refactor(esp_system): Update all references of the memory protection configs

2025-10-03 10:30:58 +02:00 · 2025-07-29 15:24:17 +05:30
parent abaef73667
commit 60ff4bca9b
72 changed files with 143 additions and 144 deletions
--- a/components/bt/Kconfig
+++ b/components/bt/Kconfig
@@ -78,7 +78,7 @@ menu "Bluetooth"
            a large free heap region when esp_bt_mem_release is called, total saving ~21kB or more of IRAM.
            ESP32-C2 only 3 configurable PMP entries available, rest of them are hard-coded.
            We cannot split the memory into 3 different regions (IRAM, BLE-IRAM, DRAM).
-            So this option will disable the PMP (ESP_SYSTEM_PMP_IDRAM_SPLIT)
+            So this option will disable the memory protection scheme (ESP_SYSTEM_MEMPROT)

    menu "Common Options"
        source "$IDF_PATH/components/bt/common/Kconfig.in"
--- a/components/bt/controller/esp32c2/bt.c
+++ b/components/bt/controller/esp32c2/bt.c
@@ -1156,15 +1156,15 @@ esp_err_t esp_bt_mem_release(esp_bt_mode_t mode)
 {
    esp_err_t ret = ESP_OK;

-#if CONFIG_BT_RELEASE_IRAM && CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+#if CONFIG_BT_RELEASE_IRAM && CONFIG_ESP_SYSTEM_MEMPROT
    /* Release Bluetooth text section and merge Bluetooth data, bss & text into a large free heap
     * region when esp_bt_mem_release is called, total saving ~21kB or more of IRAM. ESP32-C2 has
     * only 3 configurable PMP entries available, rest of them are hard-coded. We cannot split the
-     * memory into 3 different regions (IRAM, BLE-IRAM, DRAM). So `ESP_SYSTEM_PMP_IDRAM_SPLIT` needs
+     * memory into 3 different regions (IRAM, BLE-IRAM, DRAM). So `ESP_SYSTEM_MEMPROT` needs
     * to be disabled.
     */
-    #error "ESP_SYSTEM_PMP_IDRAM_SPLIT should be disabled to allow BT to be released"
-#endif // CONFIG_BT_RELEASE_IRAM && CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+    #error "ESP_SYSTEM_MEMPROT should be disabled to allow BT to be released"
+#endif // CONFIG_BT_RELEASE_IRAM && CONFIG_ESP_SYSTEM_MEMPROT

    if (ble_controller_status != ESP_BT_CONTROLLER_STATUS_IDLE) {
        return ESP_ERR_INVALID_STATE;
--- a/components/bt/test_apps/memory_release/sdkconfig.ci.iram
+++ b/components/bt/test_apps/memory_release/sdkconfig.ci.iram
@@ -1,2 +1,2 @@
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
 CONFIG_BT_RELEASE_IRAM=y
--- a/components/esp_driver_ledc/test_apps/ledc/sdkconfig.defaults
+++ b/components/esp_driver_ledc/test_apps/ledc/sdkconfig.defaults
@@ -1,6 +1,6 @@
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP_TASK_WDT_INIT=n
 # Disable memory protection, because "LEDC continue work after software reset" test case requires a cpu reset
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
 # primitives for checking sleep internal state
 CONFIG_ESP_SLEEP_DEBUG=y
--- a/components/esp_hw_support/include/esp_memprot.h
+++ b/components/esp_hw_support/include/esp_memprot.h
@@ -12,7 +12,7 @@
 #pragma once

 #include "sdkconfig.h"
-#if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS

 #include <stdbool.h>
 #include <stdint.h>
@@ -167,7 +167,7 @@ esp_err_t esp_mprot_get_violate_byte_enables(const esp_mprot_mem_t mem_type, uin
 /**
 * @brief Convenient routine for setting the PMS defaults
 *
- * Called on system startup, depending on ESP_SYSTEM_MEMPROT_FEATURE Kconfig value
+ * Called on system startup, depending on ESP_SYSTEM_MEMPROT Kconfig value
 *
 * @param memp_config pointer to Memprot configuration structure (esp_memp_config_t). The structure si chip-specific,
 * for details and defaults see appropriate [target-chip]/soc_memprot_types.h
@@ -197,4 +197,4 @@ esp_err_t esp_mprot_dump_configuration(char **dump_info_string);
 }
 #endif

-#endif //CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#endif //CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS
--- a/components/esp_hw_support/include/esp_private/esp_memprot_internal.h
+++ b/components/esp_hw_support/include/esp_private/esp_memprot_internal.h
@@ -13,7 +13,7 @@
 #include "hal/memprot_types.h"
 #include "esp_memprot_types.h"
 #include "sdkconfig.h"
-#if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS
 #include "soc_memprot_types.h"
 #endif

--- a/components/esp_hw_support/port/esp32c2/cpu_region_protect.c
+++ b/components/esp_hw_support/port/esp32c2/cpu_region_protect.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -10,7 +10,7 @@
 #include "esp_cpu.h"
 #include "esp_fault.h"

-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
 extern int _iram_end;
 extern int _data_start;
 #define IRAM_END        (int)&_iram_end
@@ -64,12 +64,12 @@ void esp_cpu_configure_region_protection(void)
     *    - We cannot set the lock bit as we need to reconfigure it again for the application.
     *      We configure PMPADDR 0-1 to cover entire valid IRAM range and PMPADDR 2-3 to cover entire valid DRAM range.
     *
-     * 2. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT enabled
+     * 2. Application build with CONFIG_ESP_SYSTEM_MEMPROT enabled
     *    - We split the SRAM into IRAM and DRAM such that IRAM region cannot be accessed via DBUS
     *      and DRAM region cannot be accessed via IBUS. We use _iram_end and _data_start markers to set the boundaries.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
     *
-     * 3. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT disabled
+     * 3. Application build with CONFIG_ESP_SYSTEM_MEMPROT disabled
     *    - The IRAM-DRAM split is not enabled so we just need to ensure that access to only valid address ranges are successful
     *      so for that we set PMPADDR 0-1 to cover entire valid IRAM range and PMPADDR 2-3 to cover entire DRAM region.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
@@ -79,7 +79,7 @@ void esp_cpu_configure_region_protection(void)
     *      We set PMPADDR 0-1 to cover entire valid IRAM range and PMPADDR 2-3 to cover entire DRAM region.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
     *
-     *  PMPADDR 3-15 are hard-coded and are appicable to both, bootloader and application. So we configure and lock
+     *  PMPADDR 3-15 are hard-coded and are applicable to both, bootloader and application. So we configure and lock
     *  these during BOOTLOADER build itself. During application build, reconfiguration of these PMPADDR entries
     *  are silently ignored by the CPU
     */
@@ -99,7 +99,7 @@ void esp_cpu_configure_region_protection(void)
        // 1. IRAM
        PMP_ENTRY_SET(0, SOC_DIRAM_IRAM_LOW, CONDITIONAL_NONE);

-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP
        PMP_ENTRY_SET(1, IRAM_END, PMP_TOR | CONDITIONAL_RX);
 #else
        PMP_ENTRY_SET(1, IRAM_END, PMP_TOR | CONDITIONAL_RWX);
--- a/components/esp_hw_support/port/esp32c3/CMakeLists.txt
+++ b/components/esp_hw_support/port/esp32c3/CMakeLists.txt
@@ -12,7 +12,7 @@ if(NOT BOOTLOADER_BUILD)
    # init constructor for wifi
    list(APPEND srcs "adc2_init_cal.c")

