Merge branch 'feat/support_aes_pseudo_round_func_in_esp32h2_eco5_v5.2' into 'release/v5.2'

Support AES and XTS-AES's pseudo round function in ESP32H2-ECO5 (v5.2) See merge request espressif/esp-idf!36466
2026-04-28 11:28:43 +00:00 · 2025-02-10 23:57:39 +08:00
parent a31e45a39d 3ec6875e41
commit b8b0046903
33 changed files with 692 additions and 69 deletions
@@ -1115,6 +1115,44 @@ menu "Security features"

            If not set, the app does not care if the flash encryption eFuse bit is set or not.

+    config SECURE_FLASH_PSEUDO_ROUND_FUNC
+        bool "Permanently enable XTS-AES's pseudo rounds function"
+        default y
+        depends on SECURE_FLASH_ENCRYPTION_MODE_RELEASE && SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+        help
+            If set (default), the bootloader will permanently enable the XTS-AES peripheral's pseudo rounds function.
+            Note: Enabling this config would burn an efuse.
+
+    choice SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH
+        prompt "Strength of the pseudo rounds function"
+        depends on SECURE_FLASH_PSEUDO_ROUND_FUNC
+        default SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+        help
+            The strength of the pseudo rounds functions can be configured to low, medium and high,
+            each denoting the values that would be stored in the efuses field.
+            By default the value to set to low.
+            You can configure the strength of the pseudo rounds functions according to your use cases,
+            for example, increasing the strength would provide higher security but would slow down the
+            flash encryption/decryption operations.
+            For more info regarding the performance impact, please checkout the pseudo round function section of the
+            security guide documentation.
+
+        config SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+            bool "Low"
+
+        config SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
+            bool "Medium"
+
+        config SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
+            bool "High"
+    endchoice
+
+    config SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH
+        int
+        default 1 if SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+        default 2 if SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
+        default 3 if SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
+
    config SECURE_ROM_DL_MODE_ENABLED
        bool
        default y if SOC_SUPPORTS_SECURE_DL_MODE && !SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
@@ -1,15 +1,18 @@
 /*
- * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */

+#include <stdint.h>
 #include <strings.h>
 #include "esp_flash_encrypt.h"
 #include "esp_secure_boot.h"
 #include "esp_efuse.h"
 #include "esp_efuse_table.h"
 #include "esp_log.h"
+#include "hal/spi_flash_encrypted_ll.h"
+#include "soc/soc_caps.h"
 #include "sdkconfig.h"

 static __attribute__((unused)) const char *TAG = "flash_encrypt";
@@ -33,6 +36,14 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)

    esp_efuse_write_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);

+#if defined(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE) && defined(SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND)
+    if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
+        ESP_LOGI(TAG, "Enable XTS-AES pseudo rounds function...");
+        uint8_t xts_pseudo_level = CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH;
+        esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
+    }
+#endif
+
 #if defined(CONFIG_SECURE_BOOT_V2_ENABLED) && !defined(CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS)
    // This bit is set when enabling Secure Boot V2, but we can't enable it until this later point in the first boot
    // otherwise the Flash Encryption key cannot be read protected
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -12,6 +12,9 @@
 #include "esp_flash_encrypt.h"
 #include "esp_secure_boot.h"
 #include "hal/efuse_hal.h"
+#include "hal/spi_flash_encrypted_ll.h"
+#include "hal/spi_flash_encrypt_hal.h"
+#include "soc/soc_caps.h"

 #if CONFIG_IDF_TARGET_ESP32
 #define CRYPT_CNT ESP_EFUSE_FLASH_CRYPT_CNT
@@ -211,6 +214,13 @@ void esp_flash_encryption_set_release_mode(void)
 #endif // CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED
 #endif // !CONFIG_IDF_TARGET_ESP32

+#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+    if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
+        uint8_t xts_pseudo_level = ESP_XTS_AES_PSEUDO_ROUNDS_LOW;
+        esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
+    }
+#endif
+
 #ifdef CONFIG_IDF_TARGET_ESP32
    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE);
 #else
@@ -457,6 +467,17 @@ bool esp_flash_encryption_cfg_verify_release_mode(void)
    }
    result &= secure;

+#if SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+    if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
+        uint8_t xts_pseudo_level = 0;
+        esp_efuse_read_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
+        if (!xts_pseudo_level) {
+            result &= false;
+            ESP_LOGW(TAG, "Not enabled XTS-AES pseudo rounds function (set XTS_DPA_PSEUDO_LEVEL->1 or more)");
+        }
+    }
+#endif
+
    return result;
 }
 #endif // not CONFIG_IDF_TARGET_ESP32
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -39,8 +39,17 @@ void aes_hal_transform_block(const void *input_block, void *output_block)
    aes_ll_read_block(output_block);
 }

-#if SOC_AES_SUPPORT_DMA

+#ifdef SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
+void aes_hal_enable_pseudo_rounds(bool enable, uint8_t base, uint8_t increment, uint8_t key_rng_cnt)
+{
+    if (aes_ll_is_pseudo_rounds_function_supported()) {
+        aes_ll_enable_pseudo_rounds(enable, base, increment, key_rng_cnt);
+    }
+}
+#endif // SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
+
+#if SOC_AES_SUPPORT_DMA

 void aes_hal_transform_dma_start(size_t num_blocks)
 {
@@ -61,7 +70,7 @@ void aes_hal_transform_dma_finish(void)

 void aes_hal_mode_init(esp_aes_mode_t mode)
 {
-    /* Set the algorith mode CBC, CFB ... */
+    /* Set the algorithm mode CBC, CFB ... */
    aes_ll_set_block_mode(mode);
    /* Presently hard-coding the INC function to 32 bit */
    if (mode == ESP_AES_BLOCK_MODE_CTR) {
@@ -83,8 +92,6 @@ void aes_hal_wait_done()
 {
    while (aes_ll_get_state() != ESP_AES_STATE_DONE) {}
 }
-
-
 #endif //SOC_AES_SUPPORT_DMA

