soc: add capability macros for security features

- Security features covers "secure boot", "flash encryption" etc. - ECO revision specific modifications still need to be handled through kconfig itself, as soc_caps.h is processed before ECO revision selection - This will simplify addition of security features for newer chips by using these SOC capability macros
2025-11-18 10:31:09 +00:00 · 2022-03-31 17:43:50 +05:30
parent 813fa1e4ae
commit 74005ed2f5
12 changed files with 241 additions and 106 deletions
--- a/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in
@@ -35,14 +35,6 @@ config SOC_SUPPORTS_SECURE_DL_MODE
    bool
    default y

-config SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS
-    bool
-    default y
-
-config SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS
-    bool
-    default n
-
 config SOC_EFUSE_KEY_PURPOSE_FIELD
    bool
    default n
@@ -59,14 +51,6 @@ config SOC_RTC_SLOW_MEM_SUPPORTED
    bool
    default n

-config SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY
-    bool
-    default n
-
-config SOC_FLASH_ENCRYPTION_XTS_AES
-    bool
-    default y
-
 config SOC_SHA_SUPPORTED
    bool
    default n
@@ -75,6 +59,14 @@ config SOC_ECC_SUPPORTED
    bool
    default y

+config SOC_FLASH_ENC_SUPPORTED
+    bool
+    default y
+
+config SOC_SECURE_BOOT_SUPPORTED
+    bool
+    default y
+
 config SOC_ADC_DIG_CTRL_SUPPORTED
    bool
    default y
@@ -431,10 +423,26 @@ config SOC_TOUCH_SENSOR_NUM
    int
    default 0

+config SOC_SECURE_BOOT_V2_ECC
+    bool
+    default y
+
+config SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS
+    bool
+    default y
+
 config SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX
    int
    default 32

+config SOC_FLASH_ENCRYPTION_XTS_AES
+    bool
+    default y
+
+config SOC_FLASH_ENCRYPTION_XTS_AES_128
+    bool
+    default n
+
 config SOC_UART_NUM
    int
    default 2
--- a/components/soc/esp32c2/include/soc/soc_caps.h
+++ b/components/soc/esp32c2/include/soc/soc_caps.h
@@ -33,16 +33,15 @@
 #define SOC_WIFI_SUPPORTED              0 // Enable during bringup, IDF-3905
 #define SOC_ASYNC_MEMCPY_SUPPORTED      1
 #define SOC_SUPPORTS_SECURE_DL_MODE     1
-#define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 1
-#define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS 0
 #define SOC_EFUSE_KEY_PURPOSE_FIELD     0
 #define SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK 1
 #define SOC_RTC_FAST_MEM_SUPPORTED      0
 #define SOC_RTC_SLOW_MEM_SUPPORTED      0
-#define SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY             0
-#define SOC_FLASH_ENCRYPTION_XTS_AES    1
+
 #define SOC_SHA_SUPPORTED               0 // This will be enabled with IDF-3830
 #define SOC_ECC_SUPPORTED               1
+#define SOC_FLASH_ENC_SUPPORTED         1
+#define SOC_SECURE_BOOT_SUPPORTED       1

 /*-------------------------- ADC CAPS -------------------------------*/
 /*!< SAR ADC Module*/
@@ -224,8 +223,14 @@
 /*-------------------------- TOUCH SENSOR CAPS -------------------------------*/
 #define SOC_TOUCH_SENSOR_NUM            (0U)    /*! No touch sensors on ESP32-C2 */

+/*-------------------------- Secure Boot CAPS----------------------------*/
+#define SOC_SECURE_BOOT_V2_ECC              1
+#define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS   1
+
 /*-------------------------- Flash Encryption CAPS----------------------------*/
 #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX   (32)
+#define SOC_FLASH_ENCRYPTION_XTS_AES            1
+#define SOC_FLASH_ENCRYPTION_XTS_AES_128        0        // This will be enabled with IDF-3899

 /*-------------------------- UART CAPS ---------------------------------------*/
 // ESP32-C2 has 2 UARTs