feat(esp_tee): Add support for flash memory isolation and protection (SPI1)

Author: laukik-hase

components/bootloader_support/bootloader_flash/src/bootloader_flash.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -752,6 +752,15 @@ esp_err_t IRAM_ATTR bootloader_flash_unlock_default(void)
 
 esp_err_t __attribute__((weak, alias("bootloader_flash_unlock_default"))) bootloader_flash_unlock(void);
 
+
+#if CONFIG_SECURE_TEE_EXT_FLASH_MEMPROT_SPI1 && !NON_OS_BUILD
+extern uint32_t bootloader_flash_execute_command_common(
+    uint8_t command,
+    uint32_t addr_len, uint32_t address,
+    uint8_t dummy_len,
+    uint8_t mosi_len, uint32_t mosi_data,
+    uint8_t miso_len);
+#else
 IRAM_ATTR uint32_t bootloader_flash_execute_command_common(
     uint8_t command,
     uint32_t addr_len, uint32_t address,
@@ -804,6 +813,7 @@ IRAM_ATTR uint32_t bootloader_flash_execute_command_common(
     }
     return ret;
 }
+#endif
 
 uint32_t IRAM_ATTR bootloader_execute_flash_command(uint8_t command, uint32_t mosi_data, uint8_t mosi_len, uint8_t miso_len)
 {

components/esp_tee/CMakeLists.txt

@@ -94,6 +94,10 @@ if(CONFIG_SECURE_ENABLE_TEE AND NOT esp_tee_build)
     # Default secure service API families: flash_protection_spi0, flash_protection_spi1,
     # interrupt_handling, hal, crypto, efuse, secure_storage, ota, attestation
     set(exclude_srv)
+    if(NOT CONFIG_SECURE_TEE_EXT_FLASH_MEMPROT_SPI1)
+        list(APPEND exclude_srv "flash_protection_spi1")
+    endif()
+
     if(NOT CONFIG_SECURE_TEE_ATTESTATION)
         list(APPEND exclude_srv "attestation")
     endif()

components/esp_tee/Kconfig.projbuild

@@ -110,6 +110,35 @@ menu "ESP-TEE (Trusted Execution Environment)"
 
     endmenu
 
+    config SECURE_TEE_EXT_FLASH_MEMPROT_SPI1
+        bool "Memprot: Isolate TEE flash regions over SPI1"
+        depends on SECURE_ENABLE_TEE
+        default n
+        help
+            This configuration restricts access to TEE-reserved regions in external flash
+            by making them inaccessible to the REE via the SPI1 interface (physical addresses).
+
+            With this enabled, all SPI flash read, write, or erase operations over SPI1 will
+            be routed through service calls to the TEE, introducing additional performance
+            overhead.
+
+            When Flash Encryption (SECURE_FLASH_ENC_ENABLED) is enabled, the REE can still
+            access TEE-related flash partitions over SPI1, but read operations will return
+            encrypted data contents. This prevents attackers from inferring the TEE contents
+            with direct reads.
+
+            Additionally, with Secure Boot enabled (SECURE_BOOT_V2_ENABLED), any unauthorized
+            modifications to the TEE firmware will be detected during boot, causing signature
+            verification to fail. Thus, these options provide a level of protection suitable for
+            most applications. However, while the TEE firmware integrity is protected, other TEE
+            partitions (Secure Storage, TEE OTA data) can be manipulated through direct writes.
+
+            Enable this option only when complete isolation of all TEE flash regions is required,
+            even with the associated performance tradeoffs.
+
+            Note: All accesses to the TEE partitions over SPI0 (i.e. the MMU) are blocked
+            unconditionally.
+
     config SECURE_TEE_DEBUG_MODE
         bool "Enable Debug Mode"
         default y

