diff --git a/components/esp_system/port/soc/esp32c5/system_internal.c b/components/esp_system/port/soc/esp32c5/system_internal.c index 76d7037d8c..30da4e38fe 100644 --- a/components/esp_system/port/soc/esp32c5/system_internal.c +++ b/components/esp_system/port/soc/esp32c5/system_internal.c @@ -64,19 +64,23 @@ void IRAM_ATTR esp_system_reset_modules_on_exit(void) // Reset crypto peripherals. This ensures a clean state for the crypto peripherals after a CPU restart // and hence avoiding any possibility with crypto failure in ROM security workflows. + // We also avoid resetting all the crypto peripherals at once because it would create a period when + // all the peripherals are reset at the same time, which triggers a hardware SEC reset. The SEC reset + // causes the crypto -> APB path to be reset, but the APB -> crypto path is not reset. This asymmetry + // results in the crypto module hanging and refusing all access. SET_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN); - SET_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN); - SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN); - SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN); - SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN); - SET_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN); - SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN); CLEAR_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN); + SET_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN); CLEAR_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN); + SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN); CLEAR_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN); + SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN); CLEAR_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN); + SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN); CLEAR_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN); + SET_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN); CLEAR_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN); + SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN); CLEAR_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN); } diff --git a/components/esp_system/port/soc/esp32c61/system_internal.c b/components/esp_system/port/soc/esp32c61/system_internal.c index dac6f93816..b82a8b9f5a 100644 --- a/components/esp_system/port/soc/esp32c61/system_internal.c +++ b/components/esp_system/port/soc/esp32c61/system_internal.c @@ -64,19 +64,23 @@ void IRAM_ATTR esp_system_reset_modules_on_exit(void) // Reset crypto peripherals. This ensures a clean state for the crypto peripherals after a CPU restart // and hence avoiding any possibility with crypto failure in ROM security workflows. + // We also avoid resetting all the crypto peripherals at once because it would create a period when + // all the peripherals are reset at the same time, which triggers a hardware SEC reset. The SEC reset + // causes the crypto -> APB path to be reset, but the APB -> crypto path is not reset. This asymmetry + // results in the crypto module hanging and refusing all access. SET_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN); - SET_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN); - SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN); - SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN); - SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN); - SET_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN); - SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN); CLEAR_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN); + SET_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN); CLEAR_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN); + SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN); CLEAR_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN); + SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN); CLEAR_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN); + SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN); CLEAR_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN); + SET_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN); CLEAR_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN); + SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN); CLEAR_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN); } diff --git a/components/esp_system/port/soc/esp32h21/system_internal.c b/components/esp_system/port/soc/esp32h21/system_internal.c index cc9598dcb2..a57c7edb63 100644 --- a/components/esp_system/port/soc/esp32h21/system_internal.c +++ b/components/esp_system/port/soc/esp32h21/system_internal.c @@ -59,19 +59,23 @@ void IRAM_ATTR esp_system_reset_modules_on_exit(void) // Reset crypto peripherals. This ensures a clean state for the crypto peripherals after a CPU restart // and hence avoiding any possibility with crypto failure in ROM security workflows. + // We also avoid resetting all the crypto peripherals at once because it would create a period when + // all the peripherals are reset at the same time, which triggers a hardware SEC reset. The SEC reset + // causes the crypto -> APB path to be reset, but the APB -> crypto path is not reset. This asymmetry + // results in the crypto module hanging and refusing all access. SET_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN); - SET_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN); - SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN); - SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN); - SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN); - SET_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN); - SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN); CLEAR_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN); + SET_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN); CLEAR_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN); + SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN); CLEAR_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN); + SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN); CLEAR_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN); + SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN); CLEAR_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN); + SET_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN); CLEAR_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN); + SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN); CLEAR_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN); } diff --git a/components/esp_system/port/soc/esp32h4/system_internal.c b/components/esp_system/port/soc/esp32h4/system_internal.c index 38f8ff7825..3fdf0cc9e8 100644 --- a/components/esp_system/port/soc/esp32h4/system_internal.c +++ b/components/esp_system/port/soc/esp32h4/system_internal.c @@ -55,15 +55,19 @@ void IRAM_ATTR esp_system_reset_modules_on_exit(void) // Reset crypto peripherals. This ensures a clean state for the crypto peripherals after a CPU restart // and hence avoiding any possibility with crypto failure in ROM security workflows. + // We also avoid resetting all the crypto peripherals at once because it would create a period when + // all the peripherals are reset at the same time, which triggers a hardware SEC reset. The SEC reset + // causes the crypto -> APB path to be reset, but the APB -> crypto path is not reset. This asymmetry + // results in the crypto module hanging and refusing all access. SET_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN); - SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN); - SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN); - SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN); - SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN); CLEAR_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN); + SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN); CLEAR_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN); + SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN); CLEAR_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN); + SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN); CLEAR_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN); + SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN); CLEAR_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN); }