espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-04 21:24:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(esp_security): Added support for key manager for esp32c5

Browse Source
This commit is contained in:
Aditya Patwardhan
2024-06-23 23:24:21 +05:30
committed by harshal.patil
parent 7e570d246c
commit 662d793f37
18 changed files with 417 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -71,12 +71,9 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
esp_err_t esp_flash_encryption_enable_key_mgr(void)
{
// Enable and reset key manager
// To suppress build errors about spinlock's __DECLARE_RCC_ATOMIC_ENV
int __DECLARE_RCC_ATOMIC_ENV __attribute__ ((unused));
key_mgr_ll_enable_bus_clock(true);
key_mgr_ll_enable_peripheral_clock(true);
key_mgr_ll_reset_register();
_key_mgr_ll_enable_bus_clock(true);
_key_mgr_ll_enable_peripheral_clock(true);
_key_mgr_ll_reset_register();
while (key_mgr_ll_get_state() != ESP_KEY_MGR_STATE_IDLE) {
};

11
components/bootloader_support/src/esp32p4/flash_encryption_secure_features.c
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -53,12 +53,9 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
esp_err_t esp_flash_encryption_enable_key_mgr(void)
{
// Enable and reset key manager
// To suppress build errors about spinlock's __DECLARE_RCC_ATOMIC_ENV
int __DECLARE_RCC_ATOMIC_ENV __attribute__ ((unused));
key_mgr_ll_enable_bus_clock(true);
key_mgr_ll_enable_peripheral_clock(true);
key_mgr_ll_reset_register();
_key_mgr_ll_enable_bus_clock(true);
_key_mgr_ll_enable_peripheral_clock(true);
_key_mgr_ll_reset_register();
while (key_mgr_ll_get_state() != ESP_KEY_MGR_STATE_IDLE) {
};

2
components/esp_hw_support/include/esp_crypto_lock.h
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/

115
components/esp_rom/esp32c5/include/esp32c5/rom/key_mgr.h Normal file
View File

@@ -0,0 +1,115 @@
/*
* SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include "soc/soc_caps.h"
#if SOC_KEY_MANAGER_SUPPORTED
#include "rom/ets_sys.h"
#include "esp_attr.h"
#include <stdint.h>
#include "rom/km.h"
#if __cplusplus
extern "C" {
#endif
// store huk info, occupy 96 words
struct huk_info {
// store huk info, occupy 165 words
#define HUK_INFO_LEN 660
uint8_t info[HUK_INFO_LEN];
uint32_t crc;
} PACKED_ATTR;
// store key info, occupy 512 bits
struct key_info {
#define KEY_INFO_LEN 64
uint8_t info[KEY_INFO_LEN];
uint32_t crc;
} PACKED_ATTR;
struct huk_key_block {
#define KEY_HUK_SECTOR_MAGIC 0xDEA5CE5A
uint32_t magic;
uint32_t version; // for backward compatibility
uint8_t reserved[16];
struct huk_info huk_info;
struct key_info key_info[2]; // at most 2 key info (XTS-512_1 and XTS-512_2), at least use 1
} WORD_ALIGNED_ATTR PACKED_ATTR;
/*
* We define two info sectors "active" and "backup" here
* Most rom code would rely only on the "active" sector for the key information
*
* But there could be a situation where the huk and key information must be regenerated
* based on ageing and other factors. For that scenario, we need a "backup" sector
*/
#define KEY_HUK_SECTOR_OFFSET(i) ((i)*0x1000)
#define ACTIVE_SECTOR_OFFSET KEY_HUK_SECTOR_OFFSET(0)
#define BACKUP_SECTOR_OFFSET KEY_HUK_SECTOR_OFFSET(1)
#define KM_PERI_ECDSA (BIT(0))
#define KM_PERI_XTS (BIT(1))
struct km_deploy_ops {
#define KM_KEY_PURPOSE_ECDSA_KEY_192 1
#define KM_KEY_PURPOSE_ECDSA_KEY_256 2
#define KM_KEY_PURPOSE_FLASH_XTS_256_1 3
#define KM_KEY_PURPOSE_FLASH_XTS_256_2 4
#define KM_KEY_PURPOSE_FLASH_XTS_128 5
#define KM_KEY_PURPOSE_HMAC 6
#define KM_KEY_PURPOSE_DS 7
#define KM_KEY_PURPOSE_PSRAM_XTS_256_1 8
#define KM_KEY_PURPOSE_PSRAM_XTS_256_2 9
#define KM_KEY_PURPOSE_PSRAM_XTS_128 10
#define KM_KEY_PURPOSE_ECDSA_KEY_384_L 11
#define KM_KEY_PURPOSE_ECDSA_KEY_384_H 12
int km_key_purpose;
#define KM_DEPLOY_MODE_RANDOM 0
#define KM_DEPLOY_MODE_AES 1
#define KM_DEPLOY_MODE_ECDH0 2
#define KM_DEPLOY_MODE_ECDH1 3
#define KM_DEPLOY_MODE_RECOVER 4
#define KM_DEPLOY_MODE_EXPORT 5
int deploy_mode;
uint8_t *init_key; // 256 bits, only used in aes and ecdh1 deploy mode
int deploy_only_once;
int force_use_km_key;
int km_use_efuse_key;
uint32_t efuse_km_rnd_switch_cycle; // 0 means use default
uint32_t km_rnd_switch_cycle; // 0 means use default
int km_use_sw_init_key;
struct huk_info *huk_info;
struct key_info *key_info;
};
/* state of km */
#define KM_STATE_IDLE 0
#define KM_STATE_LOAD 1
#define KM_STATE_GAIN 2
#define KM_STATE_BUSY 3
#define KM_STATE_INVALID 4
/* state of huk generator
* values defined same as km
*/
#define HUK_STATE_IDLE 0
#define HUK_STATE_LOAD 1
#define HUK_STATE_GAIN 2
#define HUK_STATE_BUSY 3
#define HUK_NOT_GENERATED 0
#define HUK_GEN_VALID 1
#define HUK_GEN_INVALID 2
#if __cplusplus
}
#endif
#endif

