From e3acb360e3f1161c3f1e1de14af7eb103db0cd90 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Fri, 17 Jan 2025 10:51:09 +0530 Subject: [PATCH] feat(hal/spi_flash_encrypted): Enable pseudo rounds function during XTS-AES operations --- .../include/hal/spi_flash_encrypted_ll.h | 42 +++++++++++++++++-- .../hal/include/hal/spi_flash_encrypt_hal.h | 38 ++++++++++++++++- components/hal/spi_flash_encrypt_hal_iram.c | 12 +++++- .../esp32h2/include/soc/Kconfig.soc_caps.in | 4 ++ components/soc/esp32h2/include/soc/soc_caps.h | 1 + .../soc/esp32h2/register/soc/spi_mem_struct.h | 13 +++++- .../soc/esp32h2/register/soc/xts_aes_reg.h | 38 ++++++++++++++++- components/spi_flash/spi_flash_chip_generic.c | 7 +++- 8 files changed, 146 insertions(+), 9 deletions(-) diff --git a/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h b/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h index 20c303344a..cb6cab28a3 100644 --- a/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h +++ b/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -20,11 +20,14 @@ #include "soc/soc_caps.h" #include "hal/assert.h" +#include "hal/efuse_hal.h" +#include "soc/chip_revision.h" + #ifdef __cplusplus extern "C" { #endif -/// Choose type of chip you want to encrypt manully +/// Choose type of chip you want to encrypt manually typedef enum { FLASH_ENCRYPTION_MANU = 0, ///!< Manually encrypt the flash chip. @@ -51,7 +54,7 @@ static inline void spi_flash_encrypt_ll_disable(void) } /** - * Choose type of chip you want to encrypt manully + * Choose type of chip you want to encrypt manually * * @param type The type of chip to be encrypted * @@ -146,6 +149,39 @@ static inline bool spi_flash_encrypt_ll_check(uint32_t address, uint32_t length) return ((address % length) == 0) ? true : false; } +/** + * @brief Enable the pseudo-round function during XTS-AES operations + * + * @param mode set the mode for pseudo rounds, zero to disable, with increasing security upto three. + * @param base basic number of pseudo rounds, zero if disable + * @param increment increment number of pseudo rounds, zero if disable + * @param key_rng_cnt update frequency of the pseudo-key, zero if disable + */ +static inline void spi_flash_encrypt_ll_enable_pseudo_rounds(uint8_t mode, uint8_t base, uint8_t increment, uint8_t key_rng_cnt) +{ + REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_MODE_PSEUDO, mode); + + if (mode) { + REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_BASE, base); + REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_INC, increment); + REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_RNG_CNT, key_rng_cnt); + } else { + REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_BASE, 0); + REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_INC, 0); + REG_SET_FIELD(XTS_AES_PSEUDO_ROUND_CONF_REG(0), XTS_AES_PSEUDO_RNG_CNT, 0); + } +} + +/** + * @brief Check if the pseudo round function is supported + * The XTS-AES pseudo round function is only avliable in chip version + * above 1.2 in ESP32-H2 + */ +static inline bool spi_flash_encrypt_ll_is_pseudo_rounds_function_supported(void) +{ + return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102); +} + #ifdef __cplusplus } #endif diff --git a/components/hal/include/hal/spi_flash_encrypt_hal.h b/components/hal/include/hal/spi_flash_encrypt_hal.h index e3da8c30d5..88e3ad8891 100644 --- a/components/hal/include/hal/spi_flash_encrypt_hal.h +++ b/components/hal/include/hal/spi_flash_encrypt_hal.