change(bootloader_support): Rename the esp_flash_encryption_enable_key_mgr() API

components/bootloader_support/include/esp_flash_encrypt.h

@@ -189,7 +189,7 @@ esp_err_t esp_flash_encryption_enable_secure_features(void);
  * @return
  *  - ESP_OK - On success
  */
-esp_err_t esp_flash_encryption_enable_key_mgr(void);
+esp_err_t esp_flash_encryption_use_efuse_key(void);
 #endif // SOC_KEY_MANAGER_FE_KEY_DEPLOY
 
 #endif /* BOOTLOADER_BUILD && CONFIG_SECURE_FLASH_ENC_ENABLED */

components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c

@@ -17,7 +17,7 @@
 #include "hal/mspi_ll.h"
 #include "soc/soc_caps.h"
 #include "sdkconfig.h"
-#include "esp_crypto_periph_clk.h"
+#include "hal/key_mgr_ll.h"
 
 ESP_LOG_ATTR_TAG(TAG, "flash_encrypt");
 
@@ -72,13 +72,14 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
     return ESP_OK;
 }
 
-esp_err_t esp_flash_encryption_enable_key_mgr(void)
+esp_err_t esp_flash_encryption_use_efuse_key(void)
 {
     esp_crypto_key_mgr_enable_periph_clk(true);
 
     // Force Key Manager to use eFuse key for XTS-AES operation
     key_mgr_hal_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
 
+    // TODO: Check if this is necessary else remove it
     // In case Flash Encryption is enabled by a key deployed using the Key Manager,
     // we just need to reset the SPI flash to ensure the key is used.
     // Enabling Key Manager and forcing it to use its OWN key is handled in the

components/bootloader_support/src/esp32p4/flash_encryption_secure_features.c

@@ -12,6 +12,8 @@
 #include "esp_log.h"
 #include "sdkconfig.h"
 #include "esp_crypto_periph_clk.h"
+#include "esp_key_mgr.h"
+#include "hal/key_mgr_hal.h"
 #include "hal/key_mgr_ll.h"
 #include "hal/mspi_ll.h"
 
@@ -52,12 +54,13 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
     return ESP_OK;
 }
 
-esp_err_t esp_flash_encryption_enable_key_mgr(void)
+esp_err_t esp_flash_encryption_use_efuse_key(void)
 {
     esp_crypto_key_mgr_enable_periph_clk(true);
 
     // Force Key Manager to use eFuse key for XTS-AES operation
-    key_mgr_ll_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
+    key_mgr_hal_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
+
     _mspi_timing_ll_reset_mspi();
 
     return ESP_OK;

components/bootloader_support/src/flash_encryption/flash_encrypt.c

@@ -364,6 +364,11 @@ static esp_err_t check_and_generate_encryption_keys(void)
         }
         ESP_LOGI(TAG, "Using pre-loaded flash encryption key in efuse");
     }
+
+#if SOC_KEY_MANAGER_FE_KEY_DEPLOY
+    // In the case of Key Manager supported targets, the default XTS-AES key source is set to Key Manager.
+    esp_flash_encryption_use_efuse_key();
+#endif
 #elif CONFIG_SECURE_FLASH_ENCRYPTION_KEY_SOURCE_KEY_MGR
     esp_err_t err = key_manager_check_and_generate_key();
     if (err != ESP_OK) {