Merge branch 'feature/enable_flash_encryption_for_c5' into 'master'

feat: enable flash encryption support for c5

Closes IDF-8622 and IDF-9480

See merge request espressif/esp-idf!29578

components/bootloader_support/src/flash_encryption/flash_encrypt.c

@@ -16,10 +16,16 @@
 #include "esp_log.h"
 #include "hal/wdt_hal.h"
 
-#if SOC_KEY_MANAGER_SUPPORTED
+// Need to remove check and merge accordingly for ESP32C5 once key manager support added in IDF-8621
+#if SOC_KEY_MANAGER_SUPPORTED || CONFIG_IDF_TARGET_ESP32C5
+#if CONFIG_IDF_TARGET_ESP32C5
+#include "soc/keymng_reg.h"
+#include "hal/key_mgr_types.h"
+#include "soc/pcr_reg.h"
+#else
 #include "hal/key_mgr_hal.h"
 #include "hal/mspi_timing_tuning_ll.h"
-#include "soc/keymng_reg.h"
+#endif /* CONFIG_IDF_TARGET_ESP32C5 */
 #endif
 
 #ifdef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
@@ -216,17 +222,17 @@ static esp_err_t check_and_generate_encryption_keys(void)
         }
         ESP_LOGI(TAG, "Using pre-loaded flash encryption key in efuse");
     }
-
-#if SOC_KEY_MANAGER_SUPPORTED
-#if CONFIG_IDF_TARGET_ESP32C5 && SOC_KEY_MANAGER_SUPPORTED
-    // TODO: [ESP32C5] IDF-8622 find a more proper place for these codes
-    REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH);
+// Need to remove check for ESP32C5 and merge accordingly once key manager support added in IDF-8621
+#if SOC_KEY_MANAGER_SUPPORTED || CONFIG_IDF_TARGET_ESP32C5
+#if CONFIG_IDF_TARGET_ESP32C5
+    REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY, 2);
     REG_SET_BIT(PCR_MSPI_CLK_CONF_REG, PCR_MSPI_AXI_RST_EN);
     REG_CLR_BIT(PCR_MSPI_CLK_CONF_REG, PCR_MSPI_AXI_RST_EN);
-#endif
+#else
     // Force Key Manager to use eFuse key for XTS-AES operation
     key_mgr_hal_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
     _mspi_timing_ll_reset_mspi();
+#endif /* CONFIG_IDF_TARGET_ESP32C5 */
 #endif
 
     return ESP_OK;

components/hal/esp32c5/include/hal/spi_flash_encrypted_ll.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -15,7 +15,7 @@
 #include <stdbool.h>
 #include <string.h>
 #include "soc/hp_system_reg.h"
-// #include "soc/xts_aes_reg.h"
+#include "soc/spi_mem_reg.h"
 #include "soc/soc.h"
 #include "soc/soc_caps.h"
 #include "hal/assert.h"
@@ -27,7 +27,6 @@ extern "C" {
 /// Choose type of chip you want to encrypt manually
 typedef enum
 {
-    // TODO: [ESP32C5] IDF-8622, IDF-8649
     FLASH_ENCRYPTION_MANU = 0, ///!< Manually encrypt the flash chip.
     PSRAM_ENCRYPTION_MANU = 1  ///!< Manually encrypt the psram chip.
 } flash_encrypt_ll_type_t;
@@ -37,11 +36,15 @@ typedef enum
  */
 static inline void spi_flash_encrypt_ll_enable(void)
 {
-    // TODO: [ESP32C5] IDF-8622, IDF-8649
-    // REG_SET_BIT(HP_SYSTEM_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG,
-    //             HP_SYSTEM_ENABLE_DOWNLOAD_MANUAL_ENCRYPT |
-    //             HP_SYSTEM_ENABLE_SPI_MANUAL_ENCRYPT);
-    abort();
+#if CONFIG_IDF_TARGET_ESP32C5_BETA3_VERSION
+    REG_SET_BIT(HP_SYS_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG,
+                HP_SYS_ENABLE_DOWNLOAD_MANUAL_ENCRYPT |
+                HP_SYS_ENABLE_SPI_MANUAL_ENCRYPT);
+#else
+    REG_SET_BIT(HP_SYSTEM_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG,
+                HP_SYSTEM_ENABLE_DOWNLOAD_MANUAL_ENCRYPT |
+                HP_SYSTEM_ENABLE_SPI_MANUAL_ENCRYPT);
+#endif
 }
 