-    if(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE)
+    if(CONFIG_ESP_SYSTEM_MEMPROT AND CONFIG_ESP_SYSTEM_MEMPROT_PMS)
        list(APPEND srcs "esp_memprot.c" "../esp_memprot_conv.c")
    endif()

--- a/components/esp_hw_support/port/esp32c5/cpu_region_protect.c
+++ b/components/esp_hw_support/port/esp32c5/cpu_region_protect.c
@@ -100,12 +100,12 @@ void esp_cpu_configure_region_protection(void)
     *    - We cannot set the lock bit as we need to reconfigure it again for the application.
     *      We configure PMP to cover entire valid IRAM and DRAM range.
     *
-     * 2. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT enabled
+     * 2. Application build with CONFIG_ESP_SYSTEM_MEMPROT enabled
     *    - We split the SRAM into IRAM and DRAM such that IRAM region cannot be written to
     *      and DRAM region cannot be executed. We use _iram_text_end and _data_start markers to set the boundaries.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
     *
-     * 3. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT disabled
+     * 3. Application build with CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP disabled
     *    - The IRAM-DRAM split is not enabled so we just need to ensure that access to only valid address ranges are successful
     *      so for that we set PMP to cover entire valid IRAM and DRAM region.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
@@ -136,7 +136,7 @@ void esp_cpu_configure_region_protection(void)
    _Static_assert(SOC_CPU_SUBSYSTEM_LOW < SOC_CPU_SUBSYSTEM_HIGH, "Invalid CPU subsystem region");

    // 2. I/D-ROM
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    const uint32_t drom_start = (uint32_t) (ets_rom_layout_p->drom_start);
    if ((drom_start & (SOC_CPU_PMP_REGION_GRANULARITY - 1)) == 0) {
        // We can skip configuring the PMP entry for the [SOC_IROM_MASK_LOW - drom_start]
@@ -162,7 +162,7 @@ void esp_cpu_configure_region_protection(void)
        PMP_ENTRY_SET(4, SOC_IRAM_HIGH, PMP_TOR | RWX);
        _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
    } else {
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
        extern int _iram_text_end;
        /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
         * Bootloader might have given extra permissions and those won't be cleared
@@ -181,7 +181,7 @@ void esp_cpu_configure_region_protection(void)
    }

    // 4. I_Cache / D_Cache (flash)
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    extern int _instruction_reserved_end;
    extern int _rodata_reserved_end;

@@ -247,7 +247,7 @@ void esp_cpu_configure_region_protection(void)
 #endif

    // 5. LP memory
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    extern int _rtc_text_start;
    extern int _rtc_text_end;
    /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
@@ -261,7 +261,7 @@ void esp_cpu_configure_region_protection(void)
    PMP_ENTRY_SET(11, SOC_RTC_IRAM_LOW, NONE);

    // First part of LP mem is reserved for ULP coprocessor
-#if CONFIG_ESP_SYSTEM_PMP_LP_CORE_RESERVE_MEM_EXECUTABLE
+#if CONFIG_ESP_SYSTEM_MEMPROT_PMP_LP_CORE_RESERVE_MEM_EXEC
    PMP_ENTRY_SET(12, (int)&_rtc_text_start, PMP_TOR | RWX);
 #else
    PMP_ENTRY_SET(12, (int)&_rtc_text_start, PMP_TOR | RW);
--- a/components/esp_hw_support/port/esp32c6/cpu_region_protect.c
+++ b/components/esp_hw_support/port/esp32c6/cpu_region_protect.c
@@ -90,12 +90,12 @@ void esp_cpu_configure_region_protection(void)
     *    - We cannot set the lock bit as we need to reconfigure it again for the application.
     *      We configure PMP to cover entire valid IRAM and DRAM range.
     *
-     * 2. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT enabled
+     * 2. Application build with CONFIG_ESP_SYSTEM_MEMPROT enabled
     *    - We split the SRAM into IRAM and DRAM such that IRAM region cannot be written to
     *      and DRAM region cannot be executed. We use _iram_text_end and _data_start markers to set the boundaries.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
     *
-     * 3. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT disabled
+     * 3. Application build with CONFIG_ESP_SYSTEM_MEMPROT disabled
     *    - The IRAM-DRAM split is not enabled so we just need to ensure that access to only valid address ranges are successful
     *      so for that we set PMP to cover entire valid IRAM and DRAM region.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
@@ -147,7 +147,7 @@ void esp_cpu_configure_region_protection(void)
        PMP_ENTRY_SET(3, pmpaddr3, PMP_NAPOT | RWX);
        _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
    } else {
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
        extern int _iram_text_end;
        // 3. IRAM and DRAM
        /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
@@ -167,7 +167,7 @@ void esp_cpu_configure_region_protection(void)
 #endif
    }

-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    extern int _instruction_reserved_end;
    extern int _rodata_reserved_end;

@@ -189,7 +189,7 @@ void esp_cpu_configure_region_protection(void)
 #endif

    // 5. LP memory
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    extern int _rtc_text_start;
    extern int _rtc_text_end;
    /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
@@ -202,7 +202,7 @@ void esp_cpu_configure_region_protection(void)
    PMP_ENTRY_SET(9, SOC_RTC_IRAM_LOW, NONE);

    // First part of LP mem is reserved for ULP coprocessor
-#if CONFIG_ESP_SYSTEM_PMP_LP_CORE_RESERVE_MEM_EXECUTABLE
+#if CONFIG_ESP_SYSTEM_MEMPROT_PMP_LP_CORE_RESERVE_MEM_EXEC
    PMP_ENTRY_SET(10, (int)&_rtc_text_start, PMP_TOR | RWX);
 #else
    PMP_ENTRY_SET(10, (int)&_rtc_text_start, PMP_TOR | RW);
--- a/components/esp_hw_support/port/esp32c61/cpu_region_protect.c
+++ b/components/esp_hw_support/port/esp32c61/cpu_region_protect.c
@@ -98,12 +98,12 @@ void esp_cpu_configure_region_protection(void)
     *    - We cannot set the lock bit as we need to reconfigure it again for the application.
     *      We configure PMP to cover entire valid IRAM and DRAM range.
     *
-     * 2. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT enabled
+     * 2. Application build with CONFIG_ESP_SYSTEM_MEMPROT enabled
     *    - We split the SRAM into IRAM and DRAM such that IRAM region cannot be written to
     *      and DRAM region cannot be executed. We use _iram_text_end and _data_start markers to set the boundaries.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
     *
-     * 3. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT disabled
+     * 3. Application build with CONFIG_ESP_SYSTEM_MEMPROT disabled
     *    - The IRAM-DRAM split is not enabled so we just need to ensure that access to only valid address ranges are successful
     *      so for that we set PMP to cover entire valid IRAM and DRAM region.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
@@ -133,7 +133,7 @@ void esp_cpu_configure_region_protection(void)
    _Static_assert(SOC_CPU_SUBSYSTEM_LOW < SOC_CPU_SUBSYSTEM_HIGH, "Invalid CPU subsystem region");

    // 2. I/D-ROM
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    const uint32_t drom_start = (uint32_t) (ets_rom_layout_p->drom_start);
    if ((drom_start & (SOC_CPU_PMP_REGION_GRANULARITY - 1)) == 0) {
        PMP_ENTRY_SET(1, SOC_IROM_MASK_LOW, NONE);
@@ -156,7 +156,7 @@ void esp_cpu_configure_region_protection(void)
        PMP_ENTRY_SET(5, SOC_IRAM_HIGH, PMP_TOR | RWX);
        _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
    } else {
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
        extern int _iram_text_end;
        /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
         * Bootloader might have given extra permissions and those won't be cleared
@@ -175,7 +175,7 @@ void esp_cpu_configure_region_protection(void)
    }

