Merge branch 'bugfix/reenable_encrypted_partition_write' into 'master'

Re-enable encrypted flash read/writes even if flash encryption is disabled See merge request espressif/esp-idf!12122
2024-09-20 10:46:02 -04:00 · 2021-01-28 21:58:58 +08:00 · 2021-01-28 21:58:58 +08:00 · 56aa4ae16f
commit 56aa4ae16f
parent 9eae54f3be 80b196a662
4 changed files with 16 additions and 4 deletions
--- a/components/bootloader/Kconfig.projbuild
+++ b/components/bootloader/Kconfig.projbuild
@ -576,6 +576,7 @@ menu "Security features"
    config SECURE_FLASH_ENC_ENABLED
        bool "Enable flash encryption on boot (READ DOCS FIRST)"
        default N
+        select SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
        help
            If this option is set, flash contents will be encrypted by the bootloader on first boot.

--- a/components/spi_flash/Kconfig
+++ b/components/spi_flash/Kconfig
@ -230,4 +230,13 @@ menu "SPI Flash driver"

    endmenu #auto detect flash chips

+    config SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
+        bool "Enable encrypted partition read/write operations"
+        default y
+        help
+            This option enables flash read/write operations to encrypted partition/s. This option
+            is kept enabled irrespective of state of flash encryption feature. However, in case
+            application is not using flash encryption feature and is in need of some additional
+            memory from IRAM region (~1KB) then this config can be disabled.
+
 endmenu
--- a/components/spi_flash/partition.c
+++ b/components/spi_flash/partition.c
@ -349,7 +349,7 @@ esp_err_t esp_partition_read(const esp_partition_t* partition,
        return spi_flash_read(partition->address + src_offset, dst, size);
 #endif // CONFIG_SPI_FLASH_USE_LEGACY_IMPL
    } else {
-#if CONFIG_SECURE_FLASH_ENC_ENABLED
+#if CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
        if (partition->flash_chip != esp_flash_default_chip) {
            return ESP_ERR_NOT_SUPPORTED;
        }
@ -369,7 +369,7 @@ esp_err_t esp_partition_read(const esp_partition_t* partition,
        return ESP_OK;
 #else
        return ESP_ERR_NOT_SUPPORTED;
-#endif // CONFIG_SECURE_FLASH_ENC_ENABLED
+#endif // CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
    }
 }

@ -391,14 +391,14 @@ esp_err_t esp_partition_write(const esp_partition_t* partition,
        return spi_flash_write(dst_offset, src, size);
 #endif // CONFIG_SPI_FLASH_USE_LEGACY_IMPL
    } else {
-#if CONFIG_SECURE_FLASH_ENC_ENABLED
+#if CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
        if (partition->flash_chip != esp_flash_default_chip) {
            return ESP_ERR_NOT_SUPPORTED;
        }
        return spi_flash_write_encrypted(dst_offset, src, size);
 #else
        return ESP_ERR_NOT_SUPPORTED;
-#endif // CONFIG_SECURE_FLASH_ENC_ENABLED
+#endif // CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
    }
 }

--- a/tools/unit-test-app/configs/psram
+++ b/tools/unit-test-app/configs/psram
@ -4,3 +4,5 @@ CONFIG_ESP32_SPIRAM_SUPPORT=y
 CONFIG_ESP_INT_WDT_TIMEOUT_MS=800
 CONFIG_SPIRAM_OCCUPY_NO_HOST=y
 CONFIG_ESP32_WIFI_RX_IRAM_OPT=n
+# Disable encrypted flash reads/writes to save IRAM in this build configuration
+CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE=n