 /*
@@ -49,14 +52,17 @@ static inline void spi_flash_encrypt_ll_enable(void)
  */
 static inline void spi_flash_encrypt_ll_disable(void)
 {
-    // TODO: [ESP32C5] IDF-8622, IDF-8649
-    // REG_CLR_BIT(HP_SYSTEM_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG,
-    //             HP_SYSTEM_ENABLE_SPI_MANUAL_ENCRYPT);
-    abort();
+#if CONFIG_IDF_TARGET_ESP32C5_BETA3_VERSION
+    REG_CLR_BIT(HP_SYS_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG,
+                HP_SYS_ENABLE_SPI_MANUAL_ENCRYPT);
+#else
+    REG_CLR_BIT(HP_SYSTEM_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG,
+                HP_SYSTEM_ENABLE_SPI_MANUAL_ENCRYPT);
+#endif
 }
 
 /**
- * Choose type of chip you want to encrypt manully
+ * Choose type of chip you want to encrypt manually
  *
  * @param type The type of chip to be encrypted
  *
@@ -64,11 +70,9 @@ static inline void spi_flash_encrypt_ll_disable(void)
  */
 static inline void spi_flash_encrypt_ll_type(flash_encrypt_ll_type_t type)
 {
-    // TODO: [ESP32C5] IDF-8622, IDF-8649
-    // // Our hardware only support flash encryption
-    // HAL_ASSERT(type == FLASH_ENCRYPTION_MANU);
-    // REG_SET_FIELD(XTS_AES_DESTINATION_REG(0), XTS_AES_DESTINATION, type);
-    abort();
+    // Our hardware only support flash encryption
+    HAL_ASSERT(type == FLASH_ENCRYPTION_MANU);
+    REG_SET_FIELD(SPI_MEM_XTS_DESTINATION_REG(0), SPI_XTS_DESTINATION, type);
 }
 
 /**
@@ -78,10 +82,8 @@ static inline void spi_flash_encrypt_ll_type(flash_encrypt_ll_type_t type)
  */
 static inline void spi_flash_encrypt_ll_buffer_length(uint32_t size)
 {
-    // TODO: [ESP32C5] IDF-8622, IDF-8649
-    // // Desired block should not be larger than the block size.
-    // REG_SET_FIELD(XTS_AES_LINESIZE_REG(0), XTS_AES_LINESIZE, size >> 5);
-    abort();
+    // Desired block should not be larger than the block size.
+    REG_SET_FIELD(SPI_MEM_XTS_LINESIZE_REG(0), SPI_XTS_LINESIZE, size >> 5);
 }
 
 /**
@@ -94,11 +96,9 @@ static inline void spi_flash_encrypt_ll_buffer_length(uint32_t size)
  */
 static inline void spi_flash_encrypt_ll_plaintext_save(uint32_t address, const uint32_t* buffer, uint32_t size)
 {
-    // TODO: [ESP32C5] IDF-8622, IDF-8649
-    // uint32_t plaintext_offs = (address % SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX);
-    // HAL_ASSERT(plaintext_offs + size <= SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX);
-    // memcpy((void *)(XTS_AES_PLAIN_MEM(0) + plaintext_offs), buffer, size);
-    abort();
+    uint32_t plaintext_offs = (address % SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX);
+    HAL_ASSERT(plaintext_offs + size <= SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX);
+    memcpy((void *)(SPI_MEM_XTS_PLAIN_BASE_REG(0) + plaintext_offs), buffer, size);
 }
 