    // 4. I_Cache / D_Cache (flash)
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    extern int _instruction_reserved_end;
    extern int _rodata_reserved_end;

--- a/components/esp_hw_support/port/esp32h2/cpu_region_protect.c
+++ b/components/esp_hw_support/port/esp32h2/cpu_region_protect.c
@@ -86,12 +86,12 @@ void esp_cpu_configure_region_protection(void)
     *    - We cannot set the lock bit as we need to reconfigure it again for the application.
     *      We configure PMP to cover entire valid IRAM and DRAM range.
     *
-     * 2. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT enabled
+     * 2. Application build with CONFIG_ESP_SYSTEM_MEMPROT enabled
     *    - We split the SRAM into IRAM and DRAM such that IRAM region cannot be written to
     *      and DRAM region cannot be executed. We use _iram_text_end and _data_start markers to set the boundaries.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
     *
-     * 3. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT disabled
+     * 3. Application build with CONFIG_ESP_SYSTEM_MEMPROT disabled
     *    - The IRAM-DRAM split is not enabled so we just need to ensure that access to only valid address ranges are successful
     *      so for that we set PMP to cover entire valid IRAM and DRAM region.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
@@ -143,7 +143,7 @@ void esp_cpu_configure_region_protection(void)
        PMP_ENTRY_SET(3, SOC_IRAM_HIGH, PMP_TOR | RWX);
        _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
    } else {
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
        extern int _iram_text_end;
        // 3. IRAM and DRAM
        /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
@@ -163,7 +163,7 @@ void esp_cpu_configure_region_protection(void)
 #endif
    }

-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    extern int _instruction_reserved_end;
    extern int _rodata_reserved_end;

@@ -185,7 +185,7 @@ void esp_cpu_configure_region_protection(void)
 #endif

    // 5. LP memory
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    extern int _rtc_text_end;
    /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
     * Bootloader might have given extra permissions and those won't be cleared
--- a/components/esp_hw_support/port/esp32h21/cpu_region_protect.c
+++ b/components/esp_hw_support/port/esp32h21/cpu_region_protect.c
@@ -86,12 +86,12 @@ void esp_cpu_configure_region_protection(void)
     *    - We cannot set the lock bit as we need to reconfigure it again for the application.
     *      We configure PMP to cover entire valid IRAM and DRAM range.
     *
-     * 2. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT enabled
+     * 2. Application build with CONFIG_ESP_SYSTEM_MEMPROT enabled
     *    - We split the SRAM into IRAM and DRAM such that IRAM region cannot be written to
     *      and DRAM region cannot be executed. We use _iram_text_end and _data_start markers to set the boundaries.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
     *
-     * 3. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT disabled
+     * 3. Application build with CONFIG_ESP_SYSTEM_MEMPROT disabled
     *    - The IRAM-DRAM split is not enabled so we just need to ensure that access to only valid address ranges are successful
     *      so for that we set PMP to cover entire valid IRAM and DRAM region.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
@@ -135,7 +135,7 @@ void esp_cpu_configure_region_protection(void)
        PMP_ENTRY_SET(3, SOC_IRAM_HIGH, PMP_TOR | RWX);
        _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
    } else {
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
        extern int _iram_text_end;
        // 3. IRAM and DRAM
        /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
@@ -155,7 +155,7 @@ void esp_cpu_configure_region_protection(void)
 #endif
    }

-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    extern int _instruction_reserved_end;
    extern int _rodata_reserved_end;

@@ -177,7 +177,7 @@ void esp_cpu_configure_region_protection(void)
 #endif

    // 5. LP memory
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    extern int _rtc_text_end;
    /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
     * Bootloader might have given extra permissions and those won't be cleared
--- a/components/esp_hw_support/port/esp32h4/cpu_region_protect.c
+++ b/components/esp_hw_support/port/esp32h4/cpu_region_protect.c
@@ -56,12 +56,12 @@ void esp_cpu_configure_region_protection(void)
     *    - We cannot set the lock bit as we need to reconfigure it again for the application.
     *      We configure PMP to cover entire valid IRAM and DRAM range.
     *
-     * 2. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT enabled
+     * 2. Application build with CONFIG_ESP_SYSTEM_MEMPROT enabled
     *    - We split the SRAM into IRAM and DRAM such that IRAM region cannot be written to
     *      and DRAM region cannot be executed. We use _iram_end and _data_start markers to set the boundaries.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
     *
-     * 3. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT disabled
+     * 3. Application build with CONFIG_ESP_SYSTEM_MEMPROT disabled
     *    - The IRAM-DRAM split is not enabled so we just need to ensure that access to only valid address ranges are successful
     *      so for that we set PMP to cover entire valid IRAM and DRAM region.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
@@ -113,7 +113,7 @@ void esp_cpu_configure_region_protection(void)
        PMP_ENTRY_SET(6, SOC_IRAM_HIGH, PMP_TOR | RWX);
        _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
    } else {
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
        extern int _iram_end;
        // 5. IRAM and DRAM
        /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
@@ -147,7 +147,7 @@ void esp_cpu_configure_region_protection(void)
    _Static_assert(SOC_DROM_LOW < SOC_DROM_HIGH, "Invalid D_Cache region");

    // 6. LP memory
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    extern int _rtc_text_end;
    /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
     * Bootloader might have given extra permissions and those won't be cleared
--- a/components/esp_hw_support/port/esp32p4/cpu_region_protect.c
+++ b/components/esp_hw_support/port/esp32p4/cpu_region_protect.c
@@ -117,12 +117,12 @@ void esp_cpu_configure_region_protection(void)
     *    - We cannot set the lock bit as we need to reconfigure it again for the application.
     *      We configure PMP to cover entire valid IRAM and DRAM range.
     *
-     * 2. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT enabled
+     * 2. Application build with CONFIG_ESP_SYSTEM_MEMPROT enabled
     *    - We split the SRAM into IRAM and DRAM such that IRAM region cannot be written to
     *      and DRAM region cannot be executed. We use _iram_text_end and _data_start markers to set the boundaries.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
     *
-     * 3. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT disabled
+     * 3. Application build with CONFIG_ESP_SYSTEM_MEMPROT disabled
     *    - The IRAM-DRAM split is not enabled so we just need to ensure that access to only valid address ranges are successful
     *      so for that we set PMP to cover entire valid IRAM and DRAM region.
     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
@@ -171,7 +171,7 @@ void esp_cpu_configure_region_protection(void)
        PMP_ENTRY_SET(4, SOC_IRAM_HIGH, PMP_TOR | RWX);
        _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
    } else {
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
        extern int _iram_text_end;
        // 4. IRAM and DRAM
        /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
@@ -191,7 +191,7 @@ void esp_cpu_configure_region_protection(void)
 #endif
    }

-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    extern int _instruction_reserved_end;
    extern int _rodata_reserved_end;

