From e09d50d244f1d2c13ac7de9206e92a5cbe89454f Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 18 Oct 2023 16:49:30 +0530 Subject: [PATCH] feat(soc): Updated soc cap for flash encryption 1) In the ESP32-P4 SoC, we have an eFuse to disable the MSPI access when in download mode. This commit adds relevant soc cap for esp32p4 chip. 2) Added FE related soc caps 3) Removed unwanted cap from soc_caps 4) esp_hw_support: Enable flash encryption related ll APIs for esp32p4 --- .../esp32p4/include/hal/spi_flash_encrypted_ll.h | 14 +++++--------- .../soc/esp32p4/include/soc/Kconfig.soc_caps.in | 16 ++++++++++++---- components/soc/esp32p4/include/soc/soc_caps.h | 5 ++++- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/components/hal/esp32p4/include/hal/spi_flash_encrypted_ll.h b/components/hal/esp32p4/include/hal/spi_flash_encrypted_ll.h index de642b56d6..fbdb899098 100644 --- a/components/hal/esp32p4/include/hal/spi_flash_encrypted_ll.h +++ b/components/hal/esp32p4/include/hal/spi_flash_encrypted_ll.h @@ -24,8 +24,6 @@ extern "C" { #endif -//TODO: IDF-7545 - /// Choose type of chip you want to encrypt manully typedef enum { @@ -38,10 +36,9 @@ typedef enum */ static inline void spi_flash_encrypt_ll_enable(void) { - // REG_SET_BIT(HP_SYSTEM_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG, - // HP_SYSTEM_ENABLE_DOWNLOAD_MANUAL_ENCRYPT | - // HP_SYSTEM_ENABLE_SPI_MANUAL_ENCRYPT); - abort(); + REG_SET_BIT(HP_SYSTEM_CRYPTO_CTRL_REG, + HP_SYSTEM_REG_ENABLE_DOWNLOAD_MANUAL_ENCRYPT | + HP_SYSTEM_REG_ENABLE_SPI_MANUAL_ENCRYPT); } /* @@ -49,9 +46,8 @@ static inline void spi_flash_encrypt_ll_enable(void) */ static inline void spi_flash_encrypt_ll_disable(void) { - // REG_CLR_BIT(HP_SYSTEM_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG, - // HP_SYSTEM_ENABLE_SPI_MANUAL_ENCRYPT); - abort(); + REG_CLR_BIT(HP_SYSTEM_CRYPTO_CTRL_REG, + HP_SYSTEM_REG_ENABLE_SPI_MANUAL_ENCRYPT); } /** diff --git a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in index 759de281d7..4141a6ae7a 100644 --- a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in @@ -1111,10 +1111,6 @@ config SOC_TWAI_SUPPORTS_RX_STATUS bool default y -config SOC_EFUSE_DIS_DOWNLOAD_ICACHE - bool - default y - config SOC_EFUSE_DIS_PAD_JTAG bool default y @@ -1131,6 +1127,10 @@ config SOC_EFUSE_SOFT_DIS_JTAG bool default y +config SOC_EFUSE_DIS_DOWNLOAD_MSPI + bool + default y + config SOC_SECURE_BOOT_V2_RSA bool default y @@ -1159,10 +1159,18 @@ config SOC_FLASH_ENCRYPTION_XTS_AES bool default y +config SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS + bool + default y + config SOC_FLASH_ENCRYPTION_XTS_AES_128 bool default y +config SOC_FLASH_ENCRYPTION_XTS_AES_256 + bool + default y + config SOC_UART_NUM int default 6 diff --git a/components/soc/esp32p4/include/soc/soc_caps.h b/components/soc/esp32p4/include/soc/soc_caps.h index 6408b4c8f0..05a3aa41e0 100644 --- a/components/soc/esp32p4/include/soc/soc_caps.h +++ b/components/soc/esp32p4/include/soc/soc_caps.h @@ -491,11 +491,12 @@ #define SOC_TWAI_SUPPORTS_RX_STATUS 1 /*-------------------------- eFuse CAPS----------------------------*/ -#define SOC_EFUSE_DIS_DOWNLOAD_ICACHE 1 #define SOC_EFUSE_DIS_PAD_JTAG 1 #define SOC_EFUSE_DIS_USB_JTAG 1 #define SOC_EFUSE_DIS_DIRECT_BOOT 1 #define SOC_EFUSE_SOFT_DIS_JTAG 1 +/* Capability to disable the MSPI access in download mode */ +#define SOC_EFUSE_DIS_DOWNLOAD_MSPI 1 /*-------------------------- Secure Boot CAPS----------------------------*/ #define SOC_SECURE_BOOT_V2_RSA 1 @@ -507,7 +508,9 @@ /*-------------------------- Flash Encryption CAPS----------------------------*/ #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (64) #define SOC_FLASH_ENCRYPTION_XTS_AES 1 +#define SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS 1 #define SOC_FLASH_ENCRYPTION_XTS_AES_128 1 +#define SOC_FLASH_ENCRYPTION_XTS_AES_256 1 /*-------------------------- MEMPROT CAPS ------------------------------------*/