fix(security): Fixed flash encryption for esp32p4

The flash encryption on esp32p4 was broken due to code related to key manager not being executed when key manager support was disabled on esp32p4 target. This commit fixes that behaviour Additionally, the atomic env enablement for key_mgr_ll_enable_peripheral_clock was fixed.
2025-08-18 23:54:39 +00:00 · 2024-08-28 11:38:00 +05:30
parent 0bbd728196
commit aa754d40b8
7 changed files with 71 additions and 38 deletions
--- a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in
@@ -1483,6 +1483,14 @@ config SOC_EFUSE_ECDSA_KEY
    bool
    default y

+config SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
+    bool
+    default y
+
+config SOC_KEY_MANAGER_FE_KEY_DEPLOY
+    bool
+    default y
+
 config SOC_SECURE_BOOT_V2_RSA
    bool
    default y
--- a/components/soc/esp32p4/include/soc/soc_caps.h
+++ b/components/soc/esp32p4/include/soc/soc_caps.h
@@ -582,6 +582,9 @@
 #define SOC_EFUSE_DIS_DOWNLOAD_MSPI 1
 #define SOC_EFUSE_ECDSA_KEY 1

+/*-------------------------- Key Manager CAPS----------------------------*/
+#define SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY    1 /*!< Key manager responsible to deploy ECDSA key */
+#define SOC_KEY_MANAGER_FE_KEY_DEPLOY       1 /*!< Key manager responsible to deploy Flash Encryption key */
 /*-------------------------- Secure Boot CAPS----------------------------*/
 #define SOC_SECURE_BOOT_V2_RSA              1
 #define SOC_SECURE_BOOT_V2_ECC              1
@@ -595,7 +598,6 @@
 #define SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS 1
 #define SOC_FLASH_ENCRYPTION_XTS_AES_128    1
 #define SOC_FLASH_ENCRYPTION_XTS_AES_256    1
-
 /*-------------------------- MEMPROT CAPS ------------------------------------*/

 /*-------------------------- UART CAPS ---------------------------------------*/