refactor(hal): moved ECDSA APIs from efuse to ecdsa

components/hal/ecdsa_hal.c

@@ -8,6 +8,7 @@
 #include "hal/ecdsa_ll.h"
 #include "hal/ecdsa_hal.h"
 #include "hal/efuse_hal.h"
+#include "hal/efuse_ll.h"
 #include "soc/soc_caps.h"
 
 #if HAL_CONFIG(ECDSA_GEN_SIG_CM)
@@ -26,11 +27,20 @@
 #define ECDSA_HAL_P384_COMPONENT_LEN        48
 #endif /* SOC_ECDSA_SUPPORT_CURVE_P384 */
 
+void ecdsa_hal_set_efuse_key(ecdsa_curve_t curve, int efuse_blk)
+{
+    ecdsa_ll_set_ecdsa_key_blk(curve, efuse_blk);
+
+    efuse_ll_rs_bypass_update();
+
+    efuse_hal_read();
+}
+
 static void configure_ecdsa_periph(ecdsa_hal_config_t *conf)
 {
 
     if (conf->use_km_key == 0) {
-        efuse_hal_set_ecdsa_key(conf->curve, conf->efuse_key_blk);
+        ecdsa_hal_set_efuse_key(conf->curve, conf->efuse_key_blk);
 
 #if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
         // Force Key Manager to use eFuse key for XTS-AES operation

components/hal/efuse_hal.c

@@ -58,16 +58,7 @@ IRAM_ATTR bool efuse_hal_flash_encryption_enabled(void)
     return enabled;
 }
 
-#if SOC_EFUSE_ECDSA_KEY
-void efuse_hal_set_ecdsa_key(ecdsa_curve_t curve, int efuse_blk)
-{
-    efuse_ll_set_ecdsa_key_blk(curve, efuse_blk);
 
-    efuse_ll_rs_bypass_update();
-
-    efuse_hal_read();
-}
-#endif
 
 #if SOC_RECOVERY_BOOTLOADER_SUPPORTED
 uint32_t efuse_hal_get_recovery_bootloader_address(void)

components/hal/esp32c5/include/hal/ecdsa_ll.h

@@ -10,6 +10,7 @@
 #include "hal/assert.h"
 #include "soc/ecdsa_reg.h"
 #include "soc/pcr_struct.h"
+#include "soc/efuse_periph.h"
 #include "hal/ecdsa_types.h"
 
 #ifdef __cplusplus
@@ -413,6 +414,37 @@ static inline bool ecdsa_ll_is_deterministic_mode_supported(void)
     return true;
 }
 
+/**
+ * @brief Set the ECDSA key block in eFuse
+ *
+ * @param curve    ECDSA curve type
+ * @param efuse_blk eFuse block number
+ */
+__attribute__((always_inline)) static inline void ecdsa_ll_set_ecdsa_key_blk(ecdsa_curve_t curve, int efuse_blk)
+{
+    uint8_t efuse_blk_low = 0;
+    uint8_t efuse_blk_high = 0;
+
+    switch (curve) {
+        case ECDSA_CURVE_SECP192R1:
+            EFUSE.ecdsa.cfg_ecdsa_p192_blk = efuse_blk;
+            break;
+        case ECDSA_CURVE_SECP256R1:
+            EFUSE.ecdsa.cfg_ecdsa_p256_blk = efuse_blk;
+            break;
+        case ECDSA_CURVE_SECP384R1:
+            // ECDSA-p384 uses two efuse blocks to store the key. These two blocks are stored in a single integer
+            // where the least significant 4 bits store the low key block number and the next 4 more significant bits store the high key block number.
+            HAL_ECDSA_EXTRACT_KEY_BLOCKS(efuse_blk, efuse_blk_high, efuse_blk_low);
+            EFUSE.ecdsa.cfg_ecdsa_p384_h_blk = efuse_blk_high;
+            EFUSE.ecdsa.cfg_ecdsa_p384_l_blk = efuse_blk_low;
+            break;
+        default:
+            HAL_ASSERT(false && "Unsupported curve");
+            break;
+    }
+}
+
 #ifdef __cplusplus
 }
 #endif

components/hal/esp32c5/include/hal/efuse_ll.h

@@ -13,7 +13,6 @@
 #include "soc/efuse_periph.h"
 #include "hal/assert.h"
 #include "rom/efuse.h"
-#include "hal/ecdsa_types.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -94,31 +93,6 @@ __attribute__((always_inline)) static inline uint32_t efuse_ll_get_chip_ver_pkg(
     return EFUSE.rd_mac_sys2.pkg_version;
 }
 