2
components/esp_security/include/esp_key_mgr.h
View File

@@ -22,7 +22,7 @@ extern "C" {
#define KEY_MGR_ASSIST_INFO_SIZE 64
#define KEY_MGR_KEY_RECOVERY_INFO_SIZE 64
#define KEY_MGR_HUK_INFO_SIZE HUK_INFO_SIZE
#define KEY_MGR_HUK_INFO_SIZE HUK_INFO_LEN
#define KEY_MGR_HUK_RISK_ALERT_LEVEL HUK_RISK_ALERT_LEVEL
/* AES deploy mode */

5
components/esp_security/src/esp_crypto_periph_clk.c
View File

@@ -141,9 +141,12 @@ void esp_crypto_ecdsa_enable_periph_clk(bool enable)
void esp_crypto_key_mgr_enable_periph_clk(bool enable)
{
KEY_MANAGER_RCC_ATOMIC() {
key_mgr_ll_power_up();
key_mgr_ll_enable_bus_clock(enable);
key_mgr_ll_enable_peripheral_clock(enable);
key_mgr_ll_reset_register();
if (enable) {
key_mgr_ll_reset_register();
}
}
}
#endif

61
components/esp_security/src/esp_key_mgr.c
View File

@@ -44,13 +44,18 @@ ESP_STATIC_ASSERT(sizeof(esp_key_mgr_huk_info_t) == sizeof(struct huk_info), "Si
static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type)
{
switch (key_type) {
case ESP_KEY_MGR_ECDSA_KEY:
case ESP_KEY_MGR_ECDSA_192_KEY:
case ESP_KEY_MGR_ECDSA_256_KEY:
case ESP_KEY_MGR_ECDSA_384_KEY:
_lock_acquire(&s_key_mgr_ecdsa_key_lock);
break;
case ESP_KEY_MGR_XTS_AES_128_KEY:
case ESP_KEY_MGR_XTS_AES_256_KEY:
_lock_acquire(&s_key_mgr_xts_aes_key_lock);
break;
default:
ESP_LOGE(TAG, "Invalid key type");
break;
}
ESP_LOGV(TAG, "Key lock acquired for key type %d", key_type);
}
@@ -58,13 +63,18 @@ static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type)
static void esp_key_mgr_release_key_lock(esp_key_mgr_key_type_t key_type)
{
switch (key_type) {
case ESP_KEY_MGR_ECDSA_KEY:
case ESP_KEY_MGR_ECDSA_192_KEY:
case ESP_KEY_MGR_ECDSA_256_KEY:
case ESP_KEY_MGR_ECDSA_384_KEY:
_lock_release(&s_key_mgr_ecdsa_key_lock);
break;
case ESP_KEY_MGR_XTS_AES_128_KEY:
case ESP_KEY_MGR_XTS_AES_256_KEY:
_lock_release(&s_key_mgr_xts_aes_key_lock);
break;
default:
ESP_LOGE(TAG, "Invalid key type");
break;
}
ESP_LOGV(TAG, "Key lock released for key type %d", key_type);
}
@@ -223,7 +233,7 @@ static esp_err_t key_mgr_deploy_key_aes_mode(aes_deploy_config_t *config)
if (!key_recovery_info) {
return ESP_ERR_NO_MEM;
}
// Set key purpose (XTS/ECDSA)
// Set key purpose
ESP_LOGD(TAG, "Key purpose = %d", config->key_purpose);
key_mgr_hal_set_key_purpose(config->key_purpose);
@@ -238,12 +248,10 @@ static esp_err_t key_mgr_deploy_key_aes_mode(aes_deploy_config_t *config)
if (config->key_config->use_pre_generated_sw_init_key) {
key_mgr_hal_use_sw_init_key();
} else {
if (!esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_KM_INIT_KEY, NULL)) {
ESP_LOGE(TAG, "Could not find key with purpose KM_INIT_KEY");
heap_caps_free(key_recovery_info);
return ESP_FAIL;
}
} else if (!esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_KM_INIT_KEY, NULL)) {
ESP_LOGE(TAG, "Could not find key with purpose KM_INIT_KEY");
heap_caps_free(key_recovery_info);
return ESP_FAIL;
}
key_mgr_hal_start();
@@ -306,8 +314,10 @@ esp_err_t esp_key_mgr_deploy_key_in_aes_mode(const esp_key_mgr_aes_key_config_t
aes_deploy_config.k1_encrypted = key_config->k1_encrypted[0];
esp_key_mgr_key_type_t key_type = (esp_key_mgr_key_type_t) key_config->key_type;
if (key_type == ESP_KEY_MGR_ECDSA_KEY) {
aes_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_ECDSA;
if (key_type == ESP_KEY_MGR_ECDSA_192_KEY) {
aes_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_ECDSA_192;
} else if (key_type == ESP_KEY_MGR_ECDSA_256_KEY) {
aes_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_ECDSA_256;
} else if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY) {
aes_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_128;
} else if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY) {
@@ -424,10 +434,12 @@ esp_err_t esp_key_mgr_activate_key(esp_key_mgr_key_recovery_info_t *key_recovery
}
esp_key_mgr_key_purpose_t key_purpose;
ESP_LOGD(TAG, "Activating key of type %d", key_recovery_info->key_type);
ESP_LOGI(TAG, "Activating key of type %d", key_recovery_info->key_type);
esp_key_mgr_key_type_t key_type = (esp_key_mgr_key_type_t) key_recovery_info->key_type;
if (key_type == ESP_KEY_MGR_ECDSA_KEY) {
key_purpose = ESP_KEY_MGR_KEY_PURPOSE_ECDSA;
if (key_type == ESP_KEY_MGR_ECDSA_192_KEY) {
key_purpose = ESP_KEY_MGR_KEY_PURPOSE_ECDSA_192;
} else if (key_type == ESP_KEY_MGR_ECDSA_256_KEY) {
key_purpose = ESP_KEY_MGR_KEY_PURPOSE_ECDSA_256;
} else if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY) {
key_purpose = ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_128;
} else if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY) {
@@ -438,6 +450,7 @@ esp_err_t esp_key_mgr_activate_key(esp_key_mgr_key_recovery_info_t *key_recovery
}
esp_err_t esp_ret = ESP_FAIL;
ESP_LOGI(TAG, "Activating key of type %d", key_recovery_info->key_type);
esp_key_mgr_acquire_key_lock(key_type);
key_recovery_config_t key_recovery_config = {};
key_recovery_config.key_recovery_info = key_recovery_info;
@@ -448,6 +461,7 @@ esp_err_t esp_key_mgr_activate_key(esp_key_mgr_key_recovery_info_t *key_recovery
esp_ret = key_mgr_recover_key(&key_recovery_config);
if (esp_ret != ESP_OK) {
ESP_LOGE(TAG, "Failed to recover key");
esp_key_mgr_release_key_lock(key_type);
goto cleanup;
}
@@ -456,13 +470,15 @@ esp_err_t esp_key_mgr_activate_key(esp_key_mgr_key_recovery_info_t *key_recovery
esp_ret = key_mgr_recover_key(&key_recovery_config);
if (esp_ret != ESP_OK) {
ESP_LOGE(TAG, "Failed to recover key");
esp_key_mgr_release_key_lock(key_type);
goto cleanup;
}
}
// Set the Key Manager Static Register to use own key for the respective key type
key_mgr_hal_set_key_usage(key_recovery_info->key_type, ESP_KEY_MGR_USE_OWN_KEY);
key_mgr_hal_set_key_usage(key_type, ESP_KEY_MGR_USE_OWN_KEY);
ESP_LOGI(TAG, "Key activation for type %d successful", key_recovery_info->key_type);
esp_key_mgr_release_key_lock(key_type);
return ESP_OK;
cleanup:
@@ -585,8 +601,11 @@ esp_err_t esp_key_mgr_deploy_key_in_ecdh0_mode(const esp_key_mgr_ecdh0_key_confi
ecdh0_deploy_config.key_info = key_info;
ecdh0_deploy_config.k1_G = key_config->k1_G[0];
if (key_type == ESP_KEY_MGR_ECDSA_KEY) {
ecdh0_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_ECDSA;
if (key_type == ESP_KEY_MGR_ECDSA_192_KEY) {
ecdh0_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_ECDSA_192;
ecdh0_deploy_config.ecdh0_key_info = ecdh0_key_info->k2_G[0];
} else if (key_type == ESP_KEY_MGR_ECDSA_256_KEY) {
ecdh0_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_ECDSA_256;
ecdh0_deploy_config.ecdh0_key_info = ecdh0_key_info->k2_G[0];
} else if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY) {
ecdh0_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_128;
@@ -718,8 +737,10 @@ esp_err_t esp_key_mgr_deploy_key_in_random_mode(const esp_key_mgr_random_key_con
random_deploy_config.key_info = key_recovery_info;
esp_key_mgr_key_type_t key_type = (esp_key_mgr_key_type_t) key_config->key_type;
if (key_type == ESP_KEY_MGR_ECDSA_KEY) {
random_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_ECDSA;
if (key_type == ESP_KEY_MGR_ECDSA_192_KEY) {
random_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_ECDSA_192;
} else if (key_type == ESP_KEY_MGR_ECDSA_256_KEY) {
random_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_ECDSA_256;
} else if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY) {
random_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_128;
} else if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY) {
@@ -748,7 +769,7 @@ esp_err_t esp_key_mgr_deploy_key_in_random_mode(const esp_key_mgr_random_key_con
}
// Set the Key Manager Static Register to use own key for the respective key type
key_mgr_hal_set_key_usage(key_config->key_type, ESP_KEY_MGR_USE_OWN_KEY);
key_mgr_hal_set_key_usage(key_type, ESP_KEY_MGR_USE_OWN_KEY);
esp_key_mgr_release_hardware(true);
return esp_ret;

