1 // Copyright 2015-2021 Espressif Systems (Shanghai) PTE LTD
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 /*******************************************************************************
16 * NOTICE
17 * The ll is not public api, don't use in application code.
18 * See readme.md in hal/include/hal/readme.md
19 ******************************************************************************/
20
21 // The Lowlevel layer for SPI Flash Encryption.
22
23 #include <stdbool.h>
24 #include <string.h>
25 #include "soc/system_reg.h"
26 #include "soc/hwcrypto_reg.h"
27 #include "soc/soc.h"
28 #include "hal/assert.h"
29
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33
34 /// Choose type of chip you want to encrypt manully
35 typedef enum
36 {
37 FLASH_ENCRYPTION_MANU = 0, ///!< Manually encrypt the flash chip.
38 PSRAM_ENCRYPTION_MANU = 1 ///!< Manually encrypt the psram chip.
39 } flash_encrypt_ll_type_t;
40
41 /**
42 * Enable the flash encryption function under spi boot mode and download boot mode.
43 */
spi_flash_encrypt_ll_enable(void)44 static inline void spi_flash_encrypt_ll_enable(void)
45 {
46 REG_SET_BIT(DPORT_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG,
47 DPORT_ENABLE_DOWNLOAD_MANUAL_ENCRYPT |
48 DPORT_ENABLE_SPI_MANUAL_ENCRYPT);
49 }
50
51 /**
52 * Enable the AES accelerator.
53 * Also clear reset on digital signature unit, otherwise AES is held in resetop.
54 */
spi_flash_encrypt_ll_aes_accelerator_enable(void)55 static inline void spi_flash_encrypt_ll_aes_accelerator_enable(void)
56 {
57 REG_SET_BIT(DPORT_CPU_PERIP_CLK_EN1_REG, DPORT_CRYPTO_AES_CLK_EN);
58 REG_CLR_BIT(DPORT_CPU_PERIP_RST_EN1_REG, DPORT_CRYPTO_AES_RST | DPORT_CRYPTO_DS_RST);
59 }
60
61 /*
62 * Disable the flash encryption mode.
63 */
spi_flash_encrypt_ll_disable(void)64 static inline void spi_flash_encrypt_ll_disable(void)
65 {
66 REG_CLR_BIT(DPORT_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG,
67 DPORT_ENABLE_SPI_MANUAL_ENCRYPT);
68 }
69
70 /**
71 * Choose type of chip you want to encrypt manully
72 *
73 * @param type The type of chip to be encrypted
74 *
75 * @note The hardware currently support flash encryption.
76 */
spi_flash_encrypt_ll_type(flash_encrypt_ll_type_t type)77 static inline void spi_flash_encrypt_ll_type(flash_encrypt_ll_type_t type)
78 {
79 // Our hardware only support flash encryption
80 HAL_ASSERT(type == FLASH_ENCRYPTION_MANU);
81 REG_WRITE(AES_XTS_DESTINATION_REG, type);
82 }
83
84 /**
85 * Configure the data size of a single encryption.
86 *
87 * @param block_size Size of the desired block.
88 */
spi_flash_encrypt_ll_buffer_length(uint32_t size)89 static inline void spi_flash_encrypt_ll_buffer_length(uint32_t size)
90 {
91 // Desired block should not be larger than the block size.
92 REG_WRITE(AES_XTS_SIZE_REG, size >> 5);
93 }
94
95 /**
96 * Save 32-bit piece of plaintext.
97 *
98 * @param address the address of written flash partition.
99 * @param buffer Buffer to store the input data.
100 * @param size Buffer size.
101 */
spi_flash_encrypt_ll_plaintext_save(uint32_t address,const uint32_t * buffer,uint32_t size)102 static inline void spi_flash_encrypt_ll_plaintext_save(uint32_t address, const uint32_t* buffer, uint32_t size)
103 {
104 uint32_t plaintext_offs = (address % 64);
105 memcpy((void *)(AES_XTS_PLAIN_BASE + plaintext_offs), buffer, size);
106 }
107
108 /**
109 * Copy the flash address to XTS_AES physical address
110 *
111 * @param flash_addr flash address to write.
112 */
spi_flash_encrypt_ll_address_save(uint32_t flash_addr)113 static inline void spi_flash_encrypt_ll_address_save(uint32_t flash_addr)
114 {
115 REG_WRITE(AES_XTS_PHYSICAL_ADDR_REG, flash_addr);
116 }
117
118 /**
119 * Start flash encryption
120 */
spi_flash_encrypt_ll_calculate_start(void)121 static inline void spi_flash_encrypt_ll_calculate_start(void)
122 {
123 REG_WRITE(AES_XTS_TRIGGER_REG, 1);
124 }
125
126 /**
127 * Wait for flash encryption termination
128 */
spi_flash_encrypt_ll_calculate_wait_idle(void)129 static inline void spi_flash_encrypt_ll_calculate_wait_idle(void)
130 {
131 while(REG_READ(AES_XTS_STATE_REG) == 0x1) {
132 }
133 }
134
135 /**
136 * Finish the flash encryption and make encrypted result accessible to SPI.
137 */
spi_flash_encrypt_ll_done(void)138 static inline void spi_flash_encrypt_ll_done(void)
139 {
140 REG_WRITE(AES_XTS_RELEASE_REG, 1);
141 while(REG_READ(AES_XTS_STATE_REG) != 0x3) {
142 }
143 }
144
145 /**
146 * Set to destroy encrypted result
147 */
spi_flash_encrypt_ll_destroy(void)148 static inline void spi_flash_encrypt_ll_destroy(void)
149 {
150 REG_WRITE(AES_XTS_DESTROY_REG, 1);
151 }
152
153 /**
154 * Check if is qualified to encrypt the buffer
155 *
156 * @param address the address of written flash partition.
157 * @param length Buffer size.
158 */
spi_flash_encrypt_ll_check(uint32_t address,uint32_t length)159 static inline bool spi_flash_encrypt_ll_check(uint32_t address, uint32_t length)
160 {
161 return ((address % length) == 0) ? true : false;
162 }
163
164 #ifdef __cplusplus
165 }
166 #endif
167