-__attribute__((always_inline)) static inline void efuse_ll_set_ecdsa_key_blk(ecdsa_curve_t curve, int efuse_blk)
-{
-    uint8_t efuse_blk_low = 0;
-    uint8_t efuse_blk_high = 0;
-
-    switch (curve) {
-        case ECDSA_CURVE_SECP192R1:
-            EFUSE.ecdsa.cfg_ecdsa_p192_blk = efuse_blk;
-            break;
-        case ECDSA_CURVE_SECP256R1:
-            EFUSE.ecdsa.cfg_ecdsa_p256_blk = efuse_blk;
-            break;
-        case ECDSA_CURVE_SECP384R1:
-            // ECDSA-p384 uses two efuse blocks to store the key. These two blocks are stored in a single integer
-            // where the least significant 4 bits store the low key block number and the next 4 more significant bits store the high key block number.
-            HAL_ECDSA_EXTRACT_KEY_BLOCKS(efuse_blk, efuse_blk_high, efuse_blk_low);
-            EFUSE.ecdsa.cfg_ecdsa_p384_h_blk = efuse_blk_high;
-            EFUSE.ecdsa.cfg_ecdsa_p384_l_blk = efuse_blk_low;
-            break;
-        default:
-            HAL_ASSERT(false && "Unsupported curve");
-            break;
-    }
-}
-
 __attribute__((always_inline)) static inline uint32_t efuse_ll_get_ocode(void)
 {
     return EFUSE.rd_sys_part1_data4.ocode;

components/hal/esp32c61/include/hal/ecdsa_ll.h

@@ -10,6 +10,7 @@
 #include "hal/assert.h"
 #include "soc/ecdsa_reg.h"
 #include "soc/pcr_struct.h"
+#include "soc/efuse_periph.h"
 #include "hal/ecdsa_types.h"
 
 #ifdef __cplusplus
@@ -432,6 +433,18 @@ static inline bool ecdsa_ll_is_deterministic_mode_supported(void)
     return true;
 }
 
+/**
+ * @brief Set the ECDSA key block in eFuse
+ *
+ * @param curve    ECDSA curve type
+ * @param efuse_blk eFuse block number
+ */
+__attribute__((always_inline)) static inline void ecdsa_ll_set_ecdsa_key_blk(ecdsa_curve_t curve, int efuse_blk)
+{
+    (void) curve;
+    EFUSE0.conf.cfg_ecdsa_blk = efuse_blk;
+}
+
 #ifdef __cplusplus
 }
 #endif

components/hal/esp32c61/include/hal/efuse_ll.h

@@ -13,7 +13,6 @@
 #include "soc/efuse_struct.h"
 #include "hal/assert.h"
 #include "rom/efuse.h"
-#include "hal/ecdsa_types.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -139,11 +138,6 @@ __attribute__((always_inline)) static inline uint32_t efuse_ll_get_ecdsa_key_blk
     return EFUSE0.conf.cfg_ecdsa_blk;
 }
 
-__attribute__((always_inline)) static inline void efuse_ll_set_ecdsa_key_blk(ecdsa_curve_t curve, int efuse_blk)
-{
-    (void) curve;
-    EFUSE0.conf.cfg_ecdsa_blk = efuse_blk;
-}
 
 __attribute__((always_inline)) static inline uint32_t efuse_ll_get_recovery_bootloader_sector(void)
 {

components/hal/esp32h2/include/hal/ecdsa_ll.h

@@ -11,6 +11,7 @@
 #include "soc/ecdsa_reg.h"
 #include "soc/ecdsa_struct.h"
 #include "soc/pcr_struct.h"
+#include "soc/efuse_periph.h"
 #include "hal/ecdsa_types.h"
 #include "hal/ecc_ll.h"
 
@@ -418,6 +419,18 @@ static inline bool ecdsa_ll_is_deterministic_mode_supported(void)
     return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102);
 }
 
+/**
+ * @brief Set the ECDSA key block in eFuse
+ *
+ * @param curve    ECDSA curve type
+ * @param efuse_blk eFuse block number
+ */
+__attribute__((always_inline)) static inline void ecdsa_ll_set_ecdsa_key_blk(ecdsa_curve_t curve, int efuse_blk)
+{
+    (void) curve;
+    EFUSE.conf.cfg_ecdsa_blk = efuse_blk;
+}
+
 /**
  * @brief Check if the ECDSA peripheral uses MPI module's memory
  */

components/hal/esp32h2/include/hal/efuse_ll.h

@@ -11,7 +11,6 @@
 #include "soc/efuse_periph.h"
 #include "hal/assert.h"
 #include "rom/efuse.h"
-#include "hal/ecdsa_types.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -113,12 +112,6 @@ __attribute__((always_inline)) static inline uint32_t efuse_ll_get_ecdsa_key_blk
     return EFUSE.conf.cfg_ecdsa_blk;
 }
 
