Flash encryption: Support enabling flash encryption in bootloader, app support

* App access functions are all flash encryption-aware
* Documentation for flash encryption
* Partition read/write is flash aware
* New encrypted write function

components/esp32/include/esp_flash_data_types.h

@@ -47,9 +47,24 @@ typedef struct {
     uint8_t  subtype;
     esp_partition_pos_t pos;
 	uint8_t  label[16];
-    uint8_t  reserved[4];
+    uint32_t flags;
 } esp_partition_info_t;
 
+#define PART_TYPE_APP 0x00
+#define PART_SUBTYPE_FACTORY  0x00
+#define PART_SUBTYPE_OTA_FLAG 0x10
+#define PART_SUBTYPE_OTA_MASK 0x0f
+#define PART_SUBTYPE_TEST     0x20
+
+#define PART_TYPE_DATA 0x01
+#define PART_SUBTYPE_DATA_OTA 0x00
+#define PART_SUBTYPE_DATA_RF  0x01
+#define PART_SUBTYPE_DATA_WIFI 0x02
+
+#define PART_TYPE_END 0xff
+#define PART_SUBTYPE_END 0xff
+
+#define PART_FLAG_ENCRYPTED (1<<0)
 
 #ifdef __cplusplus
 }

components/esp32/include/rom/spi_flash.h

@@ -495,16 +495,20 @@ SpiFlashOpResult SPI_Prepare_Encrypt_Data(uint32_t flash_addr, uint32_t *data);
 void SPI_Write_Encrypt_Disable(void);
 
 /**
-  * @brief Encrpto writing data to flash, you should Erase it yourself if need.
-  *        Please do not call this function in SDK.
+  * @brief Write data to flash with transparent encryption.
+  * @note Sectors to be written should already be erased.
   *
-  * @param  uint32_t flash_addr : Address to write, should be 32 bytes aligned.
+  * @note Please do not call this function in SDK.
   *
-  * @param  uint32_t *data : The pointer to data which is to write.
+  * @param  uint32_t flash_addr : Address to write, should be 32 byte aligned.
+  *
+  * @param  uint32_t *data : The pointer to data to write. Note, this pointer must
+  *                          be 32 bit aligned and the content of the data will be
+  *                          modified by the encryption function.
   *
   * @param  uint32_t len : Length to write, should be 32 bytes aligned.
   *
-  * @return SPI_FLASH_RESULT_OK : Encrypto write OK.
+  * @return SPI_FLASH_RESULT_OK : Data written successfully.
   *         SPI_FLASH_RESULT_ERR : Encrypto write error.
   *         SPI_FLASH_RESULT_TIMEOUT : Encrypto write timeout.
   */

components/esp32/include/soc/soc.h

@@ -79,8 +79,8 @@
 //set bits of register controlled by mask
 #define REG_SET_BITS(_r, _b, _m) (*(volatile uint32_t*)(_r) = (*(volatile uint32_t*)(_r) & ~(_m)) | ((_b) & (_m)))
 
-//get field from register, used when _f is not left shifted by _f##_S
-#define REG_GET_FIELD(_r, _f) ((REG_READ(_r) >> (_f##_S)) & (_f))
+//get field from register, uses field _S & _V to determine mask
+#define REG_GET_FIELD(_r, _f) ((REG_READ(_r) >> (_f##_S)) & (_f##_V))
 
 //set field to register, used when _f is not left shifted by _f##_S
 #define REG_SET_FIELD(_r, _f, _v) (REG_WRITE((_r),((REG_READ(_r) & ~((_f) << (_f##_S)))|(((_v) & (_f))<<(_f##_S)))))

components/esp32/include/soc/wdev_reg.h

@@ -14,5 +14,7 @@
 
 #pragma once
 
+#include "soc.h"
+
 /* Hardware random number generator register */ 
 #define WDEV_RND_REG 0x60035144