components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml

@@ -24,6 +24,77 @@ secure_services:
         type: IDF
         function: mmu_hal_paddr_to_vaddr
         args: 5
+  # ID: 5-21 (17) - External memory (Flash) protection [SPI1]
+  - family: flash_protection_spi1
+    entries:
+      - id: 5
+        type: IDF
+        function: spi_flash_hal_check_status
+        args: 1
+      - id: 6
+        type: IDF
+        function: spi_flash_hal_common_command
+        args: 2
+      - id: 7
+        type: IDF
+        function: spi_flash_hal_device_config
+        args: 1
+      - id: 8
+        type: IDF
+        function: spi_flash_hal_erase_block
+        args: 2
+      - id: 9
+        type: IDF
+        function: spi_flash_hal_erase_chip
+        args: 1
+      - id: 10
+        type: IDF
+        function: spi_flash_hal_erase_sector
+        args: 2
+      - id: 11
+        type: IDF
+        function: spi_flash_hal_program_page
+        args: 4
+      - id: 12
+        type: IDF
+        function: spi_flash_hal_read
+        args: 4
+      - id: 13
+        type: IDF
+        function: spi_flash_hal_resume
+        args: 1
+      - id: 14
+        type: IDF
+        function: spi_flash_hal_set_write_protect
+        args: 2
+      - id: 15
+        type: IDF
+        function: spi_flash_hal_setup_read_suspend
+        args: 2
+      - id: 16
+        type: IDF
+        function: spi_flash_hal_supports_direct_read
+        args: 2
+      - id: 17
+        type: IDF
+        function: spi_flash_hal_supports_direct_write
+        args: 2
+      - id: 18
+        type: IDF
+        function: spi_flash_hal_suspend
+        args: 1
+      - id: 19
+        type: IDF
+        function: bootloader_flash_execute_command_common
+        args: 7
+      - id: 20
+        type: IDF
+        function: memspi_host_flush_cache
+        args: 3
+      - id: 21
+        type: IDF
+        function: spi_flash_chip_generic_config_host_io_mode
+        args: 2
   # ID: 30-53 (24) - Interrupt Handling
   - family: interrupt_handling
     entries:

components/esp_tee/src/esp_secure_service_wrapper.c

@@ -13,6 +13,8 @@
 #include "hal/sha_hal.h"
 #include "hal/mmu_types.h"
 #include "hal/wdt_hal.h"
+#include "hal/spi_flash_types.h"
+#include "esp_flash.h"
 
 #include "soc/soc_caps.h"
 
