Merge branch 'feature/add_memprot_support_for_esp32h2' into 'master'

esp32h2: enable memory protection scheme using PMA and PMP

Closes IDF-6452 and IDF-6332

See merge request espressif/esp-idf!22699

components/esp_hw_support/include/esp_private/esp_memprot_internal.h

@@ -11,8 +11,11 @@
 #include "esp_err.h"
 #include "esp_memprot_err.h"
 #include "hal/memprot_types.h"
-#include "soc_memprot_types.h"
 #include "esp_memprot_types.h"
+#include "sdkconfig.h"
+#if CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+#include "soc_memprot_types.h"
+#endif
 
 #ifdef __cplusplus
 extern "C" {

components/esp_hw_support/include/soc/esp32c6/soc_memprot_types.h

@@ -1,175 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-//////////////////////////////////////////////////////////
-// ESP32-C6 PMS memory protection types
-//
-
-#pragma once
-
-#include <stdint.h>
-#include <stdbool.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * @brief Memory types recognized by PMS
- */
-typedef enum {
-    MEMPROT_TYPE_NONE                           = 0x00000000,
-    MEMPROT_TYPE_IRAM0_SRAM                     = 0x00000001,
-    MEMPROT_TYPE_DRAM0_SRAM                     = 0x00000002,
-    MEMPROT_TYPE_IRAM0_RTCFAST                  = 0x00000004,
-    MEMPROT_TYPE_ALL                            = 0x7FFFFFFF,
-    MEMPROT_TYPE_INVALID                        = 0x80000000,
-    MEMPROT_TYPE_IRAM0_ANY                      = MEMPROT_TYPE_IRAM0_SRAM | MEMPROT_TYPE_IRAM0_RTCFAST
-} esp_mprot_mem_t;
-
-/**
- * @brief Splitting address (line) type
- */
-typedef enum {
-    MEMPROT_SPLIT_ADDR_NONE                     = 0x00000000,
-    MEMPROT_SPLIT_ADDR_IRAM0_DRAM0              = 0x00000001,
-    MEMPROT_SPLIT_ADDR_IRAM0_LINE_0             = 0x00000002,
-    MEMPROT_SPLIT_ADDR_IRAM0_LINE_1             = 0x00000004,
-    MEMPROT_SPLIT_ADDR_DRAM0_DMA_LINE_0         = 0x00000008,
-    MEMPROT_SPLIT_ADDR_DRAM0_DMA_LINE_1         = 0x00000010,
-    MEMPROT_SPLIT_ADDR_ALL                      = 0x7FFFFFFF,
-    MEMPROT_SPLIT_ADDR_INVALID                  = 0x80000000,
-    MEMPROT_SPLIT_ADDR_MAIN                     = MEMPROT_SPLIT_ADDR_IRAM0_DRAM0
-} esp_mprot_split_addr_t;
-
-/**
- * @brief PMS area type (memory space between adjacent splitting addresses or above/below the main splt.address)
- */
-typedef enum {
-    MEMPROT_PMS_AREA_NONE                       = 0x00000000,
-    MEMPROT_PMS_AREA_IRAM0_0                    = 0x00000001,
-    MEMPROT_PMS_AREA_IRAM0_1                    = 0x00000002,
-    MEMPROT_PMS_AREA_IRAM0_2                    = 0x00000004,
-    MEMPROT_PMS_AREA_IRAM0_3                    = 0x00000008,
-    MEMPROT_PMS_AREA_DRAM0_0                    = 0x00000010,
-    MEMPROT_PMS_AREA_DRAM0_1                    = 0x00000020,
-    MEMPROT_PMS_AREA_DRAM0_2                    = 0x00000040,
-    MEMPROT_PMS_AREA_DRAM0_3                    = 0x00000080,
-    MEMPROT_PMS_AREA_IRAM0_RTCFAST_LO           = 0x00000100,
-    MEMPROT_PMS_AREA_IRAM0_RTCFAST_HI           = 0x00000200,
-    MEMPROT_PMS_AREA_ALL                        = 0x7FFFFFFF,
-    MEMPROT_PMS_AREA_INVALID                    = 0x80000000
-} esp_mprot_pms_area_t;
-
-/**
-* @brief Memory protection configuration
-*/
-typedef struct {
