From 406ca9aa920c4f198018abc563519eebf334e1aa Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Wed, 10 Dec 2025 16:37:03 +0530 Subject: [PATCH] ci(esp_tee): Enable the `tee_cli_app` test-app for ESP32-H2 - Also set the RX burst size correctly for AES/SHA DMA operations with ESP-TEE - Fix the compile-time minimum chip revision check for patching the `ets_delay_us` API --- components/esp_rom/patches/esp_rom_sys.c | 3 ++- components/esp_tee/test_apps/.build-test-rules.yml | 2 +- components/esp_tee/test_apps/tee_cli_app/README.md | 4 ++-- .../esp_tee/test_apps/tee_cli_app/main/CMakeLists.txt | 8 +++++--- .../esp_tee/test_apps/tee_cli_app/main/app_main.c | 2 ++ .../esp_tee/test_apps/tee_cli_app/pytest_tee_cli.py | 10 ++++++---- .../mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c | 2 +- 7 files changed, 19 insertions(+), 12 deletions(-) diff --git a/components/esp_rom/patches/esp_rom_sys.c b/components/esp_rom/patches/esp_rom_sys.c index b645ee0648..02e1265c40 100644 --- a/components/esp_rom/patches/esp_rom_sys.c +++ b/components/esp_rom/patches/esp_rom_sys.c @@ -118,7 +118,8 @@ uint32_t esp_rom_get_bootloader_offset(void) #endif // SOC_RECOVERY_BOOTLOADER_SUPPORTED #if ESP_ROM_DELAY_US_PATCH && CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD -#if CONFIG_ESP32C5_REV_MIN_FULL <= 100 || CONFIG_ESP32C61_REV_MIN_FULL <= 100 +#if (CONFIG_IDF_TARGET_ESP32C5 && CONFIG_ESP32C5_REV_MIN_FULL <= 100) || \ + (CONFIG_IDF_TARGET_ESP32C61 && CONFIG_ESP32C61_REV_MIN_FULL <= 100) #include "riscv/rv_utils.h" diff --git a/components/esp_tee/test_apps/.build-test-rules.yml b/components/esp_tee/test_apps/.build-test-rules.yml index f5fc811798..9aaa6ffe57 100644 --- a/components/esp_tee/test_apps/.build-test-rules.yml +++ b/components/esp_tee/test_apps/.build-test-rules.yml @@ -2,7 +2,7 @@ components/esp_tee/test_apps/tee_cli_app: enable: - - if: IDF_TARGET in ["esp32c6", "esp32c5", "esp32c61"] + - if: IDF_TARGET in ["esp32c6", "esp32h2", "esp32c5", "esp32c61"] reason: supported only the above targets components/esp_tee/test_apps/tee_test_fw: diff --git a/components/esp_tee/test_apps/tee_cli_app/README.md b/components/esp_tee/test_apps/tee_cli_app/README.md index 67ae90d8f1..32b2c48c79 100644 --- a/components/esp_tee/test_apps/tee_cli_app/README.md +++ b/components/esp_tee/test_apps/tee_cli_app/README.md @@ -1,5 +1,5 @@ -| Supported Targets | ESP32-C5 | ESP32-C6 | ESP32-C61 | -| ----------------- | -------- | -------- | --------- | +| Supported Targets | ESP32-C5 | ESP32-C6 | ESP32-C61 | ESP32-H2 | +| ----------------- | -------- | -------- | --------- | -------- | # TEE CLI Application: Secure Services Demonstration diff --git a/components/esp_tee/test_apps/tee_cli_app/main/CMakeLists.txt b/components/esp_tee/test_apps/tee_cli_app/main/CMakeLists.txt index b795bad469..d7b5e0f7f5 100644 --- a/components/esp_tee/test_apps/tee_cli_app/main/CMakeLists.txt +++ b/components/esp_tee/test_apps/tee_cli_app/main/CMakeLists.txt @@ -1,8 +1,10 @@ -set(srcs "tee_srv_ota.c" - "tee_srv_sec_str.c" - "tee_cmd_wifi.c" +set(srcs "tee_srv_sec_str.c" "app_main.c") +if(CONFIG_SOC_WIFI_SUPPORTED) + list(APPEND srcs "tee_cmd_wifi.c" "tee_srv_ota.c") +endif() + if(CONFIG_SECURE_TEE_ATTESTATION) list(APPEND