-__attribute__((always_inline)) static inline void efuse_ll_set_ecdsa_key_blk(ecdsa_curve_t curve, int efuse_blk)
-{
-    (void) curve;
-    EFUSE.conf.cfg_ecdsa_blk = efuse_blk;
-}
-
 /******************* eFuse control functions *************************/
 
 __attribute__((always_inline)) static inline bool efuse_ll_get_read_cmd(void)

components/hal/esp32h21/include/hal/ecdsa_ll.h

@@ -10,6 +10,7 @@
 #include "hal/assert.h"
 #include "soc/ecdsa_reg.h"
 #include "soc/pcr_struct.h"
+#include "soc/efuse_periph.h"
 #include "hal/ecdsa_types.h"
 
 #ifdef __cplusplus
@@ -415,6 +416,18 @@ static inline bool ecdsa_ll_is_deterministic_mode_supported(void)
     return true;
 }
 
+/**
+ * @brief Set the ECDSA key block in eFuse
+ *
+ * @param curve    ECDSA curve type
+ * @param efuse_blk eFuse block number
+ */
+__attribute__((always_inline)) static inline void ecdsa_ll_set_ecdsa_key_blk(ecdsa_curve_t curve, int efuse_blk)
+{
+    (void) curve;
+    (void) efuse_blk;
+}
+
 #ifdef __cplusplus
 }
 #endif

components/hal/esp32h21/include/hal/efuse_ll.h

@@ -11,7 +11,6 @@
 #include "soc/efuse_periph.h"
 #include "hal/assert.h"
 #include "rom/efuse.h"
-#include "hal/ecdsa_types.h"
 
 //TODO: [ESP32H21] IDF-11556, inherit from h2
 
@@ -103,13 +102,6 @@ __attribute__((always_inline)) static inline uint32_t efuse_ll_get_ecdsa_key_blk
     return 0;
 }
 
-__attribute__((always_inline)) static inline void efuse_ll_set_ecdsa_key_blk(ecdsa_curve_t curve, int efuse_blk)
-{
-    //TODO: [ESP32H21] IDF-11507
-    (void) curve;
-    (void) efuse_blk;
-}
-
 /******************* eFuse control functions *************************/
 
 __attribute__((always_inline)) static inline bool efuse_ll_get_read_cmd(void)

components/hal/esp32h4/include/hal/ecdsa_ll.h

@@ -0,0 +1,36 @@
+/*
+ * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#pragma once
+
+#include <stdbool.h>
+#include <string.h>
+#include "hal/assert.h"
+#include "soc/ecdsa_reg.h"
+#include "soc/pcr_struct.h"
+#include "soc/efuse_periph.h"
+#include "hal/ecdsa_types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Set the ECDSA key block in eFuse
+ *
+ * @param curve    ECDSA curve type
+ * @param efuse_blk eFuse block number
+ */
+__attribute__((always_inline)) static inline void ecdsa_ll_set_ecdsa_key_blk(ecdsa_curve_t curve, int efuse_blk)
+{
+    //ESP32H4 TODO
+    (void)curve;
+    (void)efuse_blk;
+}
+
+
+#ifdef __cplusplus
+}
+#endif

components/hal/esp32h4/include/hal/efuse_ll.h

@@ -97,13 +97,6 @@ __attribute__((always_inline)) static inline uint32_t efuse_ll_get_ecdsa_key_blk
     return 0;
 }
 
-__attribute__((always_inline)) static inline void efuse_ll_set_ecdsa_key_blk(ecdsa_curve_t curve, int efuse_blk)
-{
-    //ESP32H4 TODO
-    (void)curve;
-    (void)efuse_blk;
-}
-
 /******************* eFuse control functions *************************/
 
 __attribute__((always_inline)) static inline bool efuse_ll_get_read_cmd(void)

components/hal/esp32p4/include/hal/ecdsa_ll.h

@@ -11,6 +11,7 @@
 #include "soc/ecdsa_reg.h"
 #include "soc/hp_sys_clkrst_struct.h"
 #include "soc/soc_caps.h"
+#include "soc/efuse_periph.h"
 #include "hal/ecdsa_types.h"
 
