feat(hal/spi_flash_encrypted): Enable pseudo rounds function during XTS-AES operations

2025-03-09 09:09:10 -04:00 · 2025-01-17 10:51:09 +05:30 · 2025-01-17 10:51:09 +05:30 · e3acb360e3
commit e3acb360e3
parent 7d803e661e
8 changed files with 146 additions and 9 deletions
--- a/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h
+++ b/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -20,11 +20,14 @@
 #include "soc/soc_caps.h"
 #include "hal/assert.h"

+#include "hal/efuse_hal.h"
+#include "soc/chip_revision.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif

-/// Choose type of chip you want to encrypt manully
+/// Choose type of chip you want to encrypt manually
 typedef enum
 {
    FLASH_ENCRYPTION_MANU = 0, ///!< Manually encrypt the flash chip.
@ -51,7 +54,7 @@ static inline void spi_flash_encrypt_ll_disable(void)
 }

 /**
- * Choose type of chip you want to encrypt manully
+ * Choose type of chip you want to encrypt manually
 *
 * @param type The type of chip to be encrypted
 *
@ -146,6 +149,39 @@ static inline bool spi_flash_encrypt_ll_check(uint32_t address, uint32_t length)
    return ((address % length) == 0) ? true : false;
 }

+/**
+ * @brief Enable the pseudo-round function during XTS-AES operations
+ *
+ * @param mode set the mode for pseudo rounds, zero to disable, with increasing security upto three.
+ * @param base basic number of pseudo rounds, zero if disable
+ * @param increment increment number of pseudo rounds, zero if disable
+ * @param key_rng_cnt update frequency of the pseudo-key, zero if disable
+ */
+static inline void spi_flash_encrypt_ll_enable_pseudo_rounds(uint8_t mode, uint8_t base, uint8_t increment, uint8_t key_rng_cnt)
+{
+    REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_MODE_PSEUDO, mode);
+
+    if (mode) {
+        REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_BASE, base);
+        REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_INC, increment);
+        REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_RNG_CNT, key_rng_cnt);
+    } else {
+        REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_BASE, 0);
+        REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_INC, 0);
+        REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_RNG_CNT, 0);
+    }
+}
+
+/**
+ * @brief Check if the pseudo round function is supported
+ * The XTS-AES pseudo round function is only avliable in chip version
+ * above 1.2 in ESP32-H2
+ */
+static inline bool spi_flash_encrypt_ll_is_pseudo_rounds_function_supported(void)
+{
+    return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102);
+}
+
 #ifdef __cplusplus
 }
 #endif
--- a/components/hal/include/hal/spi_flash_encrypt_hal.h
+++ b/components/hal/include/hal/spi_flash_encrypt_hal.h
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -13,11 +13,35 @@
 // The HAL layer for SPI Flash Encryption

 #include "hal/spi_flash_encrypted_ll.h"
+#include "soc/soc_caps.h"

 #ifdef __cplusplus
 extern "C" {
 #endif

+#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+/**
+ * @brief Default pseudo rounds configs of the XTS-AES accelerator
+ */
+typedef enum {
+    ESP_XTS_AES_PSEUDO_ROUNDS_DISABLE = 0,
+    ESP_XTS_AES_PSEUDO_ROUNDS_LOW,
+    ESP_XTS_AES_PSEUDO_ROUNDS_MEDIUM,
+    ESP_XTS_AES_PSEUDO_ROUNDS_HIGH,
+} esp_xts_aes_psuedo_rounds_state_t;
+
+/* The total number of pseudo-rounds randomly inserted in an XTS-AES operation are controlled by
+ * configuring the PSEUDO_MODE, PSEUDO_BASE, PSEUDO_INC parameters.
+ * Users can also set the frequency of random key updates by configuring the PSEUDO_RNG_CNT.
+ * Here, we would be using some pre-decided values for these parameters corresponding to the security needed.
+ * For more information regarding these parameters please refer the TRM.
+ */
+#define XTS_AES_PSEUDO_ROUNDS_BASE      4
+#define XTS_AES_PSEUDO_ROUNDS_INC       2
+#define XTS_AES_PSEUDO_ROUNDS_RNG_CNT   7
+
+#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND */
+
 /**
 * @brief Enable the flash encryption
 */
@ -57,6 +81,18 @@ void spi_flash_encryption_hal_destroy(void);
 */
 bool spi_flash_encryption_hal_check(uint32_t address, uint32_t length);