@@ -247,3 +249,101 @@ bool IRAM_ATTR __wrap_mmu_hal_paddr_to_vaddr(uint32_t mmu_id, uint32_t paddr, mm
 {
     return esp_tee_service_call(6, SS_MMU_HAL_PADDR_TO_VADDR, mmu_id, paddr, target, type, out_vaddr);
 }
+
+#if CONFIG_SECURE_TEE_EXT_FLASH_MEMPROT_SPI1
+/* ---------------------------------------------- SPI Flash HAL ------------------------------------------------- */
+
+uint32_t IRAM_ATTR __wrap_spi_flash_hal_check_status(spi_flash_host_inst_t *host)
+{
+    return esp_tee_service_call(2, SS_SPI_FLASH_HAL_CHECK_STATUS, host);
+}
+
+esp_err_t IRAM_ATTR __wrap_spi_flash_hal_common_command(spi_flash_host_inst_t *host, spi_flash_trans_t *trans)
+{
+    return esp_tee_service_call(3, SS_SPI_FLASH_HAL_COMMON_COMMAND, host, trans);
+}
+
+esp_err_t IRAM_ATTR __wrap_spi_flash_hal_device_config(spi_flash_host_inst_t *host)
+{
+    return esp_tee_service_call(2, SS_SPI_FLASH_HAL_DEVICE_CONFIG, host);
+}
+
+void IRAM_ATTR __wrap_spi_flash_hal_erase_block(spi_flash_host_inst_t *host, uint32_t start_address)
+{
+    esp_tee_service_call(3, SS_SPI_FLASH_HAL_ERASE_BLOCK, host, start_address);
+}
+
+void IRAM_ATTR __wrap_spi_flash_hal_erase_chip(spi_flash_host_inst_t *host)
+{
+    esp_tee_service_call(2, SS_SPI_FLASH_HAL_ERASE_CHIP, host);
+}
+
+void IRAM_ATTR __wrap_spi_flash_hal_erase_sector(spi_flash_host_inst_t *host, uint32_t start_address)
+{
+    esp_tee_service_call(3, SS_SPI_FLASH_HAL_ERASE_SECTOR, host, start_address);
+}
+
+void IRAM_ATTR __wrap_spi_flash_hal_program_page(spi_flash_host_inst_t *host, const void *buffer, uint32_t address, uint32_t length)
+{
+    esp_tee_service_call(5, SS_SPI_FLASH_HAL_PROGRAM_PAGE, host, buffer, address, length);
+}
+
+esp_err_t IRAM_ATTR __wrap_spi_flash_hal_read(spi_flash_host_inst_t *host, void *buffer, uint32_t address, uint32_t read_len)
+{
+    return esp_tee_service_call(5, SS_SPI_FLASH_HAL_READ, host, buffer, address, read_len);
+}
+
+void IRAM_ATTR __wrap_spi_flash_hal_resume(spi_flash_host_inst_t *host)
+{
+    esp_tee_service_call(2, SS_SPI_FLASH_HAL_RESUME, host);
+}
+
+esp_err_t IRAM_ATTR __wrap_spi_flash_hal_set_write_protect(spi_flash_host_inst_t *host, bool wp)
+{
+    return esp_tee_service_call(3, SS_SPI_FLASH_HAL_SET_WRITE_PROTECT, host, wp);
+}
+
+esp_err_t IRAM_ATTR __wrap_spi_flash_hal_setup_read_suspend(spi_flash_host_inst_t *host, const spi_flash_sus_cmd_conf *sus_conf)
+{
+    return esp_tee_service_call(6, SS_SPI_FLASH_HAL_SETUP_READ_SUSPEND, host, sus_conf);
+}
+
+bool IRAM_ATTR __wrap_spi_flash_hal_supports_direct_read(spi_flash_host_inst_t *host, const void *p)
+{
+    return esp_tee_service_call(3, SS_SPI_FLASH_HAL_SUPPORTS_DIRECT_READ, host, p);
+}
+
+bool IRAM_ATTR __wrap_spi_flash_hal_supports_direct_write(spi_flash_host_inst_t *host, const void *p)
+{
+    return esp_tee_service_call(3, SS_SPI_FLASH_HAL_SUPPORTS_DIRECT_WRITE, host, p);
+}
+
+void IRAM_ATTR __wrap_spi_flash_hal_suspend(spi_flash_host_inst_t *host)
+{
+    esp_tee_service_call(2, SS_SPI_FLASH_HAL_SUSPEND, host);
+}
+
+/* ---------------------------------------------- SPI Flash Extras ------------------------------------------------- */
+
+uint32_t IRAM_ATTR __wrap_bootloader_flash_execute_command_common(
+    uint8_t command,
+    uint32_t addr_len, uint32_t address,
+    uint8_t dummy_len,
+    uint8_t mosi_len, uint32_t mosi_data,
+    uint8_t miso_len)
+{
+    return esp_tee_service_call(8, SS_BOOTLOADER_FLASH_EXECUTE_COMMAND_COMMON,
+                                command, addr_len, address, dummy_len, mosi_len,
+                                mosi_data, miso_len);
+}
+
+esp_err_t IRAM_ATTR __wrap_memspi_host_flush_cache(spi_flash_host_inst_t *host, uint32_t addr, uint32_t size)
+{
+    return esp_tee_service_call(4, SS_MEMSPI_HOST_FLUSH_CACHE, host, addr, size);
+}
+
+esp_err_t IRAM_ATTR __wrap_spi_flash_chip_generic_config_host_io_mode(esp_flash_t *chip, uint32_t flags)
+{
+    return esp_tee_service_call(3, SS_SPI_FLASH_CHIP_GENERIC_CONFIG_HOST_IO_MODE, chip, flags);
+}
+#endif

components/esp_tee/subproject/main/CMakeLists.txt

@@ -54,6 +54,10 @@ list(APPEND srcs "${hal_dir}/apm_hal.c"
                  "${hal_dir}/brownout_hal.c"
                  "${hal_dir}/wdt_hal_iram.c")
 
+if(CONFIG_SECURE_TEE_EXT_FLASH_MEMPROT_SPI1)
+    list(APPEND srcs "${hal_dir}/spi_flash_hal.c")
+endif()
+
 # TLSF implementation for heap
 list(APPEND include "${heap_dir}/include"
                     "${heap_dir}/tlsf"