From c88f9c3be111ab0577b233621e836e5b68e2cdfc Mon Sep 17 00:00:00 2001
From: Laukik Hase <laukik.hase@espressif.com>
Date: Fri, 21 Nov 2025 17:31:13 +0530
Subject: [PATCH] feat(esp_tee): Mark ESP32-H2 as a supported target for
 ESP-TEE

---
 .../esp_tee/test_apps/.build-test-rules.yml      | 12 ++++++------
 docs/conf_common.py                              |  8 +++++++-
 docs/doxygen/Doxyfile_esp32h2                    |  4 ++++
 docs/en/security/index.rst                       |  2 +-
 docs/zh_CN/security/index.rst                    |  2 +-
 examples/security/.build-test-rules.yml          | 16 ++++++++--------
 examples/security/tee/tee_attestation/README.md  |  4 ++--
 examples/security/tee/tee_basic/README.md        |  4 ++--
 .../security/tee/tee_secure_storage/README.md    |  4 ++--
 9 files changed, 33 insertions(+), 23 deletions(-)

diff --git a/components/esp_tee/test_apps/.build-test-rules.yml b/components/esp_tee/test_apps/.build-test-rules.yml
index 081d926e83..f5fc811798 100644
--- a/components/esp_tee/test_apps/.build-test-rules.yml
+++ b/components/esp_tee/test_apps/.build-test-rules.yml
@@ -1,11 +1,11 @@
 # Documentation: .gitlab/ci/README.md#manifest-file-to-control-the-buildtest-apps
 
 components/esp_tee/test_apps/tee_cli_app:
-  disable:
-    - if: IDF_TARGET not in ["esp32c6", "esp32c5", "esp32c61"]
-      reason: only supported with c6, c5 and c61
+  enable:
+    - if: IDF_TARGET in ["esp32c6", "esp32c5", "esp32c61"]
+      reason: supported only the above targets
 
 components/esp_tee/test_apps/tee_test_fw:
-  disable:
-    - if: IDF_TARGET not in ["esp32c6", "esp32h2", "esp32c5", "esp32c61"]
-      reason: only supported with c6, h2, c5 and c61
+  enable:
+    - if: IDF_TARGET in ["esp32c6", "esp32h2", "esp32c5", "esp32c61"]
+      reason: supported only the above targets
diff --git a/docs/conf_common.py b/docs/conf_common.py
index 48f608f56f..b4ef1f676a 100644
--- a/docs/conf_common.py
+++ b/docs/conf_common.py
@@ -317,7 +317,7 @@ ESP32C6_DOCS = [
     'api-guides/phy.rst',
 ] + ESP_TEE_DOCS
 
-ESP32H2_DOCS = ['api-guides/RF_calibration.rst', 'api-guides/phy.rst']
+ESP32H2_DOCS = ['api-guides/RF_calibration.rst', 'api-guides/phy.rst'] + ESP_TEE_DOCS
 
 ESP32H4_DOCS = [
     'api-reference/system/ipc.rst',
@@ -490,6 +490,9 @@ idf_build_system = {
 # Please update following list to enable Qemu doc guide (and cross references) for a new target
 QEMU_TARGETS = ['esp32', 'esp32c3', 'esp32s3']
 
+# Please update following list to enable ESP-TEE doc guide (and cross references) for a new target
+ESP_TEE_TARGETS = ['esp32c6', 'esp32h2', 'esp32c5', 'esp32c61']
+
 
 # Callback function for user setup that needs be done after `config-init`-event
 # config.idf_target is not available at the initial config stage
@@ -503,6 +506,9 @@ def conf_setup(app, config):
     if config.idf_target in QEMU_TARGETS:
         app.tags.add('TARGET_SUPPORT_QEMU')
 
