Merge branch 'bugfix/external_mem_enc_docs' into 'master'

docs: update PSRAM and flash encryption docs with per-page and separate key capabilities

Closes FCS-1859

See merge request espressif/esp-idf!46238

docs/en/api-guides/external-ram.rst

@@ -243,6 +243,13 @@ By default, failure to initialize external RAM will cause the ESP-IDF startup to
 
     This feature is enabled whenever flash encryption is enabled. For more information on how to enable and how it works see :doc:`Flash Encryption </security/flash-encryption>`.
 
+    .. only:: SOC_PSRAM_ENCRYPTION_PAGE_CONFIGURABLE
+
+        On {IDF_TARGET_NAME}, PSRAM encryption can be controlled on a per-MMU-page basis, allowing individual PSRAM pages to be selectively encrypted or left unencrypted. However, in the default configuration, all PSRAM pages are encrypted when flash encryption is enabled.
+
+    .. only:: SOC_PSRAM_ENCRYPTION_SEPARATE_KEY
+
+        On {IDF_TARGET_NAME}, PSRAM encryption can use an independent encryption key. If the PSRAM encryption key is not programmed, the flash encryption key will be used as the PSRAM encryption key.
 
 .. only:: esp32
 

docs/en/security/flash-encryption.rst

@@ -1039,8 +1039,17 @@ The command ``idf.py decrypt-flash-data`` can be used with the same options (and
   External RAM
   ------------
 
-  When Flash Encryption is enabled any data read from and written to external SPI RAM through the cache will also be encrypted/decrypted. This happens the same way and with the same key as for Flash Encryption. If Flash Encryption is enabled then encryption for external SPI RAM is also always enabled, it is not possible to separately control this functionality.
+  .. only:: SOC_PSRAM_ENCRYPTION_PAGE_CONFIGURABLE
 
+    When Flash Encryption is enabled any data read from and written to external SPI RAM through the cache can also be encrypted/decrypted. On {IDF_TARGET_NAME}, PSRAM encryption can be controlled on a per-MMU-page basis, allowing individual PSRAM pages to be selectively encrypted or left unencrypted. However, in the default configuration, all PSRAM pages are encrypted when flash encryption is enabled.
+
+  .. only:: not SOC_PSRAM_ENCRYPTION_PAGE_CONFIGURABLE
+
+    When Flash Encryption is enabled any data read from and written to external SPI RAM through the cache will also be encrypted/decrypted. If Flash Encryption is enabled then encryption for external SPI RAM is also automatically enabled.
+
+  .. only:: SOC_PSRAM_ENCRYPTION_SEPARATE_KEY
+
+    On {IDF_TARGET_NAME}, PSRAM encryption can use an independent encryption key. If the PSRAM encryption key is not programmed, the flash encryption key will be used as the PSRAM encryption key.
 
 Technical Details
 -----------------

docs/zh_CN/api-guides/external-ram.rst

@@ -243,6 +243,14 @@ ESP-IDF 启动过程中，片外 RAM 被映射到数据虚拟地址空间，该
 
     只要启用了 flash 加密功能，就会启用这个功能。关于如何启用 flash 加密以及其工作原理，请参考 :doc:`/security/flash-encryption`。
 
+    .. only:: SOC_PSRAM_ENCRYPTION_PAGE_CONFIGURABLE
+
+        在 {IDF_TARGET_NAME} 上，PSRAM 加密可以按 MMU 页面粒度进行控制，允许对单个 PSRAM 页面选择性地加密或不加密。但在默认配置下，启用 flash 加密时所有 PSRAM 页面都会被加密。
+
+    .. only:: SOC_PSRAM_ENCRYPTION_SEPARATE_KEY
+
+        在 {IDF_TARGET_NAME} 上，PSRAM 加密可以使用独立的加密密钥。如果未烧录 PSRAM 加密密钥，则会使用 flash 加密密钥作为 PSRAM 加密密钥。
+
 
 .. only:: esp32
 

docs/zh_CN/security/flash-encryption.rst

@@ -1039,7 +1039,17 @@ JTAG 调试
     片外 RAM
     ------------
 
-    启用 flash 加密后，任何通过缓存从片外 SPI RAM 读取和写入的数据也将被加密/解密。这个实现的方式以及使用的密钥与 flash 加密相同。如果启用 flash 加密，则片外 SPI RAM 的加密也会被启用，无法单独控制此功能。
+    .. only:: SOC_PSRAM_ENCRYPTION_PAGE_CONFIGURABLE
+
+      启用 flash 加密后，任何通过缓存从片外 SPI RAM 读取和写入的数据也可以被加密/解密。在 {IDF_TARGET_NAME} 上，PSRAM 加密可以按 MMU 页面粒度进行控制，允许对单个 PSRAM 页面选择性地加密或不加密。但在默认配置下，启用 flash 加密时所有 PSRAM 页面都会被加密。
+
+    .. only:: not SOC_PSRAM_ENCRYPTION_PAGE_CONFIGURABLE
+
+      启用 flash 加密后，任何通过缓存从片外 SPI RAM 读取和写入的数据也将被加密/解密。如果启用 flash 加密，则片外 SPI RAM 的加密也会自动启用。
+
+    .. only:: SOC_PSRAM_ENCRYPTION_SEPARATE_KEY
+
+      在 {IDF_TARGET_NAME} 上，PSRAM 加密可以使用独立的加密密钥。如果未烧录 PSRAM 加密密钥，则会使用 flash 加密密钥作为 PSRAM 加密密钥。
 
 
 技术细节