Merge branch 'feature/enable_support_for_deterministic_mode_and_ecdsa_192_v5.4' into 'release/v5.4'

enable support for deterministic mode and ecdsa 192 in ESP32H2 (v5.4)

See merge request espressif/esp-idf!39541

components/bootloader_support/src/esp32h2/secure_boot_secure_features.c

@@ -1,10 +1,11 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
 
 #include <strings.h>
+#include "hal/ecdsa_ll.h"
 #include "esp_flash_encrypt.h"
 #include "esp_secure_boot.h"
 #include "esp_efuse.h"
@@ -36,6 +37,12 @@ esp_err_t esp_secure_boot_enable_secure_features(void)
     ESP_LOGW(TAG, "UART ROM Download mode kept enabled - SECURITY COMPROMISED");
 #endif
 
+#ifdef SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+    if (ecdsa_ll_is_configurable_curve_supported()) {
+        esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE);
+    }
+#endif
+
 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG
     ESP_LOGI(TAG, "Disable hardware & software JTAG...");
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_PAD_JTAG);

components/bootloader_support/src/secure_boot.c

@@ -12,6 +12,10 @@
 #include "esp_secure_boot.h"
 #include "hal/efuse_hal.h"
 
+#ifdef SOC_ECDSA_SUPPORTED
+#include "hal/ecdsa_ll.h"
+#endif
+
 #ifndef BOOTLOADER_BUILD
 static __attribute__((unused)) const char *TAG = "secure_boot";
 
@@ -340,6 +344,23 @@ bool esp_secure_boot_cfg_verify_release_mode(void)
 #endif
     }
 
+#ifdef SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+    if (ecdsa_ll_is_configurable_curve_supported()) {
+        secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE);
+        if (!secure) {
+            uint8_t current_curve;
+            esp_err_t err = esp_efuse_read_field_blob(ESP_EFUSE_ECDSA_CURVE_MODE, &current_curve, ESP_EFUSE_ECDSA_CURVE_MODE[0]->bit_count);
+            if (err == ESP_OK) {
+                if (current_curve != ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P256_BIT_LOCKED) {
+                    // If not P256 mode
+                    result &= secure;
+                    ESP_LOGW(TAG, "Not write disabled ECDSA curve mode (set WR_DIS_ECDSA_CURVE_MODE->1)");
+                }
+            }
+        }
+    }
+#endif
+
 #ifdef CONFIG_SECURE_BOOT_ENABLE_AGGRESSIVE_KEY_REVOKE
     secure = esp_efuse_read_field_bit(ESP_EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE);
     result &= secure;

components/efuse/include/esp_efuse.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2017-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2017-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -159,7 +159,7 @@ esp_err_t esp_efuse_write_field_cnt(const esp_efuse_desc_t* field[], size_t cnt)
  *
  * @return
  * - ESP_OK: The operation was successfully completed, or the bit was already set to value 1.
- * - ESP_ERR_INVALID_ARG: Error in the passed arugments, including if the efuse field is not 1 bit wide.
+ * - ESP_ERR_INVALID_ARG: Error in the passed arguments, including if the efuse field is not 1 bit wide.
  */
 esp_err_t esp_efuse_write_field_bit(const esp_efuse_desc_t* field[]);
 
@@ -468,7 +468,7 @@ esp_err_t esp_efuse_batch_write_begin(void);
  *
  * @return
  *          - ESP_OK: Successful.
- *          - ESP_ERR_INVALID_STATE: Tha batch mode was not set.
+ *          - ESP_ERR_INVALID_STATE: The batch mode was not set.
  */
 esp_err_t esp_efuse_batch_write_cancel(void);
 
@@ -806,6 +806,45 @@ esp_err_t esp_efuse_check_errors(void);
  */
 esp_err_t esp_efuse_destroy_block(esp_efuse_block_t block);
 