 #if SOC_AES_SUPPORT_GCM
@@ -11,6 +11,7 @@
 ******************************************************************************/

 // The Lowlevel layer for SPI Flash Encryption.
+#pragma once

 #include "soc/dport_reg.h"
 #include "soc/flash_encryption_reg.h"
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -11,6 +11,7 @@
 ******************************************************************************/

 // The Lowlevel layer for SPI Flash Encryption.
+#pragma once

 #include <stdbool.h>
 #include <string.h>
@@ -23,7 +24,7 @@
 extern "C" {
 #endif

-/// Choose type of chip you want to encrypt manully
+/// Choose type of chip you want to encrypt manually
 typedef enum
 {
    FLASH_ENCRYPTION_MANU = 0, ///!< Manually encrypt the flash chip.
@@ -50,7 +51,7 @@ static inline void spi_flash_encrypt_ll_disable(void)
 }

 /**
- * Choose type of chip you want to encrypt manully
+ * Choose type of chip you want to encrypt manually
 *
 * @param type The type of chip to be encrypted
 *
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -11,6 +11,7 @@
 ******************************************************************************/

 // The Lowlevel layer for SPI Flash Encryption.
+#pragma once

 #include <stdbool.h>
 #include <string.h>
@@ -23,7 +24,7 @@
 extern "C" {
 #endif

-/// Choose type of chip you want to encrypt manully
+/// Choose type of chip you want to encrypt manually
 typedef enum
 {
    FLASH_ENCRYPTION_MANU = 0, ///!< Manually encrypt the flash chip.
@@ -50,7 +51,7 @@ static inline void spi_flash_encrypt_ll_disable(void)
 }

 /**
- * Choose type of chip you want to encrypt manully
+ * Choose type of chip you want to encrypt manually
 *
 * @param type The type of chip to be encrypted
 *
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -11,6 +11,7 @@
 ******************************************************************************/

 // The Lowlevel layer for SPI Flash Encryption.
+#pragma once

 #include <stdbool.h>
 #include <string.h>
@@ -23,7 +24,7 @@
 extern "C" {
 #endif

-/// Choose type of chip you want to encrypt manully
+/// Choose type of chip you want to encrypt manually
 typedef enum
 {
    FLASH_ENCRYPTION_MANU = 0, ///!< Manually encrypt the flash chip.
@@ -50,7 +51,7 @@ static inline void spi_flash_encrypt_ll_disable(void)
 }

 /**
- * Choose type of chip you want to encrypt manully
+ * Choose type of chip you want to encrypt manually
 *
 * @param type The type of chip to be encrypted
 *
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -11,6 +11,9 @@
 #include "soc/hwcrypto_reg.h"
 #include "hal/aes_types.h"

+#include "hal/efuse_hal.h"
+#include "soc/chip_revision.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -219,6 +222,38 @@ static inline void aes_ll_interrupt_clear(void)
    REG_WRITE(AES_INT_CLEAR_REG, 1);
 }

+/**
+ * @brief Enable the pseudo-round function during AES operations
+ *
+ * @param enable true to enable, false to disable
+ * @param base basic number of pseudo rounds, zero if disable
+ * @param increment increment number of pseudo rounds, zero if disable
+ * @param key_rng_cnt update frequency of the pseudo-key, zero if disable
+ */
+static inline void aes_ll_enable_pseudo_rounds(bool enable, uint8_t base, uint8_t increment, uint8_t key_rng_cnt)
+{
+    REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_EN, enable);
+
+    if (enable) {
+        REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_BASE, base);
+        REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_INC, increment);
+        REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_RNG_CNT, key_rng_cnt);
+    } else {
+        REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_BASE, 0);
+        REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_INC, 0);
+        REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_RNG_CNT, 0);
+    }
+}
+
+/**
+ * @brief Check if the pseudo round function is supported
+ * The AES pseudo round function is only avliable in chip version
+ * above 1.2 in ESP32-H2
+ */
+static inline bool aes_ll_is_pseudo_rounds_function_supported(void)
+{
+    return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102);
+}

 #ifdef __cplusplus
 }
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -11,6 +11,7 @@
 ******************************************************************************/

 // The Lowlevel layer for SPI Flash Encryption.
+#pragma once

 #include <stdbool.h>
 #include <string.h>
@@ -19,11 +20,14 @@
 #include "soc/soc.h"
 #include "hal/assert.h"

+#include "hal/efuse_hal.h"
+#include "soc/chip_revision.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif

-/// Choose type of chip you want to encrypt manully
+/// Choose type of chip you want to encrypt manually
 typedef enum
 {
    FLASH_ENCRYPTION_MANU = 0, ///!< Manually encrypt the flash chip.
@@ -50,7 +54,7 @@ static inline void spi_flash_encrypt_ll_disable(void)
 }

 /**
- * Choose type of chip you want to encrypt manully
+ * Choose type of chip you want to encrypt manually
 *
 * @param type The type of chip to be encrypted
 *
@@ -144,6 +148,39 @@ static inline bool spi_flash_encrypt_ll_check(uint32_t address, uint32_t length)
    return ((address % length) == 0) ? true : false;
 }

