From e032384c7f6993c327d7ec20a9a607c0fec356f0 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Fri, 22 Jan 2021 15:44:27 +0530 Subject: [PATCH] spi_flash: add config option to enable encrypted partition read/write This feature can be disabled to save some IRAM (approx 1KB) for cases where flash encryption feature is not required. --- components/bootloader/Kconfig.projbuild | 1 + components/spi_flash/Kconfig | 9 +++++++++ components/spi_flash/partition.c | 8 ++++++++ 3 files changed, 18 insertions(+) diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild index cf513b1998..690c7881ef 100644 --- a/components/bootloader/Kconfig.projbuild +++ b/components/bootloader/Kconfig.projbuild @@ -539,6 +539,7 @@ menu "Security features" config SECURE_FLASH_ENC_ENABLED bool "Enable flash encryption on boot (READ DOCS FIRST)" default N + select SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE help If this option is set, flash contents will be encrypted by the bootloader on first boot. diff --git a/components/spi_flash/Kconfig b/components/spi_flash/Kconfig index e884726c5b..d69ce3e990 100644 --- a/components/spi_flash/Kconfig +++ b/components/spi_flash/Kconfig @@ -139,4 +139,13 @@ menu "SPI Flash driver" endmenu #auto detect flash chips + config SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE + bool "Enable encrypted partition read/write operations" + default y + help + This option enables flash read/write operations to encrypted partition/s. This option + is kept enabled irrespective of state of flash encryption feature. However, in case + application is not using flash encryption feature and is in need of some additional + memory from IRAM region (~1KB) then this config can be disabled. + endmenu diff --git a/components/spi_flash/partition.c b/components/spi_flash/partition.c index 718e326aa0..21dce006ea 100644 --- a/components/spi_flash/partition.c +++ b/components/spi_flash/partition.c @@ -349,6 +349,7 @@ esp_err_t esp_partition_read(const esp_partition_t* partition, return spi_flash_read(partition->address + src_offset, dst, size); #endif // CONFIG_SPI_FLASH_USE_LEGACY_IMPL } else { +#if CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE if (partition->flash_chip != esp_flash_default_chip) { return ESP_ERR_NOT_SUPPORTED; } @@ -366,6 +367,9 @@ esp_err_t esp_partition_read(const esp_partition_t* partition, memcpy(dst, buf, size); spi_flash_munmap(handle); return ESP_OK; +#else + return ESP_ERR_NOT_SUPPORTED; +#endif // CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE } } @@ -387,10 +391,14 @@ esp_err_t esp_partition_write(const esp_partition_t* partition, return spi_flash_write(dst_offset, src, size); #endif // CONFIG_SPI_FLASH_USE_LEGACY_IMPL } else { +#if CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE if (partition->flash_chip != esp_flash_default_chip) { return ESP_ERR_NOT_SUPPORTED; } return spi_flash_write_encrypted(dst_offset, src, size); +#else + return ESP_ERR_NOT_SUPPORTED; +#endif // CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE } }