feat: added support for pseudo round xts aes in esp32p4 eco5

2026-04-27 19:13:21 +00:00 · 2025-10-13 16:52:17 +05:30
parent 08d3b8c9d3
commit f42e35bb68
4 changed files with 48 additions and 3 deletions
@@ -214,6 +214,7 @@ void esp_flash_encryption_set_release_mode(void)
 #endif // CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED
 #endif // !CONFIG_IDF_TARGET_ESP32

+#if !(CONFIG_IDF_TARGET_ESP32P4 && CONFIG_ESP32P4_REV_MIN_FULL < 300)
 #ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
    if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
        uint8_t xts_pseudo_level = 0;
@@ -225,7 +226,7 @@ void esp_flash_encryption_set_release_mode(void)
        }
    }
 #endif
-
+#endif
 #ifdef CONFIG_IDF_TARGET_ESP32
    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE);
 #else
@@ -505,6 +506,7 @@ bool esp_flash_encryption_cfg_verify_release_mode(void)
    }
 #endif

+#if !(CONFIG_IDF_TARGET_ESP32P4 && CONFIG_ESP32P4_REV_MIN_FULL < 300)
 #if SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
    if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
        uint8_t xts_pseudo_level = 0;
@@ -515,7 +517,7 @@ bool esp_flash_encryption_cfg_verify_release_mode(void)
        }
    }
 #endif
-
+#endif
    return result;
 }
 #endif // not CONFIG_IDF_TARGET_ESP32
@@ -20,6 +20,8 @@
 #include "soc/soc.h"
 #include "soc/soc_caps.h"
 #include "hal/assert.h"
+#include "hal/config.h"
+#include "hal/spi_flash_encrypt_types.h"

 #ifdef __cplusplus
 extern "C" {
@@ -146,6 +148,43 @@ static inline bool spi_flash_encrypt_ll_check(uint32_t address, uint32_t length)
    return ((address % length) == 0) ? true : false;
 }

+/**
+ * @brief Enable the pseudo-round function during XTS-AES operations
+ *
+ * @param mode set the mode for pseudo rounds, zero to disable, with increasing security upto three.
+ * @param base basic number of pseudo rounds, zero if disable
+ * @param increment increment number of pseudo rounds, zero if disable
+ * @param key_rng_cnt update frequency of the pseudo-key, zero if disable
+ */
+static inline void spi_flash_encrypt_ll_enable_pseudo_rounds(esp_xts_aes_psuedo_rounds_state_t mode, uint8_t base, uint8_t increment, uint8_t key_rng_cnt)
+{
+#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300
+    REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_MODE_PSEUDO, mode);
+
+    if (mode != ESP_XTS_AES_PSEUDO_ROUNDS_DISABLE) {
+        REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_BASE, base);
+        REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_INC, increment);
+        REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_RNG_CNT, key_rng_cnt);
+    } else {
+        REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_BASE, 0);
+        REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_INC, 0);
+        REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_RNG_CNT, 0);
+    }
+#endif
+}
+
+/**
+ * @brief Check if the pseudo round function is supported
+ */
+static inline bool spi_flash_encrypt_ll_is_pseudo_rounds_function_supported(void)
+{
+#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300
+    return true;
+#else
+    return false;
+#endif
+}
+
 #ifdef __cplusplus
 }
 #endif
@@ -1667,6 +1667,10 @@ config SOC_FLASH_ENCRYPTION_XTS_AES_256
    bool
    default y

+config SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+    bool
+    default y
+
 config SOC_UART_NUM
    int
    default 6
@@ -633,7 +633,7 @@
 #define SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS 1
 #define SOC_FLASH_ENCRYPTION_XTS_AES_128    1  /* SOC_EFUSE_XTS_AES_KEY_128 (1) || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 (1) */
 #define SOC_FLASH_ENCRYPTION_XTS_AES_256    1  /* SOC_EFUSE_XTS_AES_KEY_256 (1) || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 (1) */
-
+#define SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND  1 /*!< Only available in chip version above 3.0 */
 /*-------------------------- MEMPROT CAPS ------------------------------------*/

 /*-------------------------- UART CAPS ---------------------------------------*/