Merge branch 'feature/esp_tee_h2' into 'master'

feat(esp_tee): Support for ESP32-H2

See merge request espressif/esp-idf!37708

Author: mahavirj

components/bootloader_support/bootloader_flash/src/bootloader_flash.c

@@ -136,7 +136,7 @@ esp_err_t bootloader_flash_erase_range(uint32_t start_addr, uint32_t size)
 #if ESP_TEE_BUILD
 #include "esp_fault.h"
 #include "esp_flash_partitions.h"
-#include "esp32c6/rom/spi_flash.h"
+#include "rom/spi_flash.h"
 
 extern bool esp_tee_flash_check_paddr_in_active_tee_part(size_t paddr);
 #endif

components/esp_hw_support/port/esp32h2/CMakeLists.txt

@@ -1,3 +1,5 @@
+idf_build_get_property(non_os_build NON_OS_BUILD)
+
 set(srcs "rtc_clk_init.c"
          "rtc_clk.c"
          "pmu_param.c"
@@ -7,7 +9,7 @@ set(srcs "rtc_clk_init.c"
          "chip_info.c"
          )
 
-if(NOT BOOTLOADER_BUILD)
+if(NOT non_os_build)
     list(APPEND srcs "sar_periph_ctrl.c")
 endif()
 

components/esp_hw_support/port/esp32h2/cpu_region_protect.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -112,6 +112,14 @@ void esp_cpu_configure_region_protection(void)
     //
     esp_cpu_configure_invalid_regions();
 
+    /* NOTE: When ESP-TEE is active, only configure invalid memory regions in bootloader
+     * to prevent errors before TEE initialization. TEE will handle all other
+     * memory protection.
+     */
+#if CONFIG_SECURE_ENABLE_TEE && BOOTLOADER_BUILD
+    return;
+#endif
+
     //
     // Configure all the valid address regions using PMP
     //

components/esp_hw_support/port/esp32h2/esp_cpu_intr.c

@@ -6,6 +6,7 @@
 
 #include "esp_cpu.h"
 #include "esp_riscv_intr.h"
+#include "sdkconfig.h"
 
 void esp_cpu_intr_get_desc(int core_id, int intr_num, esp_cpu_intr_desc_t *intr_desc_ret)
 {
@@ -15,7 +16,18 @@ void esp_cpu_intr_get_desc(int core_id, int intr_num, esp_cpu_intr_desc_t *intr_
      * Interrupts 3, 4 and 7 are unavailable for PULP CPU as they are bound to Core-Local Interrupts (CLINT)
      */
     // [TODO: IDF-2465]
-    const uint32_t rsvd_mask = BIT(3) | BIT(4) | BIT(6) | BIT(7);
+    const uint32_t base_rsvd_mask = BIT(3) | BIT(4) | BIT(6) | BIT(7);
+
+    /* On the ESP32-H2, interrupt 14 is reserved for ESP-TEE
+     * for operations related to secure peripherals under its control
+     * (e.g. AES, SHA, APM)
+     */
+#if CONFIG_SECURE_ENABLE_TEE
+    const uint32_t rsvd_mask = base_rsvd_mask | BIT(14);
+#else
+    const uint32_t rsvd_mask = base_rsvd_mask;
+#endif
+
 
     intr_desc_ret->priority = 1;
     intr_desc_ret->type = ESP_CPU_INTR_TYPE_NA;

components/esp_mm/port/esp32h2/ext_mem_layout.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -10,15 +10,40 @@
 #include "../ext_mem_layout.h"
 #include "hal/mmu_types.h"
 
