From 06bf491f1324568862c2ae4e9ca15f23425c5618 Mon Sep 17 00:00:00 2001
From: Marcel Kottmann <marcel.richter@gmail.com>
Date: Fri, 7 May 2021 20:38:49 +0200
Subject: [PATCH] mbedtls: Allow external mem alloc for ESP32-S2

Closes https://github.com/espressif/esp-idf/pull/6998
Closes IDFGH-5226
---
 components/mbedtls/Kconfig | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index 5f97d7b407..5a6a7387bc 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -15,17 +15,22 @@ menu "mbedTLS"
               mbedtls_platform_set_calloc_free() function
             - Internal IRAM memory wherever applicable else internal DRAM
 
-            Recommended mode here is always internal, since that is most preferred
+            Recommended mode here is always internal (*), since that is most preferred
             from security perspective. But if application requirement does not
             allow sufficient free internal memory then alternate mode can be
             selected.
 
+            (*) In case of ESP32-S2, hardware allows encryption of external
+            SPIRAM contents provided hardware flash encryption feature is enabled.
+            In that case, using external SPIRAM allocation strategy is also safe choice
+            from security perspective.
+
         config MBEDTLS_INTERNAL_MEM_ALLOC
             bool "Internal memory"
 
         config MBEDTLS_EXTERNAL_MEM_ALLOC
             bool "External SPIRAM"
-            depends on ESP32_SPIRAM_SUPPORT
+            depends on SPIRAM_USE_CAPS_ALLOC || SPIRAM_USE_MALLOC
 
         config MBEDTLS_DEFAULT_MEM_ALLOC
             bool "Default alloc mode"