+#if SOC_ECDSA_SUPPORTED
+/**
+ * @brief Checks if 192-bit ECDSA curve operations are supported.
+ *
+ * This function checks if the current eFuse configuration supports 192-bit ECDSA curve operations.
+*/
+bool esp_efuse_is_ecdsa_p192_curve_supported(void);
+
+/**
+ * @brief Checks if 256-bit ECDSA curve operations are supported.
+ *
+ * This function checks if the current eFuse configuration supports 256-bit ECDSA curve operations.
+*/
+bool esp_efuse_is_ecdsa_p256_curve_supported(void);
+#endif /* SOC_ECDSA_SUPPORTED*/
+
+#if SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+typedef enum {
+    ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P256_BIT = 0,
+    ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P192_BIT = 1,
+    ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_BOTH_P192_P256_BIT = 2,
+    ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P256_BIT_LOCKED = 3,
+} esp_efuse_ecdsa_curve_mode_t;
+
+/**
+ * @brief Enables 192-bit ECDSA curve operations by setting the appropriate eFuse value.
+ *
+ * This function enables support for 192-bit ECDSA curve operations by configuring the
+ * ECDSA curve mode eFuse. It checks the current curve mode and attempts to set it to
+ * allow both P192 and P256 operations if not already set.
+ *
+ * @return
+ *    - ESP_OK: Successfully enabled 192-bit ECDSA operations or already enabled
+ *    - ESP_FAIL: Failed to enable operations due to write protection
+ *    - Other error codes: Failed to read/write eFuse
+ */
+esp_err_t esp_efuse_enable_ecdsa_p192_curve_mode(void);
+#endif
+
 #ifdef __cplusplus
 }
 #endif

components/efuse/src/esp_efuse_fields.c

@@ -16,6 +16,13 @@
 #include "esp_log.h"
 #include "soc/efuse_periph.h"
 #include "sys/param.h"
+#include "soc/soc_caps.h"
+#include "hal/efuse_ll.h"
+#include "hal/efuse_hal.h"
+
+#ifdef SOC_ECDSA_SUPPORTED
+#include "hal/ecdsa_ll.h"
+#endif /* SOC_ECDSA_SUPPORTED */
 
 static __attribute__((unused)) const char *TAG = "efuse";
 
@@ -81,3 +88,66 @@ esp_err_t esp_efuse_update_secure_version(uint32_t secure_version)
     }
     return ESP_OK;
 }
+
+#if SOC_ECDSA_SUPPORTED
+bool esp_efuse_is_ecdsa_p192_curve_supported(void)
+{
+#if SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+    if (ecdsa_ll_is_configurable_curve_supported()) {
+        uint32_t current_curve = efuse_hal_get_ecdsa_curve_mode();
+        return (current_curve == ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_BOTH_P192_P256_BIT || current_curve == ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P192_BIT);
+    } else {
+        return true;
+    }
+#else
+    return true;
+#endif /* SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED */
+}
+
+bool esp_efuse_is_ecdsa_p256_curve_supported(void)
+{
+#if SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+    if (ecdsa_ll_is_configurable_curve_supported()) {
+        uint32_t current_curve = efuse_hal_get_ecdsa_curve_mode();
+        return (current_curve != ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P192_BIT);
+    } else {
+        return true;
+    }
+#else
+    return true;
+#endif /* SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED */
+}
+#endif /* SOC_ECDSA_SUPPORTED */
+
+#if SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+esp_err_t esp_efuse_enable_ecdsa_p192_curve_mode(void)
+{
+
+    if (ecdsa_ll_is_configurable_curve_supported()) {
+        esp_err_t err;
+        uint8_t current_curve, next_curve;
+
+        current_curve = efuse_hal_get_ecdsa_curve_mode();
+        // Check if already in desired state
+        if (current_curve == ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_BOTH_P192_P256_BIT || current_curve == ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P192_BIT) {
+            ESP_EARLY_LOGD(TAG, "ECDSA P-192 curve mode is already enabled");
+            return ESP_OK;
+        }
+
+        // Check if write is disabled or already locked to P256
+        if (esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE) || current_curve == ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P256_BIT_LOCKED) {
+            ESP_EARLY_LOGE(TAG, "ECDSA curve mode is locked, cannot enable P-192 curve");
+            return ESP_FAIL;
+        }
+
+        // Attempt to write new curve mode
+        next_curve = ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_BOTH_P192_P256_BIT;
+        err = esp_efuse_write_field_blob(ESP_EFUSE_ECDSA_CURVE_MODE, &next_curve, ESP_EFUSE_ECDSA_CURVE_MODE[0]->bit_count);
+        if (err != ESP_OK) {
+            ESP_EARLY_LOGE(TAG, "Failed to enable ECDSA P-192 curve %d", err);
+            return err;
+        }
+    }
+    return ESP_OK;
+}
+#endif /* SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED */

components/esp_security/Kconfig

@@ -50,4 +50,12 @@ menu "ESP Security Specific"
             the cases when trusted boot is not enabled and the attacker tries carrying out non-constant
             time point multiplication operations by changing the default ESP-IDF configurations.
             Performing constant time operations protect the ECC multiplication operations from timing attacks.
+
+    config ESP_ECDSA_ENABLE_P192_CURVE
+        bool "Enable ECDSA 192-curve operations"
+        depends on SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+        default N
+        help
+            By default, only the 256-bit curve operations are allowed. If this configuration is enabled,
+            it will set the eFuse to allow ECDSA operations using both the 192-bit and 256-bit curves.
 endmenu

components/esp_security/src/init.c

@@ -58,6 +58,15 @@ ESP_SYSTEM_INIT_FN(esp_security_init, SECONDARY, BIT(0), 103)
         }
     }
 #endif
+
+#if CONFIG_ESP_ECDSA_ENABLE_P192_CURVE
+    esp_err_t err;
+    err = esp_efuse_enable_ecdsa_p192_curve_mode();
+    if (err != ESP_OK) {
+        return err;
+    }
+#endif
+
     return ESP_OK;
 }
 

components/hal/ecdsa_hal.c

@@ -47,10 +47,13 @@ static void configure_ecdsa_periph(ecdsa_hal_config_t *conf)
     }
 
 #if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
-    ecdsa_ll_set_k_type(conf->sign_type);
+    if (ecdsa_ll_is_deterministic_mode_supported()) {
-
+        ecdsa_ll_set_k_type(conf->sign_type);
-    if (conf->sign_type == ECDSA_K_TYPE_DETERMINISITIC) {
+#if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
-        ecdsa_ll_set_deterministic_loop(conf->loop_number);
+        if (conf->sign_type == ECDSA_K_TYPE_DETERMINISITIC) {
+            ecdsa_ll_set_deterministic_loop(conf->loop_number);
+        }
+#endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */
     }
 #endif
 }
@@ -224,11 +227,11 @@ void ecdsa_hal_export_pubkey(ecdsa_hal_config_t *conf, uint8_t *pub_x, uint8_t *
 }
 #endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */
 
-#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
+#if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
 
 bool ecdsa_hal_det_signature_k_check(void)
 {
     return (ecdsa_ll_check_k_value() == 0);
 }
 
-#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
+#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */

components/hal/esp32c5/include/hal/ecdsa_ll.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -415,17 +415,6 @@ static inline int ecdsa_ll_get_operation_result(void)
     return REG_GET_BIT(ECDSA_RESULT_REG, ECDSA_OPERATION_RESULT);
 }
 
-/**
- * @brief Check if the k value is greater than the curve order.
- *
- * @return 0, k value is not greater than the curve order. In this case, the k value is the set k value.
- * @return 1, k value is greater than than the curve order. In this case, the k value is the set (k mod n).
- */
-static inline int ecdsa_ll_check_k_value(void)
-{
-    return REG_GET_BIT(ECDSA_RESULT_REG, ECDSA_K_VALUE_WARNING);
-}
-
 #ifdef __cplusplus
 }
 #endif

components/hal/esp32h2/efuse_hal.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -7,6 +7,7 @@
 #include <sys/param.h>
 #include "sdkconfig.h"
 #include "soc/soc_caps.h"
+#include "soc/chip_revision.h"
 #include "hal/assert.h"
 #include "hal/efuse_hal.h"
 #include "hal/efuse_ll.h"
@@ -79,6 +80,16 @@ void efuse_hal_rs_calculate(const void *data, void *rs_values)
     ets_efuse_rs_calculate(data, rs_values);
 }
 
