change(esp_security): Move the crypto locking layer into the security component

components/esp_hw_support/CMakeLists.txt

@@ -8,7 +8,7 @@ if(${target} STREQUAL "linux")
     return()
 endif()
 
-set(requires soc)
+set(requires soc esp_security) # TODO: remove esp_security from REQUIRES in ESP-IDF v6.0
 # only esp_hw_support/adc_share_hw_ctrl.c requires efuse component
 set(priv_requires efuse spi_flash bootloader_support)
 
@@ -111,22 +111,10 @@ if(NOT BOOTLOADER_BUILD)
         list(APPEND srcs "port/${target}/systimer.c")
     endif()
 
-    if(CONFIG_SOC_HMAC_SUPPORTED)
-        list(APPEND srcs "esp_hmac.c")
-    endif()
-
     if(CONFIG_SOC_ETM_SUPPORTED)
         list(APPEND srcs "esp_etm.c")
     endif()
 
-    if(CONFIG_SOC_DIG_SIGN_SUPPORTED)
-        list(APPEND srcs "esp_ds.c")
-    endif()
-
-    if(CONFIG_SOC_KEY_MANAGER_SUPPORTED)
-        list(APPEND srcs "esp_key_mgr.c")
-    endif()
-
     if(CONFIG_SOC_PAU_SUPPORTED)
         list(APPEND srcs "port/pau_regdma.c"
                          "port/regdma_link.c")

components/esp_hw_support/include/soc/esp32/esp_crypto_lock.h

@@ -1,27 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#pragma once
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * @brief Acquire lock for the mpi cryptography peripheral.
- *
- */
-void esp_crypto_mpi_lock_acquire(void);
-
-/**
- * @brief Release lock for the mpi cryptography peripheral.
- *
- */
-void esp_crypto_mpi_lock_release(void);
-
-#ifdef __cplusplus
-}
-#endif

components/esp_hw_support/include/soc/esp32c2/esp_crypto_lock.h

@@ -1,27 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#pragma once
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * @brief Acquire lock for the ECC cryptography peripheral.
- *
- */
-void esp_crypto_ecc_lock_acquire(void);
-
-/**
- * @brief Release lock for the ECC cryptography peripheral.
- *
- */
-void esp_crypto_ecc_lock_release(void);
-
-#ifdef __cplusplus
-}
-#endif

components/esp_hw_support/include/soc/esp32c3/esp_crypto_lock.h

@@ -1,68 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#pragma once
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * @brief Acquire lock for HMAC cryptography peripheral
- *
- * Internally also locks the SHA peripheral, as the HMAC depends on the SHA peripheral
- */
-void esp_crypto_hmac_lock_acquire(void);
-
-/**
- * @brief Release lock for HMAC cryptography peripheral
- *
- * Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral
- */
-void esp_crypto_hmac_lock_release(void);
-
-/**
- * @brief Acquire lock for DS cryptography peripheral
- *
- * Internally also locks the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
- */
-void esp_crypto_ds_lock_acquire(void);
-
-/**
- * @brief Release lock for DS cryptography peripheral
- *
- * Internally also releases the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
- */
-void esp_crypto_ds_lock_release(void);
-
-/**
- * @brief Acquire lock for the SHA and AES cryptography peripheral.
- *
- */
-void esp_crypto_sha_aes_lock_acquire(void);
-
-/**
- * @brief Release lock for the SHA and AES cryptography peripheral.
- *
- */
-void esp_crypto_sha_aes_lock_release(void);
-
-
-/**
- * @brief Acquire lock for the mpi cryptography peripheral.
- *
- */
-void esp_crypto_mpi_lock_acquire(void);
-
-/**
- * @brief Release lock for the mpi/rsa cryptography peripheral.
- *
- */
-void esp_crypto_mpi_lock_release(void);
-
-#ifdef __cplusplus
-}
-#endif

