From b9a503e9ec4493596de4e5c748b883ee27008ae0 Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Fri, 19 Sep 2025 15:44:13 +0530 Subject: [PATCH] feat(esp_tee): Support for ESP32-C61 - the rest of the components --- components/esp_hw_support/esp_clk.c | 4 ++ components/esp_hw_support/include/esp_cpu.h | 2 +- .../esp32c61/mspi_timing_tuning_configs.h | 2 +- .../port/esp32c61/CMakeLists.txt | 4 +- .../port/esp32c61/cpu_region_protect.c | 9 +++++ .../port/esp32c61/esp_cpu_intr.c | 17 ++++++++- .../esp_mm/port/esp32c61/ext_mem_layout.c | 33 +++++++++++++++-- components/esp_security/CMakeLists.txt | 11 +++++- .../esp_system/ld/esp32c61/memory.ld.in | 20 +++++++++- .../esp_system/ld/esp32c61/sections.ld.in | 13 +++++++ components/hal/CMakeLists.txt | 27 +++++++++++--- components/heap/port/esp32c61/memory_layout.c | 15 +++++++- .../esp_tee/esp_tee_crypto_shared_gdma.c | 19 +++++++--- .../mbedtls/esp_tee/esp_tee_mbedtls.cmake | 37 +++++++++++-------- .../mbedtls/esp_tee/esp_tee_mbedtls_config.h | 8 +++- .../soc/esp32c61/register/soc/tee_reg.h | 1 - 16 files changed, 180 insertions(+), 42 deletions(-) diff --git a/components/esp_hw_support/esp_clk.c b/components/esp_hw_support/esp_clk.c index 3eaefc4cf8..da2bab1d2d 100644 --- a/components/esp_hw_support/esp_clk.c +++ b/components/esp_hw_support/esp_clk.c @@ -163,7 +163,9 @@ void esp_clk_slowclk_cal_set(uint32_t new_cal) #if SOC_RTC_MEM_SUPPORTED esp_rtc_get_time_us(); #else +#if !NON_OS_BUILD esp_os_enter_critical_safe(&s_esp_rtc_time_lock); +#endif uint32_t old_cal = clk_ll_rtc_slow_load_cal(); if (old_cal != 0) { /** @@ -186,7 +188,9 @@ void esp_clk_slowclk_cal_set(uint32_t new_cal) new_fix_us = old_fix_us - new_fix_us; clk_ll_rtc_slow_store_rtc_fix_us(new_fix_us); } +#if !NON_OS_BUILD esp_os_exit_critical_safe(&s_esp_rtc_time_lock); +#endif #endif // SOC_RTC_MEM_SUPPORTED #endif // CONFIG_ESP_TIME_FUNCS_USE_RTC_TIMER clk_ll_rtc_slow_store_cal(new_cal); diff --git a/components/esp_hw_support/include/esp_cpu.h b/components/esp_hw_support/include/esp_cpu.h index cbecbafff6..87678f2f6c 100644 --- a/components/esp_hw_support/include/esp_cpu.h +++ b/components/esp_hw_support/include/esp_cpu.h @@ -469,7 +469,7 @@ FORCE_INLINE_ATTR uint32_t esp_cpu_intr_get_enabled_mask(void) #ifdef __XTENSA__ return xt_utils_intr_get_enabled_mask(); #else -#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD && CONFIG_IDF_TARGET_ESP32C5 +#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD && SOC_INT_CLIC_SUPPORTED extern esprv_int_mgmt_t esp_tee_intr_sec_srv_cb; return esp_tee_intr_sec_srv_cb(1, SS_RV_UTILS_INTR_GET_ENABLED_MASK); #else diff --git a/components/esp_hw_support/mspi_timing_tuning/port/esp32c61/mspi_timing_tuning_configs.h b/components/esp_hw_support/mspi_timing_tuning/port/esp32c61/mspi_timing_tuning_configs.h index 42755b434f..600754208d 100644 --- a/components/esp_hw_support/mspi_timing_tuning/port/esp32c61/mspi_timing_tuning_configs.h +++ b/components/esp_hw_support/mspi_timing_tuning/port/esp32c61/mspi_timing_tuning_configs.h @@ -42,7 +42,7 @@ #define MSPI_TIMING_PSRAM_MODULE_CLOCK 10 //Define this to 10MHz #endif //------------------------------------PSRAM Needs Tuning or not-------------------------------------// -#if MSPI_TIMING_PSRAM_STR_MODE +#if MSPI_TIMING_PSRAM_STR_MODE && !CONFIG_SECURE_ENABLE_TEE #define MSPI_TIMING_PSRAM_NEEDS_TUNING (MSPI_TIMING_PSRAM_MODULE_CLOCK > 40) #endif diff --git a/components/esp_hw_support/port/esp32c61/CMakeLists.txt b/components/esp_hw_support/port/esp32c61/CMakeLists.txt index ad67c18301..34af45cde6 100644 --- a/components/esp_hw_support/port/esp32c61/CMakeLists.txt +++ b/components/esp_hw_support/port/esp32c61/CMakeLists.txt @@ -1,3 +1,5 @@ +idf_build_get_property(non_os_build NON_OS_BUILD) + set(srcs "rtc_clk_init.c" "rtc_clk.c" "pmu_param.c" @@ -8,7 +10,7 @@ set(srcs "rtc_clk_init.c" "ocode_init.c" ) -if(NOT BOOTLOADER_BUILD) +if(NOT non_os_build) list(APPEND srcs "sar_periph_ctrl.c") endif() diff --git a/components/esp_hw_support/port/esp32c61/cpu_region_protect.c b/components/esp_hw_support/port/esp32c61/cpu_region_protect.c index 5c4a4cdca2..73b9078c8c 100644 --- a/components/esp_hw_support/port/esp32c61/cpu_region_protect.c +++ b/components/esp_hw_support/port/esp32c61/cpu_region_protect.c @@ -123,6 +123,15 @@ void esp_cpu_configure_region_protection(void) // Configure all the invalid address regions using PMA // esp_cpu_configure_invalid_regions(); + + /* NOTE: When ESP-TEE is active, only configure invalid memory regions in bootloader + * to prevent errors before TEE initialization. TEE will handle all other + * memory protection. + */ +#if CONFIG_SECURE_ENABLE_TEE && BOOTLOADER_BUILD + return; +#endif + // // Configure all the valid address regions using PMP // diff --git a/components/esp_hw_support/port/esp32c61/esp_cpu_intr.c b/components/esp_hw_support/port/esp32c61/esp_cpu_intr.c index ded3030aeb..4a3f315010 100644 --- a/components/esp_hw_support/port/esp32c61/esp_cpu_intr.c +++ b/components/esp_hw_support/port/esp32c61/esp_cpu_intr.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -15,7 +15,20 @@ void esp_cpu_intr_get_desc(int core_id, int intr_num, esp_cpu_intr_desc_t *intr_ * Reserve interrupt line 1 for the Wifi controller. * Reserve interrupt line 6 since it is used for disabling interrupts in the interrupt allocator (INT_MUX_DISABLED_INTNO) */ - const uint32_t rsvd_mask = BIT(1) | BIT(6); + const uint32_t base_rsvd_mask = BIT(1) | BIT(6); + + /* On the ESP32-C61, interrupt 31 is reserved for ESP-TEE + * for operations related to secure peripherals under its control + * (e.g. SHA, ECC, APM) + * + * Interrupt 30 is reserved for handling REE interrupts occurring in TEE. + */ +#if CONFIG_SECURE_ENABLE_TEE + const uint32_t rsvd_mask = base_rsvd_mask | BIT(30) | BIT(31); +#else + const uint32_t rsvd_mask = base_rsvd_mask; +#endif + intr_desc_ret->priority = 1; intr_desc_ret->type = ESP_CPU_INTR_TYPE_NA; intr_desc_ret->flags = esp_riscv_intr_num_flags(intr_num, rsvd_mask); diff --git a/components/esp_mm/port/esp32c61/ext_mem_layout.c b/components/esp_mm/port/esp32c61/ext_mem_layout.c index b7c44be4ff..722779f4c5 100644 --- a/components/esp_mm/port/esp32c61/ext_mem_layout.c +++ b/components/esp_mm/port/esp32c61/ext_mem_layout.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -10,15 +10,40 @@ #include "../ext_mem_layout.h" #include "hal/mmu_types.h" +/* NOTE: With ESP-TEE enabled: + * - The start address is moved by the size of TEE IDROM segments since these + * segments are placed at the start of the linear address space + * - TEE IROM and DROM segments are both 64KB (CONFIG_SECURE_TEE_IROM_SIZE, + * CONFIG_SECURE_TEE_DROM_SIZE) for now. Thus, the number of reserved entries + * from the start would be (64KB + 64KB)/MMU_PAGE_SIZE + * - The last few MMU entries are reserved for TEE flash operations. The number + * of reserved entries matches the size of TEE IDROM segments (IROM + DROM) + * plus one additional entry, i.e. (64KB + 64KB)/MMU_PAGE_SIZE + 1 + */ +#if CONFIG_SECURE_ENABLE_TEE +#define TEE_MMU_MEM_REG_START_OFFS (CONFIG_SECURE_TEE_IROM_SIZE + CONFIG_SECURE_TEE_DROM_SIZE) +#define TEE_MMU_RESV_PAGES ((CONFIG_SECURE_TEE_IROM_SIZE + CONFIG_SECURE_TEE_DROM_SIZE) / CONFIG_MMU_PAGE_SIZE) +#define TEE_MMU_MEM_REG_END_OFFS ((TEE_MMU_RESV_PAGES + 1) * CONFIG_MMU_PAGE_SIZE) + +#define MMU_MEM_REG_START_ADDR_W_TEE (SOC_MMU_IRAM0_LINEAR_ADDRESS_LOW + TEE_MMU_MEM_REG_START_OFFS) +#define MMU_MEM_REG_END_ADDR_W_TEE (SOC_MMU_IRAM0_LINEAR_ADDRESS_HIGH - TEE_MMU_MEM_REG_END_OFFS) + +#define MMU_IRAM0_LINEAR_ADDRESS_LOW MMU_MEM_REG_START_ADDR_W_TEE +#define MMU_IRAM0_LINEAR_ADDRESS_HIGH MMU_MEM_REG_END_ADDR_W_TEE +#else +#define MMU_IRAM0_LINEAR_ADDRESS_LOW SOC_MMU_IRAM0_LINEAR_ADDRESS_LOW +#define MMU_IRAM0_LINEAR_ADDRESS_HIGH SOC_MMU_IRAM0_LINEAR_ADDRESS_HIGH +#endif + /** * The start addresses in this list should always be sorted from low to high, as MMU driver will need to * coalesce adjacent regions */ const mmu_mem_region_t g_mmu_mem_regions[SOC_MMU_LINEAR_ADDRESS_REGION_NUM] = { [0] = { - .start = SOC_MMU_IRAM0_LINEAR_ADDRESS_LOW, - .end = SOC_MMU_IRAM0_LINEAR_ADDRESS_HIGH, - .size = SOC_BUS_SIZE(SOC_MMU_IRAM0_LINEAR), + .start = MMU_IRAM0_LINEAR_ADDRESS_LOW, + .end = MMU_IRAM0_LINEAR_ADDRESS_HIGH, + .size = MMU_IRAM0_LINEAR_ADDRESS_HIGH - MMU_IRAM0_LINEAR_ADDRESS_LOW, .bus_id = CACHE_BUS_IBUS0 | CACHE_BUS_DBUS0, .targets = MMU_TARGET_FLASH0 | MMU_TARGET_PSRAM0, .caps = MMU_MEM_CAP_EXEC | MMU_MEM_CAP_READ | MMU_MEM_CAP_WRITE | MMU_MEM_CAP_32BIT | MMU_MEM_CAP_8BIT, diff --git a/components/esp_security/CMakeLists.txt b/components/esp_security/CMakeLists.txt index cc7a1fcb19..35dc2361d9 100644 --- a/components/esp_security/CMakeLists.txt +++ b/components/esp_security/CMakeLists.txt @@ -32,9 +32,16 @@ if(NOT non_os_build) list(APPEND srcs "src/esp_crypto_lock.c" "src/esp_crypto_periph_clk.c") list(APPEND priv_requires efuse esp_system esp_timer) elseif(esp_tee_build) - list(APPEND srcs "src/esp_crypto_lock.c" "src/esp_crypto_periph_clk.c" - "src/esp_hmac.c" "src/esp_ds.c") + list(APPEND srcs "src/esp_crypto_lock.c" "src/esp_crypto_periph_clk.c") list(APPEND includes "src/${IDF_TARGET}") + + if(CONFIG_SOC_HMAC_SUPPORTED) + list(APPEND srcs "src/esp_hmac.c") + endif() + + if(CONFIG_SOC_DIG_SIGN_SUPPORTED) + list(APPEND srcs "src/esp_ds.c") + endif() endif() idf_component_register(SRCS ${srcs} diff --git a/components/esp_system/ld/esp32c61/memory.ld.in b/components/esp_system/ld/esp32c61/memory.ld.in index 1d2137e899..a1af258aeb 100644 --- a/components/esp_system/ld/esp32c61/memory.ld.in +++ b/components/esp_system/ld/esp32c61/memory.ld.in @@ -15,7 +15,13 @@ #include "sdkconfig.h" #include "ld.common" -#define SRAM_SEG_START 0x40800000 +#if !CONFIG_SECURE_ENABLE_TEE +#define SRAM_SEG_START (0x40800000) +#else +#define SRAM_SEG_START (0x40800000 + CONFIG_SECURE_TEE_IRAM_SIZE + CONFIG_SECURE_TEE_DRAM_SIZE) +#define