-    bool invoke_panic_handler;  /*!< Register PMS violation interrupt for panic-handling */
-    bool lock_feature;          /*!< Lock all PMS settings */
-    void *split_addr;           /*!< Main I/D splitting address */
-    uint32_t mem_type_mask;     /*!< Memory types required to protect. See esp_mprot_mem_t enum */
-} esp_memp_config_t;
-
-#define ESP_MEMPROT_DEFAULT_CONFIG() { \
-    .invoke_panic_handler = true, \
-    .lock_feature = true, \
-    .split_addr = NULL, \
-    .mem_type_mask = MEMPROT_TYPE_ALL \
-}
-
-/**
- * @brief Converts Memory protection type to string
- *
- * @param mem_type Memory protection type
- */
-static inline const char *esp_mprot_mem_type_to_str(const esp_mprot_mem_t mem_type)
-{
-    switch (mem_type) {
-    case MEMPROT_TYPE_NONE:
-        return "NONE";
-    case MEMPROT_TYPE_IRAM0_SRAM:
-        return "IRAM0_SRAM";
-    case MEMPROT_TYPE_DRAM0_SRAM:
-        return "DRAM0_SRAM";
-    case MEMPROT_TYPE_IRAM0_RTCFAST:
-        return "IRAM0_RTCFAST";
-    case MEMPROT_TYPE_IRAM0_ANY:
-        return "IRAM0_ANY";
-    case MEMPROT_TYPE_ALL:
-        return "ALL";
-    default:
-        return "INVALID";
-    }
-}
-
-/**
- * @brief Converts Splitting address type to string
- *
- * @param line_type Split line type
- */
-static inline const char *esp_mprot_split_addr_to_str(const esp_mprot_split_addr_t line_type)
-{
-    switch (line_type) {
-    case MEMPROT_SPLIT_ADDR_NONE:
-        return "SPLIT_ADDR_NONE";
-    case MEMPROT_SPLIT_ADDR_IRAM0_DRAM0:
-        return "SPLIT_ADDR_IRAM0_DRAM0";
-    case MEMPROT_SPLIT_ADDR_IRAM0_LINE_0:
-        return "SPLIT_ADDR_IRAM0_LINE_0";
-    case MEMPROT_SPLIT_ADDR_IRAM0_LINE_1:
-        return "SPLIT_ADDR_IRAM0_LINE_1";
-    case MEMPROT_SPLIT_ADDR_DRAM0_DMA_LINE_0:
-        return "SPLIT_ADDR_DRAM0_DMA_LINE_0";
-    case MEMPROT_SPLIT_ADDR_DRAM0_DMA_LINE_1:
-        return "SPLIT_ADDR_DRAM0_DMA_LINE_1";
-    case MEMPROT_SPLIT_ADDR_ALL:
-        return "SPLIT_ADDR_ALL";
-    default:
-        return "SPLIT_ADDR_INVALID";
-    }
-}
-
-/**
- * @brief Converts PMS Area type to string
- *
- * @param area_type PMS Area type
- */
-static inline const char *esp_mprot_pms_area_to_str(const esp_mprot_pms_area_t area_type)
-{
-    switch (area_type) {
-    case MEMPROT_PMS_AREA_NONE:
-        return "PMS_AREA_NONE";
-    case MEMPROT_PMS_AREA_IRAM0_0:
-        return "PMS_AREA_IRAM0_0";
-    case MEMPROT_PMS_AREA_IRAM0_1:
-        return "PMS_AREA_IRAM0_1";
-    case MEMPROT_PMS_AREA_IRAM0_2:
-        return "PMS_AREA_IRAM0_2";
-    case MEMPROT_PMS_AREA_IRAM0_3:
-        return "PMS_AREA_IRAM0_3";
-    case MEMPROT_PMS_AREA_DRAM0_0:
-        return "PMS_AREA_DRAM0_0";
-    case MEMPROT_PMS_AREA_DRAM0_1:
-        return "PMS_AREA_DRAM0_1";
-    case MEMPROT_PMS_AREA_DRAM0_2:
-        return "PMS_AREA_DRAM0_2";
-    case MEMPROT_PMS_AREA_DRAM0_3:
-        return "PMS_AREA_DRAM0_3";
-    case MEMPROT_PMS_AREA_IRAM0_RTCFAST_LO:
-        return "PMS_AREA_IRAM0_RTCFAST_LO";
-    case MEMPROT_PMS_AREA_IRAM0_RTCFAST_HI:
-        return "PMS_AREA_IRAM0_RTCFAST_HI";
-    case MEMPROT_PMS_AREA_ALL:
-        return "PMS_AREA_ALL";
-    default:
-        return "PMS_AREA_INVALID";
-    }
-}
-
-#ifdef __cplusplus
-}
-#endif

