From 1975c1c69ee948cfda90da61c97011b1ac994d91 Mon Sep 17 00:00:00 2001
From: "harshal.patil" <harshal.patil@espressif.com>
Date: Mon, 1 Apr 2024 17:23:10 +0530
Subject: [PATCH] docs(security): Update security-related docs for ESP32-P4

---
 docs/docs_not_updated/esp32p4.txt                  |  5 -----
 docs/en/security/flash-encryption.rst              |  2 +-
 docs/en/security/host-based-security-workflows.rst | 10 ++++++++++
 docs/en/security/security.rst                      |  2 +-
 docs/zh_CN/security/flash-encryption.rst           |  2 +-
 docs/zh_CN/security/security.rst                   |  2 +-
 6 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/docs/docs_not_updated/esp32p4.txt b/docs/docs_not_updated/esp32p4.txt
index 45744c43f4..ba8f2eaa5a 100644
--- a/docs/docs_not_updated/esp32p4.txt
+++ b/docs/docs_not_updated/esp32p4.txt
@@ -97,11 +97,6 @@ api-reference/index.rst
 api-reference/protocols/icmp_echo.rst
 api-reference/protocols/esp_serial_slave_link.rst
 api-reference/protocols/index.rst
-security/host-based-security-workflows.rst
-security/flash-encryption.rst
-security/security.rst
-security/esp32p4_log.inc
-security/index.rst
 get-started/establish-serial-connection.rst
 get-started/linux-macos-setup.rst
 get-started/linux-macos-start-project.rst
diff --git a/docs/en/security/flash-encryption.rst b/docs/en/security/flash-encryption.rst
index 27b610752d..aba821cd02 100644
--- a/docs/en/security/flash-encryption.rst
+++ b/docs/en/security/flash-encryption.rst
@@ -297,7 +297,7 @@ To test flash encryption process, take the following steps:
     - :ref:`Select encryption mode <CONFIG_SECURE_FLASH_ENCRYPTION_MODE>` (**Development mode** by default).
     :esp32: - :ref:`Select UART ROM download mode <CONFIG_SECURE_UART_ROM_DL_MODE>` (**enabled** by default). Note that for the ESP32 target, the choice is only available when :ref:`CONFIG_ESP32_REV_MIN` level is set to 3 (ESP32 V3).
     :not esp32: - :ref:`Select UART ROM download mode <CONFIG_SECURE_UART_ROM_DL_MODE>` (**enabled** by default).
-    :esp32s2 or esp32s3 or esp32c2: - Set :ref:`Size of generated XTS-AES key <CONFIG_SECURE_FLASH_ENCRYPTION_KEYSIZE>`.
+    :SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS: - Set :ref:`Size of generated XTS-AES key <CONFIG_SECURE_FLASH_ENCRYPTION_KEYSIZE>`.
     - :ref:`Select the appropriate bootloader log verbosity <CONFIG_BOOTLOADER_LOG_LEVEL>`.
     - Save the configuration and exit.
 
diff --git a/docs/en/security/host-based-security-workflows.rst b/docs/en/security/host-based-security-workflows.rst
index 4ed7551336..a029f067fa 100644
--- a/docs/en/security/host-based-security-workflows.rst
+++ b/docs/en/security/host-based-security-workflows.rst
@@ -245,6 +245,16 @@ In this case, all the eFuses related to flash encryption are written with help o
 
          espsecure.py encrypt_flash_data --keyfile my_flash_encryption_key.bin --address 0x10000 --output my-app-enc.bin build/my-app.bin
 
+  .. only:: SOC_KEY_MANAGER_SUPPORTED
+
+      .. code-block:: bash
+
+         espsecure.py encrypt_flash_data --keyfile my_flash_encryption_key.bin --address 0x2000 --output bootloader-enc.bin build/bootloader/bootloader.bin
+
+         espsecure.py encrypt_flash_data --keyfile my_flash_encryption_key.bin --address 0x8000 --output partition-table-enc.bin build/partition_table/partition-table.bin
+
+         espsecure.py encrypt_flash_data --keyfile my_flash_encryption_key.bin --address 0x10000 --output my-app-enc.bin build/my-app.bin
+
   .. only:: not esp32
 
       .. code-block:: bash
diff --git a/docs/en/security/security.rst b/docs/en/security/security.rst
index b4990eada5..8cf5515ac8 100644
--- a/docs/en/security/security.rst
+++ b/docs/en/security/security.rst
@@ -268,7 +268,7 @@ Please refer to the :ref:`nvs_encryption` for detailed documentation on the work
 Secure Device Control
 ~~~~~~~~~~~~~~~~~~~~~
 
-ESP-IDF provides capability to control an ESP device over ``Wi-Fi + HTTP`` or ``BLE`` in a secure manner using ESP Local Control component.
+ESP-IDF provides capability to control an ESP device over ``Wi-Fi/Ethernet + HTTP`` or ``BLE`` in a secure manner using ESP Local Control component.
 
 Please refer to the :doc:`../api-reference/protocols/esp_local_ctrl` for detailed documentation about this feature.
 
diff --git a/docs/zh_CN/security/flash-encryption.rst b/docs/zh_CN/security/flash-encryption.rst
index 903d9728e4..5e9d9f2e3a 100644
--- a/docs/zh_CN/security/flash-encryption.rst
+++ b/docs/zh_CN/security/flash-encryption.rst
@@ -297,7 +297,7 @@ flash 加密设置
     - :ref:`选择加密模式 <CONFIG_SECURE_FLASH_ENCRYPTION_MODE>` （默认是 **开发模式**）。
     :esp32: - :ref:`选择 UART ROM 下载模式 <CONFIG_SECURE_UART_ROM_DL_MODE>` （默认是 **启用**）。请注意，对于 ESP32 芯片，该选项仅在 :ref:`CONFIG_ESP32_REV_MIN` 级别设置为 3 时 (ESP32 V3) 可用。
     :not esp32: - :ref:`选择 UART ROM 下载模式 <CONFIG_SECURE_UART_ROM_DL_MODE>` （默认是 **启用**）。
-    :esp32s2 or esp32s3 or esp32c2: - 设置 :ref:`生成的 XTS-AES 密钥大小 <CONFIG_SECURE_FLASH_ENCRYPTION_KEYSIZE>`。
+    :SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS: - 设置 :ref:`生成的 XTS-AES 密钥大小 <CONFIG_SECURE_FLASH_ENCRYPTION_KEYSIZE>`。
     - :ref:`选择适当详细程度的引导加载程序日志 <CONFIG_BOOTLOADER_LOG_LEVEL>`。
     - 保存配置并退出。
 
diff --git a/docs/zh_CN/security/security.rst b/docs/zh_CN/security/security.rst
index 06edea8387..f84fb771e9 100644
--- a/docs/zh_CN/security/security.rst
+++ b/docs/zh_CN/security/security.rst
@@ -268,7 +268,7 @@ ESP-IDF 提供了 **NVS（非易失性存储）** 管理组件，允许加密数
 安全设备控制
 ~~~~~~~~~~~~~~~~~~~~~
 
-ESP-IDF 提供了 ESP 本地控制组件，可以通过 ``Wi-Fi + HTTP`` 或 ``BLE`` 安全地控制 ESP 设备。
+ESP-IDF 提供了 ESP 本地控制组件，可以通过 ``Wi-Fi/Ethernet + HTTP`` 或 ``BLE`` 安全地控制 ESP 设备。
 
 关于该功能的更多详情，请参阅 :doc:`../api-reference/protocols/esp_local_ctrl`。