Merge branch 'fix/flash_encryption_for_esp32p4_v5.3' into 'release/v5.3'

fix(security): Fixed flash encryption for esp32p4 (v5.3)

See merge request espressif/esp-idf!33140

components/bootloader_support/src/flash_encryption/flash_encrypt.c

@@ -16,11 +16,15 @@
 #include "esp_log.h"
 #include "hal/wdt_hal.h"
 
-#if SOC_KEY_MANAGER_SUPPORTED
+#if SOC_KEY_MANAGER_FE_KEY_DEPLOY || CONFIG_IDF_TARGET_ESP32C5
-#include "hal/key_mgr_hal.h"
+#if CONFIG_IDF_TARGET_ESP32C5
-#include "hal/mspi_timing_tuning_ll.h"
 #include "soc/keymng_reg.h"
-#endif
+#include "soc/pcr_reg.h"
+#else /* CONFIG_IDF_TARGET_ESP32C5 */
+#include "hal/key_mgr_ll.h"
+#include "hal/mspi_timing_tuning_ll.h"
+#endif /* !CONFIG_IDF_TARGET_ESP32C5 */
+#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY */
 
 #ifdef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
 #include "soc/sensitive_reg.h"
@@ -217,18 +221,25 @@ static esp_err_t check_and_generate_encryption_keys(void)
         ESP_LOGI(TAG, "Using pre-loaded flash encryption key in efuse");
     }
 
-#if SOC_KEY_MANAGER_SUPPORTED
+#if SOC_KEY_MANAGER_FE_KEY_DEPLOY || CONFIG_IDF_TARGET_ESP32C5
-#if CONFIG_IDF_TARGET_ESP32C5 && SOC_KEY_MANAGER_SUPPORTED
+#if CONFIG_IDF_TARGET_ESP32C5
-    // TODO: [ESP32C5] IDF-8622 find a more proper place for these codes
+    REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY, 2);
-    REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH);
     REG_SET_BIT(PCR_MSPI_CLK_CONF_REG, PCR_MSPI_AXI_RST_EN);
     REG_CLR_BIT(PCR_MSPI_CLK_CONF_REG, PCR_MSPI_AXI_RST_EN);
-#endif
+#else /* CONFIG_IDF_TARGET_ESP32C5 */
+    // Enable and reset key manager
+    // To suppress build errors about spinlock's __DECLARE_RCC_ATOMIC_ENV
+    int __DECLARE_RCC_ATOMIC_ENV __attribute__ ((unused));
+    key_mgr_ll_enable_bus_clock(true);
+    key_mgr_ll_enable_peripheral_clock(true);
+    key_mgr_ll_reset_register();
+    while (key_mgr_ll_get_state() != ESP_KEY_MGR_STATE_IDLE) {
+    };
     // Force Key Manager to use eFuse key for XTS-AES operation
-    key_mgr_hal_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
+    key_mgr_ll_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
     _mspi_timing_ll_reset_mspi();
-#endif
+#endif /* !CONFIG_IDF_TARGET_ESP32C5 */
-
+#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY */
     return ESP_OK;
 }
 

components/esp_system/port/cpu_start.c

@@ -71,8 +71,8 @@
 #include "soc/hp_sys_clkrst_reg.h"
 #endif
 
-#if SOC_KEY_MANAGER_SUPPORTED
+#if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY || SOC_KEY_MANAGER_FE_KEY_DEPLOY
-#include "hal/key_mgr_hal.h"
+#include "hal/key_mgr_ll.h"
 #endif
 
 #include "esp_private/rtc_clk.h"
@@ -309,13 +309,22 @@ static void start_other_core(void)
     }
 #endif
 
-#if SOC_KEY_MANAGER_SUPPORTED
     // The following operation makes the Key Manager to use eFuse key for ECDSA and XTS-AES operation by default
     // This is to keep the default behavior same as the other chips
     // If the Key Manager configuration is already locked then following operation does not have any effect
-    key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
+#if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY || SOC_KEY_MANAGER_FE_KEY_DEPLOY
-    key_mgr_hal_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
+    // Enable key manager clock
+    // Using ll APIs which do not require critical section
+    _key_mgr_ll_enable_bus_clock(true);
+    _key_mgr_ll_enable_peripheral_clock(true);
+#if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
+    key_mgr_ll_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
 #endif
+#if SOC_KEY_MANAGER_FE_KEY_DEPLOY
+    key_mgr_ll_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
+#endif
+#endif /* SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY || SOC_KEY_MANAGER_FE_KEY_DEPLOY */
+
     ets_set_appcpu_boot_addr((uint32_t)call_start_cpu1);
 
     bool cpus_up = false;

components/hal/ecdsa_hal.c

@@ -9,7 +9,11 @@
 #include "hal/ecdsa_hal.h"
 #include "hal/efuse_hal.h"
 
-#ifdef SOC_KEY_MANAGER_SUPPORTED
+#if CONFIG_IDF_TARGET_ESP32C5
+#include "soc/keymng_reg.h"
+#endif
+
+#ifdef SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
 #include "hal/key_mgr_hal.h"
 #endif
 
@@ -19,16 +23,21 @@
 static void configure_ecdsa_periph(ecdsa_hal_config_t *conf)
 {
 
-
     if (conf->use_km_key == 0) {
         efuse_hal_set_ecdsa_key(conf->efuse_key_blk);
-#if SOC_KEY_MANAGER_SUPPORTED
+
-        key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
+#if CONFIG_IDF_TARGET_ESP32C5
+        REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY, 1);
+#endif
+
+#if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
+        // Force Key Manager to use eFuse key for XTS-AES operation
+        key_mgr_ll_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
 #endif
     }
 #if SOC_KEY_MANAGER_SUPPORTED
     else {
-        key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_OWN_KEY);
+        key_mgr_ll_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_OWN_KEY);
     }
 #endif
 

components/hal/esp32p4/include/hal/key_mgr_ll.h

@@ -10,9 +10,7 @@
  ******************************************************************************/
 
