change(esp_security): Move the crypto locking layer into the security component

2025-03-10 01:29:21 -04:00 · 2024-07-10 11:29:21 +05:30 · 2024-07-10 11:29:21 +05:30 · 488b2a741d
commit 488b2a741d
parent c125d21c71
32 changed files with 53 additions and 543 deletions
--- a/components/esp_hw_support/CMakeLists.txt
+++ b/components/esp_hw_support/CMakeLists.txt
@ -8,7 +8,7 @@ if(${target} STREQUAL "linux")
    return()
 endif()
-set(requires soc)
+set(requires soc esp_security) # TODO: remove esp_security from REQUIRES in ESP-IDF v6.0
 # only esp_hw_support/adc_share_hw_ctrl.c requires efuse component
 set(priv_requires efuse spi_flash bootloader_support)
@ -111,22 +111,10 @@ if(NOT BOOTLOADER_BUILD)
        list(APPEND srcs "port/${target}/systimer.c")
    endif()
    if(CONFIG_SOC_HMAC_SUPPORTED)
        list(APPEND srcs "esp_hmac.c")
    endif()
    if(CONFIG_SOC_ETM_SUPPORTED)
        list(APPEND srcs "esp_etm.c")
    endif()
    if(CONFIG_SOC_DIG_SIGN_SUPPORTED)
        list(APPEND srcs "esp_ds.c")
    endif()
    if(CONFIG_SOC_KEY_MANAGER_SUPPORTED)
        list(APPEND srcs "esp_key_mgr.c")
    endif()
    if(CONFIG_SOC_PAU_SUPPORTED)
        list(APPEND srcs "port/pau_regdma.c"
                         "port/regdma_link.c")
--- a/components/esp_hw_support/include/soc/esp32/esp_crypto_lock.h
+++ b/components/esp_hw_support/include/soc/esp32/esp_crypto_lock.h
@ -1,27 +0,0 @@
 /*
 * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
 #pragma once
 #ifdef __cplusplus
 extern "C" {
 #endif
 /**
 * @brief Acquire lock for the mpi cryptography peripheral.
 *
 */
 void esp_crypto_mpi_lock_acquire(void);
 /**
 * @brief Release lock for the mpi cryptography peripheral.
 *
 */
 void esp_crypto_mpi_lock_release(void);
 #ifdef __cplusplus
 }
 #endif
--- a/components/esp_hw_support/include/soc/esp32c2/esp_crypto_lock.h
+++ b/components/esp_hw_support/include/soc/esp32c2/esp_crypto_lock.h
@ -1,27 +0,0 @@
 /*
 * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
 #pragma once
 #ifdef __cplusplus
 extern "C" {
 #endif
 /**
 * @brief Acquire lock for the ECC cryptography peripheral.
 *
 */
 void esp_crypto_ecc_lock_acquire(void);
 /**
 * @brief Release lock for the ECC cryptography peripheral.
 *
 */
 void esp_crypto_ecc_lock_release(void);
 #ifdef __cplusplus
 }
 #endif
--- a/components/esp_hw_support/include/soc/esp32c3/esp_crypto_lock.h
+++ b/components/esp_hw_support/include/soc/esp32c3/esp_crypto_lock.h
@ -1,68 +0,0 @@
 /*
 * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
 #pragma once
 #ifdef __cplusplus
 extern "C" {
 #endif
 /**
 * @brief Acquire lock for HMAC cryptography peripheral
 *
 * Internally also locks the SHA peripheral, as the HMAC depends on the SHA peripheral
 */
 void esp_crypto_hmac_lock_acquire(void);
 /**
 * @brief Release lock for HMAC cryptography peripheral
 *
 * Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral
 */
 void esp_crypto_hmac_lock_release(void);
 /**
 * @brief Acquire lock for DS cryptography peripheral
 *
 * Internally also locks the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
 */
 void esp_crypto_ds_lock_acquire(void);
 /**
 * @brief Release lock for DS cryptography peripheral
 *
 * Internally also releases the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
 */
 void esp_crypto_ds_lock_release(void);
 /**
 * @brief Acquire lock for the SHA and AES cryptography peripheral.