+/**
+ * @brief Enable the pseudo-round function during XTS-AES operations
+ *
+ * @param mode set the mode for pseudo rounds, zero to disable, with increasing security upto three.
+ * @param base basic number of pseudo rounds, zero if disable
+ * @param increment increment number of pseudo rounds, zero if disable
+ * @param key_rng_cnt update frequency of the pseudo-key, zero if disable
+ */
+static inline void spi_flash_encrypt_ll_enable_pseudo_rounds(uint8_t mode, uint8_t base, uint8_t increment, uint8_t key_rng_cnt)
+{
+    REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_MODE_PSEUDO, mode);
+
+    if (mode) {
+        REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_BASE, base);
+        REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_INC, increment);
+        REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_RNG_CNT, key_rng_cnt);
+    } else {
+        REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_BASE, 0);
+        REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_INC, 0);
+        REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_RNG_CNT, 0);
+    }
+}
+
+/**
+ * @brief Check if the pseudo round function is supported
+ * The XTS-AES pseudo round function is only avliable in chip version
+ * above 1.2 in ESP32-H2
+ */
+static inline bool spi_flash_encrypt_ll_is_pseudo_rounds_function_supported(void)
+{
+    return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102);
+}
+
 #ifdef __cplusplus
 }
 #endif
@@ -11,6 +11,7 @@
 ******************************************************************************/

 // The Lowlevel layer for SPI Flash Encryption.
+#pragma once

 #include <stdbool.h>
 #include <string.h>
@@ -54,7 +55,7 @@ static inline void spi_flash_encrypt_ll_disable(void)
 }

 /**
- * Choose type of chip you want to encrypt manully
+ * Choose type of chip you want to encrypt manually
 *
 * @param type The type of chip to be encrypted
 *
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -11,6 +11,7 @@
 ******************************************************************************/

 // The Lowlevel layer for SPI Flash Encryption.
+#pragma once

 #include <stdbool.h>
 #include <string.h>
@@ -23,7 +24,7 @@
 extern "C" {
 #endif

-/// Choose type of chip you want to encrypt manully
+/// Choose type of chip you want to encrypt manually
 typedef enum
 {
    FLASH_ENCRYPTION_MANU = 0, ///!< Manually encrypt the flash chip.
@@ -60,7 +61,7 @@ static inline void spi_flash_encrypt_ll_disable(void)
 }

 /**
- * Choose type of chip you want to encrypt manully
+ * Choose type of chip you want to encrypt manually
 *
 * @param type The type of chip to be encrypted
 *
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -11,6 +11,7 @@
 ******************************************************************************/

 // The Lowlevel layer for SPI Flash Encryption.
+#pragma once

 #include <stdbool.h>
 #include <string.h>
@@ -23,7 +24,7 @@
 extern "C" {
 #endif

-/// Choose type of chip you want to encrypt manully
+/// Choose type of chip you want to encrypt manually
 typedef enum
 {
    FLASH_ENCRYPTION_MANU = 0, ///!< Manually encrypt the flash chip.
@@ -50,7 +51,7 @@ static inline void spi_flash_encrypt_ll_disable(void)
 }

 /**
- * Choose type of chip you want to encrypt manully
+ * Choose type of chip you want to encrypt manually
 *
 * @param type The type of chip to be encrypted
 *
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -45,6 +45,18 @@ uint8_t aes_hal_setkey(const uint8_t *key, size_t key_bytes, int mode);
 */
 void aes_hal_transform_block(const void *input_block, void *output_block);

+#ifdef SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
+/**
+ * @brief Enable the pseudo-round function during AES operations
+ *
+ * @param enable true to enable, false to disable
+ * @param base basic number of pseudo rounds, zero if disable
+ * @param increment increment number of pseudo rounds, zero if disable
+ * @param key_rng_cnt update frequency of the pseudo-key, zero if disable
+ */
+void aes_hal_enable_pseudo_rounds(bool enable, uint8_t base, uint8_t increment, uint8_t key_rng_cnt);
+#endif /* SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION */
+
 #if SOC_AES_SUPPORT_DMA
 /**
 * @brief Inits the AES mode of operation
@@ -102,6 +114,7 @@ void aes_hal_transform_dma_finish(void);
 */
 #define aes_hal_interrupt_clear() aes_ll_interrupt_clear()

+
 #if SOC_AES_SUPPORT_GCM
 /**
 * @brief Calculates the Hash sub-key H0 needed to start AES-GCM
@@ -114,7 +127,7 @@ void aes_hal_gcm_calc_hash(uint8_t *gcm_hash);
 * @brief Initializes the AES hardware for AES-GCM
 *
 * @param aad_num_blocks the number of Additional Authenticated Data (AAD) blocks
- * @param num_valid_bit the number of effective bits of incomplete blocks in plaintext/cipertext
+ * @param num_valid_bit the number of effective bits of incomplete blocks in plaintext/ciphertext
 */
 void aes_hal_gcm_init(size_t aad_num_blocks, size_t num_valid_bit);

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -13,11 +13,35 @@
 // The HAL layer for SPI Flash Encryption

 #include "hal/spi_flash_encrypted_ll.h"
+#include "soc/soc_caps.h"

 #ifdef __cplusplus
 extern "C" {
 #endif

+#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+/**
+ * @brief Default pseudo rounds configs of the XTS-AES accelerator
+ */
+typedef enum {
+    ESP_XTS_AES_PSEUDO_ROUNDS_DISABLE = 0,
+    ESP_XTS_AES_PSEUDO_ROUNDS_LOW,
+    ESP_XTS_AES_PSEUDO_ROUNDS_MEDIUM,
+    ESP_XTS_AES_PSEUDO_ROUNDS_HIGH,
+} esp_xts_aes_psuedo_rounds_state_t;
+
+/* The total number of pseudo-rounds randomly inserted in an XTS-AES operation are controlled by
+ * configuring the PSEUDO_MODE, PSEUDO_BASE, PSEUDO_INC parameters.
+ * Users can also set the frequency of random key updates by configuring the PSEUDO_RNG_CNT.
+ * Here, we would be using some pre-decided values for these parameters corresponding to the security needed.
+ * For more information regarding these parameters please refer the TRM.
+ */
+#define XTS_AES_PSEUDO_ROUNDS_BASE      4
+#define XTS_AES_PSEUDO_ROUNDS_INC       2
+#define XTS_AES_PSEUDO_ROUNDS_RNG_CNT   7
+
+#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND */
+
 /**
 * @brief Enable the flash encryption
 */
@@ -57,6 +81,18 @@ void spi_flash_encryption_hal_destroy(void);
 */
 bool spi_flash_encryption_hal_check(uint32_t address, uint32_t length);

