menu "ESP Security Specific"

    menu "Crypto DPA Protection"
        depends on SOC_CRYPTO_DPA_PROTECTION_SUPPORTED
        config ESP_CRYPTO_DPA_PROTECTION_AT_STARTUP
            bool "Enable crypto DPA protection at startup"
            default y
            help
                This config controls the DPA (Differential Power Analysis) protection
                knob for the crypto peripherals. DPA protection dynamically adjusts
                clock frequency of the crypto peripheral. DPA protection helps to make it
                difficult to perform SCA attacks on the crypto peripherals. However,
                there is also associated performance impact based on the security level
                set. Please refer to the TRM for more details.

        choice ESP_CRYPTO_DPA_PROTECTION_LEVEL
            prompt "DPA protection level"
            depends on ESP_CRYPTO_DPA_PROTECTION_AT_STARTUP
            default ESP_CRYPTO_DPA_PROTECTION_LEVEL_LOW
            help
                Configure the DPA protection security level

            config ESP_CRYPTO_DPA_PROTECTION_LEVEL_LOW
                bool "Security level low"

            config ESP_CRYPTO_DPA_PROTECTION_LEVEL_MEDIUM
                bool "Security level medium"

            config ESP_CRYPTO_DPA_PROTECTION_LEVEL_HIGH
                bool "Security level high"
        endchoice

        config ESP_CRYPTO_DPA_PROTECTION_LEVEL
            int
            default 1 if ESP_CRYPTO_DPA_PROTECTION_LEVEL_LOW
            default 2 if ESP_CRYPTO_DPA_PROTECTION_LEVEL_MEDIUM
            default 3 if ESP_CRYPTO_DPA_PROTECTION_LEVEL_HIGH
    endmenu

    config ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL
        bool "Forcfully enable ECC constant time point multiplication operations"
        depends on SOC_ECC_CONSTANT_TIME_POINT_MUL
        default N
        help
            If enabled, the app startup code will burn the ECC_FORCE_CONST_TIME efuse bit to force the
            ECC peripheral to always perform constant time point multiplication operations,
            irrespective of the ECC_MULT_SECURITY_MODE status bit that is present in the ECC_MULT_CONF_REG
            register. By default, ESP-IDF configures the ECC peripheral to perform constant time point
            multiplication operations, so enabling this config would provide security enhancement only in
            the cases when trusted boot is not enabled and the attacker tries carrying out non-constant
            time point multiplication operations by changing the default ESP-IDF configurations.
            Performing constant time operations protect the ECC multiplication operations from timing attacks.
endmenu