9d3893303c
Merge branch 'fix/enable_key_mgr_clk_for_efuse_key_ops_v6.0' into 'release/v6.0'
...
Enable Key Manager clock even for efuses-based key operations (v6.0)
See merge request espressif/esp-idf!46754
2026-03-25 16:02:08 +08:00
1db26df63d
fix(esp_security): Fixes incorrect key manager configuration for ESP32-P4 rev < 3
2026-03-24 16:33:25 +05:30
2339834e4a
fix(esp_security): Enable Key Manager clocks even for efuse key operations
...
The Key Manager holds a key usage register, thus, the Key Manager peripheral
clock must be enabled even for efuses-based key operations to route the
crypto operations to correctly to the efuses (default is Key Manager)
2026-03-24 16:23:16 +05:30
fe3b5ca898
fix(esp_security): Add more validation checks
2026-03-23 10:46:23 +05:30
45d5ef45a5
feat(esp_ds): Support using the AES key used by DS peripheral for encrypting params
2026-03-23 10:46:22 +05:30
e2a8bbe639
ci: update build-test-rules to use common_components
2026-03-20 15:53:26 +08:00
779fd7a52c
Merge branch 'feat/support_p4_clk_tree_ref_cnt_v6.0' into 'release/v6.0'
...
feat(esp_hw_support): support clock tree management for esp32p4 (v6.0)
See merge request espressif/esp-idf!46444
2026-03-20 10:16:53 +08:00
629a4e2444
docs(key-manager): Add Key-Manager peripheral related documentation
2026-03-18 16:42:21 +05:30
15345f9d8c
feat(esp_hw_support): support clock tree management for esp32p4
2026-03-10 14:10:36 +08:00
3d263e7304
fix(esp_system): limit CPU clock to 160MHz in ESP32-C5 for flash encryption
...
This reverts commit 7145fc9558
2026-02-06 11:48:27 +08:00
4d3cfefc2e
refactor(esp_hal_security): Updated esp_hal_security build and includes
2026-01-30 17:12:54 +05:30
32e4e83f84
Revert "fix(esp_system): limit CPU clock to 160MHz in ESP32-C5 for flash encryption"
...
This reverts commit cca0ac8c56
2026-01-15 23:44:05 +08:00
cca0ac8c56
fix(esp_system): limit CPU clock to 160MHz in ESP32-C5 for flash encryption
...
This reverts commit 7145fc9558
2025-12-24 02:31:42 +08:00
469953bd04
Revert "fix(esp_system): limit CPU clock to 160MHz in ESP32-C5 for flash encryption"
...
This reverts commit 3c5d2e6b58
2025-12-17 01:21:46 +08:00
ee4be1af57
Merge branch 'feat/flash_enc_using_key_manager_v6.0' into 'release/v6.0'
...
Support Flash Encryption using Key Manager (v6.0)
See merge request espressif/esp-idf!43459
2025-11-24 10:35:48 +08:00
714b022a43
ci(p4): disable p4 rev3 invalid tests temporarily
2025-11-21 02:48:05 +00:00
9a18386202
feat(esp_security): Support ECDSA-P384 key deployment using Key Manager
2025-11-20 11:37:07 +05:30
cd0770cd39
change(esp_key_mgr): Store key_len field in the key_info
...
- Update the Key Manager key types to be generic
- Define a new enum to determine the length of the keys
- Refactor the Key Manager driver support generic key types and key lengths
- Also store key deployment mode in the key recovery info
2025-11-20 11:37:07 +05:30
7212b517d4
change(esp_key_mgr): Make Key Manager driver bootloader compatible
...
- Independent of heap
2025-11-20 11:37:07 +05:30
c1503cd847
feat(bootloader_support): Support Flash Encryption using Key Manager
2025-11-20 11:37:05 +05:30
46e2cd21d4
fix(esp_security/esp_key_mgr): Fix missed error codes and some cleanup
2025-11-20 11:35:22 +05:30
2cb0fa5c34
feat(esp_tee): Support for ESP32-C61 - the rest of the components
2025-11-19 10:57:42 +05:30
6472c8215a
Merge branch 'bugfix/esp32c5_encrypted_flash_write_v6.0' into 'release/v6.0'
...
fix(esp_system): limit CPU clock to 160MHz in ESP32-C5 for flash encryption (v6.0)
See merge request espressif/esp-idf!43325
2025-11-18 12:27:21 +08:00
0f77374746
fix(esp_system): limit CPU clock to 160MHz in ESP32-C5 for flash encryption
...
Encrypted flash write operation sometimes result in random corruption in
certain bytes. Root cause points to sudden current surge due to involvement of
encryption block overwhelming LDO supply. More details will be provided
in the ESP32-C5 SoC Errata document.