+#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+/**
+ * @brief Enable the pseudo-round function during XTS-AES operations
+ *
+ * @param mode set the mode for pseudo rounds, zero to disable, with increasing security upto three.
+ * @param base basic number of pseudo rounds, zero if disable
+ * @param increment increment number of pseudo rounds, zero if disable
+ * @param key_rng_cnt update frequency of the pseudo-key, zero if disable
+ */
+void spi_flash_encryption_hal_enable_pseudo_rounds(uint8_t mode, uint8_t base, uint8_t increment, uint8_t key_rng_cnt);
+#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND */
+
 #ifdef __cplusplus
 }
 #endif
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -7,6 +7,7 @@
 // This part is put in iram.

 #include "hal/spi_flash_encrypted_ll.h"
+#include "soc/soc_caps.h"

 void spi_flash_encryption_hal_enable(void)
 {
@@ -49,3 +50,12 @@ bool spi_flash_encryption_hal_check(uint32_t address, uint32_t length)
 {
    return spi_flash_encrypt_ll_check(address, length);
 }
+
+#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+void spi_flash_encryption_hal_enable_pseudo_rounds(uint8_t mode, uint8_t base, uint8_t increment, uint8_t key_rng_cnt)
+{
+    if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
+        spi_flash_encrypt_ll_enable_pseudo_rounds(mode, base, increment, key_rng_cnt);
+    }
+}
+#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND */
@@ -401,6 +401,42 @@ menu "mbedTLS"
            priority level and any level from 1 to 3 can be selected (based on the availability).
            Note: Higher value indicates high interrupt priority.

+    config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+        bool "Enable AES hardware's pseudo round function"
+        default n
+        depends on SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
+        help
+            Enables the pseudo round function of the AES peripheral.
+            Enabling this would impact the performance of the AES operations.
+            For more info regarding the performance impact, please checkout the pseudo round function section of the
+            security guide.
+
+    choice MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH
+        prompt "Strength of the pseudo rounds function"
+        depends on MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+        default MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+        help
+            The strength of the pseudo rounds functions can be configured to low, medium and high.
+            You can configure the strength of the pseudo rounds functions according to your use cases,
+            for example, increasing the strength would provide higher security but would slow down the
+            hardware AES encryption/decryption operations.
+
+        config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+            bool "Low"
+
+        config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
+            bool "Medium"
+
+        config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
+            bool "High"
+    endchoice
+
+    config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH
+        int
+        default 1 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+        default 2 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
+        default 3 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
+
    config MBEDTLS_HARDWARE_GCM
        bool "Enable partially hardware accelerated GCM"
        depends on SOC_AES_SUPPORT_GCM && MBEDTLS_HARDWARE_AES
@@ -34,6 +34,7 @@
 #include <sys/lock.h>
 #include "hal/aes_hal.h"
 #include "aes/esp_aes_internal.h"
+#include "sdkconfig.h"

 #include <freertos/FreeRTOS.h>

@@ -99,6 +100,10 @@ static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output)
    i2 = input_words[2];
    i3 = input_words[3];

+#ifdef CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+    esp_aes_enable_pseudo_rounds(CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH);
+#endif /* CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC */
+
    aes_hal_transform_block(input, output);

    /* Physical security check: Verify the AES accelerator actually ran, and wasn't
@@ -36,6 +36,7 @@
 #include "esp_heap_caps.h"
 #include "esp_memory_utils.h"
 #include "sys/param.h"
+#include "sdkconfig.h"
 #if CONFIG_PM_ENABLE
 #include "esp_pm.h"
 #endif
@@ -447,6 +448,10 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
        aes_hal_interrupt_enable(false);
    }

+#ifdef CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+    esp_aes_enable_pseudo_rounds(CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH);
+#endif /* CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC */
+
    if (esp_aes_dma_start(in_desc_head, out_desc_head) != ESP_OK) {
        ESP_LOGE(TAG, "esp_aes_dma_start failed, no DMA channel available");
        ret = -1;
@@ -590,6 +595,10 @@ int esp_aes_process_dma_gcm(esp_aes_context *ctx, const unsigned char *input, un
        aes_hal_interrupt_enable(false);
    }

