espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-03 10:30:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): add anti-FI checks while setting up PSRAM encryption

Browse Source
This commit is contained in:
Mahavir Jain
2025-09-04 18:01:16 +05:30
parent 729be4656b
commit ad059d385b
6 changed files with 36 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
components/esp_hw_support/include/esp_fault.h → components/esp_common/include/esp_fault.h
View File

12
components/hal/esp32c5/include/hal/mmu_ll.h
View File

@@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@@ -15,6 +15,7 @@
#include "soc/soc_caps.h" #include "soc/soc_caps.h"
#include "hal/assert.h" #include "hal/assert.h"
#include "hal/mmu_types.h" #include "hal/mmu_types.h"
#include "esp_fault.h"
#if SOC_EFUSE_SUPPORTED #if SOC_EFUSE_SUPPORTED
#include "hal/efuse_ll.h" #include "hal/efuse_ll.h"
#include "hal/efuse_hal.h" #include "hal/efuse_hal.h"
@@ -225,6 +226,15 @@ __attribute__((always_inline)) static inline void mmu_ll_write_entry(uint32_t mm
mmu_raw_value = mmu_val | SOC_MMU_VALID; mmu_raw_value = mmu_val | SOC_MMU_VALID;
REG_WRITE(SPI_MEM_MMU_ITEM_INDEX_REG(0), entry_id); REG_WRITE(SPI_MEM_MMU_ITEM_INDEX_REG(0), entry_id);
REG_WRITE(SPI_MEM_MMU_ITEM_CONTENT_REG(0), mmu_raw_value); REG_WRITE(SPI_MEM_MMU_ITEM_CONTENT_REG(0), mmu_raw_value);
// Anti-FI check to confirm the encryption status for PSRAM entry.
// This avoids a potential FI attacks to keep PSRAM unencrypted and
// hence read out plaintext in execute from PSRAM model.
if (mmu_ll_cache_encryption_enabled() && target == MMU_TARGET_PSRAM0 && efuse_hal_chip_revision() > 100) {
ESP_FAULT_ASSERT(REG_READ(SPI_MEM_MMU_ITEM_CONTENT_REG(0)) & SOC_MMU_SENSITIVE);
} else {
ESP_FAULT_ASSERT(!(mmu_ll_cache_encryption_enabled() && mmu_id == MMU_LL_PSRAM_MMU_ID && efuse_hal_chip_revision() > 100));
}
} }
/** /**

12
components/hal/esp32c61/include/hal/mmu_ll.h
View File

@@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@@ -14,6 +14,7 @@
#include "hal/mmu_types.h" #include "hal/mmu_types.h"
#include "hal/efuse_ll.h" #include "hal/efuse_ll.h"
#include "hal/efuse_hal.h" #include "hal/efuse_hal.h"
#include "esp_fault.h"
// TODO: [ESP32C61] IDF-9265, inherit from c6 // TODO: [ESP32C61] IDF-9265, inherit from c6
@@ -227,6 +228,15 @@ __attribute__((always_inline)) static inline void mmu_ll_write_entry(uint32_t mm
mmu_raw_value = mmu_val | SOC_MMU_VALID; mmu_raw_value = mmu_val | SOC_MMU_VALID;
REG_WRITE(SPI_MEM_MMU_ITEM_INDEX_REG(0), entry_id); REG_WRITE(SPI_MEM_MMU_ITEM_INDEX_REG(0), entry_id);
REG_WRITE(SPI_MEM_MMU_ITEM_CONTENT_REG(0), mmu_raw_value); REG_WRITE(SPI_MEM_MMU_ITEM_CONTENT_REG(0), mmu_raw_value);
// Anti-FI check to confirm the encryption status for PSRAM entry.
// This avoids a potential FI attacks to keep PSRAM unencrypted and
// hence read out plaintext in execute from PSRAM model.
if (mmu_ll_cache_encryption_enabled() && target == MMU_TARGET_PSRAM0 && efuse_hal_chip_revision() > 100) {
ESP_FAULT_ASSERT(REG_READ(SPI_MEM_MMU_ITEM_CONTENT_REG(0)) & SOC_MMU_SENSITIVE);
} else {
ESP_FAULT_ASSERT(!(mmu_ll_cache_encryption_enabled() && mmu_id == MMU_LL_PSRAM_MMU_ID && efuse_hal_chip_revision() > 100));
}
} }
/** /**

