spi_flash: add config option to enable encrypted partition read/write

This feature can be disabled to save some IRAM (approx 1KB) for cases
where flash encryption feature is not required.
This commit is contained in:
Mahavir Jain 2021-01-22 15:44:27 +05:30 committed by bot
parent 0715c86211
commit e032384c7f
3 changed files with 18 additions and 0 deletions

View File

@ -539,6 +539,7 @@ menu "Security features"
config SECURE_FLASH_ENC_ENABLED
bool "Enable flash encryption on boot (READ DOCS FIRST)"
default N
select SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
help
If this option is set, flash contents will be encrypted by the bootloader on first boot.

View File

@ -139,4 +139,13 @@ menu "SPI Flash driver"
endmenu #auto detect flash chips
config SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
bool "Enable encrypted partition read/write operations"
default y
help
This option enables flash read/write operations to encrypted partition/s. This option
is kept enabled irrespective of state of flash encryption feature. However, in case
application is not using flash encryption feature and is in need of some additional
memory from IRAM region (~1KB) then this config can be disabled.
endmenu

View File

@ -349,6 +349,7 @@ esp_err_t esp_partition_read(const esp_partition_t* partition,
return spi_flash_read(partition->address + src_offset, dst, size);
#endif // CONFIG_SPI_FLASH_USE_LEGACY_IMPL
} else {
#if CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
if (partition->flash_chip != esp_flash_default_chip) {
return ESP_ERR_NOT_SUPPORTED;
}
@ -366,6 +367,9 @@ esp_err_t esp_partition_read(const esp_partition_t* partition,
memcpy(dst, buf, size);
spi_flash_munmap(handle);
return ESP_OK;
#else
return ESP_ERR_NOT_SUPPORTED;
#endif // CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
}
}
@ -387,10 +391,14 @@ esp_err_t esp_partition_write(const esp_partition_t* partition,
return spi_flash_write(dst_offset, src, size);
#endif // CONFIG_SPI_FLASH_USE_LEGACY_IMPL
} else {
#if CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
if (partition->flash_chip != esp_flash_default_chip) {
return ESP_ERR_NOT_SUPPORTED;
}
return spi_flash_write_encrypted(dst_offset, src, size);
#else
return ESP_ERR_NOT_SUPPORTED;
#endif // CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
}
}