+#ifdef CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+    esp_aes_enable_pseudo_rounds(CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH);
+#endif /* CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC */
+
    /* Start AES operation */
    if (esp_aes_dma_start(in_desc_head, out_desc_head) != ESP_OK) {
        ESP_LOGE(TAG, "esp_aes_dma_start failed, no DMA channel available");
@@ -6,7 +6,7 @@
 *
 * SPDX-License-Identifier: Apache-2.0
 *
- * SPDX-FileContributor: 2016-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileContributor: 2016-2025 Espressif Systems (Shanghai) CO LTD
 */
 /*
 *  The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
@@ -77,3 +77,30 @@ int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key,
    ctx->key_in_hardware = 0;
    return 0;
 }
+
+#ifdef CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+/* The total number of pseudo-rounds randomly inserted in an AES operation are controlled by
+ * configuring the AES_PSEUDO_BASE, AES_PSEUDO_INC parameters.
+ * Users can also set the frequency of random key updates by configuring the AES_PSEUDO_RNG_CNT.
+ * Here, we would be using some pre-decided values for these parameters corresponding to the security needed.
+ * For more information regarding these parameters please refer the TRM.
+ */
+#define AES_PSEUDO_ROUNDS_BASE_LOW      4
+#define AES_PSEUDO_ROUNDS_BASE_MEDIUM   7
+#define AES_PSEUDO_ROUNDS_BASE_HIGH     15
+#define AES_PSEUDO_ROUNDS_INC           3
+#define AES_PSEUDO_ROUNDS_RNG_CNT       7
+
+void esp_aes_enable_pseudo_rounds(esp_aes_psuedo_rounds_state_t state)
+{
+    if (state == ESP_AES_PSEUDO_ROUNDS_DISABLE) {
+        aes_hal_enable_pseudo_rounds(false, 0, 0, 0);
+    } else if (state == ESP_AES_PSEUDO_ROUNDS_LOW) {
+        aes_hal_enable_pseudo_rounds(true, AES_PSEUDO_ROUNDS_BASE_LOW, AES_PSEUDO_ROUNDS_INC, AES_PSEUDO_ROUNDS_RNG_CNT);
+    } else if (state == ESP_AES_PSEUDO_ROUNDS_MEDIUM) {
+        aes_hal_enable_pseudo_rounds(true, AES_PSEUDO_ROUNDS_BASE_MEDIUM, AES_PSEUDO_ROUNDS_INC, AES_PSEUDO_ROUNDS_RNG_CNT);
+    } else {
+        aes_hal_enable_pseudo_rounds(true, AES_PSEUDO_ROUNDS_BASE_HIGH, AES_PSEUDO_ROUNDS_INC, AES_PSEUDO_ROUNDS_RNG_CNT);
+    }
+}
+#endif /* CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC */
@@ -27,6 +27,7 @@
 #include "aes/esp_aes.h"
 #include "aes/esp_aes_gcm.h"
 #include <stdbool.h>
+#include "sdkconfig.h"

 #ifdef __cplusplus
 extern "C" {
@@ -34,6 +35,19 @@ extern "C" {

 bool valid_key_length(const esp_aes_context *ctx);

+#ifdef CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+/**
+ * @brief Default pseudo rounds configs of the AES accelerator
+ */
+typedef enum {
+    ESP_AES_PSEUDO_ROUNDS_DISABLE = 0,
+    ESP_AES_PSEUDO_ROUNDS_LOW,
+    ESP_AES_PSEUDO_ROUNDS_MEDIUM,
+    ESP_AES_PSEUDO_ROUNDS_HIGH,
+} esp_aes_psuedo_rounds_state_t;
+
+void esp_aes_enable_pseudo_rounds(esp_aes_psuedo_rounds_state_t state);
+#endif /* CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC */

 /**
 * @brief           Run a AES-GCM conversion using DMA
@@ -231,6 +231,10 @@ config SOC_AES_SUPPORT_AES_256
    bool
    default y

+config SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
+    bool
+    default y
+
 config SOC_ADC_DIG_CTRL_SUPPORTED
    bool
    default y
@@ -1127,6 +1131,10 @@ config SOC_FLASH_ENCRYPTION_XTS_AES_128
    bool
    default y

+config SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+    bool
+    default y
+
 config SOC_CRYPTO_DPA_PROTECTION_SUPPORTED
    bool
    default y
@@ -1,5 +1,5 @@
 /**
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
 *
 *  SPDX-License-Identifier: Apache-2.0
 */
@@ -412,6 +412,63 @@ extern "C" {
 #define AES_DMA_EXIT_V  0x00000001U
 #define AES_DMA_EXIT_S  0

+/** AES_RX_RESET_REG register
+ *  AES-DMA reset rx-fifo register
+ */
+#define AES_RX_RESET_REG (DR_REG_AES_BASE + 0xc0)
+/** AES_RX_RESET : WT; bitpos: [0]; default: 0;
+ *  Set this bit to reset rx_fifo under dma_aes working mode.
+ */
+#define AES_RX_RESET    (BIT(0))
+#define AES_RX_RESET_M  (AES_RX_RESET_V << AES_RX_RESET_S)
+#define AES_RX_RESET_V  0x00000001U
+#define AES_RX_RESET_S  0
+
+/** AES_TX_RESET_REG register
+ *  AES-DMA reset tx-fifo register
+ */
+#define AES_TX_RESET_REG (DR_REG_AES_BASE + 0xc4)
+/** AES_TX_RESET : WT; bitpos: [0]; default: 0;
+ *  Set this bit to reset tx_fifo under dma_aes working mode.
+ */
+#define AES_TX_RESET    (BIT(0))
+#define AES_TX_RESET_M  (AES_TX_RESET_V << AES_TX_RESET_S)
+#define AES_TX_RESET_V  0x00000001U
+#define AES_TX_RESET_S  0
+
+/** AES_PSEUDO_REG register
+ *  AES PSEUDO function configure register
+ */
+#define AES_PSEUDO_REG (DR_REG_AES_BASE + 0xd0)
+/** AES_PSEUDO_EN : R/W; bitpos: [0]; default: 0;
+ *  This bit decides whether the pseudo round function is enable or not.
+ */
+#define AES_PSEUDO_EN    (BIT(0))
+#define AES_PSEUDO_EN_M  (AES_PSEUDO_EN_V << AES_PSEUDO_EN_S)
+#define AES_PSEUDO_EN_V  0x00000001U
+#define AES_PSEUDO_EN_S  0
+/** AES_PSEUDO_BASE : R/W; bitpos: [4:1]; default: 2;
+ *  Those bits decides the basic number of pseudo round number.
+ */
+#define AES_PSEUDO_BASE    0x0000000FU
+#define AES_PSEUDO_BASE_M  (AES_PSEUDO_BASE_V << AES_PSEUDO_BASE_S)
+#define AES_PSEUDO_BASE_V  0x0000000FU
+#define AES_PSEUDO_BASE_S  1
+/** AES_PSEUDO_INC : R/W; bitpos: [6:5]; default: 2;
+ *  Those bits decides the increment number of pseudo round number
+ */
+#define AES_PSEUDO_INC    0x00000003U
+#define AES_PSEUDO_INC_M  (AES_PSEUDO_INC_V << AES_PSEUDO_INC_S)
+#define AES_PSEUDO_INC_V  0x00000003U
+#define AES_PSEUDO_INC_S  5
+/** AES_PSEUDO_RNG_CNT : R/W; bitpos: [9:7]; default: 7;
+ *  Those bits decides the update frequency of the pseudo-key.
+ */
+#define AES_PSEUDO_RNG_CNT    0x00000007U
+#define AES_PSEUDO_RNG_CNT_M  (AES_PSEUDO_RNG_CNT_V << AES_PSEUDO_RNG_CNT_S)
+#define AES_PSEUDO_RNG_CNT_V  0x00000007U
+#define AES_PSEUDO_RNG_CNT_S  7
+
 #ifdef __cplusplus
 }
 #endif
@@ -1,5 +1,5 @@
 /**
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
 *
 *  SPDX-License-Identifier: Apache-2.0
 */
@@ -398,6 +398,61 @@ typedef union {
    uint32_t val;
 } aes_dma_exit_reg_t;