@@ -231,7 +231,7 @@ void esp_cpu_configure_region_protection(void)
 #endif

    // 6. LP memory
-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMP && !BOOTLOADER_BUILD
    extern int _rtc_text_start;
    extern int _rtc_text_end;
    /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
@@ -244,7 +244,7 @@ void esp_cpu_configure_region_protection(void)
    PMP_ENTRY_SET(11, SOC_RTC_IRAM_LOW, NONE);
    // First part of LP mem is reserved for RTC reserved mem (shared between bootloader and app)
    // as well as memory for ULP coprocessor
-#if CONFIG_ESP_SYSTEM_PMP_LP_CORE_RESERVE_MEM_EXECUTABLE
+#if CONFIG_ESP_SYSTEM_MEMPROT_PMP_LP_CORE_RESERVE_MEM_EXEC
    PMP_ENTRY_SET(12, (int)&_rtc_text_start, PMP_TOR | RWX);
 #else
    PMP_ENTRY_SET(12, (int)&_rtc_text_start, PMP_TOR | RW);
--- a/components/esp_hw_support/port/esp32s3/CMakeLists.txt
+++ b/components/esp_hw_support/port/esp32s3/CMakeLists.txt
@@ -12,7 +12,7 @@ set(srcs
 if(NOT BOOTLOADER_BUILD)
    list(APPEND srcs "sar_periph_ctrl.c")

-    if(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE)
+    if(CONFIG_ESP_SYSTEM_MEMPROT AND CONFIG_ESP_SYSTEM_MEMPROT_PMS)
        list(APPEND srcs "esp_memprot.c" "../esp_memprot_conv.c")
    endif()
 endif()
--- a/components/esp_system/port/arch/riscv/panic_arch.c
+++ b/components/esp_system/port/arch/riscv/panic_arch.c
@@ -14,7 +14,7 @@
 #include "esp_private/cache_err_int.h"
 #include "soc/timer_periph.h"

-#if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS
 #include "esp_private/esp_memprot_internal.h"
 #include "esp_memprot.h"
 #endif
@@ -88,7 +88,7 @@ static inline void print_assist_debug_details(const void *frame)
 * Function called when a memory protection error occurs (PMS). It prints details such as the
 * explanation of why the panic occurred.
 */
-#if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS

 static esp_memp_intr_source_t s_memp_intr = {MEMPROT_TYPE_INVALID, -1};

@@ -151,7 +151,7 @@ static inline void print_memprot_err_details(const void *frame __attribute__((un

    panic_print_str("\r\n");
 }
-#endif
+#endif //CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS

 static void panic_print_register_array(const char* names[], const uint32_t* regs, int size)
 {
@@ -256,13 +256,13 @@ void panic_soc_fill_info(void *f, panic_info_t *info)
        info->details = print_assist_debug_details;
    }
 #endif
-#if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS
    else if (frame->mcause == ETS_MEMPROT_ERR_INUM) {
        info->reason = "Memory protection fault";
        info->details = print_memprot_err_details;
        info->core = esp_mprot_get_active_intr(&s_memp_intr) == ESP_OK ? s_memp_intr.core : -1;
    }
-#endif
+#endif //CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS
 }

 void panic_arch_fill_info(void *frame, panic_info_t *info)
--- a/components/esp_system/port/arch/xtensa/panic_arch.c
+++ b/components/esp_system/port/arch/xtensa/panic_arch.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -20,7 +20,7 @@

 #if !CONFIG_IDF_TARGET_ESP32
 #include "soc/rtc_cntl_reg.h"
-#if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS
 #ifdef CONFIG_IDF_TARGET_ESP32S2
 #include "esp32s2/memprot.h"
 #else
@@ -165,7 +165,7 @@ static void print_debug_exception_details(const void *f)
    }
 }

-#if CONFIG_IDF_TARGET_ESP32S2 && CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#if CONFIG_IDF_TARGET_ESP32S2 && CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS
 #define MEMPROT_OP_INVALID 0xFFFFFFFF
 static inline void print_memprot_err_details(const void *f)
 {
@@ -198,7 +198,7 @@ static inline void print_memprot_err_details(const void *f)
    panic_print_str(esp_memprot_type_to_str(mem_type));
    panic_print_str(")\r\n");
 }
-#endif
+#endif //CONFIG_IDF_TARGET_ESP32S2 && CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS

 static inline void print_cache_err_details(const void *f)
 {
@@ -304,7 +304,7 @@ void panic_soc_fill_info(void *f, panic_info_t *info)

    //MV note: ESP32S3 PMS handling?
    if (frame->exccause == PANIC_RSN_CACHEERR) {
-#if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE && CONFIG_IDF_TARGET_ESP32S2
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS && CONFIG_IDF_TARGET_ESP32S2
        if (esp_memprot_is_intr_ena_any()) {
            info->details = print_memprot_err_details;
            info->reason = "Memory protection fault";
--- a/components/esp_system/port/cpu_start.c
+++ b/components/esp_system/port/cpu_start.c
@@ -782,7 +782,7 @@ NOINLINE_ATTR static void system_early_init(const soc_reset_reason_t *rst_reas)
    esp_cache_err_int_init();
 #endif

-#if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE && !CONFIG_ESP_SYSTEM_MEMPROT_TEST
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS && !CONFIG_ESP_SYSTEM_MEMPROT_PMS_TEST
    // Memprot cannot be locked during OS startup as the lock-on prevents any PMS changes until a next reboot
    // If such a situation appears, it is likely an malicious attempt to bypass the system safety setup -> print error & reset

@@ -799,14 +799,14 @@ NOINLINE_ATTR static void system_early_init(const soc_reset_reason_t *rst_reas)
    //default configuration of PMS Memprot
    esp_err_t memp_err = ESP_OK;
 #if CONFIG_IDF_TARGET_ESP32S2 //specific for ESP32S2 unless IDF-3024 is merged
-#if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE_LOCK
+#if CONFIG_ESP_SYSTEM_MEMPROT_PMS_LOCK
    memp_err = esp_memprot_set_prot(PANIC_HNDL_ON, MEMPROT_LOCK, NULL);
 #else
    memp_err = esp_memprot_set_prot(PANIC_HNDL_ON, MEMPROT_UNLOCK, NULL);
 #endif
 #else //CONFIG_IDF_TARGET_ESP32S2 specific end
    esp_memp_config_t memp_cfg = ESP_MEMPROT_DEFAULT_CONFIG();
-#if !CONFIG_ESP_SYSTEM_MEMPROT_FEATURE_LOCK
+#if !CONFIG_ESP_SYSTEM_MEMPROT_PMS_LOCK
    memp_cfg.lock_feature = false;
 #endif
    memp_err = esp_mprot_set_prot(&memp_cfg);
@@ -816,7 +816,7 @@ NOINLINE_ATTR static void system_early_init(const soc_reset_reason_t *rst_reas)
        ESP_EARLY_LOGE(TAG, "Failed to set Memprot feature (0x%08X: %s), rebooting.", memp_err, esp_err_to_name(memp_err));
        esp_restart_noos();
    }
-#endif //CONFIG_ESP_SYSTEM_MEMPROT_FEATURE && !CONFIG_ESP_SYSTEM_MEMPROT_TEST
+#endif //CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS && !CONFIG_ESP_SYSTEM_MEMPROT_PMS_TEST

 #if !CONFIG_APP_BUILD_TYPE_PURE_RAM_APP
    // External devices (including SPI0/1, cache) should be initialized
--- a/components/hal/test_apps/tee/sdkconfig.defaults
+++ b/components/hal/test_apps/tee/sdkconfig.defaults
@@ -3,4 +3,4 @@ CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP_INT_WDT=n
 CONFIG_ESP_TASK_WDT_INIT=n
 CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
--- a/components/heap/port/esp32c2/memory_layout.c
+++ b/components/heap/port/esp32c2/memory_layout.c
@@ -32,7 +32,7 @@ enum {
    SOC_MEMORY_TYPE_NUM,
 };