+uint32_t efuse_hal_get_ecdsa_curve_mode(void)
+{
+     if (ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) {
+        return efuse_ll_get_ecdsa_curve_mode();
+    } else {
+        // Curve mode is not configurable for previous versions
+        return 0;
+    }
+}
+
 /******************* eFuse control functions *************************/
 
 bool efuse_hal_is_coding_error_in_block(unsigned block)

components/hal/esp32h2/include/hal/ecdsa_ll.h

@@ -211,6 +211,26 @@ static inline void ecdsa_ll_set_z_mode(ecdsa_ll_sha_mode_t mode)
     }
 }
 
+/**
+ * @brief Set the signature generation type of ECDSA operation
+ *
+ * @param type Type of the ECDSA signature
+ */
+static inline void ecdsa_ll_set_k_type(ecdsa_sign_type_t type)
+{
+    switch (type) {
+        case ECDSA_K_TYPE_TRNG:
+            REG_CLR_BIT(ECDSA_CONF_REG, ECDSA_DETERMINISTIC_K);
+            break;
+        case ECDSA_K_TYPE_DETERMINISITIC:
+            REG_SET_BIT(ECDSA_CONF_REG, ECDSA_DETERMINISTIC_K);
+            break;
+        default:
+            HAL_ASSERT(false && "Unsupported K type");
+            break;
+    }
+}
+
 /**
  * @brief Set the stage of ECDSA operation
  *
@@ -378,6 +398,26 @@ static inline int ecdsa_ll_get_operation_result(void)
     return REG_GET_BIT(ECDSA_RESULT_REG, ECDSA_OPERATION_RESULT);
 }
 
+/**
+ * @brief Check if the ECDSA curves configuration is supported
+ * The ECDSA curves configuration is only avliable in chip version
+ * above 1.2 in ESP32-H2
+ */
+static inline bool ecdsa_ll_is_configurable_curve_supported(void)
+{
+    return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102);
+}
+
+/**
+ * @brief Check if the ECDSA deterministic mode is supported
+ * The ECDSA deterministic mode is only available in chip version
+ * above 1.2 in ESP32-H2
+ */
+static inline bool ecdsa_ll_is_deterministic_mode_supported(void)
+{
+    return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102);
+}
+
 #ifdef __cplusplus
 }
 #endif

components/hal/esp32h2/include/hal/efuse_hal.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -54,6 +54,13 @@ void efuse_hal_program(uint32_t block);
  */
 void efuse_hal_rs_calculate(const void *data, void *rs_values);
 
+/**
+ * @brief Get ECDSA curve mode
+ *
+ * @return ECDSA curve mode
+ */
+uint32_t efuse_hal_get_ecdsa_curve_mode(void);
+
 /**
  * @brief Checks coding error in a block
  *

components/hal/esp32h2/include/hal/efuse_ll.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -20,6 +20,11 @@ extern "C" {
 
 /******************* eFuse fields *************************/
 
+__attribute__((always_inline)) static inline uint32_t efuse_ll_get_ecdsa_curve_mode(void)
+{
+    return EFUSE.rd_repeat_data0.ecdsa_curve_mode;
+}
+
 __attribute__((always_inline)) static inline uint32_t efuse_ll_get_flash_crypt_cnt(void)
 {
     return EFUSE.rd_repeat_data1.spi_boot_crypt_cnt;

components/hal/esp32p4/include/hal/ecdsa_ll.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -432,6 +432,14 @@ static inline int ecdsa_ll_check_k_value(void)
     return REG_GET_BIT(ECDSA_RESULT_REG, ECDSA_K_VALUE_WARNING);
 }
 
+/**
+ * @brief Check if the ECDSA deterministic mode is supported
+ */
+static inline bool ecdsa_ll_is_deterministic_mode_supported(void)
+{
+    return true;
+}
+
 #ifdef __cplusplus
 }
 #endif

components/hal/test_apps/crypto/main/Kconfig.projbuild

@@ -22,7 +22,7 @@ menu "Test App Configuration"
             Enabling this option includes HMAC Peripheral related test cases in the build for supported targets.
 