+/** Type of rx_reset register
+ *  AES-DMA reset rx-fifo register
+ */
+typedef union {
+    struct {
+        /** rx_reset : WT; bitpos: [0]; default: 0;
+         *  Set this bit to reset rx_fifo under dma_aes working mode.
+         */
+        uint32_t rx_reset:1;
+        uint32_t reserved_1:31;
+    };
+    uint32_t val;
+} aes_rx_reset_reg_t;
+
+/** Type of tx_reset register
+ *  AES-DMA reset tx-fifo register
+ */
+typedef union {
+    struct {
+        /** tx_reset : WT; bitpos: [0]; default: 0;
+         *  Set this bit to reset tx_fifo under dma_aes working mode.
+         */
+        uint32_t tx_reset:1;
+        uint32_t reserved_1:31;
+    };
+    uint32_t val;
+} aes_tx_reset_reg_t;
+
+
+/** Group: Configuration register */
+/** Type of pseudo register
+ *  AES PSEUDO function configure register
+ */
+typedef union {
+    struct {
+        /** pseudo_en : R/W; bitpos: [0]; default: 0;
+         *  This bit decides whether the pseudo round function is enable or not.
+         */
+        uint32_t pseudo_en:1;
+        /** pseudo_base : R/W; bitpos: [4:1]; default: 2;
+         *  Those bits decides the basic number of pseudo round number.
+         */
+        uint32_t pseudo_base:4;
+        /** pseudo_inc : R/W; bitpos: [6:5]; default: 2;
+         *  Those bits decides the increment number of pseudo round number
+         */
+        uint32_t pseudo_inc:2;
+        /** pseudo_rng_cnt : R/W; bitpos: [9:7]; default: 7;
+         *  Those bits decides the update frequency of the pseudo-key.
+         */
+        uint32_t pseudo_rng_cnt:3;
+        uint32_t reserved_10:22;
+    };
+    uint32_t val;
+} aes_pseudo_reg_t;

 /** Group: memory type */

@@ -483,12 +538,17 @@ typedef struct {
    volatile aes_int_ena_reg_t int_ena;
    volatile aes_date_reg_t date;
    volatile aes_dma_exit_reg_t dma_exit;
+    uint32_t reserved_0bc;
+    volatile aes_rx_reset_reg_t rx_reset;
+    volatile aes_tx_reset_reg_t tx_reset;
+    uint32_t reserved_0c8[2];
+    volatile aes_pseudo_reg_t pseudo;
 } aes_dev_t;

 extern aes_dev_t AES;

 #ifndef __cplusplus
-_Static_assert(sizeof(aes_dev_t) == 0xbc, "Invalid size of aes_dev_t structure");
+_Static_assert(sizeof(aes_dev_t) == 0xd4, "Invalid size of aes_dev_t structure");
 #endif

 #ifdef __cplusplus
@@ -106,6 +106,8 @@
 #define SOC_AES_SUPPORT_AES_128 (1)
 #define SOC_AES_SUPPORT_AES_256 (1)

+#define SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION (1) /*!< Only avliable in chip version above 1.2*/
+
 /*-------------------------- ADC CAPS -------------------------------*/
 /*!< SAR ADC Module*/
 #define SOC_ADC_DIG_CTRL_SUPPORTED              1
@@ -473,6 +475,7 @@
 #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX   (32)
 #define SOC_FLASH_ENCRYPTION_XTS_AES        1
 #define SOC_FLASH_ENCRYPTION_XTS_AES_128    1
+#define SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND  1 /*!< Only avliable in chip version above 1.2*/

