From a0031cff9fd71ae9ad27ab66e2125f4dec71a5d5 Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Wed, 16 Apr 2025 11:12:57 +0530 Subject: [PATCH] refactor(esp_tee): Remove the redudant eFuse-related service calls --- .../scripts/esp32c6/sec_srv_tbl_default.yml | 35 +----------- .../esp_tee/src/esp_secure_service_wrapper.c | 38 ------------- .../include/esp_tee_sec_storage.h | 1 + .../main/core/esp_secure_services.c | 53 ------------------- .../main/core/esp_secure_services_iram.c | 19 +------ 5 files changed, 4 insertions(+), 142 deletions(-) diff --git a/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml b/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml index b717c99c98..fdcf6f4ca0 100644 --- a/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml +++ b/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml @@ -134,26 +134,10 @@ secure_services: - family: hal entries: - id: 54 - type: IDF - function: efuse_hal_chip_revision - args: 0 - - id: 55 - type: IDF - function: efuse_hal_get_chip_ver_pkg - args: 1 - - id: 56 - type: IDF - function: efuse_hal_get_disable_wafer_version_major - args: 0 - - id: 57 - type: IDF - function: efuse_hal_get_mac - args: 1 - - id: 58 type: IDF function: wdt_hal_init args: 4 - - id: 59 + - id: 55 type: IDF function: wdt_hal_deinit args: 1 @@ -256,22 +240,7 @@ secure_services: type: IDF function: esp_ecc_point_verify args: 1 - # ID: 134-149 (16) - eFuse - - family: efuse - entries: - - id: 134 - type: IDF - function: esp_efuse_check_secure_version - args: 1 - - id: 135 - type: IDF - function: esp_efuse_read_field_blob - args: 3 - - id: 136 - type: IDF - function: esp_flash_encryption_enabled - args: 0 - # ID: 150-169 (20) - Reserved for future use + # ID: 134-169 (36) - Reserved for future use - family: attestation entries: - id: 170 diff --git a/components/esp_tee/src/esp_secure_service_wrapper.c b/components/esp_tee/src/esp_secure_service_wrapper.c index 7fe69dc10a..35039c7134 100644 --- a/components/esp_tee/src/esp_secure_service_wrapper.c +++ b/components/esp_tee/src/esp_secure_service_wrapper.c @@ -6,7 +6,6 @@ #include #include "esp_err.h" -#include "esp_efuse.h" #include "esp_random.h" #include "hal/sha_types.h" @@ -32,43 +31,6 @@ void IRAM_ATTR __wrap_esp_rom_route_intr_matrix(int cpu_no, uint32_t model_num, esp_tee_service_call(4, SS_ESP_ROM_ROUTE_INTR_MATRIX, cpu_no, model_num, intr_num); } -/* ---------------------------------------------- eFuse ------------------------------------------------- */ - -uint32_t __wrap_efuse_hal_chip_revision(void) -{ - return esp_tee_service_call(1, SS_EFUSE_HAL_CHIP_REVISION); -} - -uint32_t __wrap_efuse_hal_get_chip_ver_pkg(void) -{ - return esp_tee_service_call(1, SS_EFUSE_HAL_GET_CHIP_VER_PKG); -} - -bool __wrap_efuse_hal_get_disable_wafer_version_major(void) -{ - return esp_tee_service_call(1, SS_EFUSE_HAL_GET_DISABLE_WAFER_VERSION_MAJOR); -} - -void __wrap_efuse_hal_get_mac(uint8_t *mac) -{ - esp_tee_service_call(2, SS_EFUSE_HAL_GET_MAC, mac); -} - -bool __wrap_esp_efuse_check_secure_version(uint32_t secure_version) -{ - return esp_tee_service_call(4, SS_ESP_EFUSE_CHECK_SECURE_VERSION, secure_version); -} - -esp_err_t __wrap_esp_efuse_read_field_blob(const esp_efuse_desc_t *field[], void *dst, size_t dst_size_bits) -{ - return esp_tee_service_call(4, SS_ESP_EFUSE_READ_FIELD_BLOB, (uint32_t)field, (uint32_t)dst, (uint32_t)dst_size_bits); -} - -bool __wrap_esp_flash_encryption_enabled(void) -{ - return esp_tee_service_call(1, SS_ESP_FLASH_ENCRYPTION_ENABLED); -} - /* ---------------------------------------------- RTC_WDT ------------------------------------------------- */ void __wrap_wdt_hal_init(wdt_hal_context_t *hal, wdt_inst_t wdt_inst, uint32_t prescaler, bool enable_intr) diff --git a/components/esp_tee/subproject/components/tee_sec_storage/include/esp_tee_sec_storage.h b/components/esp_tee/subproject/components/tee_sec_storage/include/esp_tee_sec_storage.h index 8852e7032a..91feb91ca6 100644 --- a/components/esp_tee/subproject/components/tee_sec_storage/include/esp_tee_sec_storage.h +++ b/components/esp_tee/subproject/components/tee_sec_storage/include/esp_tee_sec_storage.h @@ -12,6 +12,7 @@ extern "C" { #include #include #include +#include "esp_err.h" #define MIN_SEC_STG_SLOT_ID 0 /*!