 *
 */
 void esp_crypto_sha_aes_lock_acquire(void);
 /**
 * @brief Release lock for the SHA and AES cryptography peripheral.
 *
 */
 void esp_crypto_sha_aes_lock_release(void);
 /**
 * @brief Acquire lock for the mpi cryptography peripheral.
 *
 */
 void esp_crypto_mpi_lock_acquire(void);
 /**
 * @brief Release lock for the mpi/rsa cryptography peripheral.
 *
 */
 void esp_crypto_mpi_lock_release(void);
 #ifdef __cplusplus
 }
 #endif
--- a/components/esp_hw_support/include/soc/esp32c5/esp_crypto_lock.h
+++ b/components/esp_hw_support/include/soc/esp32c5/esp_crypto_lock.h
@ -1,94 +0,0 @@
 /*
 * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
 #pragma once
 #ifdef __cplusplus
 extern "C" {
 #endif
 /**
 * @brief Acquire lock for HMAC cryptography peripheral
 *
 * Internally also locks the SHA peripheral, as the HMAC depends on the SHA peripheral
 */
 void esp_crypto_hmac_lock_acquire(void);
 /**
 * @brief Release lock for HMAC cryptography peripheral
 *
 * Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral
 */
 void esp_crypto_hmac_lock_release(void);
 /**
 * @brief Acquire lock for DS cryptography peripheral
 *
 * Internally also locks the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
 */
 void esp_crypto_ds_lock_acquire(void);
 /**
 * @brief Release lock for DS cryptography peripheral
 *
 * Internally also releases the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
 */
 void esp_crypto_ds_lock_release(void);
 /**
 * @brief Acquire lock for the SHA and AES cryptography peripheral.
 *
 */
 void esp_crypto_sha_aes_lock_acquire(void);
 /**
 * @brief Release lock for the SHA and AES cryptography peripheral.
 *
 */
 void esp_crypto_sha_aes_lock_release(void);
 /**
 * @brief Acquire lock for the mpi cryptography peripheral.
 *
 */
 void esp_crypto_mpi_lock_acquire(void);
 /**
 * @brief Release lock for the mpi/rsa cryptography peripheral.
 *
 */
 void esp_crypto_mpi_lock_release(void);
 /**
 * @brief Acquire lock for the ECC cryptography peripheral.
 *
 */
 void esp_crypto_ecc_lock_acquire(void);
 /**
 * @brief Release lock for the ECC cryptography peripheral.
 *
 */
 void esp_crypto_ecc_lock_release(void);
 /**
 * @brief Acquire lock for ECDSA cryptography peripheral
 *
 * Internally also locks the ECC and MPI peripheral, as the ECDSA depends on these peripherals
 */
 void esp_crypto_ecdsa_lock_acquire(void);
 /**
 * @brief Release lock for ECDSA cryptography peripheral
 *
 * Internally also releases the ECC and MPI peripheral, as the ECDSA depends on these peripherals
 */
 void esp_crypto_ecdsa_lock_release(void);
 #ifdef __cplusplus
 }
 #endif
--- a/components/esp_hw_support/include/soc/esp32c6/esp_crypto_lock.h
+++ b/components/esp_hw_support/include/soc/esp32c6/esp_crypto_lock.h
@ -1,80 +0,0 @@
 /*
 * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
 #pragma once
 #ifdef __cplusplus
 extern "C" {
 #endif
 /**
 * @brief Acquire lock for HMAC cryptography peripheral
 *
 * Internally also locks the SHA peripheral, as the HMAC depends on the SHA peripheral
 */
 void esp_crypto_hmac_lock_acquire(void);
 /**
 * @brief Release lock for HMAC cryptography peripheral
 *
 * Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral
 */
 void esp_crypto_hmac_lock_release(void);
 /**
 * @brief Acquire lock for DS cryptography peripheral
 *
 * Internally also locks the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
 */
 void esp_crypto_ds_lock_acquire(void);
 /**
 * @brief Release lock for DS cryptography peripheral
 *
 * Internally also releases the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
 */
 void esp_crypto_ds_lock_release(void);
 /**
 * @brief Acquire lock for the SHA and AES cryptography peripheral.