2
components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c
View File

@@ -138,7 +138,7 @@ TEST_CASE("Key Manager random mode: ECDSA key deployment", "[hw_crypto] [key_mgr
static esp_key_mgr_random_key_config_t key_config;
static esp_key_mgr_key_recovery_info_t key_info;
esp_err_t esp_ret = ESP_FAIL;
key_config.key_type = ESP_KEY_MGR_ECDSA_KEY;
key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY;
esp_ret = esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_info);
TEST_ASSERT_EQUAL(ESP_OK, esp_ret);
}

14
components/hal/ecdsa_hal.c
View File

@@ -16,7 +16,7 @@
#endif
#ifdef SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
#include "hal/key_mgr_ll.h"
#include "hal/key_mgr_hal.h"
#endif
#define ECDSA_HAL_P192_COMPONENT_LEN 24
@@ -30,12 +30,20 @@ static void configure_ecdsa_periph(ecdsa_hal_config_t *conf)
#if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
// Force Key Manager to use eFuse key for XTS-AES operation
key_mgr_ll_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
if (conf->curve == ECDSA_CURVE_SECP192R1) {
key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_192_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
} else {
key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_256_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
}
#endif
}
#if SOC_KEY_MANAGER_SUPPORTED
else {
key_mgr_ll_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_OWN_KEY);
if (conf->curve == ECDSA_CURVE_SECP192R1) {
key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_192_KEY, ESP_KEY_MGR_USE_OWN_KEY);
} else {
key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_256_KEY, ESP_KEY_MGR_USE_OWN_KEY);
}
}
#endif

