feat(esp_tee): Support for ESP-TEE - bootloader_support component

components/bootloader_support/include/bootloader_utility_tee.h

@@ -0,0 +1,53 @@
+/*
+ * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#pragma once
+
+#include "esp_flash_partitions.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Fetch the currently running TEE partition
+ *
+ * @param[in] tee_ota_info TEE OTA data partition
+ *
+ * @return Subtype of the running TEE partition, or -1 if an error occurred
+ */
+int bootloader_utility_tee_get_boot_partition(const esp_partition_pos_t *tee_ota_info);
+
+/**
+ * @brief Set a new TEE boot partition in the TEE OTA data
+ *
+ * @param[in] tee_ota_info TEE OTA data partition
+ * @param[in] tee_try_part Partition table entry for the new boot partition
+ *
+ * @return ESP_OK on success, or an error code otherwise
+ */
+esp_err_t bootloader_utility_tee_set_boot_partition(const esp_partition_pos_t *tee_ota_info, const esp_partition_info_t *tee_try_part);
+
+/**
+ * @brief Fetch the next TEE partition for update
+ *
+ * @param[in] tee_ota_info TEE OTA data partition
+ *
+ * @return Subtype of the next TEE partition for update, or -1 if an error occurred
+ */
+int bootloader_utility_tee_get_next_update_partition(const esp_partition_pos_t *tee_ota_info);
+
+/**
+ * @brief Mark the current TEE app as valid and cancel update rollback
+ *
+ * @param[in] tee_ota_info TEE OTA data partition
+ *
+ * @return ESP_OK on success, or an error code otherwise
+ */
+esp_err_t bootloader_utility_tee_mark_app_valid_and_cancel_rollback(const esp_partition_pos_t *tee_ota_info);
+
+#ifdef __cplusplus
+}
+#endif

components/bootloader_support/include/esp_flash_partitions.h

@@ -21,6 +21,8 @@ extern "C" {
 #define PART_SUBTYPE_OTA_FLAG 0x10
 #define PART_SUBTYPE_OTA_MASK 0x0f
 #define PART_SUBTYPE_TEST     0x20
+#define PART_SUBTYPE_TEE_0    0x30
+#define PART_SUBTYPE_TEE_1    0x31
 
 #define PART_TYPE_DATA 0x01
 #define PART_SUBTYPE_DATA_OTA 0x00
@@ -38,6 +40,9 @@ extern "C" {
 #define PART_SUBTYPE_PARTITION_TABLE_PRIMARY 0x00
 #define PART_SUBTYPE_PARTITION_TABLE_OTA 0x01
 
+#define PART_SUBTYPE_DATA_TEE_OTA 0x90
+#define PART_SUBTYPE_DATA_TEE_SEC_STORAGE 0x91
+
 #define PART_TYPE_END 0xff
 #define PART_SUBTYPE_END 0xff
 

components/bootloader_support/include/esp_tee_ota_utils.h

@@ -0,0 +1,45 @@
+/*
+ * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#pragma once
+
+#include <stdint.h>
+
+#include "esp_err.h"
+#include "esp_flash_partitions.h"
+#include "esp_image_format.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// TEE otadata magic is derived from sha256 of "tee_ota" string
+#define TEE_OTADATA_MAGIC 0x4337e1e1
+
+/* TEE OTA selection structure (two copies in the TEE OTA data partition) */
+typedef struct {
+    uint32_t magic;          // A magic byte for otadata structure
+    uint8_t version;         // OTA image version
+    uint8_t boot_partition;  // Default boot partition
+    uint8_t ota_state;       // OTA_DATA states for checking operability of the app
+    uint8_t reserved_1;      // Reserved field 1
+    uint32_t reserved_2[5];  // Reserved fields 2
+    uint32_t crc;            // CRC32 of all fields in the structure
+} __attribute__((packed)) esp_tee_ota_select_entry_t;
+
+ESP_STATIC_ASSERT(offsetof(esp_tee_ota_select_entry_t, crc) == sizeof(esp_tee_ota_select_entry_t) - sizeof(uint32_t));
+
+// OTA_DATA states for checking operability of the app.
+typedef enum {
+    ESP_TEE_OTA_IMG_NEW             = 0x00U,  /*!< Monitor the first boot - the bootloader changes the state to PENDING_VERIFY. */
+    ESP_TEE_OTA_IMG_PENDING_VERIFY  = 0x33U,  /*!< If encountered during the second boot, the bootloader changes the state to INVALID. */
+    ESP_TEE_OTA_IMG_INVALID         = 0x55U,  /*!< App was confirmed as workable - can boot and work without limits. */
+    ESP_TEE_OTA_IMG_VALID           = 0xAAU,  /*!< App was confirmed as non-workable - will not selected to boot at all. */
+    ESP_TEE_OTA_IMG_UNDEFINED       = 0xFFU,  /*!< Undefined. */
+} esp_tee_ota_img_states_t;
+
+#ifdef __cplusplus
+}
+#endif