Merge branch 'espressif:release/v5.4' into release/v5.4

Author: Jason2866

components/bootloader/Kconfig.projbuild

@@ -1134,6 +1134,44 @@ menu "Security features"
 
             If not set, the app does not care if the flash encryption eFuse bit is set or not.
 
+    config SECURE_FLASH_PSEUDO_ROUND_FUNC
+        bool "Permanently enable XTS-AES's pseudo rounds function"
+        default y
+        depends on SECURE_FLASH_ENCRYPTION_MODE_RELEASE && SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+        help
+            If set (default), the bootloader will permanently enable the XTS-AES peripheral's pseudo rounds function.
+            Note: Enabling this config would burn an efuse.
+
+    choice SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH
+        prompt "Strength of the pseudo rounds function"
+        depends on SECURE_FLASH_PSEUDO_ROUND_FUNC
+        default SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+        help
+            The strength of the pseudo rounds functions can be configured to low, medium and high,
+            each denoting the values that would be stored in the efuses field.
+            By default the value to set to low.
+            You can configure the strength of the pseudo rounds functions according to your use cases,
+            for example, increasing the strength would provide higher security but would slow down the
+            flash encryption/decryption operations.
+            For more info regarding the performance impact, please checkout the pseudo round function section of the
+            security guide documentation.
+
+        config SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+            bool "Low"
+
+        config SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
+            bool "Medium"
+
+        config SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
+            bool "High"
+    endchoice
+
+    config SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH
+        int
+        default 1 if SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+        default 2 if SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
+        default 3 if SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
+
     config SECURE_ROM_DL_MODE_ENABLED
         bool
         default y if SOC_SUPPORTS_SECURE_DL_MODE && !SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT

components/bootloader_support/src/esp32h2/flash_encryption_secure_features.c

@@ -1,15 +1,18 @@
 /*
- * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
 
+#include <stdint.h>
 #include <strings.h>
 #include "esp_flash_encrypt.h"
 #include "esp_secure_boot.h"
 #include "esp_efuse.h"
 #include "esp_efuse_table.h"
 #include "esp_log.h"
+#include "hal/spi_flash_encrypted_ll.h"
+#include "soc/soc_caps.h"
 #include "sdkconfig.h"
 
 static __attribute__((unused)) const char *TAG = "flash_encrypt";
@@ -33,6 +36,14 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
 
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);
 
+#if defined(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE) && defined(SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND)
+    if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
+        ESP_LOGI(TAG, "Enable XTS-AES pseudo rounds function...");
+        uint8_t xts_pseudo_level = CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH;
+        esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
+    }
+#endif
+
 #if defined(CONFIG_SECURE_BOOT_V2_ENABLED) && !defined(CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS)
     // This bit is set when enabling Secure Boot V2, but we can't enable it until this later point in the first boot
     // otherwise the Flash Encryption key cannot be read protected

components/bootloader_support/src/flash_encrypt.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -12,6 +12,9 @@
 #include "esp_flash_encrypt.h"
 #include "esp_secure_boot.h"
 #include "hal/efuse_hal.h"
+#include "hal/spi_flash_encrypted_ll.h"
+#include "hal/spi_flash_encrypt_hal.h"
+#include "soc/soc_caps.h"
 
 #if CONFIG_IDF_TARGET_ESP32
 #define CRYPT_CNT ESP_EFUSE_FLASH_CRYPT_CNT
@@ -207,6 +210,13 @@ void esp_flash_encryption_set_release_mode(void)
 #endif // CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED
 #endif // !CONFIG_IDF_TARGET_ESP32
 
+#ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+    if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
+        uint8_t xts_pseudo_level = ESP_XTS_AES_PSEUDO_ROUNDS_LOW;
+        esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
+    }
+#endif
+
 #ifdef CONFIG_IDF_TARGET_ESP32
     esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE);
 #else
@@ -468,6 +478,17 @@ bool esp_flash_encryption_cfg_verify_release_mode(void)
     }
     result &= secure;
 
+#if SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+    if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
+        uint8_t xts_pseudo_level = 0;
+        esp_efuse_read_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
+        if (!xts_pseudo_level) {
+            result &= false;
+            ESP_LOGW(TAG, "Not enabled XTS-AES pseudo rounds function (set XTS_DPA_PSEUDO_LEVEL->1 or more)");
+        }
+    }
+#endif
+
     return result;
 }
 #endif // not CONFIG_IDF_TARGET_ESP32

components/bt/CMakeLists.txt

@@ -24,6 +24,7 @@ set(common_include_dirs
     common/btc/profile/esp/blufi/include
     common/btc/profile/esp/include
     common/hci_log/include
+    common/ble_log/include
 )
 
 set(ble_mesh_include_dirs
@@ -132,6 +133,10 @@ if(CONFIG_BT_ENABLED)
          "porting/mem/bt_osi_mem.c"
          )
 