components/esp_hw_support/include/soc/esp32c5/esp_crypto_lock.h

@@ -1,94 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#pragma once
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * @brief Acquire lock for HMAC cryptography peripheral
- *
- * Internally also locks the SHA peripheral, as the HMAC depends on the SHA peripheral
- */
-void esp_crypto_hmac_lock_acquire(void);
-
-/**
- * @brief Release lock for HMAC cryptography peripheral
- *
- * Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral
- */
-void esp_crypto_hmac_lock_release(void);
-
-/**
- * @brief Acquire lock for DS cryptography peripheral
- *
- * Internally also locks the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
- */
-void esp_crypto_ds_lock_acquire(void);
-
-/**
- * @brief Release lock for DS cryptography peripheral
- *
- * Internally also releases the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
- */
-void esp_crypto_ds_lock_release(void);
-
-/**
- * @brief Acquire lock for the SHA and AES cryptography peripheral.
- *
- */
-void esp_crypto_sha_aes_lock_acquire(void);
-
-/**
- * @brief Release lock for the SHA and AES cryptography peripheral.
- *
- */
-void esp_crypto_sha_aes_lock_release(void);
-
-
-/**
- * @brief Acquire lock for the mpi cryptography peripheral.
- *
- */
-void esp_crypto_mpi_lock_acquire(void);
-
-/**
- * @brief Release lock for the mpi/rsa cryptography peripheral.
- *
- */
-void esp_crypto_mpi_lock_release(void);
-
-/**
- * @brief Acquire lock for the ECC cryptography peripheral.
- *
- */
-void esp_crypto_ecc_lock_acquire(void);
-
-/**
- * @brief Release lock for the ECC cryptography peripheral.
- *
- */
-void esp_crypto_ecc_lock_release(void);
-
-/**
- * @brief Acquire lock for ECDSA cryptography peripheral
- *
- * Internally also locks the ECC and MPI peripheral, as the ECDSA depends on these peripherals
- */
-void esp_crypto_ecdsa_lock_acquire(void);
-
-/**
- * @brief Release lock for ECDSA cryptography peripheral
- *
- * Internally also releases the ECC and MPI peripheral, as the ECDSA depends on these peripherals
- */
-void esp_crypto_ecdsa_lock_release(void);
-
-#ifdef __cplusplus
-}
-#endif

components/esp_hw_support/include/soc/esp32c6/esp_crypto_lock.h

@@ -1,80 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#pragma once
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * @brief Acquire lock for HMAC cryptography peripheral
- *
- * Internally also locks the SHA peripheral, as the HMAC depends on the SHA peripheral
- */
-void esp_crypto_hmac_lock_acquire(void);
-
-/**
- * @brief Release lock for HMAC cryptography peripheral
- *
- * Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral
- */
-void esp_crypto_hmac_lock_release(void);
-
-/**
- * @brief Acquire lock for DS cryptography peripheral
- *
- * Internally also locks the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
- */
-void esp_crypto_ds_lock_acquire(void);
-
-/**
- * @brief Release lock for DS cryptography peripheral
- *
- * Internally also releases the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
- */
-void esp_crypto_ds_lock_release(void);
-
-/**
- * @brief Acquire lock for the SHA and AES cryptography peripheral.
- *
- */
-void esp_crypto_sha_aes_lock_acquire(void);
-
-/**
- * @brief Release lock for the SHA and AES cryptography peripheral.
- *
- */
-void esp_crypto_sha_aes_lock_release(void);
-
-
-/**
- * @brief Acquire lock for the mpi cryptography peripheral.
- *
- */
-void esp_crypto_mpi_lock_acquire(void);
-
-/**
- * @brief Release lock for the mpi/rsa cryptography peripheral.
- *
- */
-void esp_crypto_mpi_lock_release(void);
-
-/**
- * @brief Acquire lock for the ECC cryptography peripheral.
- *
- */
-void esp_crypto_ecc_lock_acquire(void);
-
-/**
- * @brief Release lock for the ECC cryptography peripheral.
- *
- */
-void esp_crypto_ecc_lock_release(void);
-
-#ifdef __cplusplus
-}
-#endif

components/esp_hw_support/include/soc/esp32h2/esp_crypto_lock.h

@@ -1,96 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#pragma once
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * @brief Acquire lock for HMAC cryptography peripheral
- *
- * Internally also locks the SHA peripheral, as the HMAC depends on the SHA peripheral
- */
-void esp_crypto_hmac_lock_acquire(void);
-
-/**
- * @brief Release lock for HMAC cryptography peripheral
- *
- * Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral
- */
-void esp_crypto_hmac_lock_release(void);
-
-/**
- * @brief Acquire lock for DS cryptography peripheral
- *
- * Internally also locks the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
- */
-void esp_crypto_ds_lock_acquire(void);
-
-/**
- * @brief Release lock for DS cryptography peripheral
- *
- * Internally also releases the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
- */
-void esp_crypto_ds_lock_release(void);
-
-/**
- * @brief Acquire lock for the SHA and AES cryptography peripheral.
- *
- */
-void esp_crypto_sha_aes_lock_acquire(void);
-
-/**
- * @brief Release lock for the SHA and AES cryptography peripheral.
- *
- */
-void esp_crypto_sha_aes_lock_release(void);
-
-
-/**
- * @brief Acquire lock for the mpi cryptography peripheral.
- *
- */
-void esp_crypto_mpi_lock_acquire(void);
-
-/**
- * @brief Release lock for the mpi/rsa cryptography peripheral.
- *
- */
-void esp_crypto_mpi_lock_release(void);
-
-
-/**
- * @brief Acquire lock for the ECC cryptography peripheral.
- *
- */
-void esp_crypto_ecc_lock_acquire(void);
-
-/**
- * @brief Release lock for the ECC cryptography peripheral.
- *
- */
-void esp_crypto_ecc_lock_release(void);
-
-
-/**
- * @brief Acquire lock for ECDSA cryptography peripheral
- *
- * Internally also locks the ECC and MPI peripheral, as the ECDSA depends on these peripherals
- */
-void esp_crypto_ecdsa_lock_acquire(void);
-
-/**
- * @brief Release lock for ECDSA cryptography peripheral
- *
- * Internally also releases the ECC and MPI peripheral, as the ECDSA depends on these peripherals
- */
-void esp_crypto_ecdsa_lock_release(void);
-
-#ifdef __cplusplus
-}
-#endif

