diff --git a/components/esp_hw_support/port/esp32c5/cpu_region_protect.c b/components/esp_hw_support/port/esp32c5/cpu_region_protect.c index cd054372da..fab802d882 100644 --- a/components/esp_hw_support/port/esp32c5/cpu_region_protect.c +++ b/components/esp_hw_support/port/esp32c5/cpu_region_protect.c @@ -206,7 +206,11 @@ void esp_cpu_configure_region_protection(void) PMP_ENTRY_SET(9, SOC_RTC_IRAM_LOW, NONE); // First part of LP mem is reserved for ULP coprocessor +#if CONFIG_ESP_SYSTEM_PMP_LP_CORE_RESERVE_MEM_EXECUTABLE + PMP_ENTRY_SET(10, (int)&_rtc_text_start, PMP_TOR | RWX); +#else PMP_ENTRY_SET(10, (int)&_rtc_text_start, PMP_TOR | RW); +#endif PMP_ENTRY_SET(11, (int)&_rtc_text_end, PMP_TOR | RX); PMP_ENTRY_SET(12, SOC_RTC_IRAM_HIGH, PMP_TOR | RW); diff --git a/components/esp_hw_support/port/esp32c6/cpu_region_protect.c b/components/esp_hw_support/port/esp32c6/cpu_region_protect.c index ce9ca7581f..e385fb607d 100644 --- a/components/esp_hw_support/port/esp32c6/cpu_region_protect.c +++ b/components/esp_hw_support/port/esp32c6/cpu_region_protect.c @@ -190,8 +190,11 @@ void esp_cpu_configure_region_protection(void) PMP_ENTRY_SET(11, SOC_RTC_IRAM_LOW, NONE); // First part of LP mem is reserved for ULP coprocessor +#if CONFIG_ESP_SYSTEM_PMP_LP_CORE_RESERVE_MEM_EXECUTABLE + PMP_ENTRY_SET(12, (int)&_rtc_text_start, PMP_TOR | RWX); +#else PMP_ENTRY_SET(12, (int)&_rtc_text_start, PMP_TOR | RW); - +#endif PMP_ENTRY_SET(13, (int)&_rtc_text_end, PMP_TOR | RX); PMP_ENTRY_SET(14, SOC_RTC_IRAM_HIGH, PMP_TOR | RW); #else diff --git a/components/esp_hw_support/port/esp32p4/cpu_region_protect.c b/components/esp_hw_support/port/esp32p4/cpu_region_protect.c index 6f8597dc58..0be25f6a1c 100644 --- a/components/esp_hw_support/port/esp32p4/cpu_region_protect.c +++ b/components/esp_hw_support/port/esp32p4/cpu_region_protect.c @@ -220,7 +220,11 @@ void esp_cpu_configure_region_protection(void) PMP_ENTRY_SET(9, SOC_RTC_IRAM_LOW, NONE); // First part of LP mem is reserved for RTC reserved mem (shared between bootloader and app) // as well as memory for ULP coprocessor +#if CONFIG_ESP_SYSTEM_PMP_LP_CORE_RESERVE_MEM_EXECUTABLE + PMP_ENTRY_SET(10, (int)&_rtc_text_start, PMP_TOR | RWX); +#else PMP_ENTRY_SET(10, (int)&_rtc_text_start, PMP_TOR | RW); +#endif PMP_ENTRY_SET(11, (int)&_rtc_text_end, PMP_TOR | RX); PMP_ENTRY_SET(12, SOC_RTC_IRAM_HIGH, PMP_TOR | RW); #else diff --git a/components/esp_system/Kconfig b/components/esp_system/Kconfig index feeb3a580a..e597eac88f 100644 --- a/components/esp_system/Kconfig +++ b/components/esp_system/Kconfig @@ -138,6 +138,16 @@ menu "ESP System Settings" for the data part (above the splitting address). The memory protection is effective on all access through the IRAM0 and DRAM0 buses. + config ESP_SYSTEM_PMP_LP_CORE_RESERVE_MEM_EXECUTABLE + bool "Make LP core reserved memory executable from HP core" + depends on IDF_TARGET_ARCH_RISCV && SOC_LP_CORE_SUPPORTED && ESP_SYSTEM_PMP_IDRAM_SPLIT + default "n" + help + If enabled, user can run code available in LP Core image. + + Warning: on ESP32-P4 this will also mark the memory area used for BOOTLOADER_RESERVE_RTC_MEM + as executable. If you consider this a security risk then do not activate this option. + config ESP_SYSTEM_MEMPROT_FEATURE bool "Enable memory protection" depends on SOC_MEMPROT_SUPPORTED