spi_flash: add config option to enable encrypted partition read/write

This feature can be disabled to save some IRAM (approx 1KB) for cases where flash encryption feature is not required.
2021-01-22 15:44:27 +05:30 · 2021-01-22 15:44:27 +05:30 · e712a91488
commit e712a91488
--- a/components/bootloader/Kconfig.projbuild
+++ b/components/bootloader/Kconfig.projbuild
@ -576,6 +576,7 @@ menu "Security features"
    config SECURE_FLASH_ENC_ENABLED
        bool "Enable flash encryption on boot (READ DOCS FIRST)"
        default N
+        select SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
        help
            If this option is set, flash contents will be encrypted by the bootloader on first boot.

--- a/components/spi_flash/Kconfig
+++ b/components/spi_flash/Kconfig
@ -230,4 +230,13 @@ menu "SPI Flash driver"

    endmenu #auto detect flash chips

+    config SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
+        bool "Enable encrypted partition read/write operations"
+        default y
+        help
+            This option enables flash read/write operations to encrypted partition/s. This option
+            is kept enabled irrespective of state of flash encryption feature. However, in case
+            application is not using flash encryption feature and is in need of some additional
+            memory from IRAM region (~1KB) then this config can be disabled.
+
 endmenu
--- a/components/spi_flash/partition.c
+++ b/components/spi_flash/partition.c
@ -349,6 +349,7 @@ esp_err_t esp_partition_read(const esp_partition_t* partition,
        return spi_flash_read(partition->address + src_offset, dst, size);
 #endif // CONFIG_SPI_FLASH_USE_LEGACY_IMPL
    } else {
+#if CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
        if (partition->flash_chip != esp_flash_default_chip) {
            return ESP_ERR_NOT_SUPPORTED;
        }
@ -366,6 +367,9 @@ esp_err_t esp_partition_read(const esp_partition_t* partition,
        memcpy(dst, buf, size);
        spi_flash_munmap(handle);
        return ESP_OK;
+#else
+        return ESP_ERR_NOT_SUPPORTED;
+#endif // CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
    }
 }

@ -387,10 +391,14 @@ esp_err_t esp_partition_write(const esp_partition_t* partition,
        return spi_flash_write(dst_offset, src, size);
 #endif // CONFIG_SPI_FLASH_USE_LEGACY_IMPL
    } else {
+#if CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
        if (partition->flash_chip != esp_flash_default_chip) {
            return ESP_ERR_NOT_SUPPORTED;
        }
        return spi_flash_write_encrypted(dst_offset, src, size);
+#else
+        return ESP_ERR_NOT_SUPPORTED;
+#endif // CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
    }
 }