62
components/hal/esp32c5/include/hal/key_mgr_ll.h
View File

@@ -19,6 +19,7 @@
#include "hal/key_mgr_types.h"
#include "soc/keymng_reg.h"
#include "soc/pcr_struct.h"
#include "soc/pcr_reg.h"
#ifdef __cplusplus
extern "C" {
@@ -34,32 +35,38 @@ static inline esp_key_mgr_state_t key_mgr_ll_get_state(void)
return (esp_key_mgr_state_t) REG_GET_FIELD(KEYMNG_STATE_REG, KEYMNG_STATE);
}
static inline void key_mgr_ll_power_up(void)
{
/* Power up the Key Manager peripheral (default state is power-down) */
REG_CLR_BIT(PCR_KM_PD_CTRL_REG, PCR_KM_MEM_FORCE_PD);
REG_SET_BIT(PCR_KM_PD_CTRL_REG, PCR_KM_MEM_FORCE_PU);
}
#define key_mgr_ll_enable_bus_clock(...) do { \
_key_mgr_ll_enable_bus_clock(__VA_ARGS__); \
} while(0)
static inline void key_mgr_ll_power_down(void)
{
/* Power down the Key Manager peripheral */
REG_CLR_BIT(PCR_KM_PD_CTRL_REG, PCR_KM_MEM_FORCE_PU);
REG_SET_BIT(PCR_KM_PD_CTRL_REG, PCR_KM_MEM_FORCE_PD);
}
/**
* @brief Enable the bus clock for Key Manager peripheral
* Note: Please use key_mgr_ll_enable_bus_clock which requires the critical section
* and do not use _key_mgr_ll_enable_bus_clock
*
* @param true to enable, false to disable
*/
static inline void _key_mgr_ll_enable_bus_clock(bool enable)
{
// Set the force power down bit to 0 to enable key manager
PCR.km_pd_ctrl.km_mem_force_pd = 0;
// Enable key manager clock
PCR.km_conf.km_clk_en = 1;
PCR.km_conf.km_clk_en = enable;
}
/// use a macro to wrap the function, force the caller to use it in a critical section
/// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance
#define key_mgr_ll_enable_bus_clock(...) do { \
(void)__DECLARE_RCC_ATOMIC_ENV; \
_key_mgr_ll_enable_bus_clock(__VA_ARGS__); \
} while(0)
/**
* @brief Enable the peripheral clock for Key Manager
*
* Note: Please use key_mgr_ll_enable_peripheral_clock which requires the critical section
* and do not use _key_mgr_ll_enable_peripheral_clock
* @param true to enable, false to disable
*/
static inline void _key_mgr_ll_enable_peripheral_clock(bool enable)
@@ -68,14 +75,12 @@ static inline void _key_mgr_ll_enable_peripheral_clock(bool enable)
}
#define key_mgr_ll_enable_peripheral_clock(...) do { \
(void)__DECLARE_RCC_ATOMIC_ENV; \
_key_mgr_ll_enable_peripheral_clock(__VA_ARGS__); \
} while(0)
/**
* @brief Reset the Key Manager peripheral
* Note: Please use key_mgr_ll_reset_register which requires the critical section
* and do not use _key_mgr_ll_reset_register
*
*/
static inline void _key_mgr_ll_reset_register(void)
{
@@ -90,10 +95,7 @@ static inline void _key_mgr_ll_reset_register(void)
}
/// use a macro to wrap the function, force the caller to use it in a critical section
/// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance
#define key_mgr_ll_reset_register(...) do { \
(void)__DECLARE_RCC_ATOMIC_ENV; \
_key_mgr_ll_reset_register(__VA_ARGS__); \
} while(0)
@@ -160,7 +162,9 @@ static inline void key_mgr_ll_use_sw_init_key(void)
static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_usage_t key_usage)
{
switch (key_type) {
case ESP_KEY_MGR_ECDSA_KEY:
case ESP_KEY_MGR_ECDSA_192_KEY:
case ESP_KEY_MGR_ECDSA_256_KEY:
case ESP_KEY_MGR_ECDSA_384_KEY:
if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) {
REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA);
} else {
@@ -185,7 +189,9 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ
static inline esp_key_mgr_key_usage_t key_mgr_ll_get_key_usage(esp_key_mgr_key_type_t key_type)
{
switch (key_type) {
case ESP_KEY_MGR_ECDSA_KEY:
case ESP_KEY_MGR_ECDSA_192_KEY:
case ESP_KEY_MGR_ECDSA_256_KEY:
case ESP_KEY_MGR_ECDSA_384_KEY:
return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA));
break;
@@ -219,7 +225,9 @@ static inline void key_mgr_ll_lock_use_sw_init_key_reg(void)
static inline void key_mgr_ll_lock_use_efuse_key_reg(esp_key_mgr_key_type_t key_type)
{
switch(key_type) {
case ESP_KEY_MGR_ECDSA_KEY:
case ESP_KEY_MGR_ECDSA_192_KEY:
case ESP_KEY_MGR_ECDSA_256_KEY:
case ESP_KEY_MGR_ECDSA_384_KEY:
REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA);
break;
case ESP_KEY_MGR_XTS_AES_128_KEY:
@@ -265,8 +273,12 @@ static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type
{
switch (key_type) {
case ESP_KEY_MGR_ECDSA_KEY:
return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_VLD);
case ESP_KEY_MGR_ECDSA_192_KEY:
return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_192_VLD);
case ESP_KEY_MGR_ECDSA_256_KEY:
return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_256_VLD);
case ESP_KEY_MGR_ECDSA_384_KEY:
return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_384_VLD);
break;
case ESP_KEY_MGR_XTS_AES_128_KEY:

32
components/hal/esp32p4/include/hal/key_mgr_ll.h
View File

@@ -19,6 +19,7 @@
#include "hal/key_mgr_types.h"
#include "soc/keymng_reg.h"
#include "soc/hp_sys_clkrst_struct.h"
#include "esp_private/esp_crypto_lock_internal.h"
#ifdef __cplusplus
extern "C" {
@@ -158,7 +159,8 @@ static inline void key_mgr_ll_use_sw_init_key(void)
static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_usage_t key_usage)
{
switch (key_type) {
case ESP_KEY_MGR_ECDSA_KEY:
case ESP_KEY_MGR_ECDSA_192_KEY:
case ESP_KEY_MGR_ECDSA_256_KEY:
if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) {
REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA);
} else {
@@ -182,7 +184,8 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ
static inline esp_key_mgr_key_usage_t key_mgr_ll_get_key_usage(esp_key_mgr_key_type_t key_type)
{
switch (key_type) {
case ESP_KEY_MGR_ECDSA_KEY:
case ESP_KEY_MGR_ECDSA_192_KEY:
case ESP_KEY_MGR_ECDSA_256_KEY:
return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA));
break;
@@ -216,20 +219,38 @@ static inline void key_mgr_ll_lock_use_sw_init_key_reg(void)
static inline void key_mgr_ll_lock_use_efuse_key_reg(esp_key_mgr_key_type_t key_type)
{
switch(key_type) {
case ESP_KEY_MGR_ECDSA_KEY:
case ESP_KEY_MGR_ECDSA_192_KEY:
case ESP_KEY_MGR_ECDSA_256_KEY:
REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA);
break;
case ESP_KEY_MGR_XTS_AES_128_KEY:
case ESP_KEY_MGR_XTS_AES_256_KEY:
REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_XTS);
break;
default:
HAL_ASSERT(false && "Unsupported key type");
return;
}
}
/* @brief Configure the key purpose to be used by the Key Manager for key generator operation */
static inline void key_mgr_ll_set_key_purpose(const esp_key_mgr_key_purpose_t key_purpose)
{
REG_SET_FIELD(KEYMNG_CONF_REG, KEYMNG_KEY_PURPOSE, key_purpose);
switch(key_purpose) {
case ESP_KEY_MGR_KEY_PURPOSE_ECDSA_192:
case ESP_KEY_MGR_KEY_PURPOSE_ECDSA_256:
REG_SET_FIELD(KEYMNG_CONF_REG, KEYMNG_KEY_PURPOSE, KEYMNG_KEY_PURPOSE_ECDSA);
break;
case ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1:
REG_SET_FIELD(KEYMNG_CONF_REG, KEYMNG_KEY_PURPOSE, KEYMNG_KEY_PURPOSE_XTS_AES_256_1);
break;
case ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2:
REG_SET_FIELD(KEYMNG_CONF_REG, KEYMNG_KEY_PURPOSE, KEYMNG_KEY_PURPOSE_XTS_AES_256_2);
break;
default:
HAL_ASSERT(false && "Unsupported mode");
return;
}
}
/**
@@ -259,7 +280,8 @@ static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type
{
switch (key_type) {
case ESP_KEY_MGR_ECDSA_KEY:
case ESP_KEY_MGR_ECDSA_192_KEY:
case ESP_KEY_MGR_ECDSA_256_KEY:
return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_VLD);
break;