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -13,11 +13,35 @@ // The HAL layer for SPI Flash Encryption #include "hal/spi_flash_encrypted_ll.h" +#include "soc/soc_caps.h" #ifdef __cplusplus extern "C" { #endif +#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND +/** + * @brief Default pseudo rounds configs of the XTS-AES accelerator + */ +typedef enum { + ESP_XTS_AES_PSEUDO_ROUNDS_DISABLE = 0, + ESP_XTS_AES_PSEUDO_ROUNDS_LOW, + ESP_XTS_AES_PSEUDO_ROUNDS_MEDIUM, + ESP_XTS_AES_PSEUDO_ROUNDS_HIGH, +} esp_xts_aes_psuedo_rounds_state_t; + +/* The total number of pseudo-rounds randomly inserted in an XTS-AES operation are controlled by + * configuring the PSEUDO_MODE, PSEUDO_BASE, PSEUDO_INC parameters. + * Users can also set the frequency of random key updates by configuring the PSEUDO_RNG_CNT. + * Here, we would be using some pre-decided values for these parameters corresponding to the security needed. + * For more information regarding these parameters please refer the TRM. + */ +#define XTS_AES_PSEUDO_ROUNDS_BASE 4 +#define XTS_AES_PSEUDO_ROUNDS_INC 2 +#define XTS_AES_PSEUDO_ROUNDS_RNG_CNT 7 + +#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND */ + /** * @brief Enable the flash encryption */ @@ -57,6 +81,18 @@ void spi_flash_encryption_hal_destroy(void); */ bool spi_flash_encryption_hal_check(uint32_t address, uint32_t length); +#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND +/** + * @brief Enable the pseudo-round function during XTS-AES operations + * + * @param mode set the mode for pseudo rounds, zero to disable, with increasing security upto three. + * @param base basic number of pseudo rounds, zero if disable + * @param increment increment number of pseudo rounds, zero if disable + * @param key_rng_cnt update frequency of the pseudo-key, zero if disable + */ +void spi_flash_encryption_hal_enable_pseudo_rounds(uint8_t mode, uint8_t base, uint8_t increment, uint8_t key_rng_cnt); +#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND */ + #ifdef __cplusplus } #endif diff --git a/components/hal/spi_flash_encrypt_hal_iram.c b/components/hal/spi_flash_encrypt_hal_iram.c index 2636e699f5..14de0d3e8b 100644 --- a/components/hal/spi_flash_encrypt_hal_iram.c +++ b/components/hal/spi_flash_encrypt_hal_iram.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -7,6 +7,7 @@ // This part is put in iram. #include "hal/spi_flash_encrypted_ll.h" +#include "soc/soc_caps.h" void spi_flash_encryption_hal_enable(void) { @@ -49,3 +50,12 @@ bool spi_flash_encryption_hal_check(uint32_t address, uint32_t length) { return spi_flash_encrypt_ll_check(address, length); } + +#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND +void spi_flash_encryption_hal_enable_pseudo_rounds(uint8_t mode, uint8_t base, uint8_t increment, uint8_t key_rng_cnt) +{ + if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) { + spi_flash_encrypt_ll_enable_pseudo_rounds(mode, base, increment, key_rng_cnt); + } +} +#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND */ diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in index 87db44adef..20d2940fe0 100644 --- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in @@ -1279,6 +1279,10 @@ config SOC_FLASH_ENCRYPTION_XTS_AES_128 bool default y +config SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND + bool + default y + config SOC_APM_CTRL_FILTER_SUPPORTED bool default y diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index 1c0072f57a..d781180854 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -509,6 +509,7 @@ #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (64) #define SOC_FLASH_ENCRYPTION_XTS_AES 1 #define SOC_FLASH_ENCRYPTION_XTS_AES_128 1 +#define SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND 1 /*!< Only avliable in chip version above 1.2*/ /*-------------------------- APM CAPS ----------------------------------------*/ #define SOC_APM_CTRL_FILTER_SUPPORTED 1 /*!< Support for APM control filter */ diff --git a/components/soc/esp32h2/register/soc/spi_mem_struct.h b/components/soc/esp32h2/register/soc/spi_mem_struct.h index 45810eb9af..0f7e4be387 100644 --- a/components/soc/esp32h2/register/soc/spi_mem_struct.h +++ b/components/soc/esp32h2/register/soc/spi_mem_struct.