alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-01-20 18:45:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
45,714 Commits 22 Branches 174 Tags
be21a7af147cb8f4111a8aa0fd4ca1b60897e708
Commit Graph

66 Commits

Author SHA1 Message Date
Mahavir Jain
e054d168c1 Merge branch 'fix/c5_tee_sram_prot_v5.5' into 'release/v5.5' 
fix(esp_tee): Split TEE SRAM as I/DRAM for ESP32-C5 with PMA (v5.5)

See merge request espressif/esp-idf!42680
 2025-10-21 17:25:15 +05:30
Laukik Hase
c6168500b9 fix(esp_tee): Sync TEE-REE intr thresholds during service calls from critical sections 
- Previously, only the U-mode interrupt threshold was raised in REE critical sections,
  leaving M-mode at the lowest level.
- As a result, when a service call transitioned to M-mode, all interrupts were still
  allowed to fire, including those that should have been masked.
 2025-10-17 19:35:55 +05:30
Laukik Hase
2d494c5df6 feat(esp_tee): Reclaim unused TEE IRAM memory as heap 
- Changed the default TEE code placement to use the flash
  text section instead of IRAM text, making it consistent
  with the default data placement.
 2025-10-17 10:41:55 +05:30
Laukik Hase
1d563150b0 fix(esp_tee): Split TEE SRAM as I/DRAM for ESP32-C5 with PMA 2025-10-17 10:40:08 +05:30
Laukik Hase
50d2ecd93f refactor(esp_tee): Remove the spi_flash_erase_chip service call 
- Also fix coverity bug from TEE HMAC-PBKDF2 routine
 2025-10-14 10:12:36 +05:30
Laukik Hase
73d0dadd6b fix(esp_tee): Correct flash operation bound checks to handle all overlap cases 
- Ensure bound checks correctly handle all scenarios, including
  when a requested operation's (SPI0/1) range fully contains the
  TEE-protected region.
- Disable delegation of INTWDT timeout and Cache error interrupts as they reset
  the device after the panic handler
 2025-10-14 10:12:28 +05:30
Laukik Hase
22fe84bf91 ci(esp_tee): Disable the TEE test-apps for ESP32-C5 temporarily 2025-10-14 10:12:13 +05:30
Laukik Hase
78737a757a feat(esp_tee): Added support for PBKDF2-based (HMAC) ECDSA signing 2025-10-14 10:12:13 +05:30
Laukik Hase
d49055e307 fix(esp_tee): Skip taking the service call mutex when in critical sections 
- Fixes INT_WDT timeouts with mmap operations
- Add test-case for verifying parallel service calls
 2025-10-14 10:12:12 +05:30
Laukik Hase
26014bb404 feat(esp_tee): ASM routine fixes and improvements 
- Fix incorrect setting in the edge interrupt acknowledgement API
- Avoid executing the service call dispatcher in the U-mode ecall,
  rather execute `mret` to jump it
- Avoid `t1` register corruption when processing `ecall`
- Switch back to the bootloader stack from TEE stack after the
  execution of the entire TEE initialization routine
 2025-10-14 10:12:12 +05:30
Laukik Hase
4aafa4d11b feat(esp_tee): Miscellaneous fixes and updates 
- Rename `tee_test_fw` app configs for better CI tracking
- Decrease the lower bound of TEE I/DRAM config options
- Trim the TEE test-apps build
- Improve the TEE/REE OTA pytest script with additional checks
- Fix build issues when `tee_sec_storage`/`tee_ota_ops` are a
  a part of the project build but ESP-TEE is disabled
 2025-10-14 10:12:12 +05:30
Laukik Hase
9e487873c9 ci(esp_tee): Enable the TEE test-apps for ESP32-C5 2025-10-14 10:12:11 +05:30
Laukik Hase
12ab50dc54 ci(esp_tee): Refactor the ESP-TEE test-cases 
- Improve the interrupt-related test cases
- Fix potential issues in the task-switching test
  during secure service calls
 2025-10-14 10:12:11 +05:30
Laukik Hase
1815e2e4f2 feat(esp_tee): Support for ESP32-C5 - the esp_tee component 2025-10-14 10:12:10 +05:30
Jiang Jiang Jian
3c39b32195 Chip/support esp32c61 v5.5 2025-07-22 12:21:36 +08:00
harshal.patil
5210e576d5 feat(mbedtls/sha): New API for setting SHA mode 2025-06-18 16:46:39 +05:30
Laukik Hase
d482206483 ci(esp_tee): Enable the tee_test_fw test app for ESP32-H2 2025-05-21 10:06:17 +05:30
Laukik Hase
eca7c7296c feat(esp_tee): Support for ESP32-H2 - the esp_tee component 2025-05-21 10:06:16 +05:30
Laukik Hase
c16fc04c2d docs(esp_tee): Revise TEE secure storage and related documentation 2025-05-04 18:22:22 +05:30
Laukik Hase
033397b877 fix(esp_tee): Add standard newlib function stubs to resolve build warnings 
- Disable C++ exceptions for TEE build to reduce flash footprint
 2025-05-04 18:03:30 +05:30
Laukik Hase
3bb3f9362e refactor(esp_tee): Update TEE secure storage examples and test-apps 2025-05-04 18:03:30 +05:30
Laukik Hase
41bf07e6ce refactor(esp_tee): Remove the deprecated TEE secure storage partition subtype 2025-05-04 18:03:30 +05:30
Laukik Hase
d116567a66 refactor(esp_tee): Update TEE secure storage interface APIs 2025-05-04 18:03:29 +05:30
Laukik Hase
c9f7bcd452 feat(esp_tee): Support the nvs_flash for the ESP-TEE build 2025-05-04 18:03:28 +05:30
Laukik Hase
a0031cff9f refactor(esp_tee): Remove the redudant eFuse-related service calls 2025-04-17 11:04:29 +05:30
Laukik Hase
832124f198 fix(esp_tee): Place APM HAL in TEE IRAM when SPI1 protection is enabled 
- Place the APM HAL into TEE IRAM when `CONFIG_SECURE_TEE_EXT_FLASH_MEMPROT_SPI1`
  is enabled, as APM violations related to SPI1 can occur with the flash cache disabled.
- Also fix an issue where flash protection tests were passing due to incorrect checks
 2025-04-17 11:03:50 +05:30
Laukik Hase
a845be0149 refactor(esp_tee): Reduce the default TEE DRAM size 
- Decreased from 32KB to 24KB, keeping in mind the current maximum TEE heap
  usage and some overhead
- Make the TEE panic handler logs concise, saving some DRAM
 2025-04-17 11:03:17 +05:30
Laukik Hase
8e27be344b refactor(esp_tee): Place the secure services _ss_ layer in the flash by default 2025-04-17 11:03:16 +05:30
Laukik Hase
4a4d63d36e feat(esp_tee): Protect the ECC peripheral from REE access 2025-04-16 19:19:04 +05:30
Laukik Hase
fc4802c0d6 feat(esp_tee): Protect the HMAC and DS peripherals from REE access 2025-04-16 19:19:04 +05:30
Laukik Hase
d7d78f6238 fix(esp_tee): Correct the input validation checks for secure services 2025-04-16 19:19:04 +05:30
Laukik Hase
13aff0b216 fix(security): Fixed coverity warnings related to the esp_tee component 
- Also, disable the SECP192R1 curve (Mbed TLS config) when TEE Secure Storage
  does not require it
 2025-04-14 10:12:51 +05:30
Laukik Hase
d26e18cb49 ci(esp_tee): Verify the malloc-write-free cycle in the TEE heap 2025-04-08 19:50:27 +05:30
Laukik Hase
223c0d5f9d feat(esp_tee): Use the ROM TLSF implementation for the TEE build 2025-04-08 19:50:27 +05:30
Laukik Hase
d442886918 refactor(esp_tee): Refactor the TEE heap-related APIs 2025-04-08 19:50:26 +05:30
Chen Ji Chang
f407fab479 Merge branch 'feat/support_gptimer_on_h4' into 'master' 
feat(gptimer): support gptimer on esp32h4