+/* NOTE: With ESP-TEE enabled:
+ * - The start address is moved by the size of TEE IDROM segments since these
+ *   segments are placed at the start of the linear address space
+ * - TEE IROM and DROM segments are both 64KB (CONFIG_SECURE_TEE_IROM_SIZE,
+ *   CONFIG_SECURE_TEE_DROM_SIZE) for now. Thus, the number of reserved entries
+ *   from the start would be (64KB + 64KB)/MMU_PAGE_SIZE
+ * - The last few MMU entries are reserved for TEE flash operations. The number
+ *   of reserved entries matches the size of TEE IDROM segments (IROM + DROM)
+ *   plus one additional entry, i.e. (64KB + 64KB)/MMU_PAGE_SIZE + 1
+ */
+#if CONFIG_SECURE_ENABLE_TEE
+#define TEE_MMU_MEM_REG_START_OFFS   (CONFIG_SECURE_TEE_IROM_SIZE + CONFIG_SECURE_TEE_DROM_SIZE)
+#define TEE_MMU_RESV_PAGES           ((CONFIG_SECURE_TEE_IROM_SIZE + CONFIG_SECURE_TEE_DROM_SIZE) / CONFIG_MMU_PAGE_SIZE)
+#define TEE_MMU_MEM_REG_END_OFFS     ((TEE_MMU_RESV_PAGES + 1) * CONFIG_MMU_PAGE_SIZE)
+
+#define MMU_MEM_REG_START_ADDR_W_TEE (SOC_MMU_IRAM0_LINEAR_ADDRESS_LOW + TEE_MMU_MEM_REG_START_OFFS)
+#define MMU_MEM_REG_END_ADDR_W_TEE   (SOC_MMU_IRAM0_LINEAR_ADDRESS_HIGH - TEE_MMU_MEM_REG_END_OFFS)
+
+#define MMU_IRAM0_LINEAR_ADDRESS_LOW    MMU_MEM_REG_START_ADDR_W_TEE
+#define MMU_IRAM0_LINEAR_ADDRESS_HIGH   MMU_MEM_REG_END_ADDR_W_TEE
+#else
+#define MMU_IRAM0_LINEAR_ADDRESS_LOW    SOC_MMU_IRAM0_LINEAR_ADDRESS_LOW
+#define MMU_IRAM0_LINEAR_ADDRESS_HIGH   SOC_MMU_IRAM0_LINEAR_ADDRESS_HIGH
+#endif
+
 /**
  * The start addresses in this list should always be sorted from low to high, as MMU driver will need to
  * coalesce adjacent regions
  */
 const mmu_mem_region_t g_mmu_mem_regions[SOC_MMU_LINEAR_ADDRESS_REGION_NUM] = {
     [0] = {
-        .start = SOC_MMU_IRAM0_LINEAR_ADDRESS_LOW,
-        .end = SOC_MMU_IRAM0_LINEAR_ADDRESS_HIGH,
-        .size = SOC_BUS_SIZE(SOC_MMU_IRAM0_LINEAR),
+        .start = MMU_IRAM0_LINEAR_ADDRESS_LOW,
+        .end = MMU_IRAM0_LINEAR_ADDRESS_HIGH,
+        .size = MMU_IRAM0_LINEAR_ADDRESS_HIGH - MMU_IRAM0_LINEAR_ADDRESS_LOW,
         .bus_id = CACHE_BUS_IBUS0 | CACHE_BUS_DBUS0,
         .targets = MMU_TARGET_FLASH0,
         .caps = MMU_MEM_CAP_EXEC | MMU_MEM_CAP_READ | MMU_MEM_CAP_32BIT | MMU_MEM_CAP_8BIT,

components/esp_rom/CMakeLists.txt

@@ -131,10 +131,8 @@ if(CONFIG_ESP_ROM_HAS_VERSION)
 endif()
 
 if(ESP_TEE_BUILD)
-    if(target STREQUAL "esp32c6")
-        rom_linker_script("spiflash")
-        rom_linker_script("heap")
-    endif()
+    rom_linker_script("spiflash")
+    rom_linker_script("heap")
 endif()
 
 if(BOOTLOADER_BUILD)

components/esp_system/ld/esp32h2/memory.ld.in

@@ -15,7 +15,13 @@
 #include "sdkconfig.h"
 #include "ld.common"
 
-#define SRAM_SEG_START     0x40800000
+#if !CONFIG_SECURE_ENABLE_TEE
+#define SRAM_SEG_START        (0x40800000)
+#else
+#define SRAM_SEG_START        (0x40800000 + CONFIG_SECURE_TEE_IRAM_SIZE + CONFIG_SECURE_TEE_DRAM_SIZE)
+#define FLASH_SEG_OFFSET      (CONFIG_SECURE_TEE_IROM_SIZE + CONFIG_SECURE_TEE_DROM_SIZE)
+#endif // CONFIG_SECURE_ENABLE_TEE
+
 #define SRAM_SEG_END       0x4083EFD0  /* 2nd stage bootloader iram_loader_seg start address */
 #define SRAM_SEG_SIZE      SRAM_SEG_END - SRAM_SEG_START
 
