Merge branch 'fix/c5_default_apm_cfg' into 'master'

laukik-hase · laukik-hase · commit e5a8ea0ab169 · 2025-05-12T12:14:00.000+08:00
fix(security): Set all APM masters to operate in TEE mode by default

See merge request espressif/esp-idf!39006
diff --git a/components/bootloader_support/src/bootloader_mem.c b/components/bootloader_support/src/bootloader_mem.c
@@ -27,7 +27,15 @@ void bootloader_init_mem(void)
      */
 #ifdef SOC_APM_CTRL_FILTER_SUPPORTED
     apm_hal_apm_ctrl_filter_enable_all(false);
-#endif
+    /* [APM] On power-up, only the HP CPU starts in TEE mode; others default to REE2.
+     * APM blocks REE0–REE2 access by default. C5 ECO2 adds per-peripheral control
+     * (default REEx blocking), but config support is pending. As a workaround,
+     * all masters are set to TEE mode.
+     */
+#if SOC_APM_SUPPORT_TEE_PERI_ACCESS_CTRL
+    apm_tee_hal_set_master_secure_mode_all(APM_LL_SECURE_MODE_TEE);
+#endif // SOC_APM_SUPPORT_TEE_PERI_ACCESS_CTRL
+#endif // SOC_APM_CTRL_FILTER_SUPPORTED
 #endif
 
 #ifdef CONFIG_BOOTLOADER_REGION_PROTECTION_ENABLE
diff --git a/components/hal/apm_hal.c b/components/hal/apm_hal.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -58,6 +58,16 @@ void apm_tee_hal_set_master_secure_mode(apm_ll_apm_ctrl_t apm_ctrl, apm_ll_maste
     apm_tee_ll_set_master_secure_mode(apm_ctrl, master_id, sec_mode);
 }
 
+void apm_tee_hal_set_master_secure_mode_all(apm_ll_secure_mode_t sec_mode)
+{
+    for (int i = 0; i < APM_LL_MASTER_MAX; i++) {
+        apm_tee_hal_set_master_secure_mode(HP_APM_CTRL, i, sec_mode);
+    }
+#if SOC_LP_CORE_SUPPORTED
+    apm_tee_hal_set_master_secure_mode(LP_APM_CTRL, APM_LL_MASTER_LPCORE, sec_mode);
+#endif
+}
+
 void apm_tee_hal_clk_gating_enable(bool enable)
 {
     apm_tee_ll_clk_gating_enable(enable);
diff --git a/components/hal/include/hal/apm_hal.h b/components/hal/include/hal/apm_hal.h
@@ -136,6 +136,13 @@ typedef struct {
 void apm_tee_hal_set_master_secure_mode(apm_ll_apm_ctrl_t apm_ctrl, apm_ll_master_id_t master_id,
                                         apm_ll_secure_mode_t sec_mode);
 
+/**
+ * @brief Set all masters to a given secure mode
+ *
+ * @param sec_mode Secure mode
+ */
+void apm_tee_hal_set_master_secure_mode_all(apm_ll_secure_mode_t sec_mode);
+
 /**
  * @brief TEE controller clock auto gating enable
  *
diff --git a/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in
@@ -1427,6 +1427,10 @@ config SOC_APM_LP_APM0_SUPPORTED
     bool
     default y
 
+config SOC_APM_SUPPORT_TEE_PERI_ACCESS_CTRL
+    bool
+    default y
+
 config SOC_CRYPTO_DPA_PROTECTION_SUPPORTED
     bool
     default y
diff --git a/components/soc/esp32c5/include/soc/soc_caps.h b/components/soc/esp32c5/include/soc/soc_caps.h
@@ -558,8 +558,9 @@
 #define SOC_BOOTLOADER_ANTI_ROLLBACK_SUPPORTED        (0)
 
 /*-------------------------- APM CAPS-----------------------------------------*/
-#define SOC_APM_CTRL_FILTER_SUPPORTED   1 /*!< Support for APM control filter */
-#define SOC_APM_LP_APM0_SUPPORTED       1 /*!< Support for LP APM0 control filter */
+#define SOC_APM_CTRL_FILTER_SUPPORTED        1 /*!< Support for APM control filter */
+#define SOC_APM_LP_APM0_SUPPORTED            1 /*!< Support for LP APM0 control filter */
+#define SOC_APM_SUPPORT_TEE_PERI_ACCESS_CTRL 1 /*!< Support for TEE controller per-peripheral access control */
 
 /*------------------------ Anti DPA (Security) CAPS --------------------------*/
 #define SOC_CRYPTO_DPA_PROTECTION_SUPPORTED     1