 *
 */
 void esp_crypto_sha_aes_lock_acquire(void);
 /**
 * @brief Release lock for the SHA and AES cryptography peripheral.
 *
 */
 void esp_crypto_sha_aes_lock_release(void);
 /**
 * @brief Acquire lock for the mpi cryptography peripheral.
 *
 */
 void esp_crypto_mpi_lock_acquire(void);
 /**
 * @brief Release lock for the mpi/rsa cryptography peripheral.
 *
 */
 void esp_crypto_mpi_lock_release(void);
 /**
 * @brief Acquire lock for the ECC cryptography peripheral.
 *
 */
 void esp_crypto_ecc_lock_acquire(void);
 /**
 * @brief Release lock for the ECC cryptography peripheral.
 *
 */
 void esp_crypto_ecc_lock_release(void);
 #ifdef __cplusplus
 }
 #endif
--- a/components/esp_hw_support/include/soc/esp32h2/esp_crypto_lock.h
+++ b/components/esp_hw_support/include/soc/esp32h2/esp_crypto_lock.h
@ -1,96 +0,0 @@
 /*
 * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
 #pragma once
 #ifdef __cplusplus
 extern "C" {
 #endif
 /**
 * @brief Acquire lock for HMAC cryptography peripheral
 *
 * Internally also locks the SHA peripheral, as the HMAC depends on the SHA peripheral
 */
 void esp_crypto_hmac_lock_acquire(void);
 /**
 * @brief Release lock for HMAC cryptography peripheral
 *
 * Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral
 */
 void esp_crypto_hmac_lock_release(void);
 /**
 * @brief Acquire lock for DS cryptography peripheral
 *
 * Internally also locks the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
 */
 void esp_crypto_ds_lock_acquire(void);
 /**
 * @brief Release lock for DS cryptography peripheral
 *
 * Internally also releases the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
 */
 void esp_crypto_ds_lock_release(void);
 /**
 * @brief Acquire lock for the SHA and AES cryptography peripheral.
 *
 */
 void esp_crypto_sha_aes_lock_acquire(void);
 /**
 * @brief Release lock for the SHA and AES cryptography peripheral.
 *
 */
 void esp_crypto_sha_aes_lock_release(void);
 /**
 * @brief Acquire lock for the mpi cryptography peripheral.
 *
 */
 void esp_crypto_mpi_lock_acquire(void);
 /**
 * @brief Release lock for the mpi/rsa cryptography peripheral.
 *
 */
 void esp_crypto_mpi_lock_release(void);
 /**
 * @brief Acquire lock for the ECC cryptography peripheral.
 *
 */
 void esp_crypto_ecc_lock_acquire(void);
 /**
 * @brief Release lock for the ECC cryptography peripheral.
 *
 */
 void esp_crypto_ecc_lock_release(void);
 /**
 * @brief Acquire lock for ECDSA cryptography peripheral
 *
 * Internally also locks the ECC and MPI peripheral, as the ECDSA depends on these peripherals
 */
 void esp_crypto_ecdsa_lock_acquire(void);
 /**
 * @brief Release lock for ECDSA cryptography peripheral
 *
 * Internally also releases the ECC and MPI peripheral, as the ECDSA depends on these peripherals
 */
 void esp_crypto_ecdsa_lock_release(void);
 #ifdef __cplusplus
 }
 #endif
--- a/components/esp_hw_support/include/soc/esp32s2/esp_crypto_lock.h
+++ b/components/esp_hw_support/include/soc/esp32s2/esp_crypto_lock.h
@ -1,43 +0,0 @@
 /*
 * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
 #pragma once
 #ifdef __cplusplus
 extern "C" {
 #endif
 /**
 * This API should be used by all components which use the SHA, AES, HMAC and DS crypto hardware on the ESP32S2.