< Minimum secure storage slot ID */ #define MAX_SEC_STG_SLOT_ID 14 /*!< Maximum secure storage slot ID */ diff --git a/components/esp_tee/subproject/main/core/esp_secure_services.c b/components/esp_tee/subproject/main/core/esp_secure_services.c index b4c6292536..b081dfff33 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_services.c +++ b/components/esp_tee/subproject/main/core/esp_secure_services.c @@ -8,12 +8,7 @@ #include "esp_fault.h" #include "soc/soc_caps.h" -#include "esp_efuse.h" -#include "esp_flash_encrypt.h" - -#include "hal/efuse_hal.h" #include "hal/sha_hal.h" - #include "aes/esp_aes.h" #include "sha/sha_core.h" #include "esp_hmac.h" @@ -35,54 +30,6 @@ void _ss_invalid_secure_service(void) assert(0); } -/* ---------------------------------------------- eFuse ------------------------------------------------- */ - -void _ss_efuse_hal_get_mac(uint8_t *mac) -{ - bool valid_addr = ((esp_tee_ptr_in_ree((void *)mac)) & - (esp_tee_ptr_in_ree((void *)(mac + 6)))); - - if (!valid_addr) { - return; - } - ESP_FAULT_ASSERT(valid_addr); - - efuse_hal_get_mac(mac); -} - -bool _ss_esp_efuse_check_secure_version(uint32_t secure_version) -{ - return esp_efuse_check_secure_version(secure_version); -} - -esp_err_t _ss_esp_efuse_read_field_blob(const esp_efuse_desc_t *field[], void *dst, size_t dst_size_bits) -{ - if ((field != NULL) && (field[0]->efuse_block >= EFUSE_BLK4)) { - return ESP_ERR_INVALID_ARG; - } - - return esp_efuse_read_field_blob(field, dst, dst_size_bits); -} - -bool _ss_esp_flash_encryption_enabled(void) -{ - uint32_t flash_crypt_cnt = 0; -#ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH - flash_crypt_cnt = efuse_ll_get_flash_crypt_cnt(); -#else - esp_efuse_read_field_blob(ESP_EFUSE_SPI_BOOT_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count) ; -#endif - /* __builtin_parity is in flash, so we calculate parity inline */ - bool enabled = false; - while (flash_crypt_cnt) { - if (flash_crypt_cnt & 1) { - enabled = !enabled; - } - flash_crypt_cnt >>= 1; - } - return enabled; -} - /* ---------------------------------------------- AES ------------------------------------------------- */ void _ss_esp_aes_intr_alloc(void) diff --git a/components/esp_tee/subproject/main/core/esp_secure_services_iram.c b/components/esp_tee/subproject/main/core/esp_secure_services_iram.c index 50e8bf257b..ac170dece8 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_services_iram.c +++ b/components/esp_tee/subproject/main/core/esp_secure_services_iram.c @@ -5,10 +5,10 @@ */ #include +#include "esp_err.h" #include "esp_log.h" #include "esp_fault.h" -#include "hal/efuse_hal.h" #include "hal/mmu_types.h" #include "hal/mmu_hal.h" #include "hal/wdt_hal.h" @@ -71,23 +71,6 @@ void _ss_rv_utils_intr_global_enable(void) rv_utils_tee_intr_global_enable(); } -/* ---------------------------------------------- eFuse ------------------------------------------------- */ - -uint32_t _ss_efuse_hal_chip_revision(void) -{ - return efuse_hal_chip_revision(); -} - -uint32_t _ss_efuse_hal_get_chip_ver_pkg(void) -{ - return efuse_hal_get_chip_ver_pkg(); -} - -bool _ss_efuse_hal_get_disable_wafer_version_major(void) -{ - return efuse_hal_get_disable_wafer_version_major(); -} - /* ---------------------------------------------- RTC_WDT ------------------------------------------------- */ void _ss_wdt_hal_init(wdt_hal_context_t *hal, wdt_inst_t wdt_inst, uint32_t prescaler, bool enable_intr)