-#ifdef CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+#ifdef CONFIG_ESP_SYSTEM_MEMPROT
 #define ESP32C2_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_DMA | MALLOC_CAP_8BIT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT)
 #else
 #define ESP32C2_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_DMA | MALLOC_CAP_8BIT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_EXEC)
--- a/components/heap/port/esp32c3/memory_layout.c
+++ b/components/heap/port/esp32c3/memory_layout.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -34,7 +34,7 @@ enum {
 };

 /* COMMON_CAPS is the set of attributes common to all types of memory on this chip */
-#ifdef CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#ifdef CONFIG_ESP_SYSTEM_MEMPROT
 #define ESP32C3_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT)
 #else
 #define ESP32C3_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT | MALLOC_CAP_EXEC)
@@ -43,11 +43,11 @@ enum {
 /**
 * Defined the attributes and allocation priority of each memory on the chip,
 * The heap allocator will traverse all types of memory types in column High Priority Matching and match the specified caps at first,
- * if no memory caps matched or the allocation is failed, it will go to columns Medium Priorty Matching and Low Priority Matching
+ * if no memory caps matched or the allocation is failed, it will go to columns Medium Priority Matching and Low Priority Matching
 * in turn to continue matching.
 */
 const soc_memory_type_desc_t soc_memory_types[SOC_MEMORY_TYPE_NUM] = {
-    /*                                   Mem Type Name   | High Priority Matching                  | Medium Priorty Matching                 | Low Priority Matching */
+    /*                                   Mem Type Name   | High Priority Matching                  | Medium Priority Matching                 | Low Priority Matching */
    [SOC_MEMORY_TYPE_RAM]           = { "RAM",           { ESP32C3_MEM_COMMON_CAPS | MALLOC_CAP_DMA, 0 ,                                       0}},
    [SOC_MEMORY_TYPE_RETENTION_RAM] = { "Retention RAM", { MALLOC_CAP_RETENTION,                     ESP32C3_MEM_COMMON_CAPS | MALLOC_CAP_DMA, 0}},
    [SOC_MEMORY_TYPE_RTCRAM]        = { "RTCRAM",        { MALLOC_CAP_RTCRAM,                        0,                                        ESP32C3_MEM_COMMON_CAPS }},
--- a/components/heap/port/esp32c5/memory_layout.c
+++ b/components/heap/port/esp32c5/memory_layout.c
@@ -34,7 +34,7 @@ enum {
 };

 /* COMMON_CAPS is the set of attributes common to all types of memory on this chip */
-#ifdef CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+#ifdef CONFIG_ESP_SYSTEM_MEMPROT
 #define ESP32C5_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT)
 #else
 #define ESP32C5_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT | MALLOC_CAP_EXEC)
--- a/components/heap/port/esp32c6/memory_layout.c
+++ b/components/heap/port/esp32c6/memory_layout.c
@@ -38,7 +38,7 @@ enum {
 };

 /* COMMON_CAPS is the set of attributes common to all types of memory on this chip */
-#ifdef CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+#ifdef CONFIG_ESP_SYSTEM_MEMPROT
 #define ESP32C6_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT)
 #else
 #define ESP32C6_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT | MALLOC_CAP_EXEC)
--- a/components/heap/port/esp32c61/memory_layout.c
+++ b/components/heap/port/esp32c61/memory_layout.c
@@ -36,7 +36,7 @@ enum {
 };

 /* COMMON_CAPS is the set of attributes common to all types of memory on this chip */
-#ifdef CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+#ifdef CONFIG_ESP_SYSTEM_MEMPROT
 #define ESP32C61_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT)
 #else
 #define ESP32C61_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT | MALLOC_CAP_EXEC)
--- a/components/heap/port/esp32h2/memory_layout.c
+++ b/components/heap/port/esp32h2/memory_layout.c
@@ -36,7 +36,7 @@ enum {
 };

 /* COMMON_CAPS is the set of attributes common to all types of memory on this chip */
-#ifdef CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+#ifdef CONFIG_ESP_SYSTEM_MEMPROT
 #define ESP32H2_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT)
 #else
 #define ESP32H2_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT | MALLOC_CAP_EXEC)
--- a/components/heap/port/esp32h21/memory_layout.c
+++ b/components/heap/port/esp32h21/memory_layout.c
@@ -32,7 +32,7 @@ enum {
 };

 /* COMMON_CAPS is the set of attributes common to all types of memory on this chip */
-#ifdef CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+#ifdef CONFIG_ESP_SYSTEM_MEMPROT
 #define ESP32H21_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT)
 #else
 #define ESP32H21_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT | MALLOC_CAP_EXEC)
--- a/components/heap/port/esp32h4/memory_layout.c
+++ b/components/heap/port/esp32h4/memory_layout.c
@@ -36,7 +36,7 @@ enum {
 };

 /* COMMON_CAPS is the set of attributes common to all types of memory on this chip */
-#ifdef CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+#ifdef CONFIG_ESP_SYSTEM_MEMPROT
 #define ESP32H4_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT)
 #else
 #define ESP32H4_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT | MALLOC_CAP_EXEC)
--- a/components/heap/port/esp32p4/memory_layout.c
+++ b/components/heap/port/esp32p4/memory_layout.c
@@ -36,7 +36,7 @@ enum {
 /* COMMON_CAPS is the set of attributes common to all types of memory on this chip */
 #define ESP32P4_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT)

-#ifdef CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+#ifdef CONFIG_ESP_SYSTEM_MEMPROT
 #define MALLOC_L2MEM_BASE_CAPS      ESP32P4_MEM_COMMON_CAPS | MALLOC_CAP_INTERNAL | MALLOC_CAP_DMA
 #define MALLOC_RTCRAM_BASE_CAPS     ESP32P4_MEM_COMMON_CAPS | MALLOC_CAP_INTERNAL
 #else
--- a/components/heap/port/esp32s2/memory_layout.c
+++ b/components/heap/port/esp32s2/memory_layout.c
@@ -40,7 +40,7 @@ enum {
 /* COMMON_CAPS is the set of attributes common to all types of memory on this chip */
 #define ESP32S2_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT)

-#ifdef CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#ifdef CONFIG_ESP_SYSTEM_MEMPROT
 #define MALLOC_DIRAM_BASE_CAPS    ESP32S2_MEM_COMMON_CAPS | MALLOC_CAP_INTERNAL | MALLOC_CAP_DMA
 #define MALLOC_RTCRAM_BASE_CAPS   ESP32S2_MEM_COMMON_CAPS | MALLOC_CAP_INTERNAL
 #else
--- a/components/heap/port/esp32s3/memory_layout.c
+++ b/components/heap/port/esp32s3/memory_layout.c
@@ -41,7 +41,7 @@ enum {
 #define ESP32S3_MEM_COMMON_CAPS (MALLOC_CAP_DEFAULT | MALLOC_CAP_32BIT | MALLOC_CAP_8BIT)