+#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+/**
+ * @brief Enable the pseudo-round function during XTS-AES operations
+ *
+ * @param mode set the mode for pseudo rounds, zero to disable, with increasing security upto three.
+ * @param base basic number of pseudo rounds, zero if disable
+ * @param increment increment number of pseudo rounds, zero if disable
+ * @param key_rng_cnt update frequency of the pseudo-key, zero if disable
+ */
+void spi_flash_encryption_hal_enable_pseudo_rounds(uint8_t mode, uint8_t base, uint8_t increment, uint8_t key_rng_cnt);
+#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND */
+
 #ifdef __cplusplus
 }
 #endif
--- a/components/hal/spi_flash_encrypt_hal_iram.c
+++ b/components/hal/spi_flash_encrypt_hal_iram.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -7,6 +7,7 @@
 // This part is put in iram.

 #include "hal/spi_flash_encrypted_ll.h"
+#include "soc/soc_caps.h"

 void spi_flash_encryption_hal_enable(void)
 {
@ -49,3 +50,12 @@ bool spi_flash_encryption_hal_check(uint32_t address, uint32_t length)
 {
    return spi_flash_encrypt_ll_check(address, length);
 }
+
+#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+void spi_flash_encryption_hal_enable_pseudo_rounds(uint8_t mode, uint8_t base, uint8_t increment, uint8_t key_rng_cnt)
+{
+    if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
+        spi_flash_encrypt_ll_enable_pseudo_rounds(mode, base, increment, key_rng_cnt);
+    }
+}
+#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND */
--- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in
@ -1279,6 +1279,10 @@ config SOC_FLASH_ENCRYPTION_XTS_AES_128
    bool
    default y

+config SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+    bool
+    default y
+
 config SOC_APM_CTRL_FILTER_SUPPORTED
    bool
    default y
--- a/components/soc/esp32h2/include/soc/soc_caps.h
+++ b/components/soc/esp32h2/include/soc/soc_caps.h
@ -509,6 +509,7 @@
 #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX   (64)
 #define SOC_FLASH_ENCRYPTION_XTS_AES        1
 #define SOC_FLASH_ENCRYPTION_XTS_AES_128    1
+#define SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND  1 /*!< Only avliable in chip version above 1.2*/

 /*-------------------------- APM CAPS ----------------------------------------*/
 #define SOC_APM_CTRL_FILTER_SUPPORTED   1 /*!< Support for APM control filter */
--- a/components/soc/esp32h2/register/soc/spi_mem_struct.h
+++ b/components/soc/esp32h2/register/soc/spi_mem_struct.h
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -1033,7 +1033,16 @@ typedef volatile struct spi_mem_dev_s {
        };
        uint32_t val;
    } dpa_ctrl;
-    uint32_t reserved_38c;
+    union {
+        struct {
+            uint32_t reg_mode_pseudo                :    2;  /*Set the mode of pseudo. 2'b00: crypto without pseudo. 2'b01: state T with pseudo and state D without pseudo. 2'b10: state T with pseudo and state D with few pseudo. 2'b11: crypto with pseudo.*/
+            uint32_t reg_pseudo_rng_cnt             :    3;  /*xts aes peseudo function base round that must be performed.*/
+            uint32_t reg_pseudo_base                :    4;  /*xts aes peseudo function base round that must be performed.*/
+            uint32_t reg_pseudo_inc                 :    2;  /*xts aes peseudo function increment round that will be performed randomly between 0 & 2**(inc+1).*/
+            uint32_t reserved11                     :    21;  /*reserved*/
+        };
+        uint32_t val;
+    } xts_pseudo_round_conf;
    uint32_t reserved_390;
    uint32_t reserved_394;
    uint32_t reserved_398;
--- a/components/soc/esp32h2/register/soc/xts_aes_reg.h
+++ b/components/soc/esp32h2/register/soc/xts_aes_reg.h
@ -1,5 +1,5 @@
 /**
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
 *
 *  SPDX-License-Identifier: Apache-2.0
 */
@ -124,6 +124,42 @@ formance of cryption will decrease together with this number increasing).*/
 #define XTS_AES_CRYPT_SECURITY_LEVEL_V  0x7
 #define XTS_AES_CRYPT_SECURITY_LEVEL_S  0