 * They can not be used in parallel because they use the same DMA or are calling each other.
 * E.g., HMAC uses SHA or DS uses HMAC and AES. See the ESP32S2 Technical Reference Manual for more details.
 *
 * Other unrelated components must not use it.
 */
 /**
 * Acquire lock for the AES and SHA cryptography peripherals, which both use the crypto DMA.
 */
 void esp_crypto_dma_lock_acquire(void);
 /**
 * Release lock for the AES and SHA cryptography peripherals, which both use the crypto DMA.
 */
 void esp_crypto_dma_lock_release(void);
 /**
 * Acquire lock for the MPI/RSA cryptography peripheral
 */
 void esp_crypto_mpi_lock_acquire(void);
 /**
 * Release lock for the MPI/RSA cryptography peripheral
 */
 void esp_crypto_mpi_lock_release(void);
 #ifdef __cplusplus
 }
 #endif
--- a/components/esp_hw_support/include/soc/esp32s3/esp_crypto_lock.h
+++ b/components/esp_hw_support/include/soc/esp32s3/esp_crypto_lock.h
@ -1,73 +0,0 @@
 /*
 * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
 #pragma once
 #ifdef __cplusplus
 extern "C" {
 #endif
 /**
 * This API should be used by all components which use the SHA, AES, HMAC and DS crypto hardware on the ESP32S3.
 * Not all of them can be used in parallel because they use the same underlying module.
 * E.g., HMAC uses SHA or DS uses HMAC and AES. See the ESP32S3 Technical Reference Manual for more details.
 *
 * Other unrelated components must not use it.
 */
 /**
 * @brief Acquire lock for Digital Signature(DS) cryptography peripheral
 *
 * Internally also takes the HMAC lock, as the DS depends on the HMAC peripheral
 */
 void esp_crypto_ds_lock_acquire(void);
 /**
 * @brief Release lock for Digital Signature(DS) cryptography peripheral
 *
 * Internally also releases the HMAC lock, as the DS depends on the HMAC peripheral
 */
 void esp_crypto_ds_lock_release(void);
 /**
 * @brief Acquire lock for HMAC cryptography peripheral
 *
 * Internally also takes the SHA & AES lock, as the HMAC depends on the SHA peripheral
 */
 void esp_crypto_hmac_lock_acquire(void);
 /**
 * @brief Release lock for HMAC cryptography peripheral
 *
 * Internally also releases the SHA & AES lock, as the HMAC depends on the SHA peripheral
 */
 void esp_crypto_hmac_lock_release(void);
 /**
 * @brief Acquire lock for the SHA and AES cryptography peripheral.
 *
 */
 void esp_crypto_sha_aes_lock_acquire(void);
 /**
 * @brief Release lock for the SHA and AES cryptography peripheral.