@@ -35,8 +41,14 @@ MEMORY
    */
 
 #if CONFIG_APP_BUILD_USE_FLASH_SECTIONS
+#if CONFIG_SECURE_ENABLE_TEE
+  /* Flash mapped instruction data */
+  irom_seg (RX) :                    org = 0x42000020 + FLASH_SEG_OFFSET,
+                                     len = IDRAM0_2_SEG_SIZE - FLASH_SEG_OFFSET - 0x20
+#else
   /* Flash mapped instruction data */
   irom_seg (RX) :                    org = 0x42000020, len = IDRAM0_2_SEG_SIZE - 0x20
+#endif
 
   /**
    * (0x20 offset above is a convenience for the app binary image generation.
@@ -54,8 +66,14 @@ MEMORY
   sram_seg (RWX) :                   org = SRAM_SEG_START, len = SRAM_SEG_SIZE
 
 #if CONFIG_APP_BUILD_USE_FLASH_SECTIONS
+#if CONFIG_SECURE_ENABLE_TEE
   /* Flash mapped constant data */
+  drom_seg (R) :                     org = 0x42000020 + FLASH_SEG_OFFSET,
+                                     len = IDRAM0_2_SEG_SIZE - FLASH_SEG_OFFSET - 0x20
+#else
+  /* Flash mapped instruction data */
   drom_seg (R) :                     org = 0x42000020, len = IDRAM0_2_SEG_SIZE - 0x20
+#endif
 
   /* (See irom_seg for meaning of 0x20 offset in the above.) */
 #endif // CONFIG_APP_BUILD_USE_FLASH_SECTIONS

components/esp_system/ld/esp32h2/sections.ld.in

@@ -173,9 +173,22 @@ SECTIONS
 
     /* Vectors go to start of IRAM */
     ASSERT(ABSOLUTE(.) % 0x100 == 0, "vector address must be 256 byte aligned");
+    _vector_table_start = ABSOLUTE(.);
     KEEP(*(.exception_vectors_table.text));
     KEEP(*(.exception_vectors.text));
 
+    ALIGNED_SYMBOL(4, _invalid_pc_placeholder)
+
+    /* esp_tee_config_t structure: used to share information between the TEE and REE
+     * (e.g. interrupt handler addresses, REE flash text-rodata boundaries, etc.)
+     * This symbol is expected by the TEE at an offset of 0x300 from the vector table start.
+     */
+#if CONFIG_SECURE_ENABLE_TEE
+    ALIGNED_SYMBOL(0x10, _esp_tee_app_cfg)
+    ASSERT(ABSOLUTE(.) == _vector_table_start + 0x2e0, "esp_tee_app_cfg must be at an offset 0x2e0 from the vector table start");
+    *libesp_tee.a:(.esp_tee_app_cfg);
+#endif
+
     /* Code marked as running out of IRAM */
     _iram_text_start = ABSOLUTE(.);
 

components/esp_system/port/soc/esp32h2/clk.c

@@ -277,11 +277,14 @@ __attribute__((weak)) void esp_perip_clk_init(void)
         periph_ll_disable_clk_set_rst(PERIPH_ASSIST_DEBUG_MODULE);
 #endif
         periph_ll_disable_clk_set_rst(PERIPH_RSA_MODULE);
+#if !CONFIG_SECURE_ENABLE_TEE
+        // NOTE: [ESP-TEE] The TEE is responsible for the AES and SHA peripherals
         periph_ll_disable_clk_set_rst(PERIPH_AES_MODULE);
         periph_ll_disable_clk_set_rst(PERIPH_SHA_MODULE);
         periph_ll_disable_clk_set_rst(PERIPH_ECC_MODULE);
         periph_ll_disable_clk_set_rst(PERIPH_HMAC_MODULE);
         periph_ll_disable_clk_set_rst(PERIPH_DS_MODULE);
+#endif
         periph_ll_disable_clk_set_rst(PERIPH_ECDSA_MODULE);
 
         // TODO: Replace with hal implementation

components/esp_tee/CMakeLists.txt

@@ -6,8 +6,8 @@ idf_build_get_property(target IDF_TARGET)
 # headers & sources here are compiled into the app, not the esp_tee binary
 # (see subproject/ for the esp_tee binary build files)
 
-# ESP-TEE is currently supported only on the ESP32-C6 SoC
-if(NOT ${target} STREQUAL "esp32c6")
+# ESP-TEE is currently supported only on the ESP32-C6 and ESP32-H2 SoCs
+if(NOT ${target} STREQUAL "esp32c6" AND NOT ${target} STREQUAL "esp32h2")
     return()
 endif()