- When NVS encryption is enabled on SoCs with the HMAC peripheral that have flash encryption
enabled, the HMAC-based NVS encryption scheme is now selected as default instead of the
flash encryption-based scheme.
- If your application previously used the flash encryption-based scheme, you need to manually
configure the NVS encryption scheme to flash encryption from HMAC through ``menuconfig``
or your project's ``sdkconfig`` (i.e., setting ``CONFIG_NVS_SEC_KEY_PROTECT_USING_FLASH_ENC=y``).
- Rename `tee_test_fw` app configs for better CI tracking
- Decrease the lower bound of TEE I/DRAM config options
- Trim the TEE test-apps build
- Improve the TEE/REE OTA pytest script with additional checks
- Fix build issues when `tee_sec_storage`/`tee_ota_ops` are a
a part of the project build but ESP-TEE is disabled
feat(esp_tee): Add support for flash memory isolation and protection (SPI1)
Closes IDF-10481, IDF-10083, and IDF-8915
See merge request espressif/esp-idf!36454
Also:
- Split the secure service table into two parts: one DRAM-resident and the
other DROM-resident. The former holds the services invoked when the cache is
disabled or suspended while the latter holds rest of the services.
Currently, several example dependencies rely on the fact that all
registered components are added to the build, along with components
specified in common requirements. This results in longer build times
because even unused components must be built. Switch all examples to use
idf_minimal_build to compile only the components actually required by
the example.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Currently, several examples do not explicitly state their component
dependencies, relying instead on the default behavior that includes all
registered components and commonly required ones in the build.
Explicitly adding component dependencies can reduce build time when
set(COMPONENTS main) is used.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
The Flash encryption example was giving a warning
message related to the mount failure of the fatfs
partition. The change fixes the behaviour to
remove the warning
The issue is `esp_flash_write_encryped` function in ROM on ESP32C3, ESP32S3
calls legacy implementation, which uses old configuration. And this causes
write fails.
The solution in this commit is to compile and link this function(and related)
in IRAM instead of the ROM one.
The IRAM cost increases around 1.2KB after the fix