4
components/hal/include/hal/huk_types.h
View File

@@ -11,12 +11,12 @@
#include "esp_assert.h"
#include "rom/km.h"
#include "rom/key_mgr.h"
#ifdef __cplusplus
extern "C" {
#endif
#define HUK_INFO_SIZE 384
#define HUK_RISK_ALERT_LEVEL 4
/**
@@ -35,7 +35,7 @@ ESP_STATIC_ASSERT(sizeof(esp_huk_mode_t) == sizeof(huk_mode_t), "Size of esp_huk
*/
typedef enum {
ESP_HUK_STATE_IDLE = 0, /* Key Manager is idle */
ESP_HUK_STATE_LOAD, /* Key Manager is read to recieve input */
ESP_HUK_STATE_LOAD, /* Key Manager is read to receive input */
ESP_HUK_STATE_GAIN, /* Key Manager is ready to provide output */
ESP_HUK_STATE_BUSY /* Key Manager is busy */
} esp_huk_state_t;

39
components/hal/include/hal/key_mgr_types.h
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -31,16 +31,22 @@ typedef enum {
*/
typedef enum {
ESP_KEY_MGR_XTS_AES_LEN_256 = 0, /* xts-aes key is 256 bit, please note that xts-aes algorithm is XTS_AES_128*/
ESP_KEY_MGR_XTS_AES_LEN_512, /* xts-aes key is 512 bit, please note that xts-aes algorithm is XTS_AES_256 */
ESP_KEY_MGR_XTS_AES_LEN_512, /* xts-aes key is 512 bit, please note that xts-aes algorithm is XTS_AES_256 */
} esp_key_mgr_xts_aes_key_len_t;
/**
* @brief Type of the key: ECDSA, XTS
*/
typedef enum {
ESP_KEY_MGR_ECDSA_KEY = 0, /* ECDSA key */
ESP_KEY_MGR_XTS_AES_128_KEY, /* XTS-AES 128 key */
ESP_KEY_MGR_XTS_AES_256_KEY, /* XTS-AES 256 key */
ESP_KEY_MGR_XTS_AES_128_KEY, /* XTS-AES 128-bit key */
ESP_KEY_MGR_XTS_AES_256_KEY, /* XTS-AES 256-bit key */
ESP_KEY_MGR_ECDSA_192_KEY, /* ECDSA 192-bit key */
ESP_KEY_MGR_ECDSA_256_KEY, /* ECDSA 256-bit key */
ESP_KEY_MGR_ECDSA_384_KEY, /* ECDSA 384-bit key */
ESP_KEY_MGR_HMAC_KEY, /* HMAC key */
ESP_KEY_MGR_DS_KEY, /* Digital signature key */
ESP_KEY_MGR_PSRAM_128_KEY, /* PSRAM 128-bit key */
ESP_KEY_MGR_PSRAM_256_KEY, /* PSRAM 256-bit key */
} esp_key_mgr_key_type_t;
/*
@@ -48,7 +54,7 @@ typedef enum {
*/
typedef enum {
ESP_KEY_MGR_USE_OWN_KEY = 0, /* Use key from the key manager */
ESP_KEY_MGR_USE_EFUSE_KEY, /* Use key from the eFuse */
ESP_KEY_MGR_USE_EFUSE_KEY, /* Use key from the eFuse */
ESP_KEY_MGR_USAGE_INVALID,
} esp_key_mgr_key_usage_t;
@@ -56,10 +62,21 @@ typedef enum {
* @brief Key Purpose to be set for a particular key in the Key Manager
*/
typedef enum {
ESP_KEY_MGR_KEY_PURPOSE_ECDSA = 1,
ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1 = 2, /* First half of the XTS AES 256 bit key */
ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 = 3, /* Second half of the XTS AES 256 bit key */
ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_128 = 4, /* XTS AES 128 bit key */
ESP_KEY_MGR_KEY_PURPOSE_ECDSA_192 = 1, /* ECDSA 192-bit key */
ESP_KEY_MGR_KEY_PURPOSE_ECDSA_256 = 2, /* ECDSA 256-bit key */
ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1 = 3, /* First half of flash 256-bit key */
ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1 = ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1,
ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 = 4, /* Second half of flash 256-bit key */
ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 = ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2,
ESP_KEY_MGR_KEY_PURPOSE_FLASH_128 = 5, /* Flash 128-bit key */
ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_128 = ESP_KEY_MGR_KEY_PURPOSE_FLASH_128,
ESP_KEY_MGR_KEY_PURPOSE_HMAC = 6, /* HMAC key */
ESP_KEY_MGR_KEY_PURPOSE_DS = 7, /* Digital signature key */
ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1 = 8, /* First half of PSRAM 256-bit key */
ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 = 9, /* Second half of PSRAM 256-bit key */
ESP_KEY_MGR_KEY_PURPOSE_PSRAM_128 = 10, /* PSRAM 128-bit key */
ESP_KEY_MGR_KEY_PURPOSE_ECDSA_384_L = 11, /* Lower half of ECDSA 384-bit key */
ESP_KEY_MGR_KEY_PURPOSE_ECDSA_384_H = 12, /* Higher half of ECDSA 384-bit key */
} esp_key_mgr_key_purpose_t;
/**
@@ -86,7 +103,7 @@ typedef enum {
// store huk info, occupy 96 words
typedef struct PACKED_ATTR {
#define HUK_INFO_LEN 384
#define HUK_INFO_LEN 660
uint8_t info[HUK_INFO_LEN];
uint32_t crc;
} esp_key_mgr_huk_info_t;

