Skip to content

Commit e08189f

Browse files
Harshal5Harshal5
committed
fix(system_internal): Avoid the sec clock reset caused due to resetting all crypto peripherals
1 parent d86c2bd commit e08189f

File tree

4 files changed

+38
-22
lines changed

4 files changed

+38
-22
lines changed

components/esp_system/port/soc/esp32c5/system_internal.c

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -64,19 +64,23 @@ void IRAM_ATTR esp_system_reset_modules_on_exit(void)
6464

6565
// Reset crypto peripherals. This ensures a clean state for the crypto peripherals after a CPU restart
6666
// and hence avoiding any possibility with crypto failure in ROM security workflows.
67+
// We also avoid resetting all the crypto peripherals at once because it would create a period when
68+
// all the peripherals are reset at the same time, which triggers a hardware SEC reset. The SEC reset
69+
// causes the crypto -> APB path to be reset, but the APB -> crypto path is not reset. This asymmetry
70+
// results in the crypto module hanging and refusing all access.
6771
SET_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN);
68-
SET_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN);
69-
SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN);
70-
SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN);
71-
SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN);
72-
SET_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN);
73-
SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN);
7472
CLEAR_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN);
73+
SET_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN);
7574
CLEAR_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN);
75+
SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN);
7676
CLEAR_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN);
77+
SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN);
7778
CLEAR_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN);
79+
SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN);
7880
CLEAR_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN);
81+
SET_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN);
7982
CLEAR_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN);
83+
SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN);
8084
CLEAR_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN);
8185
}
8286

components/esp_system/port/soc/esp32c61/system_internal.c

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -64,19 +64,23 @@ void IRAM_ATTR esp_system_reset_modules_on_exit(void)
6464

6565
// Reset crypto peripherals. This ensures a clean state for the crypto peripherals after a CPU restart
6666
// and hence avoiding any possibility with crypto failure in ROM security workflows.
67+
// We also avoid resetting all the crypto peripherals at once because it would create a period when
68+
// all the peripherals are reset at the same time, which triggers a hardware SEC reset. The SEC reset
69+
// causes the crypto -> APB path to be reset, but the APB -> crypto path is not reset. This asymmetry
70+
// results in the crypto module hanging and refusing all access.
6771
SET_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN);
68-
SET_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN);
69-
SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN);
70-
SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN);
71-
SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN);
72-
SET_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN);
73-
SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN);
7472
CLEAR_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN);
73+
SET_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN);
7574
CLEAR_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN);
75+
SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN);
7676
CLEAR_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN);
77+
SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN);
7778
CLEAR_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN);
79+
SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN);
7880
CLEAR_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN);
81+
SET_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN);
7982
CLEAR_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN);
83+
SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN);
8084
CLEAR_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN);
8185
}
8286

components/esp_system/port/soc/esp32h21/system_internal.c

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -59,19 +59,23 @@ void IRAM_ATTR esp_system_reset_modules_on_exit(void)
5959

6060
// Reset crypto peripherals. This ensures a clean state for the crypto peripherals after a CPU restart
6161
// and hence avoiding any possibility with crypto failure in ROM security workflows.
62+
// We also avoid resetting all the crypto peripherals at once because it would create a period when
63+
// all the peripherals are reset at the same time, which triggers a hardware SEC reset. The SEC reset
64+
// causes the crypto -> APB path to be reset, but the APB -> crypto path is not reset. This asymmetry
65+
// results in the crypto module hanging and refusing all access.
6266
SET_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN);
63-
SET_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN);
64-
SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN);
65-
SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN);
66-
SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN);
67-
SET_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN);
68-
SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN);
6967
CLEAR_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN);
68+
SET_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN);
7069
CLEAR_PERI_REG_MASK(PCR_DS_CONF_REG, PCR_DS_RST_EN);
70+
SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN);
7171
CLEAR_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN);
72+
SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN);
7273
CLEAR_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN);
74+
SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN);
7375
CLEAR_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN);
76+
SET_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN);
7477
CLEAR_PERI_REG_MASK(PCR_RSA_CONF_REG, PCR_RSA_RST_EN);
78+
SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN);
7579
CLEAR_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN);
7680
}
7781

components/esp_system/port/soc/esp32h4/system_internal.c

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -55,15 +55,19 @@ void IRAM_ATTR esp_system_reset_modules_on_exit(void)
5555

5656
// Reset crypto peripherals. This ensures a clean state for the crypto peripherals after a CPU restart
5757
// and hence avoiding any possibility with crypto failure in ROM security workflows.
58+
// We also avoid resetting all the crypto peripherals at once because it would create a period when
59+
// all the peripherals are reset at the same time, which triggers a hardware SEC reset. The SEC reset
60+
// causes the crypto -> APB path to be reset, but the APB -> crypto path is not reset. This asymmetry
61+
// results in the crypto module hanging and refusing all access.
5862
SET_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN);
59-
SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN);
60-
SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN);
61-
SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN);
62-
SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN);
6363
CLEAR_PERI_REG_MASK(PCR_AES_CONF_REG, PCR_AES_RST_EN);
64+
SET_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN);
6465
CLEAR_PERI_REG_MASK(PCR_ECC_CONF_REG, PCR_ECC_RST_EN);
66+
SET_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN);
6567
CLEAR_PERI_REG_MASK(PCR_ECDSA_CONF_REG, PCR_ECDSA_RST_EN);
68+
SET_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN);
6669
CLEAR_PERI_REG_MASK(PCR_HMAC_CONF_REG, PCR_HMAC_RST_EN);
70+
SET_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN);
6771
CLEAR_PERI_REG_MASK(PCR_SHA_CONF_REG, PCR_SHA_RST_EN);
6872
}
6973

0 commit comments

Comments
 (0)