components/esp_hw_support/include/soc/esp32h2/soc_memprot_types.h

@@ -1,24 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-//////////////////////////////////////////////////////////
-// ESP32-H2 PMS memory protection types
-//
-
-#pragma once
-
-#include <stdint.h>
-#include <stdbool.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-// ESP32H2-TODO: IDF-6332
-
-#ifdef __cplusplus
-}
-#endif

components/esp_hw_support/port/esp32c6/cpu_region_protect.c

@@ -179,11 +179,12 @@ void esp_cpu_configure_region_protection(void)
 #if CONFIG_ULP_COPROC_RESERVE_MEM
     // First part of LP mem is reserved for coprocessor
     PMP_ENTRY_SET(11, SOC_RTC_IRAM_LOW + CONFIG_ULP_COPROC_RESERVE_MEM, PMP_TOR | RW);
+#else // CONFIG_ULP_COPROC_RESERVE_MEM
+    // Repeat same previous entry, to ensure next entry has correct base address (TOR)
+    PMP_ENTRY_SET(11, SOC_RTC_IRAM_LOW, NONE);
+#endif // !CONFIG_ULP_COPROC_RESERVE_MEM
     PMP_ENTRY_SET(12, (int)&_rtc_text_end, PMP_TOR | RX);
     PMP_ENTRY_SET(13, SOC_RTC_IRAM_HIGH, PMP_TOR | RW);
-#endif //CONFIG_ULP_COPROC_RESERVE_MEM
-    PMP_ENTRY_SET(11, (int)&_rtc_text_end, PMP_TOR | RX);
-    PMP_ENTRY_SET(12, SOC_RTC_IRAM_HIGH, PMP_TOR | RW);
 #else
     const uint32_t pmpaddr10 = PMPADDR_NAPOT(SOC_RTC_IRAM_LOW, SOC_RTC_IRAM_HIGH);
     PMP_ENTRY_SET(10, pmpaddr10, PMP_NAPOT | CONDITIONAL_RWX);

components/esp_hw_support/port/esp32h2/cpu_region_protect.c

@@ -10,83 +10,181 @@
 #include "esp_cpu.h"
 #include "esp_fault.h"
 
-// ESP32H2-TODO: IDF-6452
+#ifdef BOOTLOADER_BUILD
+// Without L bit set
+#define CONDITIONAL_NONE        0x0
+#define CONDITIONAL_RX          PMP_R | PMP_X
+#define CONDITIONAL_RW          PMP_R | PMP_W
+#define CONDITIONAL_RWX         PMP_R | PMP_W | PMP_X
+#else
+// With L bit set
+#define CONDITIONAL_NONE        NONE
+#define CONDITIONAL_RX          RX
+#define CONDITIONAL_RW          RW
+#define CONDITIONAL_RWX         RWX
+#endif
+
+static void esp_cpu_configure_invalid_regions(void)
+{
+    const unsigned PMA_NONE                            = PMA_L | PMA_EN;
+    __attribute__((unused)) const unsigned PMA_RW      = PMA_L | PMA_EN | PMA_R | PMA_W;
+    __attribute__((unused)) const unsigned PMA_RX      = PMA_L | PMA_EN | PMA_R | PMA_X;
+    __attribute__((unused)) const unsigned PMA_RWX     = PMA_L | PMA_EN | PMA_R | PMA_W | PMA_X;
+
+    // 1. Gap at bottom of address space
+    PMA_ENTRY_SET_TOR(0, SOC_DEBUG_LOW, PMA_TOR | PMA_NONE);
+
+    // 2. Gap between debug region & IROM
+    PMA_ENTRY_SET_TOR(1, SOC_DEBUG_HIGH, PMA_NONE);
+    PMA_ENTRY_SET_TOR(2, SOC_IROM_MASK_LOW, PMA_TOR | PMA_NONE);
+
+    // 3. Gap between ROM & RAM
+    PMA_ENTRY_SET_TOR(3, SOC_DROM_MASK_HIGH, PMA_NONE);
+    PMA_ENTRY_SET_TOR(4, SOC_IRAM_LOW, PMA_TOR | PMA_NONE);
+
+    // 4. Gap between DRAM and I_Cache
+    PMA_ENTRY_SET_TOR(5, SOC_IRAM_HIGH, PMA_NONE);
+    PMA_ENTRY_SET_TOR(6, SOC_IROM_LOW, PMA_TOR | PMA_NONE);
+
+    // 5. Gap between D_Cache & LP_RAM
+    PMA_ENTRY_SET_TOR(7, SOC_DROM_HIGH, PMA_NONE);
+    PMA_ENTRY_SET_TOR(8, SOC_RTC_IRAM_LOW, PMA_TOR | PMA_NONE);
+
+    // 6. Gap between LP memory & peripheral addresses
+    PMA_ENTRY_SET_TOR(9, SOC_RTC_IRAM_HIGH, PMA_NONE);
+    PMA_ENTRY_SET_TOR(10, SOC_PERIPHERAL_LOW, PMA_TOR | PMA_NONE);
+
+    // 7. End of address space
+    PMA_ENTRY_SET_TOR(11, SOC_PERIPHERAL_HIGH, PMA_NONE);
+    PMA_ENTRY_SET_TOR(12, UINT32_MAX, PMA_TOR | PMA_NONE);
+}
+
 void esp_cpu_configure_region_protection(void)
 {
     /* Notes on implementation:
      *
      * 1) Note: ESP32-H2 CPU doesn't support overlapping PMP regions
      *
-     * 2) Therefore, we use TOR (top of range) entries to map the whole address
-     * space, bottom to top.
+     * 2) ESP32-H2 supports 16 PMA regions so we use this feature to block all the invalid address ranges
      *
-     * 3) There are not enough entries to describe all the memory regions 100% accurately.
+     * 3) We use combination of NAPOT (Naturally Aligned Power Of Two) and TOR (top of range)
+     * entries to map all the valid address space, bottom to top. This leaves us with some extra PMP entries
+     * which can be used to provide more granular access
      *
-     * 4) This means some gaps (invalid memory) are accessible. Priority for extending regions
-     * to cover gaps is to extend read-only or read-execute regions or read-only regions only
-     * (executing unmapped addresses should always fault with invalid instruction, read-only means
-     * stores will correctly fault even if reads may return some invalid value.)
-     *
-     * 5) Entries are grouped in order with some static asserts to try and verify everything is
+     * 4) Entries are grouped in order with some static asserts to try and verify everything is
      * correct.
      */
-    const unsigned NONE = PMP_L | PMP_TOR;
-    const unsigned RW      = PMP_L | PMP_TOR | PMP_R | PMP_W;
-    const unsigned RX      = PMP_L | PMP_TOR | PMP_R | PMP_X;
-    const unsigned RWX     = PMP_L | PMP_TOR | PMP_R | PMP_W | PMP_X;
 
