From ad059d385b622c690f6593be009c4f1cea60a4c2 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Thu, 4 Sep 2025 18:01:16 +0530 Subject: [PATCH] fix(security): add anti-FI checks while setting up PSRAM encryption --- .../include/esp_fault.h | 0 components/hal/esp32c5/include/hal/mmu_ll.h | 12 +++++++++++- components/hal/esp32c61/include/hal/mmu_ll.h | 12 +++++++++++- components/hal/esp32p4/include/hal/mmu_ll.h | 10 ++++++++++ docs/en/migration-guides/release-6.x/6.0/system.rst | 2 ++ .../migration-guides/release-6.x/6.0/system.rst | 2 ++ 6 files changed, 36 insertions(+), 2 deletions(-) rename components/{esp_hw_support => esp_common}/include/esp_fault.h (100%) diff --git a/components/esp_hw_support/include/esp_fault.h b/components/esp_common/include/esp_fault.h similarity index 100% rename from components/esp_hw_support/include/esp_fault.h rename to components/esp_common/include/esp_fault.h diff --git a/components/hal/esp32c5/include/hal/mmu_ll.h b/components/hal/esp32c5/include/hal/mmu_ll.h index 682d1b500b..5dcc6e5fd1 100644 --- a/components/hal/esp32c5/include/hal/mmu_ll.h +++ b/components/hal/esp32c5/include/hal/mmu_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -15,6 +15,7 @@ #include "soc/soc_caps.h" #include "hal/assert.h" #include "hal/mmu_types.h" +#include "esp_fault.h" #if SOC_EFUSE_SUPPORTED #include "hal/efuse_ll.h" #include "hal/efuse_hal.h" @@ -225,6 +226,15 @@ __attribute__((always_inline)) static inline void mmu_ll_write_entry(uint32_t mm mmu_raw_value = mmu_val | SOC_MMU_VALID; REG_WRITE(SPI_MEM_MMU_ITEM_INDEX_REG(0), entry_id); REG_WRITE(SPI_MEM_MMU_ITEM_CONTENT_REG(0), mmu_raw_value); + + // Anti-FI check to confirm the encryption status for PSRAM entry. + // This avoids a potential FI attacks to keep PSRAM unencrypted and + // hence read out plaintext in execute from PSRAM model. + if (mmu_ll_cache_encryption_enabled() && target == MMU_TARGET_PSRAM0 && efuse_hal_chip_revision() > 100) { + ESP_FAULT_ASSERT(REG_READ(SPI_MEM_MMU_ITEM_CONTENT_REG(0)) & SOC_MMU_SENSITIVE); + } else { + ESP_FAULT_ASSERT(!(mmu_ll_cache_encryption_enabled() && mmu_id == MMU_LL_PSRAM_MMU_ID && efuse_hal_chip_revision() > 100)); + } } /** diff --git a/components/hal/esp32c61/include/hal/mmu_ll.h b/components/hal/esp32c61/include/hal/mmu_ll.h index 198aa7ddf9..1e9da4aba8 100644 --- a/components/hal/esp32c61/include/hal/mmu_ll.h +++ b/components/hal/esp32c61/include/hal/mmu_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -14,6 +14,7 @@ #include "hal/mmu_types.h" #include "hal/efuse_ll.h" #include "hal/efuse_hal.h" +#include "esp_fault.h" // TODO: [ESP32C61] IDF-9265, inherit from c6 @@ -227,6 +228,15 @@ __attribute__((always_inline)) static inline void mmu_ll_write_entry(uint32_t mm mmu_raw_value = mmu_val | SOC_MMU_VALID; REG_WRITE(SPI_MEM_MMU_ITEM_INDEX_REG(0), entry_id); REG_WRITE(SPI_MEM_MMU_ITEM_CONTENT_REG(0), mmu_raw_value); + + // Anti-FI check to confirm the encryption status for PSRAM entry. + // This avoids a potential FI attacks to keep PSRAM unencrypted and + // hence read out plaintext in execute from PSRAM model. + if (mmu_ll_cache_encryption_enabled() && target == MMU_TARGET_PSRAM0 && efuse_hal_chip_revision() > 100) { + ESP_FAULT_ASSERT(REG_READ(SPI_MEM_MMU_ITEM_CONTENT_REG(0)) & SOC_MMU_SENSITIVE); + } else { + ESP_FAULT_ASSERT(!