FLASH_SEG_OFFSET (CONFIG_SECURE_TEE_IROM_SIZE + CONFIG_SECURE_TEE_DROM_SIZE) +#endif // CONFIG_SECURE_ENABLE_TEE + #define SRAM_SEG_END 0x4083ea70 /* 2nd stage bootloader iram_loader_seg start address */ #define SRAM_SEG_SIZE SRAM_SEG_END - SRAM_SEG_START @@ -33,8 +39,14 @@ MEMORY */ #if CONFIG_APP_BUILD_USE_FLASH_SECTIONS +#if CONFIG_SECURE_ENABLE_TEE + /* Flash mapped instruction data */ + irom_seg (RX) : org = 0x42000020 + FLASH_SEG_OFFSET, + len = IDRAM0_2_SEG_SIZE - FLASH_SEG_OFFSET - 0x20 +#else /* Flash mapped instruction data */ irom_seg (RX) : org = 0x42000020, len = IDRAM0_2_SEG_SIZE - 0x20 +#endif /** * (0x20 offset above is a convenience for the app binary image generation. @@ -52,8 +64,14 @@ MEMORY sram_seg (RWX) : org = SRAM_SEG_START, len = SRAM_SEG_SIZE #if CONFIG_APP_BUILD_USE_FLASH_SECTIONS +#if CONFIG_SECURE_ENABLE_TEE /* Flash mapped constant data */ + drom_seg (R) : org = 0x42000020 + FLASH_SEG_OFFSET, + len = IDRAM0_2_SEG_SIZE - FLASH_SEG_OFFSET - 0x20 +#else + /* Flash mapped instruction data */ drom_seg (R) : org = 0x42000020, len = IDRAM0_2_SEG_SIZE - 0x20 +#endif /* (See irom_seg for meaning of 0x20 offset in the above.) */ #endif // CONFIG_APP_BUILD_USE_FLASH_SECTIONS diff --git a/components/esp_system/ld/esp32c61/sections.ld.in b/components/esp_system/ld/esp32c61/sections.ld.in index daac666f97..db2675780b 100644 --- a/components/esp_system/ld/esp32c61/sections.ld.in +++ b/components/esp_system/ld/esp32c61/sections.ld.in @@ -16,9 +16,22 @@ SECTIONS _iram_start = ABSOLUTE(.); /* Vectors go to start of IRAM */ ASSERT(ABSOLUTE(.) % 0x100 == 0, "vector address must be 256 byte aligned"); + _vector_table_start = ABSOLUTE(.); KEEP(*(.exception_vectors_table.text)); KEEP(*(.exception_vectors.text)); + ALIGNED_SYMBOL(4, _invalid_pc_placeholder) + + /* esp_tee_config_t structure: used to share information between the TEE and REE + * (e.g. interrupt handler addresses, REE flash text-rodata boundaries, etc.) + * This symbol is expected by the TEE at an offset of 0x2b0 from the vector table start. + */ +#if CONFIG_SECURE_ENABLE_TEE + ALIGNED_SYMBOL(0x10, _esp_tee_app_cfg) + ASSERT(ABSOLUTE(.) == _vector_table_start + 0x2b0, "esp_tee_app_cfg must be at an offset 0x2b0 from the vector table start"); + *libesp_tee.a:(.esp_tee_app_cfg); +#endif + /* Code marked as running out of IRAM */ _iram_text_start = ABSOLUTE(.); diff --git a/components/hal/CMakeLists.txt b/components/hal/CMakeLists.txt index 354b357cd8..36fa990497 100644 --- a/components/hal/CMakeLists.txt +++ b/components/hal/CMakeLists.txt @@ -47,12 +47,27 @@ endif() if(esp_tee_build) list(APPEND srcs "apm_hal.c" - "brownout_hal.c" - "aes_hal.c" - "sha_hal.c" - "hmac_hal.c" - "ds_hal.c" - "ecc_hal.c") + "brownout_hal.c") + + if(CONFIG_SOC_AES_SUPPORTED) + list(APPEND srcs "aes_hal.c") + endif() + + if(CONFIG_SOC_SHA_SUPPORTED) + list(APPEND srcs "sha_hal.c") + endif() + + if(CONFIG_SOC_HMAC_SUPPORTED) + list(APPEND srcs "hmac_hal.c") + endif() + + if(CONFIG_SOC_DIG_SIGN_SUPPORTED) + list(APPEND srcs "ds_hal.c") + endif() + + if(CONFIG_SOC_ECC_SUPPORTED) + list(APPEND srcs "ecc_hal.c") + endif() elseif(NOT BOOTLOADER_BUILD) list(APPEND srcs "color_hal.c") diff --git a/components/heap/port/esp32c61/memory_layout.c b/components/heap/port/esp32c61/memory_layout.c index c137b78155..c1ca8ee53e 100644 --- a/components/heap/port/esp32c61/memory_layout.c +++ b/components/heap/port/esp32c61/memory_layout.