-#ifdef CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#ifdef CONFIG_ESP_SYSTEM_MEMPROT
 #define MALLOC_DIRAM_BASE_CAPS      ESP32S3_MEM_COMMON_CAPS | MALLOC_CAP_INTERNAL | MALLOC_CAP_DMA | MALLOC_CAP_RETENTION
 #define MALLOC_RTCRAM_BASE_CAPS     ESP32S3_MEM_COMMON_CAPS | MALLOC_CAP_INTERNAL
 #else
@@ -82,7 +82,7 @@ const size_t soc_memory_type_count = sizeof(soc_memory_types) / sizeof(soc_memor
 #define APP_USABLE_DRAM_END           (SOC_ROM_STACK_START - SOC_ROM_STACK_SIZE)

 const soc_memory_region_t soc_memory_regions[] = {
-#if CONFIG_ESP32S3_INSTRUCTION_CACHE_16KB && !defined(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE)
+#if CONFIG_ESP32S3_INSTRUCTION_CACHE_16KB && !defined(CONFIG_ESP_SYSTEM_MEMPROT)
    { 0x40374000,           0x4000,                                     SOC_MEMORY_TYPE_IRAM,   0,                                      false}, //Level 1, IRAM
 #endif
    { 0x3FC88000,           0x8000,                                     SOC_MEMORY_TYPE_DIRAM,  0x40378000,                             false}, //Level 2, IDRAM, can be used as trace memory
--- a/components/heap/test_apps/heap_tests/main/test_diram.c
+++ b/components/heap/test_apps/heap_tests/main/test_diram.c
@@ -15,7 +15,7 @@

 #define ALLOC_SZ 1024

-#if  !(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE || CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT)
+#if !CONFIG_ESP_SYSTEM_MEMPROT
 static void *malloc_block_diram(uint32_t caps)
 {
    void *attempts[256] = { 0 }; // Allocate up to 256 ALLOC_SZ blocks to exhaust all non-D/IRAM memory temporarily
@@ -78,4 +78,4 @@ TEST_CASE("Allocate D/IRAM as IRAM", "[heap][qemu-ignore]")

    free(iram);
 }
-#endif // !(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE || CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT)
+#endif // !CONFIG_ESP_SYSTEM_MEMPROT
--- a/components/heap/test_apps/heap_tests/main/test_malloc_caps.c
+++ b/components/heap/test_apps/heap_tests/main/test_malloc_caps.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Unlicense OR CC0-1.0
 */
@@ -18,7 +18,7 @@
 #include <stdlib.h>
 #include <sys/param.h>

-#if  !(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE || CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT) && !(CONFIG_HEAP_TASK_TRACKING)
+#if !CONFIG_ESP_SYSTEM_MEMPROT && !CONFIG_HEAP_TASK_TRACKING
 TEST_CASE("Capabilities allocator test", "[heap]")
 {
    char *m1, *m2[10];
@@ -108,7 +108,7 @@ TEST_CASE("Capabilities allocator test", "[heap]")
    free(m1);
    printf("Done.\n");
 }
-#endif // !(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE || CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT) && !(CONFIG_HEAP_TASK_TRACKING)
+#endif // !CONFIG_ESP_SYSTEM_MEMPROT && !CONFIG_HEAP_TASK_TRACKING

 #ifdef CONFIG_ESP32_IRAM_AS_8BIT_ACCESSIBLE_MEMORY
 TEST_CASE("IRAM_8BIT capability test", "[heap]")
@@ -230,7 +230,7 @@ TEST_CASE("heap caps minimum free bytes fault cases", "[heap]")
 /* Small function runs from IRAM to check that malloc/free/realloc
   all work OK when cache is disabled...
 */
-#if !(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE || CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT) && !CONFIG_HEAP_PLACE_FUNCTION_INTO_FLASH && !CONFIG_HEAP_TASK_TRACKING
+#if !CONFIG_ESP_SYSTEM_MEMPROT && !CONFIG_HEAP_PLACE_FUNCTION_INTO_FLASH && !CONFIG_HEAP_TASK_TRACKING
 static IRAM_ATTR __attribute__((noinline)) bool iram_malloc_test(void)
 {
    spi_flash_guard_get()->start(); // Disables flash cache
@@ -252,7 +252,7 @@ TEST_CASE("heap_caps_xxx functions work with flash cache disabled", "[heap]")
 {
    TEST_ASSERT( iram_malloc_test() );
 }
-#endif // !(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE || CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT) && !CONFIG_HEAP_PLACE_FUNCTION_INTO_FLASH && !CONFIG_HEAP_TASK_TRACKING
+#endif // !CONFIG_ESP_SYSTEM_MEMPROT && !CONFIG_HEAP_PLACE_FUNCTION_INTO_FLASH && !CONFIG_HEAP_TASK_TRACKING

 #ifdef CONFIG_HEAP_ABORT_WHEN_ALLOCATION_FAILS
 TEST_CASE("When enabled, allocation operation failure generates an abort", "[heap][reset=abort,SW_CPU_RESET]")
@@ -342,7 +342,7 @@ TEST_CASE("test memory protection features", "[heap][mem_prot]")
    // no memory is being allocated
    uint32_t *iram_ptr = heap_caps_malloc(4, MALLOC_CAP_EXEC);

-#if !(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE || CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT)
+#if !CONFIG_ESP_SYSTEM_MEMPROT
    // System memory protection not active, check that iram_ptr is not null
    // Check that iram_ptr is in IRAM
    TEST_ASSERT_NOT_NULL(iram_ptr);
@@ -353,5 +353,5 @@ TEST_CASE("test memory protection features", "[heap][mem_prot]")
 #else
    // System memory protection is active, DIRAM seen as DRAM, iram_ptr should be null
    TEST_ASSERT_NULL(iram_ptr);
-#endif // !(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE || CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT)
+#endif // !CONFIG_ESP_SYSTEM_MEMPROT
 }
--- a/components/heap/test_apps/heap_tests/main/test_realloc.c
+++ b/components/heap/test_apps/heap_tests/main/test_realloc.c
@@ -29,7 +29,7 @@ TEST_CASE("realloc shrink buffer in place", "[heap]")

 #endif

-#if !(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE || CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT)
+#if !CONFIG_ESP_SYSTEM_MEMPROT
 TEST_CASE("realloc shrink buffer with EXEC CAPS", "[heap]")
 {
    const size_t buffer_size = 64;
@@ -68,4 +68,4 @@ TEST_CASE("realloc move data to a new heap type", "[heap]")

    free(c);
 }
-#endif // !(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE || CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT)
+#endif // !CONFIG_ESP_SYSTEM_MEMPROT
--- a/components/heap/test_apps/heap_tests/sdkconfig.ci.mem_prot
+++ b/components/heap/test_apps/heap_tests/sdkconfig.ci.mem_prot
@@ -1 +1 @@
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=y
+CONFIG_ESP_SYSTEM_MEMPROT=y
--- a/components/heap/test_apps/heap_tests/sdkconfig.defaults
+++ b/components/heap/test_apps/heap_tests/sdkconfig.defaults
@@ -1,7 +1,6 @@
 CONFIG_COMPILER_DUMP_RTL_FILES=y
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n # memory protection needs to be disabled for certain tests
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=n # for c2 and c6 this config must be disabled for certain tests
+CONFIG_ESP_SYSTEM_MEMPROT=n # for c2 and c6 this config must be disabled for certain tests

 CONFIG_COMPILER_STACK_CHECK_MODE_ALL=y
 CONFIG_COMPILER_STACK_CHECK=y
--- a/components/mbedtls/test_apps/sdkconfig.defaults.esp32c2
+++ b/components/mbedtls/test_apps/sdkconfig.defaults.esp32c2
@@ -1,2 +1,2 @@
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
 CONFIG_ESPTOOLPY_FLASHSIZE_2MB=y
--- a/components/mbedtls/test_apps/sdkconfig.defaults.esp32c3
+++ b/components/mbedtls/test_apps/sdkconfig.defaults.esp32c3
@@ -1 +1 @@
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
--- a/components/mbedtls/test_apps/sdkconfig.defaults.esp32s2
+++ b/components/mbedtls/test_apps/sdkconfig.defaults.esp32s2
@@ -1,2 +1,2 @@
 CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
--- a/components/mbedtls/test_apps/sdkconfig.defaults.esp32s3
+++ b/components/mbedtls/test_apps/sdkconfig.defaults.esp32s3
@@ -1,2 +1,2 @@
 CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
--- a/components/riscv/vectors_intc.S
+++ b/components/riscv/vectors_intc.S
@@ -12,11 +12,11 @@