-    // 1. Gap at bottom of address space
-    PMP_ENTRY_SET(0, SOC_DEBUG_LOW, NONE);
+    /* There are 4 configuration scenarios for SRAM
+     *
+     * 1. Bootloader build:
+     *    - We cannot set the lock bit as we need to reconfigure it again for the application.
+     *      We configure PMP to cover entire valid IRAM and DRAM range.
+     *
+     * 2. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT enabled
+     *    - We split the SRAM into IRAM and DRAM such that IRAM region cannot be written to
+     *      and DRAM region cannot be executed. We use _iram_end and _data_start markers to set the boundaries.
+     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
+     *
+     * 3. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT disabled
+     *    - The IRAM-DRAM split is not enabled so we just need to ensure that access to only valid address ranges are successful
+     *      so for that we set PMP to cover entire valid IRAM and DRAM region.
+     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
+     *
+     * 4. CPU is in OCD debug mode
+     *    - The IRAM-DRAM split is not enabled so that OpenOCD can write and execute from IRAM.
+     *      We set PMP to cover entire valid IRAM and DRAM region.
+     *      We also lock these entries so the R/W/X permissions are enforced even for machine mode
+     */
+    const unsigned NONE    = PMP_L;
+    const unsigned R       = PMP_L | PMP_R;
+    const unsigned RW      = PMP_L | PMP_R | PMP_W;
+    const unsigned RX      = PMP_L | PMP_R | PMP_X;
+    const unsigned RWX     = PMP_L | PMP_R | PMP_W | PMP_X;
 
-    // 2. Debug region
-    PMP_ENTRY_SET(1, SOC_DEBUG_HIGH, RWX);
+    //
+    // Configure all the invalid address regions using PMA
+    //
+    esp_cpu_configure_invalid_regions();
+
+    //
+    // Configure all the valid address regions using PMP
+    //
+
+    // 1. Debug region
+    const uint32_t pmpaddr0 = PMPADDR_NAPOT(SOC_DEBUG_LOW, SOC_DEBUG_HIGH);
+    PMP_ENTRY_SET(0, pmpaddr0, PMP_NAPOT | RWX);
     _Static_assert(SOC_DEBUG_LOW < SOC_DEBUG_HIGH, "Invalid CPU debug region");
 
