From f42e35bb68620897e91b335638e3def04f6f97c3 Mon Sep 17 00:00:00 2001 From: "nilesh.kale" Date: Mon, 13 Oct 2025 16:52:17 +0530 Subject: [PATCH] feat: added support for pseudo round xts aes in esp32p4 eco5 --- .../bootloader_support/src/flash_encrypt.c | 6 ++- .../include/hal/spi_flash_encrypted_ll.h | 39 +++++++++++++++++++ .../esp32p4/include/soc/Kconfig.soc_caps.in | 4 ++ components/soc/esp32p4/include/soc/soc_caps.h | 2 +- 4 files changed, 48 insertions(+), 3 deletions(-) diff --git a/components/bootloader_support/src/flash_encrypt.c b/components/bootloader_support/src/flash_encrypt.c index 1169d80910..d92300eb48 100644 --- a/components/bootloader_support/src/flash_encrypt.c +++ b/components/bootloader_support/src/flash_encrypt.c @@ -214,6 +214,7 @@ void esp_flash_encryption_set_release_mode(void) #endif // CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED #endif // !CONFIG_IDF_TARGET_ESP32 +#if !(CONFIG_IDF_TARGET_ESP32P4 && CONFIG_ESP32P4_REV_MIN_FULL < 300) #ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) { uint8_t xts_pseudo_level = 0; @@ -225,7 +226,7 @@ void esp_flash_encryption_set_release_mode(void) } } #endif - +#endif #ifdef CONFIG_IDF_TARGET_ESP32 esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE); #else @@ -505,6 +506,7 @@ bool esp_flash_encryption_cfg_verify_release_mode(void) } #endif +#if !(CONFIG_IDF_TARGET_ESP32P4 && CONFIG_ESP32P4_REV_MIN_FULL < 300) #if SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) { uint8_t xts_pseudo_level = 0; @@ -515,7 +517,7 @@ bool esp_flash_encryption_cfg_verify_release_mode(void) } } #endif - +#endif return result; } #endif // not CONFIG_IDF_TARGET_ESP32 diff --git a/components/esp_hal_mspi/esp32p4/include/hal/spi_flash_encrypted_ll.h b/components/esp_hal_mspi/esp32p4/include/hal/spi_flash_encrypted_ll.h index 6e78124cd8..d85f260122 100644 --- a/components/esp_hal_mspi/esp32p4/include/hal/spi_flash_encrypted_ll.h +++ b/components/esp_hal_mspi/esp32p4/include/hal/spi_flash_encrypted_ll.h @@ -20,6 +20,8 @@ #include "soc/soc.h" #include "soc/soc_caps.h" #include "hal/assert.h" +#include "hal/config.h" +#include "hal/spi_flash_encrypt_types.h" #ifdef __cplusplus extern "C" { @@ -146,6 +148,43 @@ static inline bool spi_flash_encrypt_ll_check(uint32_t address, uint32_t length) return ((address % length) == 0) ? true : false; } +/** + * @brief Enable the pseudo-round function during XTS-AES operations + * + * @param mode set the mode for pseudo rounds, zero to disable, with increasing security upto three. + * @param base basic number of pseudo rounds, zero if disable + * @param increment increment number of pseudo rounds, zero if disable + * @param key_rng_cnt update frequency of the pseudo-key, zero if disable + */ +static inline void spi_flash_encrypt_ll_enable_pseudo_rounds(esp_xts_aes_psuedo_rounds_state_t mode, uint8_t base, uint8_t increment, uint8_t key_rng_cnt) +{ +#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 + REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_MODE_PSEUDO, mode); + + if (mode != ESP_XTS_AES_PSEUDO_ROUNDS_DISABLE) { + REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_BASE, base); + REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_INC, increment); + REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_RNG_CNT, key_rng_cnt); + } else { + REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_BASE, 0); + REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_INC, 0); + REG_SET_FIELD(SPI_MEM_C_XTS_PSEUDO_ROUND_CONF_REG, SPI_MEM_C_PSEUDO_RNG_CNT, 0); + } +#endif +} + +/** + * @brief Check if the pseudo round function is supported + */ +static inline bool spi_flash_encrypt_ll_is_pseudo_rounds_function_supported(void) +{ +#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 + return true; +#else + return false; +#endif +} + #ifdef __cplusplus } #endif diff --git a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in index 5280a1e8c7..cb6f71756d 100644 --- a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in @@ -1667,6 +1667,10 @@ config SOC_FLASH_ENCRYPTION_XTS_AES_256 bool default y +config SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND + bool + default y + config SOC_UART_NUM int default 6 diff --git a/components/soc/esp32p4/include/soc/soc_caps.h b/components/soc/esp32p4/include/soc/soc_caps.h index 796f9c15c0..6692259adc 100644 --- a/components/soc/esp32p4/include/soc/soc_caps.h +++ b/components/soc/esp32p4/include/soc/soc_caps.h @@ -633,7 +633,7 @@ #define SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS 1 #define SOC_FLASH_ENCRYPTION_XTS_AES_128 1 /* SOC_EFUSE_XTS_AES_KEY_128 (1) || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 (1) */ #define SOC_FLASH_ENCRYPTION_XTS_AES_256 1 /* SOC_EFUSE_XTS_AES_KEY_256 (1) || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 (1) */ - +#define SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND 1 /*!< Only available in chip version above 3.0 */ /*-------------------------- MEMPROT CAPS ------------------------------------*/ /*-------------------------- UART CAPS ---------------------------------------*/