 *
 */
 void esp_crypto_sha_aes_lock_release(void);
 /**
 * Acquire lock for the MPI/RSA cryptography peripheral
 */
 void esp_crypto_mpi_lock_acquire(void);
 /**
 * Release lock for the MPI/RSA cryptography peripheral
 */
 void esp_crypto_mpi_lock_release(void);
 #ifdef __cplusplus
 }
 #endif
--- a/components/esp_hw_support/port/esp32/CMakeLists.txt
+++ b/components/esp_hw_support/port/esp32/CMakeLists.txt
@ -10,7 +10,6 @@ set(srcs
 if(NOT BOOTLOADER_BUILD)
    list(APPEND srcs "cache_sram_mmu.c"
                     "esp_crypto_lock.c"
                     "sar_periph_ctrl.c")
 endif()
--- a/components/esp_hw_support/port/esp32c2/CMakeLists.txt
+++ b/components/esp_hw_support/port/esp32c2/CMakeLists.txt
@ -7,8 +7,7 @@ set(srcs "rtc_clk_init.c"
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "esp_crypto_lock.c"
+    list(APPEND srcs "sar_periph_ctrl.c")
                     "sar_periph_ctrl.c")
 endif()
--- a/components/esp_hw_support/port/esp32c3/CMakeLists.txt
+++ b/components/esp_hw_support/port/esp32c3/CMakeLists.txt
@ -7,8 +7,7 @@ set(srcs "rtc_clk_init.c"
         )
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "esp_crypto_lock.c"
+    list(APPEND srcs "sar_periph_ctrl.c")
                     "sar_periph_ctrl.c")
    # init constructor for wifi
    list(APPEND srcs "adc2_init_cal.c")
--- a/components/esp_hw_support/port/esp32c5/CMakeLists.txt
+++ b/components/esp_hw_support/port/esp32c5/CMakeLists.txt
@ -7,8 +7,7 @@ set(srcs "rtc_clk_init.c"
 )
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "sar_periph_ctrl.c"
+    list(APPEND srcs "sar_periph_ctrl.c")
                     "esp_crypto_lock.c")
 endif()
 add_prefix(srcs "${CMAKE_CURRENT_LIST_DIR}/" "${srcs}")
--- a/components/esp_hw_support/port/esp32c6/CMakeLists.txt
+++ b/components/esp_hw_support/port/esp32c6/CMakeLists.txt
@ -9,8 +9,7 @@ set(srcs "rtc_clk_init.c"
         )
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "sar_periph_ctrl.c"
+    list(APPEND srcs "sar_periph_ctrl.c")
                     "esp_crypto_lock.c")
 endif()
--- a/components/esp_hw_support/port/esp32c61/CMakeLists.txt
+++ b/components/esp_hw_support/port/esp32c61/CMakeLists.txt
@ -9,8 +9,7 @@ set(srcs "rtc_clk_init.c"
         )
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "sar_periph_ctrl.c"
+    list(APPEND srcs "sar_periph_ctrl.c")
                     "esp_crypto_lock.c")
    if(CONFIG_ESP_SYSTEM_MEMPROT_FEATURE)
        list(APPEND srcs "esp_memprot.c" "../esp_memprot_conv.c")
--- a/components/esp_hw_support/port/esp32h2/CMakeLists.txt
+++ b/components/esp_hw_support/port/esp32h2/CMakeLists.txt
@ -8,8 +8,7 @@ set(srcs "rtc_clk_init.c"
         )
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "sar_periph_ctrl.c"
+    list(APPEND srcs "sar_periph_ctrl.c")
                     "esp_crypto_lock.c")
 endif()
 add_prefix(srcs "${CMAKE_CURRENT_LIST_DIR}/" "${srcs}")
--- a/components/esp_hw_support/port/esp32p4/CMakeLists.txt
+++ b/components/esp_hw_support/port/esp32p4/CMakeLists.txt
@ -10,8 +10,7 @@ set(srcs "rtc_clk_init.c"
         )
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "sar_periph_ctrl.c"
+    list(APPEND srcs "sar_periph_ctrl.c")
                     "esp_crypto_lock.c")
    if(NOT CONFIG_APP_BUILD_TYPE_PURE_RAM_APP)
        list(APPEND srcs "mspi_timing_config.c")