     config CRYPTO_TEST_APP_ENABLE_ECDSA_TESTS
-        depends on !CRYPTO_TEST_APP_ENABLE_HMAC_TESTS
+        depends on SOC_ECDSA_SUPPORTED && !CRYPTO_TEST_APP_ENABLE_HMAC_TESTS
         bool "Enable ECDSA Peripheral test cases"
         default n
         help

components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: CC0-1.0
  */
@@ -12,6 +12,8 @@
 #include "esp_efuse_chip.h"
 #include "esp_private/esp_crypto_lock_internal.h"
 #include "esp_random.h"
+#include "esp_log.h"
+#include "esp_efuse.h"
 #include "hal/ecc_ll.h"
 #include "hal/ecdsa_hal.h"
 #include "hal/ecdsa_ll.h"
@@ -27,6 +29,8 @@
 #include "ecdsa_params.h"
 #include "hal_crypto_common.h"
 
+__attribute__((unused)) static const char * TAG = "crypto_test";
+
 static void ecdsa_enable_and_reset(void)
 {
     ECDSA_RCC_ATOMIC() {
@@ -147,9 +151,9 @@ void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, b
     uint8_t zeroes[32] = {0};
     uint16_t len;
 
-#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
+#if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
     uint16_t det_loop_number = 1;
-#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
+#endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */
 
     ecdsa_hal_config_t conf = {
         .mode = ECDSA_MODE_SIGN_GEN,
@@ -180,11 +184,11 @@ void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, b
     bool process_again = false;
 
     do {
-#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
+#if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
-        if (k_type == ECDSA_K_TYPE_DETERMINISITIC) {
+        if (ecdsa_ll_is_deterministic_mode_supported() && k_type == ECDSA_K_TYPE_DETERMINISITIC) {
             conf.loop_number = det_loop_number++;
         }
-#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
+#endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */
 
         ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len);
 
@@ -192,8 +196,8 @@ void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, b
                         || !memcmp(r_le, zeroes, len)
                         || !memcmp(s_le, zeroes, len);
 
-#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
+#if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
-        if (k_type == ECDSA_K_TYPE_DETERMINISITIC) {
+        if (ecdsa_ll_is_deterministic_mode_supported() && k_type == ECDSA_K_TYPE_DETERMINISITIC) {
             process_again |= !ecdsa_hal_det_signature_k_check();
         }
 #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
@@ -282,17 +286,29 @@ TEST_TEAR_DOWN(ecdsa)
 
 TEST(ecdsa, ecdsa_SECP192R1_signature_verification)
 {
-    TEST_ASSERT_EQUAL(0, test_ecdsa_verify(0, sha, ecdsa192_r, ecdsa192_s, ecdsa192_pub_x, ecdsa192_pub_y));
+    if (!esp_efuse_is_ecdsa_p192_curve_supported()) {
+        ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled.");
+    } else {
+        TEST_ASSERT_EQUAL(0, test_ecdsa_verify(0, sha, ecdsa192_r, ecdsa192_s, ecdsa192_pub_x, ecdsa192_pub_y));
+    }
 }
 
 TEST(ecdsa, ecdsa_SECP192R1_sign_and_verify)
 {
-    test_ecdsa_sign_and_verify(0, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, ECDSA_K_TYPE_TRNG);
+    if (!esp_efuse_is_ecdsa_p192_curve_supported()) {
+        ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled.");
+    } else {
+        test_ecdsa_sign_and_verify(0, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, ECDSA_K_TYPE_TRNG);
+    }
 }
 
 TEST(ecdsa, ecdsa_SECP192R1_corrupt_signature)
 {
-    test_ecdsa_corrupt_data(0, sha, ecdsa192_r, ecdsa192_s, ecdsa192_pub_x, ecdsa192_pub_y);
+    if (!esp_efuse_is_ecdsa_p192_curve_supported()) {
+        ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled.");
+    } else {
+        test_ecdsa_corrupt_data(0, sha, ecdsa192_r, ecdsa192_s, ecdsa192_pub_x, ecdsa192_pub_y);
+    }
 }
 
 TEST(ecdsa, ecdsa_SECP256R1_signature_verification)
@@ -313,19 +329,33 @@ TEST(ecdsa, ecdsa_SECP256R1_corrupt_signature)
 #ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
 TEST(ecdsa, ecdsa_SECP192R1_det_sign_and_verify)
 {
-    test_ecdsa_sign_and_verify(0, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC);
+    if (!ecdsa_ll_is_deterministic_mode_supported()) {
+        ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported.");
+    } else if (!esp_efuse_is_ecdsa_p192_curve_supported()) {
+        ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled.");
+    } else {
+        test_ecdsa_sign_and_verify(0, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC);
+    }
 }
 
