refactor(esp_tee): Remove the deprecated TEE secure storage partition subtype

Author: laukik-hase

components/bootloader_support/include/esp_flash_partitions.h

@@ -41,7 +41,6 @@ extern "C" {
 #define PART_SUBTYPE_PARTITION_TABLE_OTA 0x01
 
 #define PART_SUBTYPE_DATA_TEE_OTA 0x90
-#define PART_SUBTYPE_DATA_TEE_SEC_STORAGE 0x91
 
 #define PART_TYPE_END 0xff
 #define PART_SUBTYPE_END 0xff

components/bootloader_support/src/bootloader_utility.c

@@ -226,9 +226,6 @@ bool bootloader_utility_load_partition_table(bootloader_state_t *bs)
                 bs->tee_ota_info = partition->pos;
                 partition_usage = "TEE OTA data";
                 break;
-            case PART_SUBTYPE_DATA_TEE_SEC_STORAGE: /* TEE secure storage */
-                partition_usage = "TEE secure storage";
-                break;
 #endif
             default:
                 partition_usage = "Unknown data";

components/esp_partition/include/esp_partition.h

@@ -114,7 +114,6 @@ typedef enum {
     ESP_PARTITION_SUBTYPE_DATA_LITTLEFS = 0x83,                               //!< LITTLEFS partition
 
     ESP_PARTITION_SUBTYPE_DATA_TEE_OTA = 0x90,                                //!< TEE OTA selection partition
-    ESP_PARTITION_SUBTYPE_DATA_TEE_SEC_STORAGE= 0x91,                         //!< TEE secure storage partition
 
 #if __has_include("extra_partition_subtypes.inc")
     #include "extra_partition_subtypes.inc"

components/esp_tee/include/private/esp_tee_binary.h

@@ -39,6 +39,10 @@ extern "C" {
 #error "CONFIG_SECURE_TEE_INTR_STACK_SIZE must be 16-byte (0x10) aligned"
 #endif
 
+/* TEE Secure Storage partition label and NVS namespace */
+#define ESP_TEE_SEC_STG_PART_LABEL    "secure_storage"
+#define ESP_TEE_SEC_STG_NVS_NAMESPACE "tee_sec_stg_ns"
+
 /* NOTE: ESP32-C6 - TEE/REE memory regions */
 /* TEE I/DRAM */
 #define SOC_S_IRAM_START      (SOC_IRAM_LOW)

components/esp_tee/subproject/components/tee_flash_mgr/esp_tee_flash.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -166,7 +166,14 @@ esp_err_t esp_tee_flash_setup_prot_ctx(uint8_t tee_boot_part)
         if (type == PART_TYPE_APP) {
             needs_protection = (subtype == PART_SUBTYPE_TEE_0 || subtype == PART_SUBTYPE_TEE_1);
         } else if (type == PART_TYPE_DATA) {
-            needs_protection = (subtype == PART_SUBTYPE_DATA_TEE_OTA || subtype == PART_SUBTYPE_DATA_TEE_SEC_STORAGE);
+            if (subtype == PART_SUBTYPE_DATA_TEE_OTA) {
+                needs_protection = true;
+            } else if (subtype == PART_SUBTYPE_DATA_WIFI) {
+                size_t label_len = strlen(ESP_TEE_SEC_STG_PART_LABEL);
+                if (memcmp(partition_entry->partition.label, ESP_TEE_SEC_STG_PART_LABEL, label_len) == 0) {
+                    needs_protection = true;
+                }
+            }
         }
 
         if (needs_protection) {

components/esp_tee/subproject/components/tee_sec_storage/CMakeLists.txt

@@ -1,14 +1,13 @@
 idf_build_get_property(esp_tee_build ESP_TEE_BUILD)
 
 set(srcs)
-set(priv_requires efuse mbedtls spi_flash)
+set(priv_requires esp_tee)
 
 if(esp_tee_build)
     list(APPEND srcs "tee_sec_storage.c")
-    list(APPEND priv_requires esp_partition log nvs_flash tee_flash_mgr)
+    list(APPEND priv_requires efuse esp_partition log mbedtls nvs_flash spi_flash tee_flash_mgr)
 else()
     list(APPEND srcs "tee_sec_storage_wrapper.c")
-    set(priv_requires esp_tee)
 endif()
 
 idf_component_register(SRCS ${srcs}

components/esp_tee/subproject/components/tee_sec_storage/tee_sec_storage.c

@@ -75,9 +75,6 @@ typedef struct {
 
 _Static_assert(sizeof(sec_stg_key_t) == 256, "Incorrect sec_stg_key_t size");
 
-#define TEE_SEC_STG_PART_LABEL    "tee_nvs"
-#define TEE_SEC_STG_NVS_NAMESPACE "tee_sec_stg"
-
 static nvs_handle_t tee_nvs_hdl;
 
 static const char *TAG = "secure_storage";
@@ -217,12 +214,12 @@ esp_err_t esp_tee_sec_storage_init(void)
         return err;
     }
 
-    err = nvs_flash_secure_init_partition(TEE_SEC_STG_PART_LABEL, &cfg);
+    err = nvs_flash_secure_init_partition(ESP_TEE_SEC_STG_PART_LABEL, &cfg);
     if (err != ESP_OK) {
         return err;
     }
 
-    err = nvs_open_from_partition(TEE_SEC_STG_PART_LABEL, TEE_SEC_STG_NVS_NAMESPACE, NVS_READWRITE, &tee_nvs_hdl);
+    err = nvs_open_from_partition(ESP_TEE_SEC_STG_PART_LABEL, ESP_TEE_SEC_STG_NVS_NAMESPACE, NVS_READWRITE, &tee_nvs_hdl);
     if (err != ESP_OK) {
         return err;
     }