feat: added support for pseudo round xts aes in esp32p4 eco5

components/bootloader_support/src/flash_encrypt.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2026 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -210,7 +210,7 @@ void esp_flash_encryption_set_release_mode(void)
 #endif // CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED
 #endif // !CONFIG_IDF_TARGET_ESP32
 
-#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+#if SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND && !CONFIG_ESP32P4_SELECTS_REV_LESS_V3
     if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
         uint8_t xts_pseudo_level = 0;
         esp_efuse_read_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
@@ -221,7 +221,6 @@ void esp_flash_encryption_set_release_mode(void)
         }
     }
 #endif
-
 #ifdef CONFIG_IDF_TARGET_ESP32
     esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE);
 #else
@@ -483,7 +482,7 @@ bool esp_flash_encryption_cfg_verify_release_mode(void)
     }
     result &= secure;
 
-#if SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+#if SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND && !CONFIG_ESP32P4_SELECTS_REV_LESS_V3
     if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
         uint8_t xts_pseudo_level = 0;
         esp_efuse_read_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
@@ -493,7 +492,6 @@ bool esp_flash_encryption_cfg_verify_release_mode(void)
         }
     }
 #endif
-
     return result;
 }
 #endif // not CONFIG_IDF_TARGET_ESP32

components/efuse/esp32p4/esp_efuse_table.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2017-2025 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2017-2026 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -867,6 +867,12 @@ static const esp_efuse_desc_t KM_DISABLE_DEPLOY_MODE[] = {
     {EFUSE_BLK0, 168, 4}, 	 // [] TBD,
 };
 
+#ifndef CONFIG_ESP32P4_SELECTS_REV_LESS_V3
+static const esp_efuse_desc_t XTS_DPA_PSEUDO_LEVEL[] = {
+    {EFUSE_BLK0, 176, 2}, 	 // [] Sets this bit to control the xts pseudo-round anti-dpa attack function. 0: controlled by register. 1-3: the higher the value is; the more pseudo-rounds are inserted to the xts-aes calculation,
+};
+#endif
+
 static const esp_efuse_desc_t HP_PWR_SRC_SEL[] = {
     {EFUSE_BLK0, 178, 1}, 	 // [] HP system power source select. 0:LDO. 1: DCDC,
 };
@@ -2229,6 +2235,13 @@ const esp_efuse_desc_t* ESP_EFUSE_KM_DISABLE_DEPLOY_MODE[] = {
     NULL
 };
 
+#ifndef CONFIG_ESP32P4_SELECTS_REV_LESS_V3
+const esp_efuse_desc_t* ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[] = {
+    &XTS_DPA_PSEUDO_LEVEL[0],    		// [] Sets this bit to control the xts pseudo-round anti-dpa attack function. 0: controlled by register. 1-3: the higher the value is; the more pseudo-rounds are inserted to the xts-aes calculation
+    NULL
+};
+#endif
+
 const esp_efuse_desc_t* ESP_EFUSE_HP_PWR_SRC_SEL[] = {
     &HP_PWR_SRC_SEL[0],    		// [] HP system power source select. 0:LDO. 1: DCDC
     NULL

components/efuse/esp32p4/include/esp_efuse_table.h

@@ -260,6 +260,7 @@ extern const esp_efuse_desc_t* ESP_EFUSE_PXA0_TIEH_SEL_1[];
 extern const esp_efuse_desc_t* ESP_EFUSE_PXA0_TIEH_SEL_2[];
 extern const esp_efuse_desc_t* ESP_EFUSE_PXA0_TIEH_SEL_3[];
 extern const esp_efuse_desc_t* ESP_EFUSE_KM_DISABLE_DEPLOY_MODE[];
+extern const esp_efuse_desc_t* ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[];
 extern const esp_efuse_desc_t* ESP_EFUSE_HP_PWR_SRC_SEL[];
 extern const esp_efuse_desc_t* ESP_EFUSE_DCDC_VSET_EN[];
 extern const esp_efuse_desc_t* ESP_EFUSE_DIS_WDT[];

components/hal/esp32p4/include/hal/spi_flash_encrypted_ll.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2026 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -20,6 +20,7 @@
 #include "soc/soc.h"
 #include "soc/soc_caps.h"
 #include "hal/assert.h"
+#include "hal/config.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -147,6 +148,43 @@ static inline bool spi_flash_encrypt_ll_check(uint32_t address, uint32_t length)
     return ((address % length) == 0) ? true : false;
 }
 
+/**
+ * @brief Enable the pseudo-round function during XTS-AES operations
+ *
+ * @param mode set the mode for pseudo rounds, zero to disable, with increasing security upto three.
+ * @param base basic number of pseudo rounds, zero if disable
+ * @param increment increment number of pseudo rounds, zero if disable
+ * @param key_rng_cnt update frequency of the pseudo-key, zero if disable
+ */
+static inline void spi_flash_encrypt_ll_enable_pseudo_rounds(uint8_t mode, uint8_t base, uint8_t increment, uint8_t key_rng_cnt)
+{
+#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300
+    REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_MODE_PSEUDO, mode);
+
+    if (mode) {
+        REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_BASE, base);
+        REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_INC, increment);
+        REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_RNG_CNT, key_rng_cnt);
+    } else {
+        REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_BASE, 0);
+        REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_INC, 0);
+        REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_RNG_CNT, 0);
+    }
+#endif
+}
+
+/**
+ * @brief Check if the pseudo round function is supported
+ */
+static inline bool spi_flash_encrypt_ll_is_pseudo_rounds_function_supported(void)
+{
+#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300
+    return true;
+#else
+    return false;
+#endif
+}
+
 #ifdef __cplusplus
 }
 #endif

components/soc/esp32p4/include/soc/Kconfig.soc_caps.in

@@ -1879,6 +1879,10 @@ config SOC_FLASH_ENCRYPTION_XTS_AES_256
     bool
     default y
 
+config SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+    bool
+    default y
+
 config SOC_UART_NUM
     int
     default 6

components/soc/esp32p4/include/soc/soc_caps.h

@@ -686,8 +686,9 @@
 #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX   (64)
 #define SOC_FLASH_ENCRYPTION_XTS_AES        1
 #define SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS 1
-#define SOC_FLASH_ENCRYPTION_XTS_AES_128    1
-#define SOC_FLASH_ENCRYPTION_XTS_AES_256    1
+#define SOC_FLASH_ENCRYPTION_XTS_AES_128    1  /* SOC_EFUSE_XTS_AES_KEY_128 (1) || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 (1) */
+#define SOC_FLASH_ENCRYPTION_XTS_AES_256    1  /* SOC_EFUSE_XTS_AES_KEY_256 (1) || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 (1) */
+#define SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND  1 /*!< Only available in chip version above 3.0 */
 /*-------------------------- MEMPROT CAPS ------------------------------------*/
 
 /*-------------------------- UART CAPS ---------------------------------------*/