 TEST(ecdsa, ecdsa_SECP256R1_det_sign_and_verify)
 {
-    test_ecdsa_sign_and_verify(1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC);
+    if (!ecdsa_ll_is_deterministic_mode_supported()) {
+        ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported.");
+    } else {
+        test_ecdsa_sign_and_verify(1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC);
+    }
 }
 #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
 
 #ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
 TEST(ecdsa, ecdsa_SECP192R1_export_pubkey)
 {
-    test_ecdsa_export_pubkey(0, ecdsa192_pub_x, ecdsa192_pub_y, 0);
+    if (!esp_efuse_is_ecdsa_p192_curve_supported()) {
+        ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled.");
+    } else {
+        test_ecdsa_export_pubkey(0, ecdsa192_pub_x, ecdsa192_pub_y, 0);
+    }
 }
 
 TEST(ecdsa, ecdsa_SECP256R1_export_pubkey)

components/mbedtls/port/ecdsa/ecdsa_alt.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -337,9 +337,9 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
 
     bool process_again = false;
 
-#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
+#if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
-    uint16_t deterministic_loop_number = 1;
+    uint16_t deterministic_loop_number __attribute__((unused)) = 1;
-#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
+#endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */
 
     do {
         ecdsa_hal_config_t conf = {
@@ -347,10 +347,12 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
             .curve = curve,
             .sha_mode = ECDSA_Z_USER_PROVIDED,
             .sign_type = k_type,
-#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
-            .loop_number = deterministic_loop_number++,
-#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
         };
+#if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
+        if (ecdsa_ll_is_deterministic_mode_supported()) {
+            conf.loop_number = deterministic_loop_number++;
+        }
+#endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */
 
         if (use_km_key) {
             conf.use_km_key = 1;
@@ -375,8 +377,8 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
                         || !memcmp(r_le, zeroes, len)
                         || !memcmp(s_le, zeroes, len);
 
-#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
+#if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
-        if (k_type == ECDSA_K_TYPE_DETERMINISITIC) {
+        if (ecdsa_ll_is_deterministic_mode_supported() && k_type == ECDSA_K_TYPE_DETERMINISITIC) {
             process_again |= !ecdsa_hal_det_signature_k_check();
         }
 #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
@@ -472,12 +474,18 @@ int __wrap_mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r,
     /*
      * Check `d` whether it contains the hardware key
      */
+#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
     if (d->MBEDTLS_PRIVATE(s) == ECDSA_KEY_MAGIC) {
-        // Use hardware ECDSA peripheral
+        if (ecdsa_ll_is_deterministic_mode_supported()) {
-        return esp_ecdsa_sign(grp, r, s, d, buf, blen, ECDSA_K_TYPE_DETERMINISITIC);
+            // Use hardware ECDSA peripheral
-    } else  {
+            return esp_ecdsa_sign(grp, r, s, d, buf, blen, ECDSA_K_TYPE_DETERMINISITIC);
-        return __real_mbedtls_ecdsa_sign_det_ext(grp, r, s, d, buf, blen, md_alg, f_rng_blind, p_rng_blind);
+        } else {
+            return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+        }
     }
+#endif
+    // Fallback to software implementation
+    return __real_mbedtls_ecdsa_sign_det_ext(grp, r, s, d, buf, blen, md_alg, f_rng_blind, p_rng_blind);
 }
 
