ci(esp_tee): Enable the tee_cli_app test-app for ESP32-H2

- Also set the RX burst size correctly for AES/SHA DMA operations with ESP-TEE - Fix the compile-time minimum chip revision check for patching the `ets_delay_us` API
2026-04-27 19:13:21 +00:00 · 2025-12-10 16:37:03 +05:30
parent 0964024484
commit 406ca9aa92
7 changed files with 19 additions and 12 deletions
@@ -118,7 +118,8 @@ uint32_t esp_rom_get_bootloader_offset(void)
 #endif // SOC_RECOVERY_BOOTLOADER_SUPPORTED

 #if ESP_ROM_DELAY_US_PATCH && CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD
-#if CONFIG_ESP32C5_REV_MIN_FULL <= 100 || CONFIG_ESP32C61_REV_MIN_FULL <= 100
+#if (CONFIG_IDF_TARGET_ESP32C5 && CONFIG_ESP32C5_REV_MIN_FULL <= 100) || \
+    (CONFIG_IDF_TARGET_ESP32C61 && CONFIG_ESP32C61_REV_MIN_FULL <= 100)

 #include "riscv/rv_utils.h"

@@ -2,7 +2,7 @@

 components/esp_tee/test_apps/tee_cli_app:
  enable:
-    - if: IDF_TARGET in ["esp32c6", "esp32c5", "esp32c61"]
+    - if: IDF_TARGET in ["esp32c6", "esp32h2", "esp32c5", "esp32c61"]
      reason: supported only the above targets

 components/esp_tee/test_apps/tee_test_fw:
@@ -1,5 +1,5 @@
-| Supported Targets | ESP32-C5 | ESP32-C6 | ESP32-C61 |
-| ----------------- | -------- | -------- | --------- |
+| Supported Targets | ESP32-C5 | ESP32-C6 | ESP32-C61 | ESP32-H2 |
+| ----------------- | -------- | -------- | --------- | -------- |

 # TEE CLI Application: Secure Services Demonstration

@@ -1,8 +1,10 @@
-set(srcs "tee_srv_ota.c"
-         "tee_srv_sec_str.c"
-         "tee_cmd_wifi.c"
+set(srcs "tee_srv_sec_str.c"
         "app_main.c")

+if(CONFIG_SOC_WIFI_SUPPORTED)
+    list(APPEND srcs "tee_cmd_wifi.c" "tee_srv_ota.c")
+endif()
+
 if(CONFIG_SECURE_TEE_ATTESTATION)
    list(APPEND srcs "tee_srv_att.c")
 endif()
@@ -39,9 +39,11 @@ static void setup_console(void)
    ESP_ERROR_CHECK(esp_console_register_help_command());

    /* Register custom commands */
+#if CONFIG_SOC_WIFI_SUPPORTED
    register_cmd_wifi();
    register_srv_tee_ota();
    register_srv_user_ota();
+#endif
 #if CONFIG_SECURE_TEE_ATTESTATION
    register_srv_attestation();
 #endif
@@ -21,7 +21,9 @@ from ecdsa.util import sigdecode_der
 from pytest_embedded import Dut
 from pytest_embedded_idf.utils import idf_parametrize

-TESTING_TARGETS = ['esp32c6', 'esp32c5', 'esp32c61']
+TEST_TARGETS = ['esp32c6', 'esp32c5', 'esp32c61', 'esp32h2']
+
+TEST_TARGETS_OTA = ['esp32c6', 'esp32c5', 'esp32c61']

 TEST_MSG = 'hello world'

@@ -35,7 +37,7 @@ key_file = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'test_certs/


@pytest.mark.generic
-@idf_parametrize('target', TESTING_TARGETS, indirect=['target'])
+@idf_parametrize('target', TEST_TARGETS, indirect=['target'])
 def test_tee_cli_secure_storage(dut: Dut) -> None:
    # Dumping the REE binary size
    binary_file = os.path.join(dut.app.binary_path, 'tee_cli.bin')
@@ -121,7 +123,7 @@ def verify_att_token_signature(att_tk: str) -> Any:


@pytest.mark.generic
-@idf_parametrize('target', TESTING_TARGETS, indirect=['target'])
+@idf_parametrize('target', TEST_TARGETS, indirect=['target'])
 def test_tee_cli_attestation(dut: Dut) -> None:
    # Dumping the REE binary size
    binary_file = os.path.join(dut.app.binary_path, 'tee_cli.bin')
@@ -163,7 +165,7 @@ def start_https_server(ota_image_dir: str, server_ip: str, server_port: int) ->


@pytest.mark.wifi_high_traffic
-@idf_parametrize('target', TESTING_TARGETS, indirect=['target'])
+@idf_parametrize('target', TEST_TARGETS_OTA, indirect=['target'])
 def test_tee_cli_secure_ota_wifi(dut: Dut) -> None:
    """
    This is a positive test case, which downloads complete binary file multiple number of times.
@@ -72,7 +72,7 @@ static void crypto_shared_gdma_init(void)
    // setting the transfer ability
 #if SOC_AHB_GDMA_VERSION == 2
    dma_ll_rx_enable_data_burst(&DMA_DEV, TEE_CRYPTO_GDMA_CH, true);
-    dma_ll_tx_set_burst_size(&DMA_DEV, TEE_CRYPTO_GDMA_CH, 16);
+    dma_ll_rx_set_burst_size(&DMA_DEV, TEE_CRYPTO_GDMA_CH, 16);
    dma_ll_tx_set_burst_size(&DMA_DEV, TEE_CRYPTO_GDMA_CH, 16);
 #else
    dma_ll_rx_enable_data_burst(&DMA_DEV, TEE_CRYPTO_GDMA_CH, false);