-    // 3. Gap between debug region & IROM
-    PMP_ENTRY_SET(2, SOC_IROM_MASK_LOW, NONE);
-    _Static_assert(SOC_DEBUG_HIGH < SOC_IROM_MASK_LOW, "Invalid PMP entry order");
+    // 2.1 I-ROM
+    PMP_ENTRY_SET(1, SOC_IROM_MASK_LOW, NONE);
+    PMP_ENTRY_SET(2, SOC_IROM_MASK_HIGH, PMP_TOR | RX);
+    _Static_assert(SOC_IROM_MASK_LOW < SOC_IROM_MASK_HIGH, "Invalid I-ROM region");
 
-    // 4. ROM
-    PMP_ENTRY_SET(3, SOC_DROM_MASK_HIGH, RX);
-    _Static_assert(SOC_IROM_MASK_LOW < SOC_DROM_MASK_HIGH, "Invalid ROM region");
+    // 2.2 D-ROM
+    PMP_ENTRY_SET(3, SOC_DROM_MASK_LOW, NONE);
+    PMP_ENTRY_SET(4, SOC_DROM_MASK_HIGH, PMP_TOR | R);
+    _Static_assert(SOC_DROM_MASK_LOW < SOC_DROM_MASK_HIGH, "Invalid D-ROM region");
 
-    // 5. Gap between ROM & RAM
-    PMP_ENTRY_SET(4, SOC_IRAM_LOW, NONE);
-    _Static_assert(SOC_DROM_MASK_HIGH < SOC_IRAM_LOW, "Invalid PMP entry order");
+    if (esp_cpu_dbgr_is_attached()) {
+        // Anti-FI check that cpu is really in ocd mode
+        ESP_FAULT_ASSERT(esp_cpu_dbgr_is_attached());
 
-    // 6. RAM
-    PMP_ENTRY_SET(5, SOC_IRAM_HIGH, RWX);
-    _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
+        // 5. IRAM and DRAM
+        PMP_ENTRY_SET(5, SOC_IRAM_LOW, NONE);
+        PMP_ENTRY_SET(6, SOC_IRAM_HIGH, PMP_TOR | RWX);
+        _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
+    } else {
+#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+        extern int _iram_end;
+        // 5. IRAM and DRAM
+        /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
+         * Bootloader might have given extra permissions and those won't be cleared
+         */
+        PMP_ENTRY_CFG_RESET(5);
+        PMP_ENTRY_CFG_RESET(6);
+        PMP_ENTRY_CFG_RESET(7);
+        PMP_ENTRY_SET(5, SOC_IRAM_LOW, NONE);
+        PMP_ENTRY_SET(6, (int)&_iram_end, PMP_TOR | RX);
+        PMP_ENTRY_SET(7, SOC_DRAM_HIGH, PMP_TOR | RW);
+#else
+        // 5. IRAM and DRAM
+        PMP_ENTRY_SET(5, SOC_IRAM_LOW, CONDITIONAL_NONE);
+        PMP_ENTRY_SET(6, SOC_IRAM_HIGH, PMP_TOR | CONDITIONAL_RWX);
+        _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
+#endif
+    }
 
-    // 7. Gap between DRAM and I_Cache
-    PMP_ENTRY_SET(6, SOC_IROM_LOW, NONE);
-    _Static_assert(SOC_IRAM_HIGH < SOC_IROM_LOW, "Invalid PMP entry order");
-
-    // 8. I_Cache (flash)
-    PMP_ENTRY_SET(7, SOC_IROM_HIGH, RWX);
+    // 4. I_Cache (flash)
+    const uint32_t pmpaddr8 = PMPADDR_NAPOT(SOC_IROM_LOW, SOC_IROM_HIGH);
+    PMP_ENTRY_SET(8, pmpaddr8, PMP_NAPOT | RX);
     _Static_assert(SOC_IROM_LOW < SOC_IROM_HIGH, "Invalid I_Cache region");
 
-    // 9. D_Cache (flash)
-    PMP_ENTRY_SET(8, SOC_DROM_HIGH, RW);
+    // 5. D_Cache (flash)
+    const uint32_t pmpaddr9 = PMPADDR_NAPOT(SOC_DROM_LOW, SOC_DROM_HIGH);
+    PMP_ENTRY_SET(9, pmpaddr9, PMP_NAPOT | R);
     _Static_assert(SOC_DROM_LOW < SOC_DROM_HIGH, "Invalid D_Cache region");
 