 extern int __real_mbedtls_ecdsa_sign_det_restartable(mbedtls_ecp_group *grp,
@@ -507,12 +515,18 @@ int __wrap_mbedtls_ecdsa_sign_det_restartable(mbedtls_ecp_group *grp,
     /*
      * Check `d` whether it contains the hardware key
      */
+#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
     if (d->MBEDTLS_PRIVATE(s) == ECDSA_KEY_MAGIC) {
-        // Use hardware ECDSA peripheral
+        if (ecdsa_ll_is_deterministic_mode_supported()) {
-        return esp_ecdsa_sign(grp, r, s, d, buf, blen, ECDSA_K_TYPE_DETERMINISITIC);
+            // Use hardware ECDSA peripheral
-    } else  {
+            return esp_ecdsa_sign(grp, r, s, d, buf, blen, ECDSA_K_TYPE_DETERMINISITIC);
-        return __real_mbedtls_ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg, f_rng_blind, p_rng_blind, NULL);
+        } else {
+            return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+        }
     }
+#endif
+    // Fallback to software implementation
+    return __real_mbedtls_ecdsa_sign_det_ext(grp, r, s, d, buf, blen, md_alg, f_rng_blind, p_rng_blind);
 }
 
 #endif  /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
@@ -582,15 +596,22 @@ int __wrap_mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx,
     mbedtls_mpi_init(&r);
     mbedtls_mpi_init(&s);
 
+    ecdsa_sign_type_t k_type = ECDSA_K_TYPE_TRNG;
+#if defined(SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE) && defined(CONFIG_MBEDTLS_ECDSA_DETERMINISTIC)
+    if (ecdsa_ll_is_deterministic_mode_supported()) {
+        k_type = ECDSA_K_TYPE_DETERMINISITIC;
+    }
+#endif
+
     /*
      * Check `d` whether it contains the hardware key
      */
     if (ctx->MBEDTLS_PRIVATE(d).MBEDTLS_PRIVATE(s) == ECDSA_KEY_MAGIC) {
         // Use hardware ECDSA peripheral
 #if defined(SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE) && defined(CONFIG_MBEDTLS_ECDSA_DETERMINISTIC)
-        MBEDTLS_MPI_CHK(esp_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &r, &s, &ctx->MBEDTLS_PRIVATE(d), hash, hlen, ECDSA_K_TYPE_DETERMINISITIC));
+        MBEDTLS_MPI_CHK(esp_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &r, &s, &ctx->MBEDTLS_PRIVATE(d), hash, hlen, k_type));
 #else
-        MBEDTLS_MPI_CHK(esp_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &r, &s, &ctx->MBEDTLS_PRIVATE(d), hash, hlen, ECDSA_K_TYPE_TRNG));
+        MBEDTLS_MPI_CHK(esp_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &r, &s, &ctx->MBEDTLS_PRIVATE(d), hash, hlen, k_type));
 #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
     }
 
@@ -712,7 +733,9 @@ int __wrap_mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp,
                          const mbedtls_mpi *s,
                          mbedtls_ecdsa_restart_ctx *rs_ctx)
 {
-    if ((grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) && blen == ECDSA_SHA_LEN) {
+    if (((grp->id == MBEDTLS_ECP_DP_SECP192R1 && esp_efuse_is_ecdsa_p192_curve_supported())
+        || (grp->id == MBEDTLS_ECP_DP_SECP256R1 && esp_efuse_is_ecdsa_p256_curve_supported()))
+        && blen == ECDSA_SHA_LEN) {
         return esp_ecdsa_verify(grp, buf, blen, Q, r, s);
     } else {
         return __real_mbedtls_ecdsa_verify_restartable(grp, buf, blen, Q, r, s, rs_ctx);

components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c

@@ -26,6 +26,11 @@
 #if SOC_KEY_MANAGER_SUPPORTED
 #include "esp_key_mgr.h"
 #endif
+
+#if SOC_ECDSA_SUPPORTED
+#include "hal/ecdsa_ll.h"
+#endif
+
 #define TEST_ASSERT_MBEDTLS_OK(X) TEST_ASSERT_EQUAL_HEX32(0, -(X))
 
 #if CONFIG_NEWLIB_NANO_FORMAT
@@ -36,6 +41,8 @@
 #define NEWLIB_NANO_COMPAT_CAST(int64_t_var)  int64_t_var
 #endif
 
+__attribute__((unused)) static const char * TAG = "mbedtls_test";
+
 /*
  * All the following values are in big endian format, as required by the mbedTLS APIs
  */
@@ -267,12 +274,20 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][efuse_ke
 
 TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbedtls][efuse_key]")
 {
-    test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y, true, SECP192R1_EFUSE_BLOCK);
+    if (!ecdsa_ll_is_deterministic_mode_supported()) {
+        ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported.");
+    } else {
+        test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y, true, SECP192R1_EFUSE_BLOCK);
+    }
 }
 
 TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbedtls][efuse_key]")
 {
-    test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y, true, SECP256R1_EFUSE_BLOCK);
+    if (!ecdsa_ll_is_deterministic_mode_supported()) {
+        ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported.");
+    } else {
+        test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y, true, SECP256R1_EFUSE_BLOCK);
+    }
 }
 
 #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */

components/soc/esp32h2/include/soc/Kconfig.soc_caps.in

@@ -1303,6 +1303,18 @@ config SOC_ECDSA_USES_MPI
     bool
     default y
 
+config SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
+    bool
+    default y
+
+config SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
+    bool
+    default y
+
+config SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+    bool
+    default y
+
 config SOC_UART_NUM
     int
     default 2

components/soc/esp32h2/include/soc/soc_caps.h

@@ -523,6 +523,10 @@
 
 /*------------------------- ECDSA CAPS -------------------------*/
 #define SOC_ECDSA_USES_MPI                  (1)
+#define SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE   (1)
+#define SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP (1)
+#define SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED   (1)
+
 /*-------------------------- UART CAPS ---------------------------------------*/
 // ESP32-H2 has 2 UARTs
 #define SOC_UART_NUM                (2)

docs/en/api-reference/peripherals/ecdsa.rst

@@ -61,6 +61,18 @@ Following code snippet uses :cpp:func:`esp_efuse_write_key` to set physical key
         // writing key failed, maybe written already
     }
 
+
+.. only:: SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+
+    ECDSA Curve Configuration
+    -------------------------
+
+    The ECDSA peripheral of the {IDF_TARGET_NAME} supports both ECDSA-P192 and ECDSA-P256 operations. However, starting with {IDF_TARGET_NAME} revision 1.2, only ECDSA-P256 operations are enabled by default. You can enable ECDSA-P192 operations using the following configuration options:
+
+    - :ref:`CONFIG_ESP_ECDSA_ENABLE_P192_CURVE` enables support for ECDSA-P192 curve operations, allowing the device to perform ECDSA operations with both 192-bit and 256-bit curves. However, if ECDSA-P192 operations have already been permanently disabled during eFuse write protection, enabling this option can not re-enable ECDSA-P192 curve operations.
+
+    - :cpp:func:`esp_efuse_enable_ecdsa_p192_curve_mode()` enables ECDSA-P192 curve operations programmatically by writing the appropriate value to the eFuse, allowing both P-192 and P-256 curve operations. Note that this API will fail if the eFuse is already write-protected.
+
 .. only:: SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
 
     Deterministic Signature Generation

docs/zh_CN/api-reference/peripherals/ecdsa.rst

@@ -61,6 +61,18 @@ ECDSA 密钥可以通过 ``idf.py`` 脚本在外部编程。以下是关于编
         // writing key failed, maybe written already
     }
 
+
+.. only:: SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+
+    ECDSA 曲线配置
+    -----------------
+
+    {IDF_TARGET_NAME} 的 ECDSA 外设支持 ECDSA-P192 和 ECDSA-P256 两种曲线操作。但从 {IDF_TARGET_NAME} 版本 1.2 开始，默认仅启用 ECDSA-P256 操作。可以通过以下配置项启用 ECDSA-P192 操作：
+
+    - :ref:`CONFIG_ESP_ECDSA_ENABLE_P192_CURVE` 启用对 ECDSA-P192 曲线操作的支持，使设备可以同时执行 192 位和 256 位的 ECDSA 曲线操作。但请注意，如果 eFuse 写保护期间已永久禁用 ECDSA-P192 操作，则启用该配置项也无法重新启用该功能。
+
+    - :cpp:func:`esp_efuse_enable_ecdsa_p192_curve_mode()` 可用于以编程方式启用 ECDSA-P192 曲线操作。它会向 eFuse 写入相应值，从而使设备支持 P-192 和 P-256 曲线操作。但请注意，若对应的 eFuse 区域已被写保护，则此 API 将调用失败。
+
 .. only:: SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
 
     生成确定性签名