--- a/components/esp_hw_support/port/esp32s2/CMakeLists.txt
+++ b/components/esp_hw_support/port/esp32s2/CMakeLists.txt
@ -10,7 +10,6 @@ set(srcs
 if(NOT BOOTLOADER_BUILD)
    list(APPEND srcs "memprot.c"
                     "esp_crypto_lock.c"
                     "sar_periph_ctrl.c")
    # init constructor for wifi
--- a/components/esp_hw_support/port/esp32s3/CMakeLists.txt
+++ b/components/esp_hw_support/port/esp32s3/CMakeLists.txt
@ -10,8 +10,7 @@ set(srcs
    )
 if(NOT BOOTLOADER_BUILD)
-    list(APPEND srcs "esp_crypto_lock.c"
+    list(APPEND srcs "sar_periph_ctrl.c")
                     "sar_periph_ctrl.c")
    if(NOT CONFIG_APP_BUILD_TYPE_PURE_RAM_APP)
        list(APPEND srcs "mspi_timing_config.c")
--- a/components/esp_security/CMakeLists.txt
+++ b/components/esp_security/CMakeLists.txt
@ -1,5 +1,5 @@
 set(srcs "")
-set(priv_requires "")
+set(priv_requires "soc")
 if(NOT BOOTLOADER_BUILD)
    if(CONFIG_IDF_TARGET_ESP32H2 OR CONFIG_IDF_TARGET_ESP32P4 OR CONFIG_IDF_TARGET_ESP32C5)
@ -10,7 +10,7 @@ if(NOT BOOTLOADER_BUILD)
        list(APPEND srcs "src/crypto/esp_dpa_protection.c")
    endif()
-    list(APPEND priv_requires "soc")
+    list(APPEND srcs "src/crypto/${IDF_TARGET}/esp_crypto_lock.c")
 endif()
 idf_component_register(SRCS ${srcs}
--- a/components/esp_hw_support/include/soc/esp32p4/esp_crypto_lock.h
+++ b/components/esp_hw_support/include/soc/esp32p4/esp_crypto_lock.h
@ -6,10 +6,13 @@
 #pragma once
 #include "soc/soc_caps.h"
 #ifdef __cplusplus
 extern "C" {
 #endif
 #ifdef SOC_HMAC_SUPPORTED
 /**
 * @brief Acquire lock for HMAC cryptography peripheral
 *
@ -23,7 +26,9 @@ void esp_crypto_hmac_lock_acquire(void);
 * Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral
 */
 void esp_crypto_hmac_lock_release(void);
 #endif /* SOC_HMAC_SUPPORTED */
 #ifdef SOC_DIG_SIGN_SUPPORTED
 /**
 * @brief Acquire lock for DS cryptography peripheral
 *
@ -37,7 +42,9 @@ void esp_crypto_ds_lock_acquire(void);
 * Internally also releases the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
 */
 void esp_crypto_ds_lock_release(void);
 #endif /* SOC_DIG_SIGN_SUPPORTED */
 #if defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED)
 /**
 * @brief Acquire lock for the SHA and AES cryptography peripheral.
 *
@ -49,8 +56,29 @@ void esp_crypto_sha_aes_lock_acquire(void);
 *
 */
 void esp_crypto_sha_aes_lock_release(void);
 #endif /* defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED) */
 #if defined(SOC_SHA_CRYPTO_DMA) && defined(SOC_AES_CRYPTO_DMA)
 /**
 * This API should be used by all components which use the SHA, AES, HMAC and DS crypto hardware on the ESP32S2.
 * They can not be used in parallel because they use the same DMA or are calling each other.
 * E.g., HMAC uses SHA or DS uses HMAC and AES. See the ESP32S2 Technical Reference Manual for more details.
 *
 * Other unrelated components must not use it.
 */
 /**
 * Acquire lock for the AES and SHA cryptography peripherals, which both use the crypto DMA.
 */
 void esp_crypto_dma_lock_acquire(void);
 /**
 * Release lock for the AES and SHA cryptography peripherals, which both use the crypto DMA.
 */
 void esp_crypto_dma_lock_release(void);
 #endif /* defined(SOC_SHA_CRYPTO_DMA) && defined(SOC_AES_CRYPTO_DMA) */
 #ifdef SOC_MPI_SUPPORTED
 /**
 * @brief Acquire lock for the mpi cryptography peripheral.
 *
@ -62,8 +90,9 @@ void esp_crypto_mpi_lock_acquire(void);
 *
 */
 void esp_crypto_mpi_lock_release(void);
 #endif /* SOC_MPI_SUPPORTED */
-
+#ifdef SOC_ECC_SUPPORTED
 /**
 * @brief Acquire lock for the ECC cryptography peripheral.
 *
@ -75,8 +104,9 @@ void esp_crypto_ecc_lock_acquire(void);
 *
 */
 void esp_crypto_ecc_lock_release(void);
 #endif /* SOC_ECC_SUPPORTED */
-
+#ifdef SOC_ECDSA_SUPPORTED
 /**
 * @brief Acquire lock for ECDSA cryptography peripheral
 *
@ -90,7 +120,9 @@ void esp_crypto_ecdsa_lock_acquire(void);
 * Internally also releases the ECC and MPI peripheral, as the ECDSA depends on these peripherals
 */
 void esp_crypto_ecdsa_lock_release(void);
 #endif /* SOC_ECDSA_SUPPORTED */
 #ifdef SOC_KEY_MANAGER_SUPPORTED
 /**
 * @brief Acquire lock for Key Manager peripheral
 *
@ -102,6 +134,7 @@ void esp_crypto_key_manager_lock_acquire(void);
 *
 */
 void esp_crypto_key_manager_lock_release(void);
 #endif /* SOC_KEY_MANAGER_SUPPORTED */
 #ifdef __cplusplus
 }
--- a/components/esp_security/src/crypto/esp32/esp_crypto_lock.c
+++ b/components/esp_security/src/crypto/esp32/esp_crypto_lock.c
--- a/components/esp_security/src/crypto/esp32c2/esp_crypto_lock.c
+++ b/components/esp_security/src/crypto/esp32c2/esp_crypto_lock.c
--- a/components/esp_security/src/crypto/esp32c3/esp_crypto_lock.c
+++ b/components/esp_security/src/crypto/esp32c3/esp_crypto_lock.c
--- a/components/esp_security/src/crypto/esp32c5/esp_crypto_lock.c
+++ b/components/esp_security/src/crypto/esp32c5/esp_crypto_lock.c
--- a/components/esp_security/src/crypto/esp32c6/esp_crypto_lock.c
+++ b/components/esp_security/src/crypto/esp32c6/esp_crypto_lock.c
--- a/components/esp_security/src/crypto/esp32h2/esp_crypto_lock.c
+++ b/components/esp_security/src/crypto/esp32h2/esp_crypto_lock.c
--- a/components/esp_security/src/crypto/esp32p4/esp_crypto_lock.c
+++ b/components/esp_security/src/crypto/esp32p4/esp_crypto_lock.c
--- a/components/esp_security/src/crypto/esp32s2/esp_crypto_lock.c
+++ b/components/esp_security/src/crypto/esp32s2/esp_crypto_lock.c
--- a/components/esp_security/src/crypto/esp32s3/esp_crypto_lock.c
+++ b/components/esp_security/src/crypto/esp32s3/esp_crypto_lock.c
--- a/components/mbedtls/CMakeLists.txt
+++ b/components/mbedtls/CMakeLists.txt
@ -153,6 +153,10 @@ endif()
 # Add port files to mbedtls targets
 target_sources(mbedtls PRIVATE ${mbedtls_target_sources})
 if(NOT ${IDF_TARGET} STREQUAL "linux")
    target_link_libraries(mbedcrypto PRIVATE idf::esp_security)
 endif()
 # Choose peripheral type
 if(CONFIG_SOC_SHA_SUPPORTED)
--- a/components/spi_flash/CMakeLists.txt
+++ b/components/spi_flash/CMakeLists.txt
@ -52,6 +52,9 @@ else()
    set(priv_requires bootloader_support app_update soc esp_mm
                      esp_driver_gpio
    )
    if(${target} STREQUAL "esp32s2")
        list(APPEND priv_requires esp_security)
    endif()
 endif()
 idf_component_register(SRCS "${srcs}"