 /*------------------------ Anti DPA (Security) CAPS --------------------------*/
 #define SOC_CRYPTO_DPA_PROTECTION_SUPPORTED     1
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -70,7 +70,7 @@ typedef volatile struct spi_mem_dev_s {
    } ctrl;
    union {
        struct {
-            uint32_t clk_mode                      :    2;  /*SPI clock mode bits. 0: SPI clock is off when CS inactive 1: SPI clock is delayed one cycle after CS inactive 2: SPI clock is delayed two cycles after CS inactive 3: SPI clock is alwasy on.*/
+            uint32_t clk_mode                      :    2;  /*SPI clock mode bits. 0: SPI clock is off when CS inactive 1: SPI clock is delayed one cycle after CS inactive 2: SPI clock is delayed two cycles after CS inactive 3: SPI clock is always on.*/
            uint32_t cs_hold_dly_res               :    10;  /*After RES/DP/HPM command is sent, SPI1 waits (SPI_MEM_CS_HOLD_DELAY_RES[9:0] * 512) SPI_CLK cycles.*/
            uint32_t reserved2                     :    9;  /*reserved*/
            uint32_t reg_ar_size0_1_support_en     :    1;  /*1: MSPI supports ARSIZE 0~3. When ARSIZE =0~2, MSPI read address is 4*n and reply the real AXI read data back. 0: When ARSIZE 0~1, MSPI reply SLV_ERR.*/
@@ -272,7 +272,7 @@ typedef volatile struct spi_mem_dev_s {
            uint32_t sclkcnt_h                     :    8;  /*For SPI0 external RAM  interface, it must be floor((spi_mem_clkcnt_N+1)/2-1).*/
            uint32_t sclkcnt_n                     :    8;  /*For SPI0 external RAM  interface, it is the divider of spi_mem_clk. So spi_mem_clk frequency is system/(spi_mem_clkcnt_N+1)*/
            uint32_t reserved24                    :    7;  /*reserved*/
-            uint32_t sclk_equ_sysclk               :    1;  /*For SPI0 external RAM  interface, 1: spi_mem_clk is eqaul to system 0: spi_mem_clk is divided from system clock.*/
+            uint32_t sclk_equ_sysclk               :    1;  /*For SPI0 external RAM  interface, 1: spi_mem_clk is equal to system 0: spi_mem_clk is divided from system clock.*/
        };
        uint32_t val;
    } sram_clk;
@@ -389,7 +389,7 @@ typedef volatile struct spi_mem_dev_s {
            uint32_t axi_raddr_err                 :    1;  /*The raw bit for SPI_MEM_AXI_RADDR_ERR_INT interrupt. 1: Triggered when AXI read address is invalid by compared to MMU configuration. 0: Others.*/
            uint32_t axi_wr_flash_err              :    1;  /*The raw bit for SPI_MEM_AXI_WR_FALSH_ERR_INT interrupt. 1: Triggered when AXI write flash request is received. 0: Others.*/
            uint32_t axi_waddr_err                 :    1;  /*The raw bit for SPI_MEM_AXI_WADDR_ERR_INT interrupt. 1: Triggered when AXI write address is invalid by compared to MMU configuration. 0: Others.*/
-            uint32_t brown_out                     :    1;  /*The raw bit for SPI_MEM_BROWN_OUT_INT interrupt. 1: Triggered condition is that chip is loosing power and RTC module sends out brown out close flash request to SPI1. After SPI1 sends out suspend command to flash, this interrupt is triggered and MSPI returns to idle state. 0: Others.*/
+            uint32_t brown_out                     :    1;  /*The raw bit for SPI_MEM_BROWN_OUT_INT interrupt. 1: Triggered condition is that chip is losing power and RTC module sends out brown out close flash request to SPI1. After SPI1 sends out suspend command to flash, this interrupt is triggered and MSPI returns to idle state. 0: Others.*/
            uint32_t reserved11                    :    21;  /*reserved*/
        };
        uint32_t val;
@@ -1026,14 +1026,23 @@ typedef volatile struct spi_mem_dev_s {
    } mmu_power_ctrl;
    union {
        struct {
-            uint32_t reg_crypt_security_level      :    3;  /*Set the security level of spi mem cryption. 0: Shut off cryption DPA funtion. 1-7: The bigger the number is, the more secure the cryption is. (Note that the performance of cryption will decrease together with this number increasing)*/
+            uint32_t reg_crypt_security_level      :    3;  /*Set the security level of spi mem cryption. 0: Shut off cryption DPA function. 1-7: The bigger the number is, the more secure the cryption is. (Note that the performance of cryption will decrease together with this number increasing)*/
            uint32_t reg_crypt_calc_d_dpa_en       :    1;  /*Only available when SPI_CRYPT_SECURITY_LEVEL is not 0. 1: Enable DPA in the calculation that using key 1 or key 2. 0: Enable DPA only in the calculation that using key 1.*/
            uint32_t reg_crypt_dpa_selectister     :    1;  /*1: MSPI XTS DPA clock gate is controlled by SPI_CRYPT_CALC_D_DPA_EN and SPI_CRYPT_SECURITY_LEVEL. 0: Controlled by efuse bits.*/
            uint32_t reserved5                     :    27;  /*reserved*/
        };
        uint32_t val;
    } dpa_ctrl;
-    uint32_t reserved_38c;
+    union {
+        struct {
+            uint32_t reg_mode_pseudo                :    2;  /*Set the mode of pseudo. 2'b00: crypto without pseudo. 2'b01: state T with pseudo and state D without pseudo. 2'b10: state T with pseudo and state D with few pseudo. 2'b11: crypto with pseudo.*/
+            uint32_t reg_pseudo_rng_cnt             :    3;  /*xts aes peseudo function base round that must be performed.*/
+            uint32_t reg_pseudo_base                :    4;  /*xts aes peseudo function base round that must be performed.*/
+            uint32_t reg_pseudo_inc                 :    2;  /*xts aes peseudo function increment round that will be performed randomly between 0 & 2**(inc+1).*/
+            uint32_t reserved11                     :    21;  /*reserved*/
+        };
+        uint32_t val;
+    } xts_pseudo_round_conf;
    uint32_t reserved_390;
    uint32_t reserved_394;
    uint32_t reserved_398;
@@ -1,5 +1,5 @@
 /**
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
 *
 *  SPDX-License-Identifier: Apache-2.0
 */
@@ -32,7 +32,7 @@ s. Please do not use this field..*/