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -12,6 +12,11 @@ #include "heap_memory_layout.h" #include "esp_heap_caps.h" +#if CONFIG_SECURE_ENABLE_TEE +#define SRAM_DIRAM_TEE_ORG (SOC_DIRAM_IRAM_LOW) +#define SRAM_DIRAM_TEE_END (SRAM_DIRAM_TEE_ORG + CONFIG_SECURE_TEE_IRAM_SIZE + CONFIG_SECURE_TEE_DRAM_SIZE) +#endif + /* Memory layout for ESP32C61 SoC * Note that the external memory is not represented in this file since * it is handled by the esp_psram component @@ -89,3 +94,11 @@ SOC_RESERVE_MEMORY_REGION((intptr_t)&_data_start, (intptr_t)&_heap_start, dram_d // Target has a shared D/IRAM virtual address, no need to calculate I_D_OFFSET like previous chips SOC_RESERVE_MEMORY_REGION((intptr_t)&_iram_start, (intptr_t)&_iram_end, iram_code); + +/* NOTE: When ESP-TEE is enabled, the start of the internal SRAM +* is used by the TEE and is protected from any REE access using +* memory protection mechanisms employed by ESP-TEE. +*/ +#if CONFIG_SECURE_ENABLE_TEE +SOC_RESERVE_MEMORY_REGION((intptr_t)SRAM_DIRAM_TEE_ORG, (intptr_t)(SRAM_DIRAM_TEE_END), tee_diram); +#endif diff --git a/components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c b/components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c index 29b55762e5..7b89a83c03 100644 --- a/components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c +++ b/components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c @@ -11,8 +11,6 @@ #include "esp_crypto_dma.h" #include "hal/gdma_types.h" -#include "hal/aes_hal.h" - #include "soc/gdma_channel.h" #include "soc/soc_caps.h" @@ -86,11 +84,18 @@ static void crypto_shared_gdma_init(void) esp_err_t esp_tee_crypto_shared_gdma_start(const crypto_dma_desc_t *input, const crypto_dma_desc_t *output, gdma_trigger_peripheral_t periph) { int periph_inst_id = SOC_GDMA_TRIG_PERIPH_M2M0; - if (periph == GDMA_TRIG_PERIPH_SHA) { + switch (periph) { +#if SOC_SHA_SUPPORTED + case GDMA_TRIG_PERIPH_SHA: periph_inst_id = SOC_GDMA_TRIG_PERIPH_SHA0; - } else if (periph == GDMA_TRIG_PERIPH_AES) { + break; +#endif +#if SOC_AES_SUPPORTED + case GDMA_TRIG_PERIPH_AES: periph_inst_id = SOC_GDMA_TRIG_PERIPH_AES0; - } else { + break; +#endif + default: return ESP_ERR_INVALID_ARG; } @@ -133,6 +138,7 @@ void esp_tee_crypto_shared_gdma_free(void) /* ---------------------------------------------- DMA Implementations: AES ------------------------------------------------- */ +#if SOC_AES_SUPPORTED esp_err_t esp_aes_dma_start(const crypto_dma_desc_t *input, const crypto_dma_desc_t *output) { return esp_tee_crypto_shared_gdma_start(input, output, GDMA_TRIG_PERIPH_AES); @@ -142,10 +148,13 @@ bool esp_aes_dma_done(const crypto_dma_desc_t *output) { return (output->dw0.owner == 0); } +#endif /* ---------------------------------------------- DMA Implementations: SHA ------------------------------------------------- */ +#if SOC_SHA_SUPPORTED esp_err_t esp_sha_dma_start(const crypto_dma_desc_t *input) { return esp_tee_crypto_shared_gdma_start(input, NULL, GDMA_TRIG_PERIPH_SHA); } +#endif diff --git a/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake b/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake index 