Merge branch 'feat/support_key_manager_esp32c5' into 'master'

Support key manager esp32c5

Closes IDF-12626, IDF-12628, IDF-12629, IDF-8621, IDF-9007, IDF-12855, IDF-9070, IDF-7902, and IDF-7548

See merge request espressif/esp-idf!38894

components/hal/esp32c5/include/hal/ds_ll.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -78,6 +78,14 @@ static inline ds_key_check_t ds_ll_key_error_source(void)
     }
 }
 
+/**
+ * @brief Set the DS key source.
+ */
+static inline void ds_ll_set_key_source(ds_key_source_t key_source)
+{
+    REG_WRITE(DS_KEY_SOURCE_REG, key_source);
+}
+
 /**
  * @brief Write the initialization vector to the corresponding register field.
  */

components/hal/esp32c5/include/hal/huk_ll.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -22,6 +22,8 @@
 #include "hal/huk_types.h"
 #include "soc/huk_reg.h"
 #include "soc/soc_caps.h"
+#include "soc/lp_aon_reg.h"
+#include "esp_rom_sys.h"    // HUK memory recharge workaround
 
 #ifdef __cplusplus
 extern "C" {
@@ -103,6 +105,20 @@ static inline esp_huk_gen_status_t huk_ll_get_gen_status(void)
     return (esp_huk_gen_status_t) REG_GET_FIELD(HUK_STATUS_REG, HUK_STATUS);
 }
 
+
+static inline void __attribute__((always_inline)) huk_ll_recharge_huk_memory(void)
+{
+    REG_CLR_BIT(LP_AON_MEM_CTRL_REG, LP_AON_HUK_MEM_FORCE_PD);
+
+    REG_CLR_BIT(LP_AON_PUF_MEM_SW_REG, LP_AON_PUF_MEM_SW);
+    REG_SET_BIT(LP_AON_PUF_MEM_DISCHARGE_REG, LP_AON_PUF_MEM_DISCHARGE);
+    esp_rom_delay_us(100000);
+
+    REG_CLR_BIT(LP_AON_PUF_MEM_DISCHARGE_REG, LP_AON_PUF_MEM_DISCHARGE);
+    REG_SET_BIT(LP_AON_PUF_MEM_SW_REG, LP_AON_PUF_MEM_SW);
+    esp_rom_delay_us(100000);
+}
+
 /**
  * @brief Read the HUK date information
  */

components/hal/esp32c5/include/hal/key_mgr_ll.h

@@ -19,6 +19,7 @@
 #include "hal/key_mgr_types.h"
 #include "soc/keymng_reg.h"
 #include "soc/pcr_struct.h"
+#include "soc/pcr_reg.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -34,32 +35,38 @@ static inline esp_key_mgr_state_t key_mgr_ll_get_state(void)
     return (esp_key_mgr_state_t) REG_GET_FIELD(KEYMNG_STATE_REG, KEYMNG_STATE);
 }
 
+static inline void key_mgr_ll_power_up(void)
+{
+    /* Power up the Key Manager peripheral (default state is power-down) */
+    REG_CLR_BIT(PCR_KM_PD_CTRL_REG, PCR_KM_MEM_FORCE_PD);
+    REG_SET_BIT(PCR_KM_PD_CTRL_REG, PCR_KM_MEM_FORCE_PU);
+}
+
+#define key_mgr_ll_enable_bus_clock(...) do { \
+        _key_mgr_ll_enable_bus_clock(__VA_ARGS__); \
+    } while(0)
+
+static inline void key_mgr_ll_power_down(void)
+{
+    /* Power down the Key Manager peripheral */
+    REG_CLR_BIT(PCR_KM_PD_CTRL_REG, PCR_KM_MEM_FORCE_PU);
+    REG_SET_BIT(PCR_KM_PD_CTRL_REG, PCR_KM_MEM_FORCE_PD);
+}
+
 /**
  * @brief Enable the bus clock for Key Manager peripheral
- * Note: Please use key_mgr_ll_enable_bus_clock which requires the critical section
- *       and do not use _key_mgr_ll_enable_bus_clock
+ *
  * @param true to enable, false to disable
  */
 static inline void _key_mgr_ll_enable_bus_clock(bool enable)
 {
-    // Set the force power down bit to 0 to enable key manager
-    PCR.km_pd_ctrl.km_mem_force_pd = 0;
     // Enable key manager clock
-    PCR.km_conf.km_clk_en = 1;
+    PCR.km_conf.km_clk_en = enable;
 }
 