 /* If memory protection interrupts are meant to trigger a panic, attach them to panic handler,
 * else, attach them to the interrupt handler. */
-#if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#if CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS
    #define MEMPROT_ISR _panic_handler
 #else
    #define MEMPROT_ISR _interrupt_handler
-#endif // CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#endif // CONFIG_ESP_SYSTEM_MEMPROT && CONFIG_ESP_SYSTEM_MEMPROT_PMS

 /* Same goes for the assist debug interrupt */
 #if CONFIG_ESP_SYSTEM_HW_STACK_GUARD
--- a/components/spi_flash/test_apps/esp_flash/sdkconfig.ci.special
+++ b/components/spi_flash/test_apps/esp_flash/sdkconfig.ci.special
@@ -2,6 +2,6 @@
 CONFIG_ESP_TASK_WDT_EN=n
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
 CONFIG_FREERTOS_PLACE_FUNCTIONS_INTO_FLASH=y
 CONFIG_COMPILER_OPTIMIZATION_NONE=y
--- a/components/spi_flash/test_apps/mspi_test/sdkconfig.ci.psram
+++ b/components/spi_flash/test_apps/mspi_test/sdkconfig.ci.psram
@@ -8,4 +8,4 @@ CONFIG_SPIRAM_USE_CAPS_ALLOC=y
 CONFIG_SPIRAM_FETCH_INSTRUCTIONS=y
 CONFIG_SPIRAM_RODATA=y
 CONFIG_SPIRAM_ALLOW_BSS_SEG_EXTERNAL_MEMORY=y
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
--- a/components/spi_flash/test_apps/mspi_test/sdkconfig.ci.release
+++ b/components/spi_flash/test_apps/mspi_test/sdkconfig.ci.release
@@ -3,4 +3,4 @@ CONFIG_COMPILER_OPTIMIZATION_SIZE=y
 CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT=y
 CONFIG_SPI_FLASH_ENABLE_COUNTERS=y
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
--- a/components/spi_flash/test_apps/mspi_test/sdkconfig.ci.special
+++ b/components/spi_flash/test_apps/mspi_test/sdkconfig.ci.special
@@ -1,5 +1,5 @@
 # This config lists merged freertos_flash no_optimization in UT all together.
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
 CONFIG_FREERTOS_PLACE_FUNCTIONS_INTO_FLASH=y
 CONFIG_COMPILER_OPTIMIZATION_NONE=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT=y
--- a/components/spi_flash/test_apps/mspi_test/sdkconfig.defaults
+++ b/components/spi_flash/test_apps/mspi_test/sdkconfig.defaults
@@ -1,4 +1,4 @@
 CONFIG_ESP_TASK_WDT_EN=n
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
--- a/docs/en/api-guides/fatal-errors.rst
+++ b/docs/en/api-guides/fatal-errors.rst
@@ -423,7 +423,7 @@ In some situations, ESP-IDF will temporarily disable access to external SPI flas
    * writing to instruction RAM after the program is loaded
    * executing code from data RAM (areas used for heap and static .data and .bss)

-    Such operations are not necessary for most programs. Prohibiting such operations typically makes software vulnerabilities harder to exploit. Applications which rely on dynamic loading or self-modifying code may disable this protection using :ref:`CONFIG_ESP_SYSTEM_MEMPROT_FEATURE` Kconfig option.
+    Such operations are not necessary for most programs. Prohibiting such operations typically makes software vulnerabilities harder to exploit. Applications which rely on dynamic loading or self-modifying code may disable this protection using :ref:`CONFIG_ESP_SYSTEM_MEMPROT` Kconfig option.

    When the fault occurs, the panic handler reports the address of the fault and the type of memory access that caused it.

--- a/docs/en/security/security.rst
+++ b/docs/en/security/security.rst
@@ -108,7 +108,7 @@ Flash Encryption Best Practices

    {IDF_TARGET_NAME} supports the **Memory Protection** scheme, either through architecture or special peripheral like PMS, which provides an ability to enforce and monitor permission attributes to memory and, in some cases, peripherals. ESP-IDF application startup code configures the permissions attributes like Read/Write access on data memories and Read/Execute access on instruction memories using the relevant peripheral. If there is any attempt made that breaks these permission attributes, e.g., a write operation to instruction memory region, then a violation interrupt is raised, and it results in system panic.

-    This feature depends on the config option :ref:`CONFIG_ESP_SYSTEM_MEMPROT_FEATURE` and it is kept enabled by default. Please note that the API for this feature is **private** and used exclusively by ESP-IDF code only.
+    This feature depends on the config option :ref:`CONFIG_ESP_SYSTEM_MEMPROT` and it is kept enabled by default. Please note that the API for this feature is **private** and used exclusively by ESP-IDF code only.

    .. note::

--- a/docs/zh_CN/api-guides/fatal-errors.rst
+++ b/docs/zh_CN/api-guides/fatal-errors.rst
@@ -423,7 +423,7 @@ Interrupt wdt timeout on CPU0/CPU1
    * 程序加载后向指令 RAM 写入代码
    * 从数据 RAM（用于堆、静态 .data 和 .bss 区域）执行代码

-    该类操作对于大多数程序来说并不必要，禁止此类操作往往使软件漏洞更难被利用。依赖动态加载或自修改代码的应用程序可以使用 :ref:`CONFIG_ESP_SYSTEM_MEMPROT_FEATURE` 选项来禁用此项保护。
+    该类操作对于大多数程序来说并不必要，禁止此类操作往往使软件漏洞更难被利用。依赖动态加载或自修改代码的应用程序可以使用 :ref:`CONFIG_ESP_SYSTEM_MEMPROT` 选项来禁用此项保护。

    发生故障时，紧急处理程序会报告故障的地址和引起故障的内存访问的类型。

--- a/docs/zh_CN/security/security.rst
+++ b/docs/zh_CN/security/security.rst
@@ -108,7 +108,7 @@ flash 加密最佳实践

    {IDF_TARGET_NAME} 可以通过架构或 PMS 等特定外设实现 **内存保护**，强制执行和监控内存以及某些外设的权限属性。使用相应外设，ESP-IDF 应用程序启动代码可以配置数据内存的读取/写入权限以及指令内存的读取/执行权限。如有任何操作尝试违反这些权限属性，如写入指令内存区域，将触发违规中断，导致系统 panic。

-    使用该功能需启用配置选项 :ref:`CONFIG_ESP_SYSTEM_MEMPROT_FEATURE`，该选项默认启用。请注意，该功能的 API 是 **私有** 的，仅供 ESP-IDF 代码使用。
+    使用该功能需启用配置选项 :ref:`CONFIG_ESP_SYSTEM_MEMPROT`，该选项默认启用。请注意，该功能的 API 是 **私有** 的，仅供 ESP-IDF 代码使用。

    .. note::