 /**
@@ -108,9 +108,7 @@ static inline void spi_flash_encrypt_ll_plaintext_save(uint32_t address, const u
  */
 static inline void spi_flash_encrypt_ll_address_save(uint32_t flash_addr)
 {
-    // TODO: [ESP32C5] IDF-8622, IDF-8649
-    // REG_SET_FIELD(XTS_AES_PHYSICAL_ADDRESS_REG(0), XTS_AES_PHYSICAL_ADDRESS, flash_addr);
-    abort();
+    REG_SET_FIELD(SPI_MEM_XTS_PHYSICAL_ADDRESS_REG(0), SPI_XTS_PHYSICAL_ADDRESS, flash_addr);
 }
 
 /**
@@ -118,9 +116,7 @@ static inline void spi_flash_encrypt_ll_address_save(uint32_t flash_addr)
  */
 static inline void spi_flash_encrypt_ll_calculate_start(void)
 {
-    // TODO: [ESP32C5] IDF-8622, IDF-8649
-    // REG_SET_FIELD(XTS_AES_TRIGGER_REG(0), XTS_AES_TRIGGER, 1);
-    abort();
+    REG_SET_FIELD(SPI_MEM_XTS_TRIGGER_REG(0), SPI_XTS_TRIGGER, 1);
 }
 
 /**
@@ -128,10 +124,8 @@ static inline void spi_flash_encrypt_ll_calculate_start(void)
  */
 static inline void spi_flash_encrypt_ll_calculate_wait_idle(void)
 {
-    // TODO: [ESP32C5] IDF-8622, IDF-8649
-    // while(REG_GET_FIELD(XTS_AES_STATE_REG(0), XTS_AES_STATE) == 0x1) {
-    // }
-    abort();
+    while(REG_GET_FIELD(SPI_MEM_XTS_STATE_REG(0), SPI_XTS_STATE) == 0x1) {
+    }
 }
 
 /**
@@ -139,11 +133,9 @@ static inline void spi_flash_encrypt_ll_calculate_wait_idle(void)
  */
 static inline void spi_flash_encrypt_ll_done(void)
 {
-    // TODO: [ESP32C5] IDF-8622, IDF-8649
-    // REG_SET_BIT(XTS_AES_RELEASE_REG(0), XTS_AES_RELEASE);
-    // while(REG_GET_FIELD(XTS_AES_STATE_REG(0), XTS_AES_STATE) != 0x3) {
-    // }
-    abort();
+    REG_SET_BIT(SPI_MEM_XTS_RELEASE_REG(0), SPI_XTS_RELEASE);
+    while(REG_GET_FIELD(SPI_MEM_XTS_STATE_REG(0), SPI_XTS_STATE) != 0x3) {
+    }
 }
 
 /**
@@ -151,9 +143,7 @@ static inline void spi_flash_encrypt_ll_done(void)
  */
 static inline void spi_flash_encrypt_ll_destroy(void)
 {
-    // TODO: [ESP32C5] IDF-8622, IDF-8649
-    // REG_SET_BIT(XTS_AES_DESTROY_REG(0), XTS_AES_DESTROY);
-    abort();
+    REG_SET_BIT(SPI_MEM_XTS_DESTROY_REG(0), SPI_XTS_DESTROY);
 }
 
 /**
@@ -164,10 +154,7 @@ static inline void spi_flash_encrypt_ll_destroy(void)
  */
 static inline bool spi_flash_encrypt_ll_check(uint32_t address, uint32_t length)
 {
-    // TODO: [ESP32C5] IDF-8622, IDF-8649
-    // return ((address % length) == 0) ? true : false;
-    abort();
-    return (bool)0;
+    return ((address % length) == 0) ? true : false;
 }
 