-/// use a macro to wrap the function, force the caller to use it in a critical section
-/// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance
-#define key_mgr_ll_enable_bus_clock(...) do { \
-        (void)__DECLARE_RCC_ATOMIC_ENV; \
-        _key_mgr_ll_enable_bus_clock(__VA_ARGS__); \
-    } while(0)
-
 /**
  * @brief Enable the peripheral clock for Key Manager
  *
- * Note: Please use key_mgr_ll_enable_peripheral_clock which requires the critical section
- *       and do not use _key_mgr_ll_enable_peripheral_clock
  * @param true to enable, false to disable
  */
 static inline void _key_mgr_ll_enable_peripheral_clock(bool enable)
@@ -68,14 +75,12 @@ static inline void _key_mgr_ll_enable_peripheral_clock(bool enable)
 }
 
 #define key_mgr_ll_enable_peripheral_clock(...) do { \
-        (void)__DECLARE_RCC_ATOMIC_ENV; \
         _key_mgr_ll_enable_peripheral_clock(__VA_ARGS__); \
     } while(0)
 
 /**
  * @brief Reset the Key Manager peripheral
- * Note: Please use key_mgr_ll_reset_register which requires the critical section
- *       and do not use _key_mgr_ll_reset_register
+ *
  */
 static inline void _key_mgr_ll_reset_register(void)
 {
@@ -90,10 +95,7 @@ static inline void _key_mgr_ll_reset_register(void)
 
 }
 
-/// use a macro to wrap the function, force the caller to use it in a critical section
-/// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance
 #define key_mgr_ll_reset_register(...) do { \
-        (void)__DECLARE_RCC_ATOMIC_ENV; \
         _key_mgr_ll_reset_register(__VA_ARGS__); \
     } while(0)
 
@@ -160,13 +162,16 @@ static inline void key_mgr_ll_use_sw_init_key(void)
 static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_usage_t key_usage)
 {
     switch (key_type) {
-        case ESP_KEY_MGR_ECDSA_KEY:
+        case ESP_KEY_MGR_ECDSA_192_KEY:
+        case ESP_KEY_MGR_ECDSA_256_KEY:
+        case ESP_KEY_MGR_ECDSA_384_KEY:
             if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) {
                 REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA);
             } else {
                 REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA);
             }
             break;
+
         case ESP_KEY_MGR_XTS_AES_128_KEY:
         case ESP_KEY_MGR_XTS_AES_256_KEY:
             if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) {
@@ -176,6 +181,30 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ
             }
             break;
 
+        case ESP_KEY_MGR_HMAC_KEY:
+            if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) {
+                REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC);
+            } else {
+                REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC);
+            }
+            break;
+
+        case ESP_KEY_MGR_DS_KEY:
+            if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) {
+                REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS);
+            } else {
+                REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS);
+            }
+            break;
+
+        case ESP_KEY_MGR_PSRAM_128_KEY:
+        case ESP_KEY_MGR_PSRAM_256_KEY:
+            if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) {
+                REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM);
+            } else {
+                REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM);
+            }
+            break;
         default:
             HAL_ASSERT(false && "Unsupported mode");
             return;
@@ -185,7 +214,9 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ
 static inline esp_key_mgr_key_usage_t key_mgr_ll_get_key_usage(esp_key_mgr_key_type_t key_type)
 {
     switch (key_type) {
-        case ESP_KEY_MGR_ECDSA_KEY:
+        case ESP_KEY_MGR_ECDSA_192_KEY:
+        case ESP_KEY_MGR_ECDSA_256_KEY:
+        case ESP_KEY_MGR_ECDSA_384_KEY:
             return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA));
             break;
 
@@ -194,6 +225,19 @@ static inline esp_key_mgr_key_usage_t key_mgr_ll_get_key_usage(esp_key_mgr_key_t
             return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH));
             break;
 