+    if(CONFIG_BT_LE_CONTROLLER_LOG_SPI_OUT_ENABLED)
+        list(APPEND srcs "common/ble_log/ble_log_spi_out.c")
+    endif()
+
     # Host Bluedroid
     if(CONFIG_BT_BLUEDROID_ENABLED)
 
@@ -857,6 +862,7 @@ idf_component_register(SRCS "${srcs}"
                        PRIV_INCLUDE_DIRS "${priv_include_dirs}"
                        REQUIRES esp_timer esp_wifi
                        PRIV_REQUIRES nvs_flash soc esp_pm esp_phy esp_coex mbedtls esp_driver_uart vfs esp_ringbuf
+                                     esp_driver_spi
                        LDFRAGMENTS "${ldscripts}")
 
 if(CONFIG_BT_ENABLED)

components/bt/common/ble_log/ble_log_spi_out.c

@@ -0,0 +1,220 @@
+/*
+ * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#include "ble_log/ble_log_spi_out.h"
+
+// Private defines
+#define SPI_OUT_BUS SPI2_HOST
+
+// Private typedefs
+typedef struct spi_out_trans
+{
+    spi_transaction_t trans;
+    struct spi_out_trans *next;
+} spi_out_trans_t;
+
+// Private variables
+static spi_device_handle_t spi_handle = NULL;
+static spi_out_trans_t *trans_head = NULL;
+static SemaphoreHandle_t mutex_handle = NULL;
+static bool spi_out_inited = false;
+
+// Private function declarations
+static void spi_out_init_trans(void);
+static void spi_out_deinit_trans(void);
+static void spi_out_recycle_trans(uint32_t ms_to_wait);
+static void spi_out_append_trans(void);
+
+// Private functions
+static void spi_out_init_trans(void)
+{
+    for (int i = 0; i < CONFIG_BT_LE_CONTROLLER_LOG_SPI_OUT_QUEUE_SIZE; i++)
+    {
+        // Allocate memory for SPI transaction
+        uint8_t *buf = (uint8_t *)spi_bus_dma_memory_alloc(SPI_OUT_BUS, CONFIG_BT_LE_CONTROLLER_LOG_SPI_OUT_TRANS_BUF_SIZE, 0);
+        assert(buf);
+
+        // Initialize new trans
+        spi_out_trans_t *new_trans = (spi_out_trans_t *)malloc(sizeof(spi_out_trans_t));
+        assert(new_trans);
+        memset(new_trans, 0, sizeof(spi_out_trans_t));
+        new_trans->trans.tx_buffer = buf;
+        new_trans->trans.length = 0;
+
+        // Append new trans to free trans list
+        new_trans->next = trans_head;
+        trans_head = new_trans;
+    }
+    return;
+}
+
+static void spi_out_deinit_trans(void)
+{
+    // Wait up to QUEUE_SIZE * 100 ms for all transactions to complete and be recycled
+    spi_out_recycle_trans(100);
+
+    // Release memory
+    spi_out_trans_t *next;
+    while (trans_head != NULL)
+    {
+        next = trans_head->next;
+        free((uint8_t *)trans_head->trans.tx_buffer);
+        free(trans_head);
+        trans_head = next;
+    }
+    trans_head = NULL;
+    return;
+}
+
+IRAM_ATTR static void spi_out_recycle_trans(uint32_t ms_to_wait)
+{
+    // Try to recycle transaction
+    spi_transaction_t *ret_trans;
+    spi_out_trans_t *recycled_trans;
+    while (ESP_OK == spi_device_get_trans_result(spi_handle, &ret_trans, pdMS_TO_TICKS(ms_to_wait)))
+    {
+        recycled_trans = __containerof(ret_trans, spi_out_trans_t, trans);
+        recycled_trans->next = trans_head;
+        trans_head = recycled_trans;
+        trans_head->trans.length = 0;
+    }
+}
+
+IRAM_ATTR static void spi_out_append_trans(void)
+{
+    // Transaction head shall not be NULL for appending
+    assert(trans_head);
+
+    // Detach transaction head
+    spi_out_trans_t *trans_to_append = trans_head;
+    trans_head = trans_head->next;
+    trans_to_append->next = NULL;
+
+    // CRITICAL: Length unit conversion from bytes to bits
+    trans_to_append->trans.length *= 8;
+    assert(ESP_OK == spi_device_queue_trans(spi_handle, &trans_to_append->trans, 0));
+
+    // Try to recycle trans