+    if config.idf_target in ESP_TEE_TARGETS:
+        app.tags.add('TARGET_SUPPORT_ESP_TEE')
+
     try:
         with open(add_warnings_file) as warning_file:
             config.add_warnings_pages = warning_file.read().splitlines()
diff --git a/docs/doxygen/Doxyfile_esp32h2 b/docs/doxygen/Doxyfile_esp32h2
index aff9bdbed6..1e2dd24bb5 100644
--- a/docs/doxygen/Doxyfile_esp32h2
+++ b/docs/doxygen/Doxyfile_esp32h2
@@ -3,3 +3,7 @@ INPUT += \
     $(PROJECT_PATH)/components/bt/include/$(IDF_TARGET)/include/esp_bt_vs.h \
     $(PROJECT_PATH)/components/esp_phy/include/esp_phy_init.h \
     $(PROJECT_PATH)/components/esp_phy/include/esp_phy_cert_test.h \
+    $(PROJECT_PATH)/components/esp_tee/include/esp_tee.h \
+    $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_sec_storage/include/esp_tee_sec_storage.h \
+    $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_attestation/esp_tee_attestation.h \
+    $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_ota_ops/include/esp_tee_ota_ops.h \
diff --git a/docs/en/security/index.rst b/docs/en/security/index.rst
index 96529124c1..1df2beb677 100644
--- a/docs/en/security/index.rst
+++ b/docs/en/security/index.rst
@@ -10,6 +10,6 @@ Security Guides
    flash-encryption
    :esp32: secure-boot-v1
    secure-boot-v2
-   :esp32c6 or esp32c5 or esp32c61: tee/index
+   :TARGET_SUPPORT_ESP_TEE: tee/index
    security-features-enablement-workflows
    vulnerabilities
diff --git a/docs/zh_CN/security/index.rst b/docs/zh_CN/security/index.rst
index 556270dc27..569a91fadf 100644
--- a/docs/zh_CN/security/index.rst
+++ b/docs/zh_CN/security/index.rst
@@ -10,6 +10,6 @@
    flash-encryption
    :esp32: secure-boot-v1
    secure-boot-v2
-   :esp32c6 or esp32c5 or esp32c61: tee/index
+   :TARGET_SUPPORT_ESP_TEE: tee/index
    security-features-enablement-workflows
    vulnerabilities
diff --git a/examples/security/.build-test-rules.yml b/examples/security/.build-test-rules.yml
index 4f33c4f123..616412850e 100644
--- a/examples/security/.build-test-rules.yml
+++ b/examples/security/.build-test-rules.yml
@@ -40,24 +40,24 @@ examples/security/security_features_app:
     - if: IDF_TARGET not in ["esp32c3", "esp32s3"]
 
 examples/security/tee/tee_attestation:
-  disable:
-    - if: IDF_TARGET not in ["esp32c6", "esp32c5", "esp32c61"]
+  enable:
+    - if: IDF_TARGET in ["esp32c6", "esp32h2", "esp32c5", "esp32c61"]
   depends_components:
     - esp_tee
   depends_filepatterns:
     - examples/security/tee/tee_attestation/**/*
 
 examples/security/tee/tee_basic:
-  disable:
-    - if: IDF_TARGET not in ["esp32c6", "esp32c5", "esp32c61"]
+  enable:
+    - if: IDF_TARGET in ["esp32c6", "esp32h2", "esp32c5", "esp32c61"]
   depends_components:
     - esp_tee
   depends_filepatterns:
     - examples/security/tee/tee_basic/**/*
 
 examples/security/tee/tee_secure_ota:
-  disable:
-    - if: IDF_TARGET not in ["esp32c6", "esp32c5", "esp32c61"]
+  enable:
+    - if: IDF_TARGET in ["esp32c6", "esp32c5", "esp32c61"]
   depends_components:
     - esp_tee
     - protocol_examples_common
@@ -65,8 +65,8 @@ examples/security/tee/tee_secure_ota:
     - examples/security/tee/tee_secure_ota/**/*
 
 examples/security/tee/tee_secure_storage:
-  disable:
-    - if: IDF_TARGET not in ["esp32c6", "esp32c5", "esp32c61"]
+  enable:
+    - if: IDF_TARGET in ["esp32c6", "esp32h2", "esp32c5", "esp32c61"]
   depends_components:
     - esp_tee
   depends_filepatterns:
diff --git a/examples/security/tee/tee_attestation/README.md b/examples/security/tee/tee_attestation/README.md
index fd2e9914c6..1bcd772764 100644
--- a/examples/security/tee/tee_attestation/README.md
+++ b/examples/security/tee/tee_attestation/README.md
@@ -1,5 +1,5 @@
-| Supported Targets | ESP32-C5 | ESP32-C6 | ESP32-C61 |
-| ----------------- | -------- | -------- | --------- |
+| Supported Targets | ESP32-C5 | ESP32-C6 | ESP32-C61 | ESP32-H2 |
+| ----------------- | -------- | -------- | --------- | -------- |
 
 # TEE: Attestation example
 
diff --git a/examples/security/tee/tee_basic/README.md b/examples/security/tee/tee_basic/README.md
index 10d87a71ca..b73fb90c0a 100644
--- a/examples/security/tee/tee_basic/README.md
+++ b/examples/security/tee/tee_basic/README.md
@@ -1,5 +1,5 @@
-| Supported Targets | ESP32-C5 | ESP32-C6 | ESP32-C61 |
-| ----------------- | -------- | -------- | --------- |
+| Supported Targets | ESP32-C5 | ESP32-C6 | ESP32-C61 | ESP32-H2 |
+| ----------------- | -------- | -------- | --------- | -------- |
 
 # Basic TEE example
 
diff --git a/examples/security/tee/tee_secure_storage/README.md b/examples/security/tee/tee_secure_storage/README.md
index e9f735ee00..a2ae718d15 100644
--- a/examples/security/tee/tee_secure_storage/README.md
+++ b/examples/security/tee/tee_secure_storage/README.md
@@ -1,5 +1,5 @@
-| Supported Targets | ESP32-C5 | ESP32-C6 | ESP32-C61 |
-| ----------------- | -------- | -------- | --------- |
+| Supported Targets | ESP32-C5 | ESP32-C6 | ESP32-C61 | ESP32-H2 |
+| ----------------- | -------- | -------- | --------- | -------- |
 
 # TEE: Secure Storage example