+        case ESP_KEY_MGR_HMAC_KEY:
+            return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC));
+            break;
+
+        case ESP_KEY_MGR_DS_KEY:
+            return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS));
+            break;
+
+        case ESP_KEY_MGR_PSRAM_128_KEY:
+        case ESP_KEY_MGR_PSRAM_256_KEY:
+            return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM));
+            break;
+
         default:
             HAL_ASSERT(false && "Unsupported mode");
             return ESP_KEY_MGR_USAGE_INVALID;
@@ -219,13 +263,30 @@ static inline void key_mgr_ll_lock_use_sw_init_key_reg(void)
 static inline void key_mgr_ll_lock_use_efuse_key_reg(esp_key_mgr_key_type_t key_type)
 {
     switch(key_type) {
-        case ESP_KEY_MGR_ECDSA_KEY:
+        case ESP_KEY_MGR_ECDSA_192_KEY:
+        case ESP_KEY_MGR_ECDSA_256_KEY:
+        case ESP_KEY_MGR_ECDSA_384_KEY:
             REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA);
             break;
+
         case ESP_KEY_MGR_XTS_AES_128_KEY:
         case ESP_KEY_MGR_XTS_AES_256_KEY:
             REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_FLASH);
             break;
+
+        case ESP_KEY_MGR_HMAC_KEY:
+            REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_HMAC);
+            break;
+
+        case ESP_KEY_MGR_DS_KEY:
+            REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_DS);
+            break;
+
+        case ESP_KEY_MGR_PSRAM_128_KEY:
+        case ESP_KEY_MGR_PSRAM_256_KEY:
+            REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM);
+            break;
+
         default:
             HAL_ASSERT(false && "Unsupported mode");
             return;
@@ -264,9 +325,12 @@ static inline bool key_mgr_ll_is_result_success(void)
 static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type)
 {
     switch (key_type) {
-
-        case ESP_KEY_MGR_ECDSA_KEY:
-            return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_VLD);
+        case ESP_KEY_MGR_ECDSA_192_KEY:
+            return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_192_VLD);
+        case ESP_KEY_MGR_ECDSA_256_KEY:
+            return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_256_VLD);
+        case ESP_KEY_MGR_ECDSA_384_KEY:
+            return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_384_VLD);
             break;
 
         case ESP_KEY_MGR_XTS_AES_128_KEY:
@@ -274,6 +338,19 @@ static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type
             return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_FLASH_VLD);
             break;
 
+        case ESP_KEY_MGR_HMAC_KEY:
+            return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_HMAC_VLD);
+            break;
+
+        case ESP_KEY_MGR_DS_KEY:
+            return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_DS_VLD);
+            break;
+
+        case ESP_KEY_MGR_PSRAM_128_KEY:
+        case ESP_KEY_MGR_PSRAM_256_KEY:
+            return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_PSRAM_VLD);
+            break;
+
         default:
             HAL_ASSERT(false && "Unsupported mode");
             return 0;
@@ -343,15 +420,23 @@ static inline bool key_mgr_ll_is_huk_valid(void)
 }
 
 /* @brief Set the XTS-AES (Flash Encryption) key length for the Key Manager */
-static inline void key_mgr_ll_set_xts_aes_key_len(const esp_key_mgr_xts_aes_key_len_t key_len)
+static inline void key_mgr_ll_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_xts_aes_key_len_t key_len)
 {
-    REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN, key_len);
+    if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_XTS_AES_256_KEY) {
+        REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN, key_len);
+    } else if (key_type == ESP_KEY_MGR_PSRAM_128_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) {
+        REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN, key_len);
+    }
 }
 
 /* @brief Get the XTS-AES (Flash Encryption) key length for the Key Manager */
-static inline esp_key_mgr_xts_aes_key_len_t key_mgr_ll_get_xts_aes_key_len(void)
+static inline esp_key_mgr_xts_aes_key_len_t key_mgr_ll_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type)
 {
-    return (esp_key_mgr_xts_aes_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN);
+    if (key_type == ESP_KEY_MGR_PSRAM_128_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) {
+        return (esp_key_mgr_xts_aes_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN);
+    } else {
+        return (esp_key_mgr_xts_aes_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN);
+    }
 }
 
 /**