+    spi_out_recycle_trans(0);
+}
+
+// Public functions
+void ble_log_spi_out_init(void)
+{
+    // Avoid double init
+    if (spi_out_inited)
+    {
+        return;
+    }
+
+    // Initialize SPI
+    spi_bus_config_t bus_config = {
+        .miso_io_num = -1,
+        .mosi_io_num = CONFIG_BT_LE_CONTROLLER_LOG_SPI_OUT_MOSI_IO_NUM,
+        .sclk_io_num = CONFIG_BT_LE_CONTROLLER_LOG_SPI_OUT_SCLK_IO_NUM,
+        .quadwp_io_num = -1,
+        .quadhd_io_num = -1,
+        .max_transfer_sz = 10240
+    };
+    spi_device_interface_config_t dev_config = {
+        .clock_speed_hz = SPI_MASTER_FREQ_20M,
+        .mode = 0,
+        .spics_io_num = CONFIG_BT_LE_CONTROLLER_LOG_SPI_OUT_CS_IO_NUM,
+        .queue_size = CONFIG_BT_LE_CONTROLLER_LOG_SPI_OUT_QUEUE_SIZE
+    };
+    ESP_ERROR_CHECK(spi_bus_initialize(SPI_OUT_BUS, &bus_config, SPI_DMA_CH_AUTO));
+    ESP_ERROR_CHECK(spi_bus_add_device(SPI_OUT_BUS, &dev_config, &spi_handle));
+
+    // Initialize transaction link nodes
+    spi_out_init_trans();
+
+    // Initialize mutex
+    mutex_handle = xSemaphoreCreateMutex();
+
+    // Set init flag
+    spi_out_inited = true;
+}
+
+void ble_log_spi_out_deinit(void)
+{
+    // Avoid double deinit
+    if (!spi_out_inited)
+    {
+        return;
+    }
+
+    // Deinitialize transaction link nodes
+    spi_out_deinit_trans();
+
+    // Deinitialize SPI
+    ESP_ERROR_CHECK(spi_bus_remove_device(spi_handle));
+    ESP_ERROR_CHECK(spi_bus_free(SPI_OUT_BUS));
+    spi_handle = NULL;
+
+    // Deinitialize mutex
+    vSemaphoreDelete(mutex_handle);
+    mutex_handle = NULL;
+
+    // Reset init flag
+    spi_out_inited = false;
+}
+
+IRAM_ATTR void ble_log_spi_out_write(uint32_t len, const uint8_t *addr, spi_out_source_t source)
+{
+    // Take semaphore
+    assert(xSemaphoreTake(mutex_handle, portMAX_DELAY) == pdTRUE);
+
+    // Recycle trans if free buffer list is empty
+    if (!trans_head)
+    {
+        spi_out_recycle_trans(0);
+    }
+
+    // Length of 0 means flush out
+    if (!len)
+    {
+        assert(trans_head);
+        if (trans_head->trans.length)
+        {
+            spi_out_append_trans();
+        }
+        goto release;
+    }
+
+    // Copy user data to buffer
+    uint32_t copy_buf_len;
+    uint32_t data_left_len = len;
+    uint32_t empty_buf_len = CONFIG_BT_LE_CONTROLLER_LOG_SPI_OUT_TRANS_BUF_SIZE - trans_head->trans.length;
+    while (data_left_len)
+    {
+        // There shall always be available buffer in free buffer list during write operation
+        assert(trans_head);
+
+        // Copy data to buffer and update length
+        copy_buf_len = (data_left_len > empty_buf_len) ? empty_buf_len : data_left_len;
+        memcpy((uint8_t *)trans_head->trans.tx_buffer + trans_head->trans.length, addr + (len - data_left_len), copy_buf_len);
+        trans_head->trans.length += copy_buf_len;
+        data_left_len -= copy_buf_len;
+
+        // Transaction buffer length shall never exceed buffer size
+        assert(trans_head->trans.length <= CONFIG_BT_LE_CONTROLLER_LOG_SPI_OUT_TRANS_BUF_SIZE);
+
+        // If buffer is full, append transaction and reset buffer length
+        if (trans_head->trans.length == CONFIG_BT_LE_CONTROLLER_LOG_SPI_OUT_TRANS_BUF_SIZE)
+        {
+            spi_out_append_trans();
+            empty_buf_len = CONFIG_BT_LE_CONTROLLER_LOG_SPI_OUT_TRANS_BUF_SIZE;
+        }
+    }
+
+release:
+    xSemaphoreGive(mutex_handle);
+    return;
+}
+
+IRAM_ATTR void ble_log_spi_out_write_esp(uint32_t len, const uint8_t *addr, bool end)
+{
+    ble_log_spi_out_write(len, addr, esp_controller);
+}