soc: add capability macros for security features

- Security features covers "secure boot", "flash encryption" etc. - ECO revision specific modifications still need to be handled through kconfig itself, as soc_caps.h is processed before ECO revision selection - This will simplify addition of security features for newer chips by using these SOC capability macros
2025-09-15 02:07:31 +00:00 · 2022-03-31 17:43:50 +05:30
parent 813fa1e4ae
commit 74005ed2f5
12 changed files with 241 additions and 106 deletions
--- a/components/soc/esp32/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32/include/soc/Kconfig.soc_caps.in
@@ -75,10 +75,6 @@ config SOC_CCOMP_TIMER_SUPPORTED
    bool
    default y

-config SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS
-    bool
-    default y
-
 config SOC_RTC_FAST_MEM_SUPPORTED
    bool
    default y
@@ -115,6 +111,14 @@ config SOC_SHA_SUPPORTED
    bool
    default y

+config SOC_FLASH_ENC_SUPPORTED
+    bool
+    default y
+
+config SOC_SECURE_BOOT_SUPPORTED
+    bool
+    default y
+
 config SOC_ADC_RTC_CTRL_SUPPORTED
    bool
    default y
@@ -571,6 +575,14 @@ config SOC_AES_SUPPORT_AES_256
    bool
    default y

+config SOC_SECURE_BOOT_V1
+    bool
+    default y
+
+config SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS
+    bool
+    default y
+
 config SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX
    int
    default 32
--- a/components/soc/esp32/include/soc/soc_caps.h
+++ b/components/soc/esp32/include/soc/soc_caps.h
@@ -78,7 +78,6 @@
 #define SOC_CPU_CORES_NUM           2
 #define SOC_ULP_SUPPORTED           1
 #define SOC_CCOMP_TIMER_SUPPORTED   1
-#define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 1
 #define SOC_RTC_FAST_MEM_SUPPORTED        1
 #define SOC_RTC_SLOW_MEM_SUPPORTED        1
 #define SOC_I2S_SUPPORTED           1
@@ -88,6 +87,8 @@
 #define SOC_AES_SUPPORTED           1
 #define SOC_MPI_SUPPORTED           1
 #define SOC_SHA_SUPPORTED           1
+#define SOC_FLASH_ENC_SUPPORTED     1
+#define SOC_SECURE_BOOT_SUPPORTED   1

 /*-------------------------- ADC CAPS ----------------------------------------*/
 /**
@@ -319,6 +320,15 @@
 #define SOC_AES_SUPPORT_AES_192 (1)
 #define SOC_AES_SUPPORT_AES_256 (1)

+/*-------------------------- Secure Boot CAPS----------------------------*/
+/*
+ * ESP32 ECO3 revision also supports `SOC_SECURE_BOOT_V2_RSA` but for that we will need selected ECO
+ * version from `Kconfig`, which is not possible while generating `Kconfig.soc_caps.in` from this header.
+ * Hence, for now we are handling this special capability in bootloader "security" configuration itself.
+ */
+#define SOC_SECURE_BOOT_V1                  1
+#define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS   1
+
 /*-------------------------- Flash Encryption CAPS----------------------------*/
 #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX   (32)