flash encryption: add flash encryption support for ESP32-S3

components/bootloader_support/src/esp32s3/flash_encryption_secure_features.c

@@ -34,6 +34,7 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG
     ESP_LOGI(TAG, "Disable JTAG...");
     esp_efuse_write_field_bit(ESP_EFUSE_HARD_DIS_JTAG);
+    esp_efuse_write_field_bit(ESP_EFUSE_DIS_USB_JTAG);
 #else
     ESP_LOGW(TAG, "Not disabling JTAG - SECURITY COMPROMISED");
 #endif

components/bootloader_support/src/flash_encrypt.c

@@ -82,7 +82,7 @@ esp_flash_enc_mode_t esp_get_flash_encryption_mode(void)
     bool flash_crypt_cnt_wr_dis = false;
 #if CONFIG_IDF_TARGET_ESP32
     uint8_t dis_dl_enc = 0, dis_dl_dec = 0, dis_dl_cache = 0;
-#elif CONFIG_IDF_TARGET_ESP32S2
+#elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
     uint8_t dis_dl_enc = 0;
     uint8_t dis_dl_icache = 0;
     uint8_t dis_dl_dcache = 0;
@@ -115,7 +115,7 @@ esp_flash_enc_mode_t esp_get_flash_encryption_mode(void)
             if ( dis_dl_cache && dis_dl_enc && dis_dl_dec ) {
                 mode = ESP_FLASH_ENC_MODE_RELEASE;
             }
-#elif CONFIG_IDF_TARGET_ESP32S2
+#elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
             dis_dl_enc = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
             dis_dl_icache = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
             dis_dl_dcache = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE);
@@ -163,11 +163,11 @@ void esp_flash_encryption_set_release_mode(void)
     esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_CACHE);
     esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT);
     esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT);
-#elif CONFIG_IDF_TARGET_ESP32S2
+#elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE);
-#elif CONFIG_IDF_TARGET_ESP32C3
+#elif CONFIG_IDF_TARGET_ESP32C3 || CONFIG_IDF_TARGET_ESP32H2
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
 #else

components/soc/esp32s3/include/soc/hwcrypto_reg.h

@@ -116,15 +116,16 @@
 #define HMAC_ONE_BLOCK_REG             ((DR_REG_HMAC_BASE) + 0xF4)
 
 /* AES-XTS registers */
-#define AES_XTS_PLAIN_BASE        ((DR_REG_AES_BASE) + 0x100)
-#define AES_XTS_SIZE_REG          ((DR_REG_AES_BASE) + 0x140)
-#define AES_XTS_DESTINATION_REG   ((DR_REG_AES_BASE) + 0x144)
-#define AES_XTS_PHYSICAL_ADDR_REG ((DR_REG_AES_BASE) + 0x148)
+#define AES_XTS_PLAIN_BASE        ((DR_REG_EXT_MEM_ENC) + 0x00)
+#define AES_XTS_SIZE_REG          ((DR_REG_EXT_MEM_ENC) + 0x40)
+#define AES_XTS_DESTINATION_REG   ((DR_REG_EXT_MEM_ENC) + 0x44)
+#define AES_XTS_PHYSICAL_ADDR_REG ((DR_REG_EXT_MEM_ENC) + 0x48)
 
-#define AES_XTS_TRIGGER_REG       ((DR_REG_AES_BASE) + 0x14C)
-#define AES_XTS_RELEASE_REG       ((DR_REG_AES_BASE) + 0x150)
-#define AES_XTS_DESTROY_REG       ((DR_REG_AES_BASE) + 0x154)
-#define AES_XTS_STATE_REG         ((DR_REG_AES_BASE) + 0x158)
+#define AES_XTS_TRIGGER_REG       ((DR_REG_EXT_MEM_ENC) + 0x4C)
+#define AES_XTS_RELEASE_REG       ((DR_REG_EXT_MEM_ENC) + 0x50)
+#define AES_XTS_DESTROY_REG       ((DR_REG_EXT_MEM_ENC) + 0x54)
+#define AES_XTS_STATE_REG         ((DR_REG_EXT_MEM_ENC) + 0x58)
+#define AES_XTS_DATE_REG          ((DR_REG_EXT_MEM_ENC) + 0x5C)
 
 /* Digital Signature registers*/
 #define DS_C_BASE                 ((DR_REG_DIGITAL_SIGNATURE_BASE) + 0x000 )