feat(esp_key_mgr): Support Digital Signature key deployments using Key Manager

2025-12-10 18:06:29 +00:00 · 2025-06-10 16:57:20 +05:30
parent 265b0d7579
commit 33d8c05d95
9 changed files with 103 additions and 18 deletions
--- a/components/hal/esp32c5/include/hal/ds_ll.h
+++ b/components/hal/esp32c5/include/hal/ds_ll.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -78,6 +78,14 @@ static inline ds_key_check_t ds_ll_key_error_source(void)
    }
 }

+/**
+ * @brief Set the DS key source.
+ */
+static inline void ds_ll_set_key_source(ds_key_source_t key_source)
+{
+    REG_WRITE(DS_KEY_SOURCE_REG, key_source);
+}
+
 /**
 * @brief Write the initialization vector to the corresponding register field.
 */
--- a/components/hal/esp32c5/include/hal/key_mgr_ll.h
+++ b/components/hal/esp32c5/include/hal/key_mgr_ll.h
@@ -189,6 +189,14 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ
            }
            break;

+        case ESP_KEY_MGR_DS_KEY:
+            if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) {
+                REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS);
+            } else {
+                REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS);
+            }
+            break;
+
        default:
            HAL_ASSERT(false && "Unsupported mode");
            return;
@@ -213,6 +221,10 @@ static inline esp_key_mgr_key_usage_t key_mgr_ll_get_key_usage(esp_key_mgr_key_t
            return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC));
            break;

+        case ESP_KEY_MGR_DS_KEY:
+            return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS));
+            break;
+
        default:
            HAL_ASSERT(false && "Unsupported mode");
            return ESP_KEY_MGR_USAGE_INVALID;
@@ -253,6 +265,10 @@ static inline void key_mgr_ll_lock_use_efuse_key_reg(esp_key_mgr_key_type_t key_
            REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_HMAC);
            break;

+        case ESP_KEY_MGR_DS_KEY:
+            REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_DS);
+            break;
+
        default:
            HAL_ASSERT(false && "Unsupported mode");
            return;
@@ -291,7 +307,6 @@ static inline bool key_mgr_ll_is_result_success(void)
 static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type)
 {
    switch (key_type) {
-
        case ESP_KEY_MGR_ECDSA_192_KEY:
            return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_192_VLD);
        case ESP_KEY_MGR_ECDSA_256_KEY:
@@ -309,6 +324,10 @@ static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type
            return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_HMAC_VLD);
            break;

+        case ESP_KEY_MGR_DS_KEY:
+            return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_DS_VLD);
+            break;
+
        default:
            HAL_ASSERT(false && "Unsupported mode");
            return 0;