Closes IDF-12373 and IDF-12374

See merge request espressif/esp-idf!38168
 2025-04-08 13:46:49 +08:00
Chen Jichang
2cbc297969 refactor(gptimer): use group_id in clock ctrl functions 2025-04-08 10:20:48 +08:00
Laukik Hase
bd314c2460 refactor(esp_tee): Update the SHA clock configuration service call 2025-04-04 10:31:28 +05:30
Laukik Hase
3fd107aa04 feat(mbedtls): Add support for ECDSA signing with TEE secure storage 2025-04-03 15:35:15 +05:30
Laukik Hase
1e8933d296 feat(esp_tee): Add support for SECP192R1 curve in TEE secure storage 2025-04-03 15:35:14 +05:30
Laukik Hase
6e5513b8ad refactor(esp_tee): Component dependency cleanup for the TEE build 2025-03-19 14:30:52 +05:30
igor.udot
daf2d31008 test: format all test scripts 2025-03-05 12:08:48 +08:00
Laukik Hase
873409da6b refactor(esp_tee): Simplify service call ASM routine 
- Remove `mret` for jumping to the service call dispatcher; instead, enable
  interrupts and execute directly
- Fix potential corruption of the `t3` register when returning from a service
  call
- Simplify the secure service dispatcher function
 2025-02-25 17:18:08 +05:30
Laukik Hase
5c4a527750 refactor(esp_tee): Remove explicit setting of the HP_CPU APM/TEE security mode 2025-02-25 16:49:08 +05:30
Laukik Hase
26fa7109f3 fix(esp_tee): Protect the AES/SHA clock registers from REE access 2025-02-25 16:49:08 +05:30
Mahavir Jain
870a1846b1 Merge branch 'feature/esp_tee_flash_prot_spi1' into 'master' 
feat(esp_tee): Add support for flash memory isolation and protection (SPI1)

Closes IDF-10481, IDF-10083, and IDF-8915

See merge request espressif/esp-idf!36454
 2025-02-12 18:35:49 +08:00
Laukik Hase
1f6d450d19 fix(security): Fixed coverity warnings from nvs_sec_provider and esp_tee components 2025-02-11 13:01:13 +05:30
Laukik Hase
7d49f696c1 ci(esp_tee): Add tests for verifying behaviour for illegal flash accesses (SPI1) 2025-02-11 12:30:06 +05:30
Laukik Hase
c23714f775 feat(esp_tee): Add support for flash memory isolation and protection (SPI1) 2025-02-11 12:30:05 +05:30
Laukik Hase
37525c605d refactor(esp_tee): Migrate secure services list from TBL to YAML 2025-02-11 10:15:20 +05:30