--- a/tools/test_apps/system/memprot/main/Kconfig.projbuild
+++ b/tools/test_apps/system/memprot/main/Kconfig.projbuild
@@ -1,3 +1,3 @@
-config ESP_SYSTEM_MEMPROT_TEST
+config ESP_SYSTEM_MEMPROT_PMS_TEST
    bool
    default y
--- a/tools/test_apps/system/memprot/sdkconfig.defaults
+++ b/tools/test_apps/system/memprot/sdkconfig.defaults
@@ -1,3 +1,3 @@
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=y
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE_LOCK=n
-CONFIG_ESP_SYSTEM_MEMPROT_TEST=y
+CONFIG_ESP_SYSTEM_MEMPROT=y
+CONFIG_ESP_SYSTEM_MEMPROT_PMS_LOCK=n
+CONFIG_ESP_SYSTEM_MEMPROT_PMS_TEST=y
--- a/tools/test_apps/system/panic/main/test_app_main.c
+++ b/tools/test_apps/system/panic/main/test_app_main.c
@@ -171,7 +171,7 @@ void app_main(void)
    HANDLE_TEST(test_name, test_rtc_slow_reg2_execute_violation);
 #endif

-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+#if CONFIG_ESP_SYSTEM_MEMPROT
    HANDLE_TEST(test_name, test_irom_reg_write_violation);
    HANDLE_TEST(test_name, test_drom_reg_write_violation);
    HANDLE_TEST(test_name, test_drom_reg_execute_violation);
--- a/tools/test_apps/system/panic/main/test_memprot.c
+++ b/tools/test_apps/system/panic/main/test_memprot.c
@@ -223,7 +223,7 @@ static void __attribute__((constructor)) test_print_rtc_var_func(void)

 /* ---------------------------------------------------- I/D Cache (Flash) Violation Checks ---------------------------------------------------- */

-#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT
+#if CONFIG_ESP_SYSTEM_MEMPROT
 static const uint16_t foo_buf[8] = {
    0x0001, 0x0001, 0x0001, 0x0001,
    0x0001, 0x0001, 0x0001, 0x0001,
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32c2
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32c2
@@ -2,7 +2,7 @@
 CONFIG_IDF_TARGET="esp32c2"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y
+CONFIG_ESP_SYSTEM_MEMPROT=y

 # Enable memprot test
 CONFIG_TEST_MEMPROT=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32c3
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32c3
@@ -2,8 +2,8 @@
 CONFIG_IDF_TARGET="esp32c3"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=y
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE_LOCK=y
+CONFIG_ESP_SYSTEM_MEMPROT=y
+CONFIG_ESP_SYSTEM_MEMPROT_PMS_LOCK=y

 # Enable memprot test
 CONFIG_TEST_MEMPROT=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32c5
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32c5
@@ -2,7 +2,7 @@
 CONFIG_IDF_TARGET="esp32c5"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y
+CONFIG_ESP_SYSTEM_MEMPROT=y

 # Enable memprot test
 CONFIG_TEST_MEMPROT=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32c6
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32c6
@@ -2,7 +2,7 @@
 CONFIG_IDF_TARGET="esp32c6"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y
+CONFIG_ESP_SYSTEM_MEMPROT=y

 # Enable memprot test
 CONFIG_TEST_MEMPROT=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32c61
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32c61
@@ -2,7 +2,7 @@
 CONFIG_IDF_TARGET="esp32c61"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y
+CONFIG_ESP_SYSTEM_MEMPROT=y

 # Enable memprot test
 CONFIG_TEST_MEMPROT=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h2
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h2
@@ -2,7 +2,7 @@
 CONFIG_IDF_TARGET="esp32h2"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y
+CONFIG_ESP_SYSTEM_MEMPROT=y

 # Enable memprot test
 CONFIG_TEST_MEMPROT=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h21
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h21
@@ -2,7 +2,7 @@
 CONFIG_IDF_TARGET="esp32h21"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y
+CONFIG_ESP_SYSTEM_MEMPROT=y

 # Enable memprot test
 CONFIG_TEST_MEMPROT=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32p4
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32p4
@@ -2,7 +2,7 @@
 CONFIG_IDF_TARGET="esp32p4"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y
+CONFIG_ESP_SYSTEM_MEMPROT=y

 # Enable memprot test
 CONFIG_TEST_MEMPROT=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32s2
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32s2
@@ -2,8 +2,8 @@
 CONFIG_IDF_TARGET="esp32s2"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=y
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE_LOCK=y
+CONFIG_ESP_SYSTEM_MEMPROT=y
+CONFIG_ESP_SYSTEM_MEMPROT_PMS_LOCK=y

 # Enabling DCACHE
 CONFIG_ESP32S2_DATA_CACHE_8KB=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32s3
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32s3
@@ -2,8 +2,8 @@
 CONFIG_IDF_TARGET="esp32s3"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=y
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE_LOCK=y
+CONFIG_ESP_SYSTEM_MEMPROT=y
+CONFIG_ESP_SYSTEM_MEMPROT_PMS_LOCK=y

 # Enabling DCACHE
 CONFIG_ESP32S3_DATA_CACHE_16KB=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_spiram_xip_esp32c5
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_spiram_xip_esp32c5
@@ -2,7 +2,7 @@
 CONFIG_IDF_TARGET="esp32c5"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y
+CONFIG_ESP_SYSTEM_MEMPROT=y

 # Enable memprot test
 CONFIG_TEST_MEMPROT=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_spiram_xip_esp32c61
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_spiram_xip_esp32c61
@@ -2,7 +2,7 @@
 CONFIG_IDF_TARGET="esp32c61"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y
+CONFIG_ESP_SYSTEM_MEMPROT=y

 # Enable memprot test
 CONFIG_TEST_MEMPROT=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_spiram_xip_esp32p4
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_spiram_xip_esp32p4
@@ -2,7 +2,7 @@
 CONFIG_IDF_TARGET="esp32p4"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y
+CONFIG_ESP_SYSTEM_MEMPROT=y

 # Enable memprot test
 CONFIG_TEST_MEMPROT=y
--- a/tools/test_apps/system/panic/sdkconfig.ci.memprot_spiram_xip_esp32s3
+++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_spiram_xip_esp32s3
@@ -2,8 +2,8 @@
 CONFIG_IDF_TARGET="esp32s3"

 # Enabling memory protection
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=y
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE_LOCK=y
+CONFIG_ESP_SYSTEM_MEMPROT=y
+CONFIG_ESP_SYSTEM_MEMPROT_PMS_LOCK=y

 # Enabling DCACHE
 CONFIG_ESP32S3_DATA_CACHE_16KB=y
--- a/tools/unit-test-app/sdkconfig.defaults.esp32c2
+++ b/tools/unit-test-app/sdkconfig.defaults.esp32c2
@@ -1,4 +1,4 @@
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
 CONFIG_ESPTOOLPY_FLASHSIZE_2MB=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partition_table_unit_test_app_2m.csv"
 CONFIG_PARTITION_TABLE_FILENAME="partition_table_unit_test_app_2m.csv"
--- a/tools/unit-test-app/sdkconfig.defaults.esp32c3
+++ b/tools/unit-test-app/sdkconfig.defaults.esp32c3
@@ -1 +1 @@
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
--- a/tools/unit-test-app/sdkconfig.defaults.esp32s2
+++ b/tools/unit-test-app/sdkconfig.defaults.esp32s2
@@ -1,2 +1,2 @@
 CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n
--- a/tools/unit-test-app/sdkconfig.defaults.esp32s3
+++ b/tools/unit-test-app/sdkconfig.defaults.esp32s3
@@ -1,2 +1,2 @@
 CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
-CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
+CONFIG_ESP_SYSTEM_MEMPROT=n