components/esp_hw_support/include/soc/esp32s2/esp_crypto_lock.h

@@ -1,43 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#pragma once
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * This API should be used by all components which use the SHA, AES, HMAC and DS crypto hardware on the ESP32S2.
- * They can not be used in parallel because they use the same DMA or are calling each other.
- * E.g., HMAC uses SHA or DS uses HMAC and AES. See the ESP32S2 Technical Reference Manual for more details.
- *
- * Other unrelated components must not use it.
- */
-
-/**
- * Acquire lock for the AES and SHA cryptography peripherals, which both use the crypto DMA.
- */
-void esp_crypto_dma_lock_acquire(void);
-
-/**
- * Release lock for the AES and SHA cryptography peripherals, which both use the crypto DMA.
- */
-void esp_crypto_dma_lock_release(void);
-
-/**
- * Acquire lock for the MPI/RSA cryptography peripheral
- */
-void esp_crypto_mpi_lock_acquire(void);
-
-/**
- * Release lock for the MPI/RSA cryptography peripheral
- */
-void esp_crypto_mpi_lock_release(void);
-
-#ifdef __cplusplus
-}
-#endif

components/esp_hw_support/include/soc/esp32s3/esp_crypto_lock.h

@@ -1,73 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#pragma once
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * This API should be used by all components which use the SHA, AES, HMAC and DS crypto hardware on the ESP32S3.
- * Not all of them can be used in parallel because they use the same underlying module.
- * E.g., HMAC uses SHA or DS uses HMAC and AES. See the ESP32S3 Technical Reference Manual for more details.
- *
- * Other unrelated components must not use it.
- */
-
-/**
- * @brief Acquire lock for Digital Signature(DS) cryptography peripheral
- *
- * Internally also takes the HMAC lock, as the DS depends on the HMAC peripheral
- */
-void esp_crypto_ds_lock_acquire(void);
-
-/**
- * @brief Release lock for Digital Signature(DS) cryptography peripheral
- *
- * Internally also releases the HMAC lock, as the DS depends on the HMAC peripheral
- */
-void esp_crypto_ds_lock_release(void);
-
-/**
- * @brief Acquire lock for HMAC cryptography peripheral
- *
- * Internally also takes the SHA & AES lock, as the HMAC depends on the SHA peripheral
- */
-void esp_crypto_hmac_lock_acquire(void);
-
-/**
- * @brief Release lock for HMAC cryptography peripheral
- *
- * Internally also releases the SHA & AES lock, as the HMAC depends on the SHA peripheral
- */
-void esp_crypto_hmac_lock_release(void);
-
-/**
- * @brief Acquire lock for the SHA and AES cryptography peripheral.
- *
- */
-void esp_crypto_sha_aes_lock_acquire(void);
-
-/**
- * @brief Release lock for the SHA and AES cryptography peripheral.
- *
- */
-void esp_crypto_sha_aes_lock_release(void);
-
-/**
- * Acquire lock for the MPI/RSA cryptography peripheral
- */
-void esp_crypto_mpi_lock_acquire(void);
-
-/**
- * Release lock for the MPI/RSA cryptography peripheral
- */
-void esp_crypto_mpi_lock_release(void);
-
-#ifdef __cplusplus
-}
-#endif

components/esp_hw_support/port/esp32/CMakeLists.txt

@@ -10,7 +10,6 @@ set(srcs
 
 if(NOT BOOTLOADER_BUILD)
     list(APPEND srcs "cache_sram_mmu.c"
-                     "esp_crypto_lock.c"
                      "sar_periph_ctrl.c")
 endif()
 

components/esp_hw_support/port/esp32c2/CMakeLists.txt

@@ -7,8 +7,7 @@ set(srcs "rtc_clk_init.c"
 
 if(NOT BOOTLOADER_BUILD)
 
