Merge branch 'feat/adding_test_case_anti_rollback_and_flash_encryption' into 'master'

feat(ota): Added test for checking flash encryption and anti-rollback enabled

Closes IDF-9200

See merge request espressif/esp-idf!32951

Author: mahavirj

examples/system/ota/advanced_https_ota/anti_rollback_partition.csv

@@ -4,5 +4,5 @@ nvs,      data, nvs,     ,        0x4000,
 otadata,  data, ota,     ,        0x2000,
 phy_init, data, phy,     ,        0x1000,
 emul_efuse,data,efuse,   ,        0x2000,
-ota_0,    app,  ota_0,   ,        3584K,
-ota_1,    app,  ota_1,   ,        3584K,
+ota_0,    app,  ota_0,   ,        1500K,
+ota_1,    app,  ota_1,   ,        1500K,

examples/system/ota/advanced_https_ota/pytest_advanced_ota.py

@@ -430,7 +430,7 @@ def test_examples_protocol_advanced_https_ota_example_redirect_url(dut: Dut) ->
 
 
 @pytest.mark.esp32
-@pytest.mark.ethernet_flash_8m
+@pytest.mark.flash_encryption_ota
 @pytest.mark.parametrize('config', ['anti_rollback',], indirect=True)
 @pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
 def test_examples_protocol_advanced_https_ota_example_anti_rollback(dut: Dut) -> None:

examples/system/ota/advanced_https_ota/sdkconfig.ci.anti_rollback

@@ -6,12 +6,11 @@ CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="anti_rollback_partition.csv"
 CONFIG_PARTITION_TABLE_FILENAME="anti_rollback_partition.csv"
 CONFIG_PARTITION_TABLE_OFFSET=0xd000
-CONFIG_ESPTOOLPY_FLASHSIZE_8MB=y
-CONFIG_ESPTOOLPY_FLASHSIZE="8MB"
+CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
+CONFIG_ESPTOOLPY_FLASHSIZE="4MB"
 CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE=y
 CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK=y
 CONFIG_BOOTLOADER_APP_SECURE_VERSION=1
-CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE=y
 CONFIG_EXAMPLE_CONNECT_ETHERNET=y
 CONFIG_EXAMPLE_CONNECT_WIFI=n
 CONFIG_EXAMPLE_USE_INTERNAL_ETHERNET=y
@@ -24,3 +23,18 @@ CONFIG_EXAMPLE_ETH_PHY_ADDR=1
 CONFIG_MBEDTLS_TLS_CLIENT_ONLY=y
 CONFIG_COMPILER_OPTIMIZATION_SIZE=y
 CONFIG_EXAMPLE_CONNECT_IPV6=n
+
+
+# Default settings for testing this example in CI.
+# This configuration is not secure, don't use it in production!
+# See Flash Encryption API Guide for more details.
+
+CONFIG_SECURE_FLASH_ENC_ENABLED=y
+CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
+CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y
+CONFIG_SECURE_BOOT_ALLOW_JTAG=y
+CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
+CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=y
+CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y
+CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y
+CONFIG_NVS_ENCRYPTION=n  # this test combination is only for flash encryption and anti-rollback use-case and hence disabling it.

tools/ci/idf_pytest/constants.py

@@ -68,6 +68,7 @@
     'flash_encryption': 'Flash Encryption runners',
     'flash_encryption_f4r8': 'Flash Encryption runners with 4-line flash and 8-line psram',
     'flash_encryption_f8r8': 'Flash Encryption runners with 8-line flash and 8-line psram',
+    'flash_encryption_ota': 'Flash Encryption runners with ethernet OTA support with 4mb flash size',
     'flash_multi': 'Multiple flash chips tests',
     'psram': 'Chip has 4-line psram',
     'ir_transceiver': 'runners with a pair of IR transmitter and receiver',