srcs "tee_srv_att.c") endif() diff --git a/components/esp_tee/test_apps/tee_cli_app/main/app_main.c b/components/esp_tee/test_apps/tee_cli_app/main/app_main.c index 678ed9c1f6..596d04f02b 100644 --- a/components/esp_tee/test_apps/tee_cli_app/main/app_main.c +++ b/components/esp_tee/test_apps/tee_cli_app/main/app_main.c @@ -39,9 +39,11 @@ static void setup_console(void) ESP_ERROR_CHECK(esp_console_register_help_command()); /* Register custom commands */ +#if CONFIG_SOC_WIFI_SUPPORTED register_cmd_wifi(); register_srv_tee_ota(); register_srv_user_ota(); +#endif #if CONFIG_SECURE_TEE_ATTESTATION register_srv_attestation(); #endif diff --git a/components/esp_tee/test_apps/tee_cli_app/pytest_tee_cli.py b/components/esp_tee/test_apps/tee_cli_app/pytest_tee_cli.py index fb9d15e912..4f164b84ff 100644 --- a/components/esp_tee/test_apps/tee_cli_app/pytest_tee_cli.py +++ b/components/esp_tee/test_apps/tee_cli_app/pytest_tee_cli.py @@ -21,7 +21,9 @@ from ecdsa.util import sigdecode_der from pytest_embedded import Dut from pytest_embedded_idf.utils import idf_parametrize -TESTING_TARGETS = ['esp32c6', 'esp32c5', 'esp32c61'] +TEST_TARGETS = ['esp32c6', 'esp32c5', 'esp32c61', 'esp32h2'] + +TEST_TARGETS_OTA = ['esp32c6', 'esp32c5', 'esp32c61'] TEST_MSG = 'hello world' @@ -35,7 +37,7 @@ key_file = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'test_certs/ @pytest.mark.generic -@idf_parametrize('target', TESTING_TARGETS, indirect=['target']) +@idf_parametrize('target', TEST_TARGETS, indirect=['target']) def test_tee_cli_secure_storage(dut: Dut) -> None: # Dumping the REE binary size binary_file = os.path.join(dut.app.binary_path, 'tee_cli.bin') @@ -121,7 +123,7 @@ def verify_att_token_signature(att_tk: str) -> Any: @pytest.mark.generic -@idf_parametrize('target', TESTING_TARGETS, indirect=['target']) +@idf_parametrize('target', TEST_TARGETS, indirect=['target']) def test_tee_cli_attestation(dut: Dut) -> None: # Dumping the REE binary size binary_file = os.path.join(dut.app.binary_path, 'tee_cli.bin') @@ -163,7 +165,7 @@ def start_https_server(ota_image_dir: str, server_ip: str, server_port: int) -> @pytest.mark.wifi_high_traffic -@idf_parametrize('target', TESTING_TARGETS, indirect=['target']) +@idf_parametrize('target', TEST_TARGETS_OTA, indirect=['target']) def test_tee_cli_secure_ota_wifi(dut: Dut) -> None: """ This is a positive test case, which downloads complete binary file multiple number of times. diff --git a/components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c b/components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c index d1272483e9..c9c51cb784 100644 --- a/components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c +++ b/components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c @@ -72,7 +72,7 @@ static void crypto_shared_gdma_init(void) // setting the transfer ability #if SOC_AHB_GDMA_VERSION == 2 dma_ll_rx_enable_data_burst(&DMA_DEV, TEE_CRYPTO_GDMA_CH, true); - dma_ll_tx_set_burst_size(&DMA_DEV, TEE_CRYPTO_GDMA_CH, 16); + dma_ll_rx_set_burst_size(&DMA_DEV, TEE_CRYPTO_GDMA_CH, 16); dma_ll_tx_set_burst_size(&DMA_DEV, TEE_CRYPTO_GDMA_CH, 16); #else dma_ll_rx_enable_data_burst(&DMA_DEV, TEE_CRYPTO_GDMA_CH, false);