-    list(APPEND srcs "esp_crypto_lock.c"
-                     "sar_periph_ctrl.c")
+    list(APPEND srcs "sar_periph_ctrl.c")
 
 endif()
 

components/esp_hw_support/port/esp32c3/CMakeLists.txt

@@ -7,8 +7,7 @@ set(srcs "rtc_clk_init.c"
          )
 
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "esp_crypto_lock.c"
-                     "sar_periph_ctrl.c")
+    list(APPEND srcs "sar_periph_ctrl.c")
 
     # init constructor for wifi
     list(APPEND srcs "adc2_init_cal.c")

components/esp_hw_support/port/esp32c5/CMakeLists.txt

@@ -7,8 +7,7 @@ set(srcs "rtc_clk_init.c"
 )
 
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "sar_periph_ctrl.c"
-                     "esp_crypto_lock.c")
+    list(APPEND srcs "sar_periph_ctrl.c")
 endif()
 
 add_prefix(srcs "${CMAKE_CURRENT_LIST_DIR}/" "${srcs}")

components/esp_hw_support/port/esp32c6/CMakeLists.txt

@@ -9,8 +9,7 @@ set(srcs "rtc_clk_init.c"
          )
 
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "sar_periph_ctrl.c"
-                     "esp_crypto_lock.c")
+    list(APPEND srcs "sar_periph_ctrl.c")
 
 endif()
 

components/esp_hw_support/port/esp32c61/CMakeLists.txt

@@ -9,8 +9,7 @@ set(srcs "rtc_clk_init.c"
          )
 
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "sar_periph_ctrl.c"
-                     "esp_crypto_lock.c")
+    list(APPEND srcs "sar_periph_ctrl.c")
 
     if(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE)
         list(APPEND srcs "esp_memprot.c" "../esp_memprot_conv.c")

components/esp_hw_support/port/esp32h2/CMakeLists.txt

@@ -8,8 +8,7 @@ set(srcs "rtc_clk_init.c"
          )
 
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "sar_periph_ctrl.c"
-                     "esp_crypto_lock.c")
+    list(APPEND srcs "sar_periph_ctrl.c")
 endif()
 
 add_prefix(srcs "${CMAKE_CURRENT_LIST_DIR}/" "${srcs}")

components/esp_hw_support/port/esp32p4/CMakeLists.txt

@@ -10,8 +10,7 @@ set(srcs "rtc_clk_init.c"
          )
 
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "sar_periph_ctrl.c"
-                     "esp_crypto_lock.c")
+    list(APPEND srcs "sar_periph_ctrl.c")
 
     if(NOT CONFIG_APP_BUILD_TYPE_PURE_RAM_APP)
         list(APPEND srcs "mspi_timing_config.c")

components/esp_hw_support/port/esp32s2/CMakeLists.txt

@@ -10,7 +10,6 @@ set(srcs
 
 if(NOT BOOTLOADER_BUILD)
     list(APPEND srcs "memprot.c"
-                     "esp_crypto_lock.c"
                      "sar_periph_ctrl.c")
 
     # init constructor for wifi

components/esp_hw_support/port/esp32s3/CMakeLists.txt

@@ -10,8 +10,7 @@ set(srcs
     )
 
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "esp_crypto_lock.c"
-                     "sar_periph_ctrl.c")
+    list(APPEND srcs "sar_periph_ctrl.c")
 
     if(NOT CONFIG_APP_BUILD_TYPE_PURE_RAM_APP)
         list(APPEND srcs "mspi_timing_config.c")

components/esp_security/CMakeLists.txt

@@ -1,5 +1,5 @@
 set(srcs "")
-set(priv_requires "")
+set(priv_requires "soc")
 
 if(NOT BOOTLOADER_BUILD)
     if(CONFIG_IDF_TARGET_ESP32H2 OR CONFIG_IDF_TARGET_ESP32P4 OR CONFIG_IDF_TARGET_ESP32C5)
@@ -10,7 +10,7 @@ if(NOT BOOTLOADER_BUILD)
         list(APPEND srcs "src/crypto/esp_dpa_protection.c")
     endif()
 