+/** XTS_AES_PSEUDO_ROUND_CONF_REG register
+ *  SPI memory encryption PSEUDO register
+ */
+#define XTS_AES_PSEUDO_ROUND_CONF_REG(i) (REG_SPI_MEM_BASE(i) + 0x38c)
+/** XTS_AES_MODE_PSEUDO : R/W; bitpos: [1:0]; default: 0;
+ *  Set the mode of pseudo. 2'b00: crypto without pseudo. 2'b01: state T with pseudo
+ *  and state D without pseudo. 2'b10: state T with pseudo and state D with few pseudo.
+ *  2'b11: crypto with pseudo.
+ */
+#define XTS_AES_MODE_PSEUDO    0x00000003U
+#define XTS_AES_MODE_PSEUDO_M  (XTS_AES_MODE_PSEUDO_V << XTS_AES_MODE_PSEUDO_S)
+#define XTS_AES_MODE_PSEUDO_V  0x00000003U
+#define XTS_AES_MODE_PSEUDO_S  0
+/** XTS_AES_PSEUDO_RNG_CNT : R/W; bitpos: [4:2]; default: 7;
+ *  xts aes peseudo function base round that must be performed.
+ */
+#define XTS_AES_PSEUDO_RNG_CNT    0x00000007U
+#define XTS_AES_PSEUDO_RNG_CNT_M  (XTS_AES_PSEUDO_RNG_CNT_V << XTS_AES_PSEUDO_RNG_CNT_S)
+#define XTS_AES_PSEUDO_RNG_CNT_V  0x00000007U
+#define XTS_AES_PSEUDO_RNG_CNT_S  2
+/** XTS_AES_PSEUDO_BASE : R/W; bitpos: [8:5]; default: 2;
+ *  xts aes peseudo function base round that must be performed.
+ */
+#define XTS_AES_PSEUDO_BASE    0x0000000FU
+#define XTS_AES_PSEUDO_BASE_M  (XTS_AES_PSEUDO_BASE_V << XTS_AES_PSEUDO_BASE_S)
+#define XTS_AES_PSEUDO_BASE_V  0x0000000FU
+#define XTS_AES_PSEUDO_BASE_S  5
+/** XTS_AES_PSEUDO_INC : R/W; bitpos: [10:9]; default: 2;
+ *  xts aes peseudo function increment round that will be performed randomly between 0 &
+ *  2**(inc+1).
+ */
+#define XTS_AES_PSEUDO_INC    0x00000003U
+#define XTS_AES_PSEUDO_INC_M  (XTS_AES_PSEUDO_INC_V << XTS_AES_PSEUDO_INC_S)
+#define XTS_AES_PSEUDO_INC_V  0x00000003U
+#define XTS_AES_PSEUDO_INC_S  9
+
 #ifdef __cplusplus
 }
 #endif
--- a/components/spi_flash/spi_flash_chip_generic.c
+++ b/components/spi_flash/spi_flash_chip_generic.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -517,6 +517,11 @@ esp_err_t spi_flash_chip_generic_write_encrypted(esp_flash_t *chip, const void *

    const uint8_t *data_bytes = (const uint8_t *)buffer;
    esp_flash_encryption->flash_encryption_enable();
+
+#if SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+    spi_flash_encryption_hal_enable_pseudo_rounds(ESP_XTS_AES_PSEUDO_ROUNDS_LOW, XTS_AES_PSEUDO_ROUNDS_BASE, XTS_AES_PSEUDO_ROUNDS_INC, XTS_AES_PSEUDO_ROUNDS_RNG_CNT);
+#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND */
+
    while (length > 0) {
        int block_size;
        /* Write the largest block if possible */