This fix limits the CPU clock to 160MHz for flash encryption enabled
case. Failing encrypted flash write tests could successfully pass in
this configuration. Going ahead, a dynamic clock adjustment in flash
driver will be considered to mitigate this issue.
2025-11-13 13:25:57 +05:30
54c5c760ba
fix(esp_security): Set WR_DIS_SECURE_BOOT_SHA384_EN by default when
...
Flash Encryption Release mode is enabled and Secure Boot P384 scheme not is enabled.
2025-11-11 17:52:21 +05:30
488dcb58e1
fix(esp_security): Fix undefined efuse build failure in case of ESP32-P4
...
- The `wr_dis` efuse bit corresponding to `SECURE_BOOT_SHA384_EN` is absent in P4
2025-11-11 17:52:21 +05:30
609d52c6bf
feat(esp32p4): Support newer Key Manager key sources for ESP32-P4 V3
2025-10-15 15:49:20 +05:30
fd7d9c9ee9
Merge branch 'fix/key_mgr_use_default_efuse_key' into 'master'
...
Configure the Key Manager to use XTS-AES efuse key by-default
Closes IDFCI-3135 and IDFCI-3136
See merge request espressif/esp-idf!42032
2025-09-26 12:34:19 +05:30
8b663ebe4d
fix(esp_security): Configure the Key Manager to use XTS-AES efuse key by-default
2025-09-22 12:22:07 +05:30
5aa5366e7f
fix(bootloader_support): Reorder write disabling ECDSA_CURVE_MODE
2025-09-19 17:01:23 +05:30
d6c1184676
fix(bootloader_support): Reorder write protection bits of some shared security efuses
2025-09-19 13:02:00 +05:30
854ec3590f
fix(esp_key_mgr): Fix incorrect key manager state management
2025-09-12 11:02:45 +05:30
9d35d63651
feat(cmake): Update minimum cmake version to 3.22 (whole repository)
2025-08-19 14:44:32 +02:00
9e87b50307
change(mbedtls/ecdsa): The ECDSA module of ESP32-H2 ECO5 does not use MPI module
2025-08-11 12:08:51 +05:30
55e0730a8d
change(esp_hw_support): Move security-related modules to the esp_security component
...
- Also adds support to whitelist target specific expected dependency violations
in check_dependencies.py
2025-08-04 11:43:01 +05:30
bf84ab652a
change(test_utils): moved test_utils component to tools/test_apps/components/
2025-07-21 14:05:50 +08:00
dce0925f40
fix(esp_security/esp_key_mgr): Incorrect overlapping comparisons
2025-07-03 15:05:50 +05:30
bba1448128
feat(esp_key_mgr): Support PSRAM XTS-AES key deployments using Key Manager
2025-06-27 15:15:26 +05:30
eb7c5654f6
test(esp_security): Extend the key manager tests
2025-06-27 15:15:26 +05:30
50c41c3b59
change(esp_key_mgr): Refactor Key Manager driver to reduce logs
2025-06-27 15:15:26 +05:30
a7af364112
fix(esp_security): Power up MPI memory registers when enabling MPI
...
Co-authored-by: Li HongXi <lihongxi@espressif.com >
2025-06-27 15:15:26 +05:30
33d8c05d95
feat(esp_key_mgr): Support Digital Signature key deployments using Key Manager
2025-06-27 15:15:26 +05:30
265b0d7579
feat(esp_key_mgr): Support HMAC key deployments using Key Manager
2025-06-27 15:15:26 +05:30
8ab6b4d694
fix(esp_security/esp_key_mgr): Recharge HUK before the first usage
2025-06-27 15:15:26 +05:30
a7c7b75dfd
feat(soc): Update ESP32-C5's key manager reg and struct files to ECO2
...
- Also added a new soc_cap to denote if key manager key deployment is available
2025-06-27 15:15:26 +05:30
662d793f37
feat(esp_security): Added support for key manager for esp32c5
2025-06-27 15:15:26 +05:30
c65858287a
feat: enabled secure boot support esp32h21
2025-04-25 17:48:25 +05:30
fc4802c0d6
feat(esp_tee): Protect the HMAC and DS peripherals from REE access
2025-04-16 19:19:04 +05:30
1c4969bc47
feat(esp_security): Add a TEE-specific crypto lock layer with stub implementations
2025-04-16 19:19:03 +05:30
aae4bfb6f3
feat: enable ecdsa support for esp32h21
...
This commit enabled suppot for ECDSA peripheral in ESP32H21.
2025-04-14 10:26:46 +05:30
Jiang Jiang Jian
harshal.patil
igor.udot
wuzhenghui
Xiao Xufeng
Aditya Patwardhan
armando
Laukik Hase
Mahavir Jain
Marek Fiala
Marius Vikhammer
nilesh.kale