t pool);
+
 /*!
  * Defines the function prototypes for multi_heap_internal_poison_fill_region
  * and multi_heap_internal_check_block_poisoning, these two function will
diff --git a/components/esp_rom/patches/esp_rom_tlsf.c b/components/esp_rom/patches/esp_rom_tlsf.c
index 1d1acdc5a2..09487be75b 100644
--- a/components/esp_rom/patches/esp_rom_tlsf.c
+++ b/components/esp_rom/patches/esp_rom_tlsf.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -24,10 +24,6 @@
 #include "tlsf_block_functions.h"
 #include "tlsf_control_functions.h"
 
-/* Definition of types used in TLSF */
-typedef void* tlsf_t;
-typedef void* pool_t;
-
 static poison_check_pfunc_t s_poison_check_region = NULL;
 
 void tlsf_poison_check_pfunc_set(poison_check_pfunc_t pfunc)
@@ -43,8 +39,6 @@ typedef struct integrity_t
 	int status;
 } integrity_t;
 
-typedef bool (*tlsf_walker)(void* ptr, size_t size, int used, void* user);
-
 static bool integrity_walker(void* ptr, size_t size, int used, void* user)
 {
 	block_header_t* block = block_from_ptr(ptr);
diff --git a/components/esp_tee/subproject/main/CMakeLists.txt b/components/esp_tee/subproject/main/CMakeLists.txt
index a2cb8059df..145b8c4553 100644
--- a/components/esp_tee/subproject/main/CMakeLists.txt
+++ b/components/esp_tee/subproject/main/CMakeLists.txt
@@ -40,10 +40,7 @@ list(APPEND include "include"
 list(APPEND srcs "common/multi_heap.c")
 
 # TLSF implementation for heap
-list(APPEND include "${heap_dir}/tlsf"
-                    "${heap_dir}/tlsf/include")
-
-list(APPEND srcs "${heap_dir}/tlsf/tlsf.c")
+list(APPEND include "${heap_dir}/tlsf")
 
 # esp_app_desc_t configuration structure for TEE
 list(APPEND srcs "common/esp_app_desc_tee.c")
diff --git a/components/esp_tee/subproject/main/common/multi_heap.c b/components/esp_tee/subproject/main/common/multi_heap.c
index 091f98e381..7e45c6f617 100644
--- a/components/esp_tee/subproject/main/common/multi_heap.c
+++ b/components/esp_tee/subproject/main/common/multi_heap.c
@@ -1,10 +1,11 @@
 /*
- * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
 #include <stdio.h>
-#include "tlsf.h"
+#include <stdbool.h>
+#include "esp_rom_tlsf.h"
 #include "tlsf_block_functions.h"
 #include "multi_heap.h"
 
@@ -37,7 +38,7 @@ static void assert_valid_block(const heap_t *heap, const block_header_t *block)
 esp_err_t esp_tee_heap_init(void *start_ptr, size_t size)
 {
     assert(start_ptr);
-    if (size < (sizeof(heap_t))) {
+    if (size < (tlsf_size() + tlsf_block_size_min() + sizeof(heap_t))) {
         // Region too small to be a heap.
         return ESP_ERR_INVALID_SIZE;
     }
@@ -45,16 +46,13 @@ esp_err_t esp_tee_heap_init(void *start_ptr, size_t size)
     heap_t *result = (heap_t *)start_ptr;
     size -= sizeof(heap_t);
 
-    /* Do not specify any maximum size for the allocations so that the default configuration is used */
-    const size_t max_bytes = 0;
-
-    result->heap_data = tlsf_create_with_pool(start_ptr + sizeof(heap_t), size, max_bytes);
+    result->heap_data = tlsf_create_with_pool(start_ptr + sizeof(heap_t), size);
     if (result->heap_data == NULL) {
         return ESP_FAIL;
     }
 
     result->lock = NULL;
-    result->free_bytes = size - tlsf_size(result->heap_data);
+    result->free_bytes = size - tlsf_size();
     result->pool_size = size;
     result->minimum_free_bytes = result->free_bytes;
 
@@ -152,14 +150,13 @@ size_t esp_tee_heap_get_min_free_size(void)
     return tee_heap->minimum_free_bytes;
 }
 
-static bool tee_heap_dump_tlsf(void* ptr, size_t size, int used, void* user)
+static void heap_dump_tlsf(void* ptr, size_t size, int used, void* user)
 {
     (void)user;
     printf("Block %p data, size: %d bytes, Free: %s\n",
            (void *)ptr,
            size,
            used ? "No" : "Yes");
-    return true;
 }
 
 void esp_tee_heap_dump_info(void)
diff --git a/components/esp_tee/test_apps/tee_test_fw/sdkconfig.ci.ota b/components/esp_tee/test_apps/tee_test_fw/sdkconfig.ci.ota
index ac1f00d7d0..5224e6bc4b 100644
--- a/components/esp_tee/test_apps/tee_test_fw/sdkconfig.ci.ota
+++ b/components/esp_tee/test_apps/tee_test_fw/sdkconfig.ci.ota
@@ -4,8 +4,9 @@ CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions_tee_ota.csv"
 CONFIG_PARTITION_TABLE_FILENAME="partitions_tee_ota.csv"
 
-# Increasing Bootloader log verbosity
+# Increasing Bootloader and TEE log verbosity
 CONFIG_BOOTLOADER_LOG_LEVEL_DEBUG=y
+CONFIG_SECURE_TEE_LOG_LEVEL_DEBUG=y
 
 CONFIG_SECURE_TEE_SEC_STG_SUPPORT_SECP192R1_SIGN=y
 
diff --git a/components/esp_tee/test_apps/tee_test_fw/sdkconfig.defaults b/components/esp_tee/test_apps/tee_test_fw/sdkconfig.defaults
index 9f36b65b80..c0467c64cb 100644
--- a/components/esp_tee/test_apps/tee_test_fw/sdkconfig.defaults
+++ b/components/esp_tee/test_apps/tee_test_fw/sdkconfig.defaults
@@ -5,7 +5,6 @@ CONFIG_ESP_TASK_WDT_INIT=n
 # Enabling TEE
 CONFIG_SECURE_ENABLE_TEE=y
 CONFIG_SECURE_TEE_DEBUG_MODE=y
-CONFIG_SECURE_TEE_LOG_LEVEL_DEBUG=y
 CONFIG_SECURE_TEE_TEST_MODE=y
 
 # Custom partition table