-    // 10. Gap between D_Cache & LP_RAM
-    PMP_ENTRY_SET(9, SOC_RTC_IRAM_LOW, NONE);
-    _Static_assert(SOC_DROM_HIGH < SOC_RTC_IRAM_LOW, "Invalid PMP entry order");
-
-    // 16. LP memory
-    PMP_ENTRY_SET(10, SOC_RTC_IRAM_HIGH, RWX);
+    // 6. LP memory
+#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
+    extern int _rtc_text_end;
+    /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
+     * Bootloader might have given extra permissions and those won't be cleared
+     */
+    PMP_ENTRY_CFG_RESET(10);
+    PMP_ENTRY_CFG_RESET(11);
+    PMP_ENTRY_CFG_RESET(12);
+    PMP_ENTRY_SET(10, SOC_RTC_IRAM_LOW, NONE);
+    PMP_ENTRY_SET(11, (int)&_rtc_text_end, PMP_TOR | RX);
+    PMP_ENTRY_SET(12, SOC_RTC_IRAM_HIGH, PMP_TOR | RW);
+#else
+    const uint32_t pmpaddr10 = PMPADDR_NAPOT(SOC_RTC_IRAM_LOW, SOC_RTC_IRAM_HIGH);
+    PMP_ENTRY_SET(10, pmpaddr10, PMP_NAPOT | CONDITIONAL_RWX);
     _Static_assert(SOC_RTC_IRAM_LOW < SOC_RTC_IRAM_HIGH, "Invalid RTC IRAM region");
+#endif
 
-    // 17. Gap between LP memory & peripheral addresses
-    PMP_ENTRY_SET(11, SOC_PERIPHERAL_LOW, NONE);
-    _Static_assert(SOC_RTC_IRAM_HIGH < SOC_PERIPHERAL_LOW, "Invalid PMP entry order");
-
-    // 18. Peripheral addresses
-    PMP_ENTRY_SET(12, SOC_PERIPHERAL_HIGH, RW);
+    // 7. Peripheral addresses
+    const uint32_t pmpaddr13 = PMPADDR_NAPOT(SOC_PERIPHERAL_LOW, SOC_PERIPHERAL_HIGH);
+    PMP_ENTRY_SET(13, pmpaddr13, PMP_NAPOT | RW);
     _Static_assert(SOC_PERIPHERAL_LOW < SOC_PERIPHERAL_HIGH, "Invalid peripheral region");
-
-    // 19. End of address space
-    PMP_ENTRY_SET(13, UINT32_MAX, NONE); // all but last 4 bytes
-    PMP_ENTRY_SET(14, UINT32_MAX, PMP_L | PMP_NA4);  // last 4 bytes
 }

components/soc/esp32c6/include/soc/soc_caps.h

@@ -416,9 +416,6 @@
 #define SOC_FLASH_ENCRYPTION_XTS_AES        1
 #define SOC_FLASH_ENCRYPTION_XTS_AES_128    1
 
-/*-------------------------- MEMPROT CAPS ------------------------------------*/
-
-
 /*-------------------------- UART CAPS ---------------------------------------*/
 // ESP32-C6 has 2 UARTs
 #define SOC_UART_NUM                    (2)

components/soc/esp32h2/include/soc/Kconfig.soc_caps.in

@@ -307,6 +307,14 @@ config SOC_CPU_WATCHPOINT_SIZE
     hex
     default 0x80000000
 
+config SOC_CPU_HAS_PMA
+    bool
+    default y
+
+config SOC_CPU_IDRAM_SPLIT_USING_PMP
+    bool
+    default y
+
 config SOC_MMU_PAGE_SIZE_CONFIGURABLE
     bool
     default y
@@ -983,14 +991,6 @@ config SOC_FLASH_ENCRYPTION_XTS_AES_128
     bool
     default y
 
-config SOC_MEMPROT_CPU_PREFETCH_PAD_SIZE
-    int
-    default 16
-
-config SOC_MEMPROT_MEM_ALIGN_SIZE
-    int
-    default 512
-
 config SOC_UART_NUM
     int
     default 2

components/soc/esp32h2/include/soc/soc.h

@@ -176,6 +176,9 @@
 #define SOC_DIRAM_DRAM_LOW    0x40800000
 #define SOC_DIRAM_DRAM_HIGH   0x40850000
 
+#define MAP_DRAM_TO_IRAM(addr) (addr)
+#define MAP_IRAM_TO_DRAM(addr) (addr)
+
 // Region of memory accessible via DMA. See esp_ptr_dma_capable().
 #define SOC_DMA_LOW  0x40800000
 #define SOC_DMA_HIGH 0x40850000

components/soc/esp32h2/include/soc/soc_caps.h

@@ -134,6 +134,9 @@
 #define SOC_CPU_WATCHPOINTS_NUM         4
 #define SOC_CPU_WATCHPOINT_SIZE         0x80000000 // bytes
 
