Merge branch 'feature/secure_set_efuses_to_prevent_brick_chip' into 'master'

security: write-protect DIS_ICAHE and DIS_DCACHE

Closes IDF-5177

See merge request espressif/esp-idf!22640

components/bootloader_support/src/esp32c6/flash_encryption_secure_features.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -46,5 +46,15 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
     esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
 #endif
 
+#ifndef CONFIG_SECURE_FLASH_SKIP_WRITE_PROTECTION_CACHE
+    // Set write-protection for DIS_ICACHE to prevent bricking chip in case it will be set accidentally.
+    // esp32c6 has DIS_ICACHE. Write-protection bit = 2.
+    // List of eFuses with the same write protection bit:
+    // SWAP_UART_SDIO_EN, DIS_ICACHE, DIS_USB_JTAG, DIS_DOWNLOAD_ICACHE,
+    // DIS_USB_SERIAL_JTAG, DIS_FORCE_DOWNLOAD, DIS_TWAI, JTAG_SEL_ENABLE,
+    // DIS_PAD_JTAG, DIS_DOWNLOAD_MANUAL_ENCRYPT.
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE);
+#endif
+
     return ESP_OK;
 }