Currently, REE SPI flash HAL operations are routed as service calls to TEE,
but the TEE implementation incorrectly uses ROM APIs instead of HAL APIs.
This leads to issues and is not the recommended approach.
- Ensure bound checks correctly handle all scenarios, including
when a requested operation's (SPI0/1) range fully contains the
TEE-protected region.
- Disable delegation of INTWDT timeout and Cache error interrupts as they reset
the device after the panic handler
- Rename `tee_test_fw` app configs for better CI tracking
- Decrease the lower bound of TEE I/DRAM config options
- Trim the TEE test-apps build
- Improve the TEE/REE OTA pytest script with additional checks
- Fix build issues when `tee_sec_storage`/`tee_ota_ops` are a
a part of the project build but ESP-TEE is disabled
- Place the APM HAL into TEE IRAM when `CONFIG_SECURE_TEE_EXT_FLASH_MEMPROT_SPI1`
is enabled, as APM violations related to SPI1 can occur with the flash cache disabled.
- Also fix an issue where flash protection tests were passing due to incorrect checks
- Decreased from 32KB to 24KB, keeping in mind the current maximum TEE heap
usage and some overhead
- Make the TEE panic handler logs concise, saving some DRAM
- Remove `mret` for jumping to the service call dispatcher; instead, enable
interrupts and execute directly
- Fix potential corruption of the `t3` register when returning from a service
call
- Simplify the secure service dispatcher function
Also:
- Split the secure service table into two parts: one DRAM-resident and the
other DROM-resident. The former holds the services invoked when the cache is
disabled or suspended while the latter holds rest of the services.
Laukik Hase