 #ifdef __cplusplus
@@ -443,6 +444,18 @@ static inline bool ecdsa_ll_is_deterministic_mode_supported(void)
     return true;
 }
 
+/**
+ * @brief Set the ECDSA key block in eFuse
+ *
+ * @param curve    ECDSA curve type
+ * @param efuse_blk eFuse block number
+ */
+__attribute__((always_inline)) static inline void ecdsa_ll_set_ecdsa_key_blk(ecdsa_curve_t curve, int efuse_blk)
+{
+    (void) curve;
+    EFUSE.conf.cfg_ecdsa_blk = efuse_blk;
+}
+
 /**
  * @brief Check if the ECDSA peripheral uses MPI module's memory
  */

components/hal/esp32p4/include/hal/efuse_ll.h

@@ -11,7 +11,6 @@
 #include "soc/efuse_periph.h"
 #include "hal/assert.h"
 #include "rom/efuse.h"
-#include "hal/ecdsa_types.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -92,11 +91,6 @@ __attribute__((always_inline)) static inline uint32_t efuse_ll_get_chip_ver_pkg(
     return EFUSE.rd_mac_sys_2.pkg_version;
 }
 
-__attribute__((always_inline)) static inline void efuse_ll_set_ecdsa_key_blk(ecdsa_curve_t curve, int efuse_blk)
-{
-    (void) curve;
-    EFUSE.conf.cfg_ecdsa_blk = efuse_blk;
-}
 
 /******************* eFuse control functions *************************/
 

components/hal/include/hal/ecdsa_hal.h

@@ -109,6 +109,17 @@ bool ecdsa_hal_det_signature_k_check(void);
 
 #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */
 
+/**
+ * @brief Set the efuse block that should be used as ECDSA private key
+ *
+ * @note The efuse block must be burnt with key purpose ECDSA_KEY
+ *
+ * @param curve ECDSA curve type
+ * @param efuse_key_blk     If two blocks are used to store the key, then the macro HAL_ECDSA_COMBINE_KEY_BLOCKS() can be used to combine them. The macro is defined in hal/ecdsa_types.h
+ *                          Each efuse key block number (Must be in [EFUSE_BLK_KEY0...EFUSE_BLK_KEY_MAX - 1] range).
+ */
+void ecdsa_hal_set_efuse_key(ecdsa_curve_t curve, int efuse_key_blk);
+
 #ifdef __cplusplus
 }
 #endif

components/hal/include/hal/efuse_hal.h

@@ -75,18 +75,6 @@ uint32_t efuse_hal_get_minor_chip_version(void);
  */
 uint32_t efuse_hal_get_chip_ver_pkg(void);
 
-#if SOC_EFUSE_ECDSA_KEY
-/**
- * @brief Set the efuse block that should be used as ECDSA private key
- *
- * @note The efuse block must be burnt with key purpose ECDSA_KEY
- *
- * @param curve ECDSA curve type
- * @param efuse_key_blk     If two blocks are used to store the key, then the macro HAL_ECDSA_COMBINE_KEY_BLOCKS() can be used to combine them. The macro is defined in hal/ecdsa_types.h
- *                          Each efuse key block number (Must be in [EFUSE_BLK_KEY0...EFUSE_BLK_KEY_MAX - 1] range).
- */
-void efuse_hal_set_ecdsa_key(ecdsa_curve_t curve, int efuse_key_blk);
-#endif
 
 #if SOC_RECOVERY_BOOTLOADER_SUPPORTED
 

components/soc/esp32h4/include/soc/Kconfig.soc_caps.in

@@ -797,7 +797,7 @@ config SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK
 
 config SOC_EFUSE_ECDSA_KEY
     bool
-    default y
+    default n
 
 config SOC_SECURE_BOOT_V2_RSA
     bool

components/soc/esp32h4/include/soc/soc_caps.h

@@ -453,7 +453,7 @@
 #define SOC_EFUSE_SOFT_DIS_JTAG 0
 #define SOC_EFUSE_DIS_ICACHE 0
 #define SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK 1  // XTS-AES key purpose not supported for this block
-#define SOC_EFUSE_ECDSA_KEY 1
+#define SOC_EFUSE_ECDSA_KEY 0 // TODO: [ESP32H4] IDF-12259
 
 /*-------------------------- Secure Boot CAPS----------------------------*/
 #define SOC_SECURE_BOOT_V2_RSA              1