-    list(APPEND priv_requires "soc")
+    list(APPEND srcs "src/crypto/${IDF_TARGET}/esp_crypto_lock.c")
 endif()
 
 idf_component_register(SRCS ${srcs}

components/esp_security/include/esp_crypto_lock.h

@@ -6,10 +6,13 @@
 
 #pragma once
 
+#include "soc/soc_caps.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
+#ifdef SOC_HMAC_SUPPORTED
 /**
  * @brief Acquire lock for HMAC cryptography peripheral
  *
@@ -23,7 +26,9 @@ void esp_crypto_hmac_lock_acquire(void);
  * Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral
  */
 void esp_crypto_hmac_lock_release(void);
+#endif /* SOC_HMAC_SUPPORTED */
 
+#ifdef SOC_DIG_SIGN_SUPPORTED
 /**
  * @brief Acquire lock for DS cryptography peripheral
  *
@@ -37,7 +42,9 @@ void esp_crypto_ds_lock_acquire(void);
  * Internally also releases the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
  */
 void esp_crypto_ds_lock_release(void);
+#endif /* SOC_DIG_SIGN_SUPPORTED */
 
+#if defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED)
 /**
  * @brief Acquire lock for the SHA and AES cryptography peripheral.
  *
@@ -49,8 +56,29 @@ void esp_crypto_sha_aes_lock_acquire(void);
  *
  */
 void esp_crypto_sha_aes_lock_release(void);
+#endif /* defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED) */
 
+#if defined(SOC_SHA_CRYPTO_DMA) && defined(SOC_AES_CRYPTO_DMA)
+/**
+ * This API should be used by all components which use the SHA, AES, HMAC and DS crypto hardware on the ESP32S2.
+ * They can not be used in parallel because they use the same DMA or are calling each other.
+ * E.g., HMAC uses SHA or DS uses HMAC and AES. See the ESP32S2 Technical Reference Manual for more details.
+ *
+ * Other unrelated components must not use it.
+ */
 
+/**
+ * Acquire lock for the AES and SHA cryptography peripherals, which both use the crypto DMA.
+ */
+void esp_crypto_dma_lock_acquire(void);
+
+/**
+ * Release lock for the AES and SHA cryptography peripherals, which both use the crypto DMA.
+ */
+void esp_crypto_dma_lock_release(void);
+#endif /* defined(SOC_SHA_CRYPTO_DMA) && defined(SOC_AES_CRYPTO_DMA) */
+
+#ifdef SOC_MPI_SUPPORTED
 /**
  * @brief Acquire lock for the mpi cryptography peripheral.
  *
@@ -62,8 +90,9 @@ void esp_crypto_mpi_lock_acquire(void);
  *
  */
 void esp_crypto_mpi_lock_release(void);
+#endif /* SOC_MPI_SUPPORTED */
 
-
+#ifdef SOC_ECC_SUPPORTED
 /**
  * @brief Acquire lock for the ECC cryptography peripheral.
  *
@@ -75,8 +104,9 @@ void esp_crypto_ecc_lock_acquire(void);
  *
  */
 void esp_crypto_ecc_lock_release(void);
+#endif /* SOC_ECC_SUPPORTED */
 
-
+#ifdef SOC_ECDSA_SUPPORTED
 /**
  * @brief Acquire lock for ECDSA cryptography peripheral
  *
@@ -90,7 +120,9 @@ void esp_crypto_ecdsa_lock_acquire(void);
  * Internally also releases the ECC and MPI peripheral, as the ECDSA depends on these peripherals
  */
 void esp_crypto_ecdsa_lock_release(void);
+#endif /* SOC_ECDSA_SUPPORTED */
 
+#ifdef SOC_KEY_MANAGER_SUPPORTED
 /**
  * @brief Acquire lock for Key Manager peripheral
  *
@@ -102,6 +134,7 @@ void esp_crypto_key_manager_lock_acquire(void);
  *
  */
 void esp_crypto_key_manager_lock_release(void);
+#endif /* SOC_KEY_MANAGER_SUPPORTED */
 
 #ifdef __cplusplus
 }

components/mbedtls/CMakeLists.txt

@@ -153,6 +153,10 @@ endif()
 # Add port files to mbedtls targets
 target_sources(mbedtls PRIVATE ${mbedtls_target_sources})
 
+if(NOT ${IDF_TARGET} STREQUAL "linux")
+    target_link_libraries(mbedcrypto PRIVATE idf::esp_security)
+endif()
+
 # Choose peripheral type
 
 if(CONFIG_SOC_SHA_SUPPORTED)

components/spi_flash/CMakeLists.txt

@@ -52,6 +52,9 @@ else()
     set(priv_requires bootloader_support app_update soc esp_mm
                       esp_driver_gpio
     )
+    if(${target} STREQUAL "esp32s2")
+        list(APPEND priv_requires esp_security)
+    endif()
 endif()
 
 idf_component_register(SRCS "${srcs}"