10
components/hal/esp32p4/include/hal/mmu_ll.h
View File

@@ -14,6 +14,7 @@
#include "hal/assert.h" #include "hal/assert.h"
#include "hal/mmu_types.h" #include "hal/mmu_types.h"
#include "hal/efuse_ll.h" #include "hal/efuse_ll.h"
#include "esp_fault.h"
#ifdef __cplusplus #ifdef __cplusplus
@@ -289,6 +290,15 @@ __attribute__((always_inline)) static inline void mmu_ll_write_entry(uint32_t mm
REG_WRITE(index_reg, entry_id); REG_WRITE(index_reg, entry_id);
REG_WRITE(content_reg, mmu_val); REG_WRITE(content_reg, mmu_val);
// Anti-FI check to confirm the encryption status for PSRAM entry.
// This avoids a potential FI attacks to keep PSRAM unencrypted and
// hence read out plaintext in execute from PSRAM model.
if (mmu_ll_cache_encryption_enabled() && mmu_id == MMU_LL_PSRAM_MMU_ID) {
ESP_FAULT_ASSERT(REG_READ(content_reg) & SOC_MMU_PSRAM_SENSITIVE);
} else {
ESP_FAULT_ASSERT(!(mmu_ll_cache_encryption_enabled() && mmu_id == MMU_LL_PSRAM_MMU_ID));
}
} }
/** /**

2
docs/en/migration-guides/release-6.x/6.0/system.rst
View File

@@ -60,6 +60,8 @@ The deprecated ``intr_types.h`` header file has been removed. Please include the
The deprecated ``esp_private/interrupt_deprecated.h`` header file, previously accessible through ``riscv/interrupt.h`` header, has been removed. The deprecated functions are no longer available; please use the non-deprecated versions instead. The deprecated ``esp_private/interrupt_deprecated.h`` header file, previously accessible through ``riscv/interrupt.h`` header, has been removed. The deprecated functions are no longer available; please use the non-deprecated versions instead.
The ``esp_fault.h`` header file has been moved from the ``esp_hw_support`` component to the ``esp_common`` component. If your application encounters build errors after this change, add ``esp_common`` to your component's ``REQUIRES`` or ``PRIV_REQUIRES`` list in ``CMakeLists.txt``.
ROM Headers ROM Headers
----------- -----------

2
docs/zh_CN/migration-guides/release-6.x/6.0/system.rst
View File

@@ -60,6 +60,8 @@ Xtensa 特殊寄存器头文件已更新,使用新的命名约定。旧的 ``s
已弃用的头文件 ``esp_private/interrupt_deprecated.h`` (此前通过 ``riscv/interrupt.h`` 头文件提供)已被移除。相关已弃用的函数不再可用,请改用非弃用版本。 已弃用的头文件 ``esp_private/interrupt_deprecated.h`` (此前通过 ``riscv/interrupt.h`` 头文件提供)已被移除。相关已弃用的函数不再可用,请改用非弃用版本。
头文件 ``esp_fault.h`` 已从 ``esp_hw_support`` 组件移动到 ``esp_common`` 组件。如果应用程序在此更改后遇到构建错误,请在 ``CMakeLists.txt`` 中将 ``esp_common`` 添加到组件的 ``REQUIRES````PRIV_REQUIRES`` 列表中。
ROM 头文件 ROM 头文件
----------- -----------