6
components/hal/test_apps/crypto/main/key_manager/test_key_manager.c
View File

@@ -172,7 +172,7 @@ static void key_mgr_test_ecdsa_p256_aes_mode(void)
memcpy(key_config.k1_encrypted, (uint8_t*) test_data_ecdsa.k1_encrypted, KEY_MGR_K1_ENCRYPTED_SIZE);
memcpy(key_config.sw_init_key, (uint8_t*) test_data_ecdsa.init_key, KEY_MGR_SW_INIT_KEY_SIZE);
key_config.use_pre_generated_sw_init_key = 1;
key_config.key_type = ESP_KEY_MGR_ECDSA_KEY;
key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_aes_mode(&key_config, &key_recovery_info));
@@ -228,7 +228,7 @@ static void key_mgr_test_ecdsa_ecdh0_mode(void)
printf("\nKey Manager ECDH0 deployment: ECDSA_256 key\n");
static esp_key_mgr_ecdh0_key_config_t key_config;
memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE);
key_config.key_type = ESP_KEY_MGR_ECDSA_KEY;
key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info;
static esp_key_mgr_ecdh0_info_t ecdh0_info;
@@ -248,7 +248,7 @@ static void key_mgr_test_ecdsa_random_mode(void)
{
printf("\nKey Manager Random deployment: ECDSA_256 key\n");
static esp_key_mgr_random_key_config_t key_config;
key_config.key_type = ESP_KEY_MGR_ECDSA_KEY;
key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info));

8
components/soc/esp32c5/include/soc/Kconfig.soc_caps.in
View File

@@ -239,6 +239,14 @@ config SOC_RNG_SUPPORTED
bool
default y
config SOC_KEY_MANAGER_SUPPORTED
bool
default y
config SOC_HUK_SUPPORTED
bool
default y
config SOC_MODEM_CLOCK_SUPPORTED
bool
default y

4
components/soc/esp32c5/include/soc/soc_caps.h
View File

@@ -76,8 +76,8 @@
#define SOC_SPI_FLASH_SUPPORTED 1 // TODO: [ESP32C5] IDF-8715
#define SOC_ECDSA_SUPPORTED 1
#define SOC_RNG_SUPPORTED 1
// #define SOC_KEY_MANAGER_SUPPORTED 1 // TODO: [ESP32C5] IDF-8621
// #define SOC_HUK_SUPPORTED 1 // TODO: [ESP32C5] IDF-8617
#define SOC_KEY_MANAGER_SUPPORTED 1
#define SOC_HUK_SUPPORTED 1
#define SOC_MODEM_CLOCK_SUPPORTED 1
#define SOC_LIGHT_SLEEP_SUPPORTED 1
#define SOC_DEEP_SLEEP_SUPPORTED 1