2beb36233a..4f62a1f9b0 100644 --- a/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake +++ b/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake @@ -48,23 +48,30 @@ target_include_directories(mbedcrypto PRIVATE ${crypto_port_inc_dirs}) target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/esp_tee/esp_tee_crypto_shared_gdma.c") # AES implementation -target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes.c" - "${COMPONENT_DIR}/port/aes/dma/esp_aes_dma_core.c") - -target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_common.c" - "${COMPONENT_DIR}/port/aes/esp_aes_xts.c" - "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c") +if(CONFIG_SOC_AES_SUPPORTED) + target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes.c" + "${COMPONENT_DIR}/port/aes/dma/esp_aes_dma_core.c" + "${COMPONENT_DIR}/port/aes/esp_aes_common.c" + "${COMPONENT_DIR}/port/aes/esp_aes_xts.c" + "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c") +endif() # SHA implementation -target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/esp_sha1.c" - "${COMPONENT_DIR}/port/sha/core/esp_sha256.c" - "${COMPONENT_DIR}/port/sha/core/esp_sha512.c") +if(CONFIG_SOC_SHA_SUPPORTED) + target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/esp_sha1.c" + "${COMPONENT_DIR}/port/sha/core/esp_sha256.c" + "${COMPONENT_DIR}/port/sha/core/esp_sha512.c" + "${COMPONENT_DIR}/port/sha/core/sha.c" + "${COMPONENT_DIR}/port/sha/esp_sha.c") +endif() -target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/sha.c" - "${COMPONENT_DIR}/port/sha/esp_sha.c") - -target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/ecc/esp_ecc.c" - "${COMPONENT_DIR}/port/ecc/ecc_alt.c") +# ECC implementation +if(CONFIG_SOC_ECC_SUPPORTED) + target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/ecc/esp_ecc.c" + "${COMPONENT_DIR}/port/ecc/ecc_alt.c") +endif() # HMAC-based PBKDF2 implementation -target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_hmac_pbkdf2.c") +if(CONFIG_SOC_HMAC_SUPPORTED) + target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_hmac_pbkdf2.c") +endif() diff --git a/components/mbedtls/esp_tee/esp_tee_mbedtls_config.h b/components/mbedtls/esp_tee/esp_tee_mbedtls_config.h index 5021e43c92..b30a8493e1 100644 --- a/components/mbedtls/esp_tee/esp_tee_mbedtls_config.h +++ b/components/mbedtls/esp_tee/esp_tee_mbedtls_config.h @@ -37,8 +37,12 @@ #define MBEDTLS_CIPHER_C #define MBEDTLS_AES_C #define MBEDTLS_GCM_C +#if SOC_AES_SUPPORTED #define MBEDTLS_AES_ALT #define MBEDTLS_GCM_ALT +#else +#define MBEDTLS_AES_ROM_TABLES +#endif #define MBEDTLS_CIPHER_MODE_XTS #define MBEDTLS_ASN1_WRITE_C @@ -61,7 +65,7 @@ #define MBEDTLS_SHA512_C #endif -#if CONFIG_MBEDTLS_HARDWARE_SHA +#if SOC_SHA_SUPPORTED #if CONFIG_MBEDTLS_SHA1_C #define MBEDTLS_SHA1_ALT #endif @@ -71,7 +75,7 @@ #endif #endif -#ifdef CONFIG_MBEDTLS_HARDWARE_ECC +#if SOC_ECC_SUPPORTED #define MBEDTLS_ECP_MUL_ALT #define MBEDTLS_ECP_VERIFY_ALT #endif diff --git a/components/soc/esp32c61/register/soc/tee_reg.h b/components/soc/esp32c61/register/soc/tee_reg.h index 52d683f8a6..95d414f77a 100644 --- a/components/soc/esp32c61/register/soc/tee_reg.h +++ b/components/soc/esp32c61/register/soc/tee_reg.h @@ -5,7 +5,6 @@ */ #pragma once -#include #include "soc/soc.h" #ifdef __cplusplus extern "C" {