(mmu_ll_cache_encryption_enabled() && mmu_id == MMU_LL_PSRAM_MMU_ID && efuse_hal_chip_revision() > 100)); + } } /** diff --git a/components/hal/esp32p4/include/hal/mmu_ll.h b/components/hal/esp32p4/include/hal/mmu_ll.h index ce47295354..7120c30964 100644 --- a/components/hal/esp32p4/include/hal/mmu_ll.h +++ b/components/hal/esp32p4/include/hal/mmu_ll.h @@ -14,6 +14,7 @@ #include "hal/assert.h" #include "hal/mmu_types.h" #include "hal/efuse_ll.h" +#include "esp_fault.h" #ifdef __cplusplus @@ -289,6 +290,15 @@ __attribute__((always_inline)) static inline void mmu_ll_write_entry(uint32_t mm REG_WRITE(index_reg, entry_id); REG_WRITE(content_reg, mmu_val); + + // Anti-FI check to confirm the encryption status for PSRAM entry. + // This avoids a potential FI attacks to keep PSRAM unencrypted and + // hence read out plaintext in execute from PSRAM model. + if (mmu_ll_cache_encryption_enabled() && mmu_id == MMU_LL_PSRAM_MMU_ID) { + ESP_FAULT_ASSERT(REG_READ(content_reg) & SOC_MMU_PSRAM_SENSITIVE); + } else { + ESP_FAULT_ASSERT(!(mmu_ll_cache_encryption_enabled() && mmu_id == MMU_LL_PSRAM_MMU_ID)); + } } /** diff --git a/docs/en/migration-guides/release-6.x/6.0/system.rst b/docs/en/migration-guides/release-6.x/6.0/system.rst index e0a4985819..30fdf6d0bc 100644 --- a/docs/en/migration-guides/release-6.x/6.0/system.rst +++ b/docs/en/migration-guides/release-6.x/6.0/system.rst @@ -60,6 +60,8 @@ The deprecated ``intr_types.h`` header file has been removed. Please include the The deprecated ``esp_private/interrupt_deprecated.h`` header file, previously accessible through ``riscv/interrupt.h`` header, has been removed. The deprecated functions are no longer available; please use the non-deprecated versions instead. +The ``esp_fault.h`` header file has been moved from the ``esp_hw_support`` component to the ``esp_common`` component. If your application encounters build errors after this change, add ``esp_common`` to your component's ``REQUIRES`` or ``PRIV_REQUIRES`` list in ``CMakeLists.txt``. + ROM Headers ----------- diff --git a/docs/zh_CN/migration-guides/release-6.x/6.0/system.rst b/docs/zh_CN/migration-guides/release-6.x/6.0/system.rst index 35dc382025..b8fbc5c79f 100644 --- a/docs/zh_CN/migration-guides/release-6.x/6.0/system.rst +++ b/docs/zh_CN/migration-guides/release-6.x/6.0/system.rst @@ -60,6 +60,8 @@ Xtensa 特殊寄存器头文件已更新,使用新的命名约定。旧的 ``s 已弃用的头文件 ``esp_private/interrupt_deprecated.h`` (此前通过 ``riscv/interrupt.h`` 头文件提供)已被移除。相关已弃用的函数不再可用,请改用非弃用版本。 +头文件 ``esp_fault.h`` 已从 ``esp_hw_support`` 组件移动到 ``esp_common`` 组件。如果应用程序在此更改后遇到构建错误,请在 ``CMakeLists.txt`` 中将 ``esp_common`` 添加到组件的 ``REQUIRES`` 或 ``PRIV_REQUIRES`` 列表中。 + ROM 头文件 -----------