- When NVS encryption is enabled on SoCs with the HMAC peripheral that have flash encryption
enabled, the HMAC-based NVS encryption scheme is now selected as default instead of the
flash encryption-based scheme.
- If your application previously used the flash encryption-based scheme, you need to manually
configure the NVS encryption scheme to flash encryption from HMAC through ``menuconfig``
or your project's ``sdkconfig`` (i.e., setting ``CONFIG_NVS_SEC_KEY_PROTECT_USING_FLASH_ENC=y``).
- Fix incorrect setting in the edge interrupt acknowledgement API
- Avoid executing the service call dispatcher in the U-mode ecall,
rather execute `mret` to jump it
- Avoid `t1` register corruption when processing `ecall`
- Switch back to the bootloader stack from TEE stack after the
execution of the entire TEE initialization routine
- Rename `tee_test_fw` app configs for better CI tracking
- Decrease the lower bound of TEE I/DRAM config options
- Trim the TEE test-apps build
- Improve the TEE/REE OTA pytest script with additional checks
- Fix build issues when `tee_sec_storage`/`tee_ota_ops` are a
a part of the project build but ESP-TEE is disabled
This commit refactors the esptool_py component to provide utility
functions for binary file generation targets instead of creating the
targets. Binary generation targets are now moved to the respective
projects.
The following changes were done in this commit:
- Added __idf_build_binary() function to esptool_py to create the binary
file generation target.
- Added __idf_build_secure_binary() as the secure boot equivalent of the
above function.
- Top level project build now creates its own binary targets in
idf_build_executable() in build.cmake.
- Bootloader and esp_tee subprojects create their binary file generation
targets in their respective CMakeLists.txt files.
- All post-build targets such as the app_size_check target are now
created by the respective projects and not esptool_py.
- General clean-up of the esptool_py cmake files.
This commit refactors the esptool_py component to provide utility
functions for flash target management instead of creating the targets
directly. Flash target creation is now moved to the project level in
build.cmake file when idf_build_executable() runs.
The following changes were done in this commit:
- Added __esptool_py_setup_tools(), __esptool_py_setup_estool_py_args()
and __ensure_esptool_py_setup() functions to centralize esptool_py
setup.
- Added __esptool_py_setup_main_flash_target() which is called by
idf_build_executable() to create the flash targets.
- Updated esptool_py_flash_target(), esptool_py_custom_target() to
accept an optional FILENAME_PREFIX argument to enable creation of
build artifacts based on custom names.
- Create placeholder flash targets early in the build process when
idf_build_process() is called for components to add dependencies on
these targets.
- Moved app-flash target creation from esptool_py/CMakeLists.txt to
build.cmake.
- Added function description to esptool_py functions.
This commit establishes the foundation for making the esptool_py
component idempotent.
The following changes are made in this commit:
- Removes unnecessary dependency of esp_wifi component on esptool_py.
- Add missing esptool_py dependencies to components which directly use
esptool_py specific functions or variables but do not declare a public
or private dependency.
- Place the APM HAL into TEE IRAM when `CONFIG_SECURE_TEE_EXT_FLASH_MEMPROT_SPI1`
is enabled, as APM violations related to SPI1 can occur with the flash cache disabled.
- Also fix an issue where flash protection tests were passing due to incorrect checks
- Decreased from 32KB to 24KB, keeping in mind the current maximum TEE heap
usage and some overhead
- Make the TEE panic handler logs concise, saving some DRAM
