efuse(esp32): Deprecate esp_efuse_burn_new_values() & esp_efuse_write_random_key()

These functions were used only for esp32 in secure_boot and flash encryption.
Use idf efuse APIs instead of efuse regs.

components/bootloader_support/include/esp_flash_encrypt.h

@@ -14,6 +14,11 @@
 #include "soc/efuse_periph.h"
 #include "sdkconfig.h"
 
+#ifdef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
+#include "esp_efuse.h"
+#include "esp_efuse_table.h"
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -43,9 +48,17 @@ static inline /** @cond */ IRAM_ATTR /** @endcond */ bool esp_flash_encryption_e
 {
     uint32_t flash_crypt_cnt = 0;
 #if CONFIG_IDF_TARGET_ESP32
-    flash_crypt_cnt = REG_GET_FIELD(EFUSE_BLK0_RDATA0_REG, EFUSE_RD_FLASH_CRYPT_CNT);
+    #ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
+        flash_crypt_cnt = REG_GET_FIELD(EFUSE_BLK0_RDATA0_REG, EFUSE_RD_FLASH_CRYPT_CNT);
+    #else
+        esp_efuse_read_field_blob(ESP_EFUSE_FLASH_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count);
+    #endif
 #else
-    flash_crypt_cnt = REG_GET_FIELD(EFUSE_RD_REPEAT_DATA1_REG, EFUSE_SPI_BOOT_CRYPT_CNT);
+    #ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
+        flash_crypt_cnt = REG_GET_FIELD(EFUSE_RD_REPEAT_DATA1_REG, EFUSE_SPI_BOOT_CRYPT_CNT);
+    #else
+        esp_efuse_read_field_blob(ESP_EFUSE_SPI_BOOT_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count);
+    #endif
 #endif
     /* __builtin_parity is in flash, so we calculate parity inline */
     bool enabled = false;
@@ -151,6 +164,13 @@ esp_flash_enc_mode_t esp_get_flash_encryption_mode(void);
  */
 void esp_flash_encryption_init_checks(void);
 
+/** @brief Set all secure eFuse features related to flash encryption
+ *
+ * @return
+ *  - ESP_OK - Successfully
+ */
+esp_err_t esp_flash_encryption_enable_secure_features(void);
+
 #ifdef __cplusplus
 }
 #endif

components/bootloader_support/include/esp_secure_boot.h

@@ -44,6 +44,11 @@ extern "C" {
 
 #define ESP_SECURE_BOOT_DIGEST_LEN 32
 
+#ifdef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
+#include "esp_efuse.h"
+#include "esp_efuse_table.h"
+#endif
+
 /** @brief Is secure boot currently enabled in hardware?
  *
  * This means that the ROM bootloader code will only boot
@@ -55,12 +60,24 @@ static inline bool esp_secure_boot_enabled(void)
 {
 #if CONFIG_IDF_TARGET_ESP32
     #ifdef CONFIG_SECURE_BOOT_V1_ENABLED
-        return REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_RD_ABS_DONE_0;
+        #ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
+            return REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_RD_ABS_DONE_0;
+        #else
+            return esp_efuse_read_field_bit(ESP_EFUSE_ABS_DONE_0);
+        #endif
     #elif CONFIG_SECURE_BOOT_V2_ENABLED
-        return ets_use_secure_boot_v2();
+        #ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
+            return ets_use_secure_boot_v2();
+        #else
+            return esp_efuse_read_field_bit(ESP_EFUSE_ABS_DONE_1);
+        #endif
     #endif
 #else
-    return esp_rom_efuse_is_secure_boot_enabled();
+    #ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
+        return esp_rom_efuse_is_secure_boot_enabled();
+    #else
+        return esp_efuse_read_field_bit(ESP_EFUSE_SECURE_BOOT_EN);
+    #endif
 #endif
     return false; /* Secure Boot not enabled in menuconfig */
 }
@@ -263,6 +280,13 @@ esp_err_t esp_secure_boot_get_signature_blocks_for_running_app(bool digest_publi
 
 #endif // !BOOTLOADER_BUILD && CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME
 
+/** @brief Set all secure eFuse features related to secure_boot
+ *
+ * @return
+ *  - ESP_OK - Successfully
+ */
+esp_err_t esp_secure_boot_enable_secure_features(void);
+
 #ifdef __cplusplus
 }
 #endif