+#define SOC_CPU_HAS_PMA                 1
+#define SOC_CPU_IDRAM_SPLIT_USING_PMP   1
+
 /*-------------------------- MMU CAPS ----------------------------------------*/
 #define SOC_MMU_PAGE_SIZE_CONFIGURABLE        (1)
 #define SOC_MMU_PERIPH_NUM                    (1U)
@@ -231,7 +234,6 @@
 #define SOC_LEDC_GAMMA_CURVE_FADE_RANGE_MAX (16)
 #define SOC_LEDC_FADE_PARAMS_BIT_WIDTH      (10)
 
-// TODO: IDF-6332 (Copy from esp32c6, need check)
 /*-------------------------- MPU CAPS ----------------------------------------*/
 #define SOC_MPU_CONFIGURABLE_REGIONS_SUPPORTED    0
 #define SOC_MPU_MIN_REGION_SIZE                   0x20000000U
@@ -415,11 +417,6 @@
 #define SOC_FLASH_ENCRYPTION_XTS_AES        1
 #define SOC_FLASH_ENCRYPTION_XTS_AES_128    1
 
-// TODO:    IDF-6332 (Copy from esp32c6, need check)
-/*-------------------------- MEMPROT CAPS ------------------------------------*/
-#define SOC_MEMPROT_CPU_PREFETCH_PAD_SIZE   16
-#define SOC_MEMPROT_MEM_ALIGN_SIZE          512
-
 /*-------------------------- UART CAPS ---------------------------------------*/
 // ESP32-H2 has 2 UARTs
 #define SOC_UART_NUM                (2)

tools/test_apps/.build-test-rules.yml

@@ -161,7 +161,7 @@ tools/test_apps/system/panic:
   enable:
     - if: INCLUDE_DEFAULT == 1 or IDF_TARGET == "esp32h4"
   disable_test:
-    - if: IDF_TARGET not in ["esp32", "esp32s2", "esp32c3", "esp32s3", "esp32c2", "esp32c6"]
+    - if: IDF_TARGET not in ["esp32", "esp32s2", "esp32c3", "esp32s3", "esp32c2", "esp32c6", "esp32h2"]
       temporary: true
       reason: test app not ported to this target yet
 

tools/test_apps/system/panic/pytest_panic.py

@@ -480,12 +480,13 @@ def test_panic_delay(dut: PanicTestDut) -> None:
 #########################
 
 # Memprot-related tests are supported only on targets with PMS/PMA peripheral;
-# currently ESP32-S2, ESP32-C3, ESP32-C2, and ESP32-C6 are supported
+# currently ESP32-S2, ESP32-C3, ESP32-C2, ESP32-H2 and ESP32-C6 are supported
 CONFIGS_MEMPROT_IDRAM = [
     pytest.param('memprot_esp32s2', marks=[pytest.mark.esp32s2]),
     pytest.param('memprot_esp32c3', marks=[pytest.mark.esp32c3]),
     pytest.param('memprot_esp32c2', marks=[pytest.mark.esp32c2]),
-    pytest.param('memprot_esp32c6', marks=[pytest.mark.esp32c6])
+    pytest.param('memprot_esp32c6', marks=[pytest.mark.esp32c6]),
+    pytest.param('memprot_esp32h2', marks=[pytest.mark.esp32h2])
 ]
 
 CONFIGS_MEMPROT_DCACHE = [
@@ -495,7 +496,8 @@ CONFIGS_MEMPROT_DCACHE = [
 CONFIGS_MEMPROT_RTC_FAST_MEM = [
     pytest.param('memprot_esp32s2', marks=[pytest.mark.esp32s2]),
     pytest.param('memprot_esp32c3', marks=[pytest.mark.esp32c3]),
-    pytest.param('memprot_esp32c6', marks=[pytest.mark.esp32c6])
+    pytest.param('memprot_esp32c6', marks=[pytest.mark.esp32c6]),
+    pytest.param('memprot_esp32h2', marks=[pytest.mark.esp32h2])
 ]
 
