fix(security): Set all APM masters to operate in TEE mode by default

2025-05-09 13:59:56 +05:30
parent 7cf5dacd4a
commit 8a999ea19e
5 changed files with 34 additions and 4 deletions
--- a/components/bootloader_support/src/bootloader_mem.c
+++ b/components/bootloader_support/src/bootloader_mem.c
@ -27,7 +27,15 @@ void bootloader_init_mem(void)
     */
 #ifdef SOC_APM_CTRL_FILTER_SUPPORTED
    apm_hal_apm_ctrl_filter_enable_all(false);
-#endif
+    /* [APM] On power-up, only the HP CPU starts in TEE mode; others default to REE2.
+     * APM blocks REE0–REE2 access by default. C5 ECO2 adds per-peripheral control
+     * (default REEx blocking), but config support is pending. As a workaround,
+     * all masters are set to TEE mode.
+     */
+#if SOC_APM_SUPPORT_TEE_PERI_ACCESS_CTRL
+    apm_tee_hal_set_master_secure_mode_all(APM_LL_SECURE_MODE_TEE);
+#endif // SOC_APM_SUPPORT_TEE_PERI_ACCESS_CTRL
+#endif // SOC_APM_CTRL_FILTER_SUPPORTED
 #endif

 #ifdef CONFIG_BOOTLOADER_REGION_PROTECTION_ENABLE
--- a/components/hal/apm_hal.c
+++ b/components/hal/apm_hal.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -58,6 +58,16 @@ void apm_tee_hal_set_master_secure_mode(apm_ll_apm_ctrl_t apm_ctrl, apm_ll_maste
    apm_tee_ll_set_master_secure_mode(apm_ctrl, master_id, sec_mode);
 }

+void apm_tee_hal_set_master_secure_mode_all(apm_ll_secure_mode_t sec_mode)
+{
+    for (int i = 0; i < APM_LL_MASTER_MAX; i++) {
+        apm_tee_hal_set_master_secure_mode(HP_APM_CTRL, i, sec_mode);
+    }
+#if SOC_LP_CORE_SUPPORTED
+    apm_tee_hal_set_master_secure_mode(LP_APM_CTRL, APM_LL_MASTER_LPCORE, sec_mode);
+#endif
+}
+
 void apm_tee_hal_clk_gating_enable(bool enable)
 {
    apm_tee_ll_clk_gating_enable(enable);
--- a/components/hal/include/hal/apm_hal.h
+++ b/components/hal/include/hal/apm_hal.h
@ -136,6 +136,13 @@ typedef struct {
 void apm_tee_hal_set_master_secure_mode(apm_ll_apm_ctrl_t apm_ctrl, apm_ll_master_id_t master_id,
                                        apm_ll_secure_mode_t sec_mode);

+/**
+ * @brief Set all masters to a given secure mode
+ *
+ * @param sec_mode Secure mode
+ */
+void apm_tee_hal_set_master_secure_mode_all(apm_ll_secure_mode_t sec_mode);
+
 /**
 * @brief TEE controller clock auto gating enable
 *
--- a/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in
@ -1427,6 +1427,10 @@ config SOC_APM_LP_APM0_SUPPORTED
    bool
    default y

+config SOC_APM_SUPPORT_TEE_PERI_ACCESS_CTRL
+    bool
+    default y
+
 config SOC_CRYPTO_DPA_PROTECTION_SUPPORTED
    bool
    default y
--- a/components/soc/esp32c5/include/soc/soc_caps.h
+++ b/components/soc/esp32c5/include/soc/soc_caps.h
@ -558,8 +558,9 @@
 #define SOC_BOOTLOADER_ANTI_ROLLBACK_SUPPORTED        (0)

 /*-------------------------- APM CAPS-----------------------------------------*/
-#define SOC_APM_CTRL_FILTER_SUPPORTED   1 /*!< Support for APM control filter */
-#define SOC_APM_LP_APM0_SUPPORTED       1 /*!< Support for LP APM0 control filter */
+#define SOC_APM_CTRL_FILTER_SUPPORTED        1 /*!< Support for APM control filter */
+#define SOC_APM_LP_APM0_SUPPORTED            1 /*!< Support for LP APM0 control filter */
+#define SOC_APM_SUPPORT_TEE_PERI_ACCESS_CTRL 1 /*!< Support for TEE controller per-peripheral access control */

 /*------------------------ Anti DPA (Security) CAPS --------------------------*/
 #define SOC_CRYPTO_DPA_PROTECTION_SUPPORTED     1