 #ifdef __cplusplus

components/soc/esp32c5/beta3/include/soc/soc_caps.h

@@ -55,7 +55,7 @@
 #define SOC_DIG_SIGN_SUPPORTED          1
 #define SOC_ECC_SUPPORTED               1
 #define SOC_ECC_EXTENDED_MODES_SUPPORTED   1
-#define SOC_FLASH_ENC_SUPPORTED         1     // TODO: [ESP32C5] IDF-8622
+#define SOC_FLASH_ENC_SUPPORTED         1
 #define SOC_SECURE_BOOT_SUPPORTED       1
 // #define SOC_BOD_SUPPORTED               1  // TODO: [ESP32C5] IDF-8647
 // #define SOC_APM_SUPPORTED               1  // TODO: [ESP32C5] IDF-8614, IDF-8615
@@ -474,9 +474,9 @@
 #define SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY  1
 
 /*-------------------------- Flash Encryption CAPS----------------------------*/
-#define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX   (64)  // TODO: [ESP32C5] IDF-8622
+#define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX   (64)
 #define SOC_FLASH_ENCRYPTION_XTS_AES        1
-#define SOC_FLASH_ENCRYPTION_XTS_AES_128    1  // TODO: [ESP32C5] IDF-8622
+#define SOC_FLASH_ENCRYPTION_XTS_AES_128    1
 
 /*------------------------ Anti DPA (Security) CAPS --------------------------*/
 // #define SOC_CRYPTO_DPA_PROTECTION_SUPPORTED     1

components/soc/esp32c5/mp/include/soc/soc_caps.h

@@ -53,7 +53,7 @@
 #define SOC_DIG_SIGN_SUPPORTED          1
 #define SOC_ECC_SUPPORTED               1
 #define SOC_ECC_EXTENDED_MODES_SUPPORTED   1
-#define SOC_FLASH_ENC_SUPPORTED         1     // TODO: [ESP32C5] IDF-8622
+#define SOC_FLASH_ENC_SUPPORTED         1
 #define SOC_SECURE_BOOT_SUPPORTED       1
 // #define SOC_BOD_SUPPORTED               1  // TODO: [ESP32C5] IDF-8647
 // #define SOC_APM_SUPPORTED               1  // TODO: [ESP32C5] IDF-8614, IDF-8615
@@ -475,9 +475,9 @@
 #define SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY  1
 
 /*-------------------------- Flash Encryption CAPS----------------------------*/
-#define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX   (64)  // TODO: [ESP32C5] IDF-8622
+#define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX   (64)
 #define SOC_FLASH_ENCRYPTION_XTS_AES        1
-#define SOC_FLASH_ENCRYPTION_XTS_AES_128    1  // TODO: [ESP32C5] IDF-8622
+#define SOC_FLASH_ENCRYPTION_XTS_AES_128    1
 
 /*------------------------ Anti DPA (Security) CAPS --------------------------*/
 // #define SOC_CRYPTO_DPA_PROTECTION_SUPPORTED     1

components/spi_flash/test_apps/.build-test-rules.yml

@@ -22,12 +22,8 @@ components/spi_flash/test_apps/esp_flash_stress:
       reason: not support yet # TODO: [ESP32C5] IDF-8715
 
 components/spi_flash/test_apps/flash_encryption:
-  disable:
-    - if: IDF_TARGET == "esp32c5"
-      temporary: true
-      reason: not support yet # TODO: [ESP32C5] IDF-8622
   disable_test:
-    - if: IDF_TARGET in ["esp32c2", "esp32s2", "esp32c6", "esp32h2", "esp32p4"]
+    - if: IDF_TARGET in ["esp32c2", "esp32s2", "esp32c6", "esp32h2", "esp32p4", "esp32c5"]
       temporary: true
       reason: No runners # IDF-5634
 

components/spi_flash/test_apps/flash_encryption/README.md

@@ -1,5 +1,5 @@
-| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 |
-| ----------------- | ----- | -------- | -------- | -------- | -------- | -------- | -------- | -------- |
+| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 |
+| ----------------- | ----- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- |
 
 ## Prepare runner