Merge branch 'bugfix/encrypted_flash_write_safe_addr' into 'master'

fix(spi_flash): check for safe write address in encrypted flash API

See merge request espressif/esp-idf!29043

components/spi_flash/esp_flash_api.c

@@ -1146,11 +1146,13 @@ esp_err_t IRAM_ATTR esp_flash_write_encrypted(esp_flash_t *chip, uint32_t addres
 #endif //CONFIG_SPI_FLASH_VERIFY_WRITE
 
     esp_err_t err = rom_spiflash_api_funcs->chip_check(&chip);
+    VERIFY_CHIP_OP(write);
     // Flash encryption only support on main flash.
     if (chip != esp_flash_default_chip) {
         return ESP_ERR_NOT_SUPPORTED;
     }
-    if (err != ESP_OK) return err;
+    CHECK_WRITE_ADDRESS(chip, address, length);
+
     if (buffer == NULL || address + length > chip->size) {
         return ESP_ERR_INVALID_ARG;
     }

components/spi_flash/test_apps/flash_encryption/main/test_flash_encryption.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Unlicense OR CC0-1.0
  */
@@ -20,6 +20,7 @@
 #include "test_utils.h"
 #include "ccomp_timer.h"
 #include "test_flash_utils.h"
+#include "sdkconfig.h"
 
 /*-------------------- For running this test, some configurations are necessary -------------------*/
 /*     ESP32    |           CONFIG_SECURE_FLASH_ENC_ENABLED         |             SET              */
@@ -371,4 +372,14 @@ TEST_CASE("test read & write encrypted data with large buffer in ram", "[flash_e
     free(buf);
 }
 
+TEST_CASE("test encrypted writes to dangerous regions like bootloader", "[flash_encryption]")
+{
+    TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_erase_region(NULL, CONFIG_BOOTLOADER_OFFSET_IN_FLASH, 4*4096));
+    TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_erase_region(NULL, CONFIG_PARTITION_TABLE_OFFSET, 4096));
+    char buffer[32] = {0xa5};
+    // Encrypted writes to bootloader region not allowed
+    TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(NULL, CONFIG_BOOTLOADER_OFFSET_IN_FLASH, buffer, sizeof(buffer)));
+    // Encrypted writes to partition table region not allowed
+    TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(NULL, CONFIG_PARTITION_TABLE_OFFSET, buffer, sizeof(buffer)));
+}
 #endif // CONFIG_SECURE_FLASH_ENC_ENABLED

components/spi_flash/test_apps/flash_encryption/sdkconfig.defaults

@@ -9,3 +9,4 @@ CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
 CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=y
 CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y
 CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y
+CONFIG_SPI_FLASH_DANGEROUS_WRITE_FAILS=y