136
components/soc/esp32c5/register/soc/keymng_reg.h
View File

@@ -1,5 +1,5 @@
/**
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -163,6 +163,29 @@ extern "C" {
#define KEYMNG_USE_EFUSE_KEY_FLASH_S 1
/* KEYMNG_USE_EFUSE_KEY_HMAC : R/W ;bitpos:[0] ;default: 1'd0 ; */
/*description: Set this bit to choose efuse key instead of key manager deployed key for hmac.*/
#define KEYMNG_USE_EFUSE_KEY_HMAC (BIT(2))
#define KEYMNG_USE_EFUSE_KEY_HMAC_M ((KEYMNG_USE_EFUSE_KEY_HMAC_V)<<(KEYMNG_USE_EFUSE_KEY_HMAC_S))
#define KEYMNG_USE_EFUSE_KEY_HMAC_V 0x1
#define KEYMNG_USE_EFUSE_KEY_HMAC_S 2
/* KEYMNG_USE_EFUSE_KEY_DS : R/W ;bitpos:[1] ;default: 1'd0 ; */
/*description: Set this bit to choose efuse key instead of key manager deployed key for ds.*/
#define KEYMNG_USE_EFUSE_KEY_DS (BIT(3))
#define KEYMNG_USE_EFUSE_KEY_DS_M ((KEYMNG_USE_EFUSE_KEY_DS_V)<<(KEYMNG_USE_EFUSE_KEY_DS_S))
#define KEYMNG_USE_EFUSE_KEY_DS_V 0x1
#define KEYMNG_USE_EFUSE_KEY_DS_S 3
/* KEYMNG_USE_EFUSE_KEY_PSRAM : R/W ;bitpos:[1] ;default: 1'd0 ; */
/*description: Set this bit to choose efuse key instead of key manager deployed key for psram.*/
#define KEYMNG_USE_EFUSE_KEY_PSRAM (BIT(4))
#define KEYMNG_USE_EFUSE_KEY_PSRAM_M ((KEYMNG_USE_EFUSE_KEY_PSRAM_V)<<(KEYMNG_USE_EFUSE_KEY_PSRAM_S))
#define KEYMNG_USE_EFUSE_KEY_PSRAM_V 0x1
#define KEYMNG_USE_EFUSE_KEY_PSRAM_S 4
/** KEYMNG_RND_SWITCH_CYCLE : R/W; bitpos: [9:5]; default: 15;
* The core clock cycle number to sample one rng input data. Please set it bigger than
* the clock cycle ratio: T_rng/T_km
@@ -209,21 +232,69 @@ extern "C" {
#define KEYMNG_USE_EFUSE_KEY_LOCK_S 0
/* KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA : R/W1 ;bitpos:[0] ;default: 1'd0 ; */
/*description: Write 1 to lock reg_use_efuse_key for esdsa*/
#define KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA (BIT(0))
#define KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA_M ((KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA_V)<<(KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA_S))
#define KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA_V 0x1
#define KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA_S 0
/* KEYMNG_USE_EFUSE_KEY_LOCK_FLASH : R/W1 ;bitpos:[1] ;default: 1'd0 ; */
/*description: Write 1 to lock reg_use_efuse_key for FLASH*/
#define KEYMNG_USE_EFUSE_KEY_LOCK_FLASH (BIT(1))
#define KEYMNG_USE_EFUSE_KEY_LOCK_FLASH_M ((KEYMNG_USE_EFUSE_KEY_LOCK_FLASH_V)<<(KEYMNG_USE_EFUSE_KEY_LOCK_FLASH_S))
#define KEYMNG_USE_EFUSE_KEY_LOCK_FLASH_V 0x1
#define KEYMNG_USE_EFUSE_KEY_LOCK_FLASH_S 1
/* KEYMNG_USE_EFUSE_KEY_LOCK_HMAC : R/W1 ;bitpos:[0] ;default: 1'd0 ; */
/*description: Write 1 to lock reg_use_efuse_key for hmac*/
#define KEYMNG_USE_EFUSE_KEY_LOCK_HMAC (BIT(2))
#define KEYMNG_USE_EFUSE_KEY_LOCK_HMAC_M ((KEYMNG_USE_EFUSE_KEY_LOCK_HMAC_V)<<(KEYMNG_USE_EFUSE_KEY_LOCK_HMAC_S))
#define KEYMNG_USE_EFUSE_KEY_LOCK_HMAC_V 0x1
#define KEYMNG_USE_EFUSE_KEY_LOCK_HMAC_S 2
/* KEYMNG_USE_EFUSE_KEY_LOCK_DS : R/W1 ;bitpos:[1] ;default: 1'd0 ; */
/*description: Write 1 to lock reg_use_efuse_key for ds*/
#define KEYMNG_USE_EFUSE_KEY_LOCK_DS (BIT(3))
#define KEYMNG_USE_EFUSE_KEY_LOCK_DS_M ((KEYMNG_USE_EFUSE_KEY_LOCK_DS_V)<<(KEYMNG_USE_EFUSE_KEY_LOCK_DS_S))
#define KEYMNG_USE_EFUSE_KEY_LOCK_DS_V 0x1
#define KEYMNG_USE_EFUSE_KEY_LOCK_DS_S 3
/* KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM : R/W1 ;bitpos:[1] ;default: 1'd0 ; */
/*description: Write 1 to lock reg_use_efuse_key for PSRAM*/
#define KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM (BIT(4))
#define KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM_M ((KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM_V)<<(KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM_S))
#define KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM_V 0x1
#define KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM_S 4
/** KEYMNG_RND_SWITCH_CYCLE_LOCK : R/W1; bitpos: [5]; default: 0;
* Write 1 to lock reg_rnd_switch_cycle.
*/
@@ -266,9 +337,10 @@ extern "C" {
#define KEYMNG_KGEN_MODE_V 0x00000007U
#define KEYMNG_KGEN_MODE_S 0
/** KEYMNG_KEY_PURPOSE : R/W; bitpos: [6:3]; default: 0;
* Set this field to choose the key purpose. 1: ecdsa_key 2: flash_256_1_key. 3:
* flash_256_2_key. 4: flash_128_key. 6: hmac_key. 7: ds_key. 8: psram_256_1_key. 9:
* psram_256_2_key. 10: psram_128_key. Others: reserved.
* Set this field to choose the key purpose. 1: ecdsa_key_192. 2: ecdsa_key_256. 3:
* flash_256_1_key. 4: flash_256_2_key. 5: flash_128_key. 6: hmac_key. 7: ds_key. 8:
* psram_256_1_key. 9: psram_256_2_key. 10: psram_128_key. 11: ecdsa_key_384_l. 12:
* ecdsa_key_384_h. Others: reserved.
*/
#define KEYMNG_KEY_PURPOSE 0x0000000FU
#define KEYMNG_KEY_PURPOSE_M (KEYMNG_KEY_PURPOSE_V << KEYMNG_KEY_PURPOSE_S)
@@ -323,46 +395,62 @@ extern "C" {
* Key Manager key status register
*/
#define KEYMNG_KEY_VLD_REG (DR_REG_KEYMNG_BASE + 0x30)
/** KEYMNG_KEY_ECDSA_VLD : RO; bitpos: [0]; default: 0;
* The status bit for key_ecdsa. 1: The key has been deployed correctly. 0: The key
* has not been deployed yet.
/** KEYMNG_KEY_ECDSA_192_VLD : RO; bitpos: [0]; default: 0;
* The status bit for key_ecdsa_192. 1: The key has been deployed correctly. 0: The
* key has not been deployed yet.
*/
#define KEYMNG_KEY_ECDSA_VLD (BIT(0))
#define KEYMNG_KEY_ECDSA_VLD_M (KEYMNG_KEY_ECDSA_VLD_V << KEYMNG_KEY_ECDSA_VLD_S)
#define KEYMNG_KEY_ECDSA_VLD_V 0x00000001U
#define KEYMNG_KEY_ECDSA_VLD_S 0
/** KEYMNG_KEY_FLASH_VLD : RO; bitpos: [1]; default: 0;
#define KEYMNG_KEY_ECDSA_192_VLD (BIT(0))
#define KEYMNG_KEY_ECDSA_192_VLD_M (KEYMNG_KEY_ECDSA_192_VLD_V << KEYMNG_KEY_ECDSA_192_VLD_S)
#define KEYMNG_KEY_ECDSA_192_VLD_V 0x00000001U
#define KEYMNG_KEY_ECDSA_192_VLD_S 0
/** KEYMNG_KEY_ECDSA_256_VLD : RO; bitpos: [1]; default: 0;
* The status bit for key_ecdsa_256. 1: The key has been deployed correctly. 0: The
* key has not been deployed yet.
*/
#define KEYMNG_KEY_ECDSA_256_VLD (BIT(1))
#define KEYMNG_KEY_ECDSA_256_VLD_M (KEYMNG_KEY_ECDSA_256_VLD_V << KEYMNG_KEY_ECDSA_256_VLD_S)
#define KEYMNG_KEY_ECDSA_256_VLD_V 0x00000001U
#define KEYMNG_KEY_ECDSA_256_VLD_S 1
/** KEYMNG_KEY_FLASH_VLD : RO; bitpos: [2]; default: 0;
* The status bit for key_flash. 1: The key has been deployed correctly. 0: The
* key has not been deployed yet.
*/
#define KEYMNG_KEY_FLASH_VLD (BIT(1))
#define KEYMNG_KEY_FLASH_VLD (BIT(2))
#define KEYMNG_KEY_FLASH_VLD_M (KEYMNG_KEY_FLASH_VLD_V << KEYMNG_KEY_FLASH_VLD_S)
#define KEYMNG_KEY_FLASH_VLD_V 0x00000001U
#define KEYMNG_KEY_FLASH_VLD_S 1
/** KEYMNG_KEY_HMAC_VLD : RO; bitpos: [2]; default: 0;
#define KEYMNG_KEY_FLASH_VLD_S 2
/** KEYMNG_KEY_HMAC_VLD : RO; bitpos: [3]; default: 0;
* The status bit for key_hmac. 1: The key has been deployed correctly. 0: The key
* has not been deployed yet.
*/
#define KEYMNG_KEY_HMAC_VLD (BIT(2))
#define KEYMNG_KEY_HMAC_VLD (BIT(3))
#define KEYMNG_KEY_HMAC_VLD_M (KEYMNG_KEY_HMAC_VLD_V << KEYMNG_KEY_HMAC_VLD_S)
#define KEYMNG_KEY_HMAC_VLD_V 0x00000001U
#define KEYMNG_KEY_HMAC_VLD_S 2
/** KEYMNG_KEY_DS_VLD : RO; bitpos: [3]; default: 0;
#define KEYMNG_KEY_HMAC_VLD_S 3
/** KEYMNG_KEY_DS_VLD : RO; bitpos: [4]; default: 0;
* The status bit for key_ds. 1: The key has been deployed correctly. 0: The
* key has not been deployed yet.
*/
#define KEYMNG_KEY_DS_VLD (BIT(3))
#define KEYMNG_KEY_DS_VLD (BIT(4))
#define KEYMNG_KEY_DS_VLD_M (KEYMNG_KEY_DS_VLD_V << KEYMNG_KEY_DS_VLD_S)
#define KEYMNG_KEY_DS_VLD_V 0x00000001U
#define KEYMNG_KEY_DS_VLD_S 3
/** KEYMNG_KEY_PSRAM_VLD : RO; bitpos: [4]; default: 0;
#define KEYMNG_KEY_DS_VLD_S 4
/** KEYMNG_KEY_PSRAM_VLD : RO; bitpos: [5]; default: 0;
* The status bit for key_psram. 1: The key has been deployed correctly. 0: The key
* has not been deployed yet.
*/
#define KEYMNG_KEY_PSRAM_VLD (BIT(4))
#define KEYMNG_KEY_PSRAM_VLD (BIT(5))
#define KEYMNG_KEY_PSRAM_VLD_M (KEYMNG_KEY_PSRAM_VLD_V << KEYMNG_KEY_PSRAM_VLD_S)
#define KEYMNG_KEY_PSRAM_VLD_V 0x00000001U
#define KEYMNG_KEY_PSRAM_VLD_S 4
#define KEYMNG_KEY_PSRAM_VLD_S 5
/** KEYMNG_KEY_ECDSA_384_VLD : RO; bitpos: [6]; default: 0;
* The status bit for key_ecdsa_384. 1: The key has been deployed correctly. 0: The
* key has not been deployed yet.
*/
#define KEYMNG_KEY_ECDSA_384_VLD (BIT(6))
#define KEYMNG_KEY_ECDSA_384_VLD_M (KEYMNG_KEY_ECDSA_384_VLD_V << KEYMNG_KEY_ECDSA_384_VLD_S)
#define KEYMNG_KEY_ECDSA_384_VLD_V 0x00000001U
#define KEYMNG_KEY_ECDSA_384_VLD_S 6
/** KEYMNG_HUK_VLD_REG register
* Key Manager HUK status register
@@ -380,7 +468,7 @@ extern "C" {
* Version control register
*/
#define KEYMNG_DATE_REG (DR_REG_KEYMNG_BASE + 0xfc)
/** KEYMNG_DATE : R/W; bitpos: [27:0]; default: 36774224;
/** KEYMNG_DATE : R/W; bitpos: [27:0]; default: 37781824;
* Key Manager version control register.
*/
#define KEYMNG_DATE 0x0FFFFFFFU

