fix(esp_tee): Fix failing SPI1 flash protection test-cases

components/esp_tee/subproject/main/core/esp_secure_services_iram.c

@@ -212,6 +212,11 @@ uint32_t _ss_spi_flash_hal_check_status(spi_flash_host_inst_t *host)
 
 esp_err_t _ss_spi_flash_hal_common_command(spi_flash_host_inst_t *host, spi_flash_trans_t *trans)
 {
+    bool paddr_chk = esp_tee_flash_check_paddr_in_tee_region(trans->address);
+    if (paddr_chk) {
+        ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, trans->address);
+        return ESP_FAIL;
+    }
     return spi_flash_hal_common_command(host, trans);
 }
 

components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_flash_prot.c

@@ -125,13 +125,13 @@ static void test_esp_partition_api_w(const esp_partition_t *part)
     TEST_ASSERT_NOT_NULL(part);
     uint8_t buf_w[128];
     memset(buf_w, 0xA5, sizeof(buf_w));
-    TEST_ESP_OK(esp_partition_write(part, 0x00, buf_w, sizeof(buf_w)));
+    TEST_ESP_ERR(ESP_FAIL, esp_partition_write(part, 0x00, buf_w, sizeof(buf_w)));
 }
 
 static void test_esp_partition_api_e(const esp_partition_t *part)
 {
     TEST_ASSERT_NOT_NULL(part);
-    TEST_ESP_OK(esp_partition_erase_range(part, 0x00, SPI_FLASH_SEC_SIZE));
+    TEST_ESP_ERR(ESP_FAIL, esp_partition_erase_range(part, 0x00, SPI_FLASH_SEC_SIZE));
 }
 
 static void test_esp_partition_api(void)
@@ -229,12 +229,12 @@ static void test_esp_flash_api_w(uint32_t paddr)
 {
     uint8_t buf_w[128];
     memset(buf_w, 0xA5, sizeof(buf_w));
-    TEST_ESP_OK(esp_flash_write(NULL, buf_w, paddr, sizeof(buf_w)));
+    TEST_ESP_ERR(ESP_FAIL, esp_flash_write(NULL, buf_w, paddr, sizeof(buf_w)));
 }
 
 static void test_esp_flash_api_e(uint32_t paddr)
 {
-    TEST_ESP_OK(esp_flash_erase_region(NULL, paddr, SPI_FLASH_SEC_SIZE));
+    TEST_ESP_ERR(ESP_FAIL, esp_flash_erase_region(NULL, paddr, SPI_FLASH_SEC_SIZE));
 }
 
 static void test_esp_flash_api(void)

components/esp_tee/test_apps/tee_test_fw/pytest_esp_tee_ut.py

@@ -1,5 +1,6 @@
 # SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
 # SPDX-License-Identifier: Apache-2.0
+import re
 from enum import Enum
 from typing import Dict
 from typing import Tuple
@@ -20,7 +21,7 @@ CONFIG_DEFAULT = [
 
 CONFIG_OTA = [
     # 'config, target, skip_autoflash, markers',
-    ('ota', target, 'y', (pytest.mark.generic,))
+    ('ota', target, 'y', (pytest.mark.host_test,))
     for target in SUPPORTED_TARGETS
 ]
 
@@ -198,8 +199,18 @@ def expect_panic_rsn(dut: IdfDut, expected_rsn: str) -> None:
 
 def run_multiple_stages(dut: IdfDut, test_case_num: int, stages: int, api: TeeFlashAccessApi) -> None:
     expected_ops = {
-        TeeFlashAccessApi.ESP_PARTITION: ['read', 'program_page', 'program_page', 'erase_sector'],
+        TeeFlashAccessApi.ESP_PARTITION: [
-        TeeFlashAccessApi.ESP_FLASH: ['program_page', 'read', 'erase_sector', 'program_page'],
+            'read',
+            'program_page|common_command',
+            'program_page|common_command',
+            'erase_sector|common_command',
+        ],
+        TeeFlashAccessApi.ESP_FLASH: [
+            'program_page|common_command',
+            'read',
+            'erase_sector|common_command',
+            'program_page|common_command',
+        ],
     }
 
     flash_enc_enabled = dut.app.sdkconfig.get('SECURE_FLASH_ENC_ENABLED', True)
@@ -225,7 +236,7 @@ def run_multiple_stages(dut: IdfDut, test_case_num: int, stages: int, api: TeeFl
                         r'\[_ss_spi_flash_hal_(\w+)\] Illegal flash access at \s*(0x[0-9a-fA-F]+)', timeout=10
                     )
                     actual_op = match.group(1).decode()
-                    if actual_op != curr_op:
+                    if not re.fullmatch(curr_op, actual_op):
                         raise RuntimeError(f'Unexpected flash operation: {actual_op} (expected: {curr_op})')
             elif api == TeeFlashAccessApi.ESP_ROM_SPIFLASH:
                 expect_panic_rsn(dut, 'APM - Authority exception')