 CONFIGS_MEMPROT_RTC_SLOW_MEM = [
@@ -534,7 +536,7 @@ def test_iram_reg1_write_violation(dut: PanicTestDut, test_func_name: str) -> No
         dut.expect_backtrace()
     elif dut.target == 'esp32c3':
         dut.expect_exact(r'Test error: Test function has returned')
-    elif dut.target in ['esp32c2', 'esp32c6']:
+    elif dut.target in ['esp32c2', 'esp32c6', 'esp32h2']:
         dut.expect_gme('Store access fault')
         dut.expect_reg_dump(0)
         dut.expect_stack_dump()
@@ -557,7 +559,7 @@ def test_iram_reg2_write_violation(dut: PanicTestDut, test_func_name: str) -> No
         dut.expect(r'  operation type: (\S+)')
         dut.expect_reg_dump(0)
         dut.expect_stack_dump()
-    elif dut.target in ['esp32c2', 'esp32c6']:
+    elif dut.target in ['esp32c2', 'esp32c6', 'esp32h2']:
         dut.expect_gme('Store access fault')
         dut.expect_reg_dump(0)
         dut.expect_stack_dump()
@@ -580,7 +582,7 @@ def test_iram_reg3_write_violation(dut: PanicTestDut, test_func_name: str) -> No
         dut.expect(r'  operation type: (\S+)')
         dut.expect_reg_dump(0)
         dut.expect_stack_dump()
-    elif dut.target in ['esp32c2', 'esp32c6']:
+    elif dut.target in ['esp32c2', 'esp32c6', 'esp32h2']:
         dut.expect_gme('Store access fault')
         dut.expect_reg_dump(0)
         dut.expect_stack_dump()
@@ -605,7 +607,7 @@ def test_iram_reg4_write_violation(dut: PanicTestDut, test_func_name: str) -> No
         dut.expect(r'  operation type: (\S+)')
         dut.expect_reg_dump(0)
         dut.expect_stack_dump()
-    elif dut.target in ['esp32c2', 'esp32c6']:
+    elif dut.target in ['esp32c2', 'esp32c6', 'eps32h2']:
         dut.expect_gme('Store access fault')
         dut.expect_reg_dump(0)
         dut.expect_stack_dump()
@@ -623,7 +625,7 @@ def test_dram_reg1_execute_violation(dut: PanicTestDut, test_func_name: str) ->
         dut.expect(r'Unknown operation at address [0-9xa-f]+ not permitted \((\S+)\)')
         dut.expect_reg_dump(0)
         dut.expect_corrupted_backtrace()
-    elif dut.target in ['esp32c3', 'esp32c2', 'esp32c6']:
+    elif dut.target in ['esp32c3', 'esp32c2', 'esp32c6', 'esp32h2']:
         dut.expect_gme('Instruction access fault')
         dut.expect_reg_dump(0)
         dut.expect_stack_dump()
@@ -638,7 +640,7 @@ def test_dram_reg2_execute_violation(dut: PanicTestDut, test_func_name: str) ->
         dut.expect_gme('InstructionFetchError')
         dut.expect_reg_dump(0)
         dut.expect_corrupted_backtrace()
-    elif dut.target in ['esp32c3', 'esp32c2', 'esp32c6']:
+    elif dut.target in ['esp32c3', 'esp32c2', 'esp32c6', 'esp32h2']:
         dut.expect_gme('Instruction access fault')
         dut.expect_reg_dump(0)
         dut.expect_stack_dump()
@@ -653,7 +655,7 @@ def test_rtc_fast_reg1_execute_violation(dut: PanicTestDut, test_func_name: str)
 
 @pytest.mark.parametrize('config', CONFIGS_MEMPROT_RTC_FAST_MEM, indirect=True)
 @pytest.mark.generic
-@pytest.mark.skipif('config.getvalue("target") == "esp32c6"', reason='Not a violation condition because it does not have PMS peripheral')
+@pytest.mark.skipif('config.getvalue("target") in ["esp32c6", "esp32h2"]', reason='Not a violation condition because it does not have PMS peripheral')
 def test_rtc_fast_reg2_execute_violation(dut: PanicTestDut, test_func_name: str) -> None:
     dut.run_test_func(test_func_name)
     dut.expect_gme('Memory protection fault')
@@ -689,7 +691,7 @@ def test_rtc_fast_reg3_execute_violation(dut: PanicTestDut, test_func_name: str)
         dut.expect(r'  operation type: (\S+)')
         dut.expect_reg_dump(0)
         dut.expect_stack_dump()
-    elif dut.target == 'esp32c6':
+    elif dut.target in ['esp32c6', 'esp32h2']:
         dut.expect_gme('Instruction access fault')
         dut.expect_reg_dump(0)
         dut.expect_stack_dump()

tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h2

@@ -0,0 +1,8 @@
+# Restricting to ESP32H2
+CONFIG_IDF_TARGET="esp32h2"
+
+# Enabling memory protection
+CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y
+
+# Enable memprot test
+CONFIG_TEST_MEMPROT=y