17
components/soc/esp32p4/register/soc/keymng_reg.h
View File

@@ -1,5 +1,5 @@
/**
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -239,6 +239,21 @@ extern "C" {
#define KEYMNG_KEY_PURPOSE_V 0x0000000FU
#define KEYMNG_KEY_PURPOSE_S 3
#define KEYMNG_KEY_PURPOSE_ECDSA (BIT(0))
#define KEYMNG_KEY_PURPOSE_ECDSA_M (KEYMNG_KEY_PURPOSE_ECDSA_V << KEYMNG_KEY_PURPOSE_ECDSA_S)
#define KEYMNG_KEY_PURPOSE_ECDSA_V 0x00000001U
#define KEYMNG_KEY_PURPOSE_ECDSA_S 0
#define KEYMNG_KEY_PURPOSE_XTS_AES_256_1 (BIT(1))
#define KEYMNG_KEY_PURPOSE_XTS_AES_256_1_M (KEYMNG_KEY_PURPOSE_XTS_AES_256_1_V << KEYMNG_KEY_PURPOSE_XTS_AES_256_1_S)
#define KEYMNG_KEY_PURPOSE_XTS_AES_256_1_V 0x00000001U
#define KEYMNG_KEY_PURPOSE_XTS_AES_256_1_S 1
#define KEYMNG_KEY_PURPOSE_XTS_AES_256_2 (BIT(2))
#define KEYMNG_KEY_PURPOSE_XTS_AES_256_2_M (KEYMNG_KEY_PURPOSE_XTS_AES_256_2_V << KEYMNG_KEY_PURPOSE_XTS_AES_256_2_S)
#define KEYMNG_KEY_PURPOSE_XTS_AES_256_2_V 0x00000001U
#define KEYMNG_KEY_PURPOSE_XTS_AES_256_2_S 2
/** KEYMNG_START_REG register
* Key Manager control register
*/