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -1033,7 +1033,16 @@ typedef volatile struct spi_mem_dev_s { }; uint32_t val; } dpa_ctrl; - uint32_t reserved_38c; + union { + struct { + uint32_t reg_mode_pseudo : 2; /*Set the mode of pseudo. 2'b00: crypto without pseudo. 2'b01: state T with pseudo and state D without pseudo. 2'b10: state T with pseudo and state D with few pseudo. 2'b11: crypto with pseudo.*/ + uint32_t reg_pseudo_rng_cnt : 3; /*xts aes peseudo function base round that must be performed.*/ + uint32_t reg_pseudo_base : 4; /*xts aes peseudo function base round that must be performed.*/ + uint32_t reg_pseudo_inc : 2; /*xts aes peseudo function increment round that will be performed randomly between 0 & 2**(inc+1).*/ + uint32_t reserved11 : 21; /*reserved*/ + }; + uint32_t val; + } xts_pseudo_round_conf; uint32_t reserved_390; uint32_t reserved_394; uint32_t reserved_398; diff --git a/components/soc/esp32h2/register/soc/xts_aes_reg.h b/components/soc/esp32h2/register/soc/xts_aes_reg.h index 921701bc74..894f893955 100644 --- a/components/soc/esp32h2/register/soc/xts_aes_reg.h +++ b/components/soc/esp32h2/register/soc/xts_aes_reg.h @@ -1,5 +1,5 @@ /** - * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -124,6 +124,42 @@ formance of cryption will decrease together with this number increasing).*/ #define XTS_AES_CRYPT_SECURITY_LEVEL_V 0x7 #define XTS_AES_CRYPT_SECURITY_LEVEL_S 0 +/** XTS_AES_PSEUDO_ROUND_CONF_REG register + * SPI memory encryption PSEUDO register + */ +#define XTS_AES_PSEUDO_ROUND_CONF_REG(i) (REG_SPI_MEM_BASE(i) + 0x38c) +/** XTS_AES_MODE_PSEUDO : R/W; bitpos: [1:0]; default: 0; + * Set the mode of pseudo. 2'b00: crypto without pseudo. 2'b01: state T with pseudo + * and state D without pseudo. 2'b10: state T with pseudo and state D with few pseudo. + * 2'b11: crypto with pseudo. + */ +#define XTS_AES_MODE_PSEUDO 0x00000003U +#define XTS_AES_MODE_PSEUDO_M (XTS_AES_MODE_PSEUDO_V << XTS_AES_MODE_PSEUDO_S) +#define XTS_AES_MODE_PSEUDO_V 0x00000003U +#define XTS_AES_MODE_PSEUDO_S 0 +/** XTS_AES_PSEUDO_RNG_CNT : R/W; bitpos: [4:2]; default: 7; + * xts aes peseudo function base round that must be performed. + */ +#define XTS_AES_PSEUDO_RNG_CNT 0x00000007U +#define XTS_AES_PSEUDO_RNG_CNT_M (XTS_AES_PSEUDO_RNG_CNT_V << XTS_AES_PSEUDO_RNG_CNT_S) +#define XTS_AES_PSEUDO_RNG_CNT_V 0x00000007U +#define XTS_AES_PSEUDO_RNG_CNT_S 2 +/** XTS_AES_PSEUDO_BASE : R/W; bitpos: [8:5]; default: 2; + * xts aes peseudo function base round that must be performed. + */ +#define XTS_AES_PSEUDO_BASE 0x0000000FU +#define XTS_AES_PSEUDO_BASE_M (XTS_AES_PSEUDO_BASE_V << XTS_AES_PSEUDO_BASE_S) +#define XTS_AES_PSEUDO_BASE_V 0x0000000FU +#define XTS_AES_PSEUDO_BASE_S 5 +/** XTS_AES_PSEUDO_INC : R/W; bitpos: [10:9]; default: 2; + * xts aes peseudo function increment round that will be performed randomly between 0 & + * 2**(inc+1). + */ +#define XTS_AES_PSEUDO_INC 0x00000003U +#define XTS_AES_PSEUDO_INC_M (XTS_AES_PSEUDO_INC_V << XTS_AES_PSEUDO_INC_S) +#define XTS_AES_PSEUDO_INC_V 0x00000003U +#define XTS_AES_PSEUDO_INC_S 9 + #ifdef __cplusplus } #endif diff --git a/components/spi_flash/spi_flash_chip_generic.c b/components/spi_flash/spi_flash_chip_generic.c index 8233eaf174..d71b279e36 100644 --- a/components/spi_flash/spi_flash_chip_generic.c +++ b/components/spi_flash/spi_flash_chip_generic.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -517,6 +517,11 @@ esp_err_t spi_flash_chip_generic_write_encrypted(esp_flash_t *chip, const void * const uint8_t *data_bytes = (const uint8_t *)buffer; esp_flash_encryption->flash_encryption_enable(); + +#if SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND + spi_flash_encryption_hal_enable_pseudo_rounds(ESP_XTS_AES_PSEUDO_ROUNDS_LOW, XTS_AES_PSEUDO_ROUNDS_BASE, XTS_AES_PSEUDO_ROUNDS_INC, XTS_AES_PSEUDO_ROUNDS_RNG_CNT); +#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND */ + while (length > 0) { int block_size; /* Write the largest block if possible */