 #define XTS_AES_DESTINATION_REG(i)          (REG_SPI_MEM_BASE(i) + 0x344)
 /* XTS_AES_DESTINATION : R/W ;bitpos:[0] ;default: 1'b0 ; */
-/*description: This bit stores the destination parameter which will be used in manual encryptio
+/*description: This bit stores the destination parameter which will be used in manual encryption
 n calculation. 0: flash(default), 1: psram(reserved). Only default value can be
 used..*/
 #define XTS_AES_DESTINATION    (BIT(0))
@@ -54,7 +54,7 @@ size parameter..*/
 /* XTS_AES_TRIGGER : WT ;bitpos:[0] ;default: 1'b0 ; */
 /*description: Set this bit to trigger the process of manual encryption calculation. This actio
 n should only be asserted when manual encryption status is 0. After this action,
- manual encryption status becomes 1. After calculation is done, manual encryptio
+ manual encryption status becomes 1. After calculation is done, manual encryption
 n status becomes 2..*/
 #define XTS_AES_TRIGGER    (BIT(0))
 #define XTS_AES_TRIGGER_M  (BIT(0))
@@ -116,7 +116,7 @@ ing key 1..*/
 #define XTS_AES_CRYPT_CALC_D_DPA_EN_V  0x1
 #define XTS_AES_CRYPT_CALC_D_DPA_EN_S  3
 /* XTS_AES_CRYPT_SECURITY_LEVEL : R/W ;bitpos:[2:0] ;default: 3'd7 ; */
-/*description: Set the security level of spi mem cryption. 0: Shut off cryption DPA funtion. 1-
+/*description: Set the security level of spi mem cryption. 0: Shut off cryption DPA function. 1-
 7: The bigger the number is, the more secure the cryption is. (Note that the per
 formance of cryption will decrease together with this number increasing).*/
 #define XTS_AES_CRYPT_SECURITY_LEVEL    0x00000007
@@ -124,6 +124,42 @@ formance of cryption will decrease together with this number increasing).*/
 #define XTS_AES_CRYPT_SECURITY_LEVEL_V  0x7
 #define XTS_AES_CRYPT_SECURITY_LEVEL_S  0

+/** XTS_AES_PSEUDO_ROUND_CONF_REG register
+ *  SPI memory encryption PSEUDO register
+ */
+#define XTS_AES_PSEUDO_ROUND_CONF_REG(i) (REG_SPI_MEM_BASE(i) + 0x38c)
+/** XTS_AES_MODE_PSEUDO : R/W; bitpos: [1:0]; default: 0;
+ *  Set the mode of pseudo. 2'b00: crypto without pseudo. 2'b01: state T with pseudo
+ *  and state D without pseudo. 2'b10: state T with pseudo and state D with few pseudo.
+ *  2'b11: crypto with pseudo.
+ */
+#define XTS_AES_MODE_PSEUDO    0x00000003U
+#define XTS_AES_MODE_PSEUDO_M  (XTS_AES_MODE_PSEUDO_V << XTS_AES_MODE_PSEUDO_S)
+#define XTS_AES_MODE_PSEUDO_V  0x00000003U
+#define XTS_AES_MODE_PSEUDO_S  0
+/** XTS_AES_PSEUDO_RNG_CNT : R/W; bitpos: [4:2]; default: 7;
+ *  xts aes peseudo function base round that must be performed.
+ */
+#define XTS_AES_PSEUDO_RNG_CNT    0x00000007U
+#define XTS_AES_PSEUDO_RNG_CNT_M  (XTS_AES_PSEUDO_RNG_CNT_V << XTS_AES_PSEUDO_RNG_CNT_S)
+#define XTS_AES_PSEUDO_RNG_CNT_V  0x00000007U
+#define XTS_AES_PSEUDO_RNG_CNT_S  2
+/** XTS_AES_PSEUDO_BASE : R/W; bitpos: [8:5]; default: 2;
+ *  xts aes peseudo function base round that must be performed.
+ */
+#define XTS_AES_PSEUDO_BASE    0x0000000FU
+#define XTS_AES_PSEUDO_BASE_M  (XTS_AES_PSEUDO_BASE_V << XTS_AES_PSEUDO_BASE_S)
+#define XTS_AES_PSEUDO_BASE_V  0x0000000FU
+#define XTS_AES_PSEUDO_BASE_S  5
+/** XTS_AES_PSEUDO_INC : R/W; bitpos: [10:9]; default: 2;
+ *  xts aes peseudo function increment round that will be performed randomly between 0 &
+ *  2**(inc+1).
+ */
+#define XTS_AES_PSEUDO_INC    0x00000003U
+#define XTS_AES_PSEUDO_INC_M  (XTS_AES_PSEUDO_INC_V << XTS_AES_PSEUDO_INC_S)
+#define XTS_AES_PSEUDO_INC_V  0x00000003U
+#define XTS_AES_PSEUDO_INC_S  9
+
 #ifdef __cplusplus
 }
 #endif
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -517,6 +517,11 @@ esp_err_t spi_flash_chip_generic_write_encrypted(esp_flash_t *chip, const void *

    const uint8_t *data_bytes = (const uint8_t *)buffer;
    esp_flash_encryption->flash_encryption_enable();
+
+#if SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+    spi_flash_encryption_hal_enable_pseudo_rounds(ESP_XTS_AES_PSEUDO_ROUNDS_LOW, XTS_AES_PSEUDO_ROUNDS_BASE, XTS_AES_PSEUDO_ROUNDS_INC, XTS_AES_PSEUDO_ROUNDS_RNG_CNT);
+#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND */
+
    while (length > 0) {
        int block_size;
        /* Write the largest block if possible */