 #pragma once
-#include "soc/soc_caps.h"
 
-#if SOC_KEY_MANAGER_SUPPORTED
 #include <stdint.h>
 #include <stdbool.h>
 #include <string.h>
@@ -21,7 +19,6 @@
 #include "hal/key_mgr_types.h"
 #include "soc/keymng_reg.h"
 #include "soc/hp_sys_clkrst_struct.h"
-#include "soc/soc_caps.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -29,29 +26,32 @@ extern "C" {
 
 /**
  * @brief Enable the bus clock for Key Manager peripheral
- *
+ * Note: Please use key_mgr_ll_enable_bus_clock which requires the critical section
+ *       and do not use _key_mgr_ll_enable_bus_clock
  * @param true to enable, false to disable
  */
-static inline void key_mgr_ll_enable_bus_clock(bool enable)
+static inline void _key_mgr_ll_enable_bus_clock(bool enable)
 {
     HP_SYS_CLKRST.soc_clk_ctrl1.reg_key_manager_sys_clk_en = enable;
 }
 
 /// use a macro to wrap the function, force the caller to use it in a critical section
 /// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance
-#define key_mgr_ll_enable_bus_clock(...) (void)__DECLARE_RCC_ATOMIC_ENV; key_mgr_ll_enable_bus_clock(__VA_ARGS__)
+#define key_mgr_ll_enable_bus_clock(...) (void)__DECLARE_RCC_ATOMIC_ENV; _key_mgr_ll_enable_bus_clock(__VA_ARGS__)
 
 /**
  * @brief Enable the peripheral clock for Key Manager
  *
+ * Note: Please use key_mgr_ll_enable_peripheral_clock which requires the critical section
+ *       and do not use _key_mgr_ll_enable_peripheral_clock
  * @param true to enable, false to disable
  */
-static inline void key_mgr_ll_enable_peripheral_clock(bool enable)
+static inline void _key_mgr_ll_enable_peripheral_clock(bool enable)
 {
     HP_SYS_CLKRST.peri_clk_ctrl25.reg_crypto_km_clk_en = enable;
 }
 
-#define key_mgr_ll_enable_peripheral_clock(...) (void)__DECLARE_RCC_ATOMIC_ENV; key_mgr_ll_enable_bus_clock(__VA_ARGS__)
+#define key_mgr_ll_enable_peripheral_clock(...) (void)__DECLARE_RCC_ATOMIC_ENV; _key_mgr_ll_enable_peripheral_clock(__VA_ARGS__)
 
 /**
  * @brief Reset the Key Manager peripheral */
@@ -345,4 +345,3 @@ static inline uint32_t key_mgr_ll_get_date_info(void)
 #ifdef __cplusplus
 }
 #endif
-#endif

components/hal/include/hal/key_mgr_types.h

@@ -5,9 +5,6 @@
  */
 #pragma once
 
-#include "soc/soc_caps.h"
-
-#if SOC_KEY_MANAGER_SUPPORTED
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdint.h>
@@ -24,7 +21,7 @@ extern "C" {
  */
 typedef enum {
     ESP_KEY_MGR_STATE_IDLE = 0, /* Key Manager is idle */
-    ESP_KEY_MGR_STATE_LOAD = 1,     /* Key Manager is ready to recieve input */
+    ESP_KEY_MGR_STATE_LOAD = 1,     /* Key Manager is ready to receive input */
     ESP_KEY_MGR_STATE_GAIN = 2,     /* Key Manager is ready to provide output */
     ESP_KEY_MGR_STATE_BUSY = 3,      /* Key Manager is busy */
 } esp_key_mgr_state_t;
@@ -114,5 +111,3 @@ typedef struct WORD_ALIGNED_ATTR PACKED_ATTR {
 #ifdef __cplusplus
 }
 #endif
-
-#endif

components/soc/esp32p4/include/soc/Kconfig.soc_caps.in

@@ -1483,6 +1483,14 @@ config SOC_EFUSE_ECDSA_KEY
     bool
     default y
 
+config SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
+    bool
+    default y
+
+config SOC_KEY_MANAGER_FE_KEY_DEPLOY
+    bool
+    default y
+
 config SOC_SECURE_BOOT_V2_RSA
     bool
     default y

components/soc/esp32p4/include/soc/soc_caps.h

@@ -582,6 +582,9 @@
 #define SOC_EFUSE_DIS_DOWNLOAD_MSPI 1
 #define SOC_EFUSE_ECDSA_KEY 1
 
+/*-------------------------- Key Manager CAPS----------------------------*/
+#define SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY    1 /*!< Key manager responsible to deploy ECDSA key */
+#define SOC_KEY_MANAGER_FE_KEY_DEPLOY       1 /*!< Key manager responsible to deploy Flash Encryption key */
 /*-------------------------- Secure Boot CAPS----------------------------*/
 #define SOC_SECURE_BOOT_V2_RSA              1
 #define SOC_SECURE_BOOT_V2_ECC              1
@@ -595,7 +598,6 @@
 #define SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS 1
 #define SOC_FLASH_ENCRYPTION_XTS_AES_128    1
 #define SOC_FLASH_ENCRYPTION_XTS_AES_256    1
-
 /*-------------------------- MEMPROT CAPS ------------------------------------*/
 
 /*-------------------------- UART CAPS ---------------------------------------*/