diff --git a/platform.txt b/platform.txt
index 3cb29298791..65b4e97329a 100644
--- a/platform.txt
+++ b/platform.txt
@@ -27,7 +27,7 @@ compiler.prefix={build.tarch}-{build.target}-elf-
 #
 # ESP32 Support Start
 #
-compiler.cpreprocessor.flags.esp32=-DHAVE_CONFIG_H -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h" -DUNITY_INCLUDE_CONFIG_H -DWITH_POSIX -D_GNU_SOURCE -DIDF_VER="v4.4.1-472-gc9140caf8c" -DESP_PLATFORM -D_POSIX_READER_WRITER_LOCKS   "-I{compiler.sdk.path}/include/newlib/platform_include" "-I{compiler.sdk.path}/include/freertos/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions/freertos" "-I{compiler.sdk.path}/include/freertos/port/xtensa/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions" "-I{compiler.sdk.path}/include/esp_hw_support/include" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc/esp32" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32/private_include" "-I{compiler.sdk.path}/include/heap/include" "-I{compiler.sdk.path}/include/log/include" "-I{compiler.sdk.path}/include/lwip/include/apps" "-I{compiler.sdk.path}/include/lwip/include/apps/sntp" "-I{compiler.sdk.path}/include/lwip/lwip/src/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include/arch" "-I{compiler.sdk.path}/include/soc/include" "-I{compiler.sdk.path}/include/soc/esp32" "-I{compiler.sdk.path}/include/soc/esp32/include" "-I{compiler.sdk.path}/include/hal/esp32/include" "-I{compiler.sdk.path}/include/hal/include" "-I{compiler.sdk.path}/include/hal/platform_port/include" "-I{compiler.sdk.path}/include/esp_rom/include" "-I{compiler.sdk.path}/include/esp_rom/include/esp32" "-I{compiler.sdk.path}/include/esp_rom/esp32" "-I{compiler.sdk.path}/include/esp_common/include" "-I{compiler.sdk.path}/include/esp_system/include" "-I{compiler.sdk.path}/include/esp_system/port/soc" "-I{compiler.sdk.path}/include/esp_system/port/public_compat" "-I{compiler.sdk.path}/include/esp32/include" "-I{compiler.sdk.path}/include/xtensa/include" "-I{compiler.sdk.path}/include/xtensa/esp32/include" "-I{compiler.sdk.path}/include/driver/include" "-I{compiler.sdk.path}/include/driver/esp32/include" "-I{compiler.sdk.path}/include/esp_pm/include" "-I{compiler.sdk.path}/include/esp_ringbuf/include" "-I{compiler.sdk.path}/include/efuse/include" "-I{compiler.sdk.path}/include/efuse/esp32/include" "-I{compiler.sdk.path}/include/vfs/include" "-I{compiler.sdk.path}/include/esp_wifi/include" "-I{compiler.sdk.path}/include/esp_event/include" "-I{compiler.sdk.path}/include/esp_netif/include" "-I{compiler.sdk.path}/include/esp_eth/include" "-I{compiler.sdk.path}/include/tcpip_adapter/include" "-I{compiler.sdk.path}/include/esp_phy/include" "-I{compiler.sdk.path}/include/esp_phy/esp32/include" "-I{compiler.sdk.path}/include/esp_ipc/include" "-I{compiler.sdk.path}/include/app_trace/include" "-I{compiler.sdk.path}/include/esp_timer/include" "-I{compiler.sdk.path}/include/mbedtls/port/include" "-I{compiler.sdk.path}/include/mbedtls/mbedtls/include" "-I{compiler.sdk.path}/include/mbedtls/esp_crt_bundle/include" "-I{compiler.sdk.path}/include/app_update/include" "-I{compiler.sdk.path}/include/spi_flash/include" "-I{compiler.sdk.path}/include/bootloader_support/include" "-I{compiler.sdk.path}/include/nvs_flash/include" "-I{compiler.sdk.path}/include/pthread/include" "-I{compiler.sdk.path}/include/esp_gdbstub/include" "-I{compiler.sdk.path}/include/esp_gdbstub/xtensa" "-I{compiler.sdk.path}/include/esp_gdbstub/esp32" "-I{compiler.sdk.path}/include/espcoredump/include" "-I{compiler.sdk.path}/include/espcoredump/include/port/xtensa" "-I{compiler.sdk.path}/include/wpa_supplicant/include" "-I{compiler.sdk.path}/include/wpa_supplicant/port/include" "-I{compiler.sdk.path}/include/wpa_supplicant/esp_supplicant/include" "-I{compiler.sdk.path}/include/ieee802154/include" "-I{compiler.sdk.path}/include/console" "-I{compiler.sdk.path}/include/asio/asio/asio/include" "-I{compiler.sdk.path}/include/asio/port/include" "-I{compiler.sdk.path}/include/bt/common/osi/include" "-I{compiler.sdk.path}/include/bt/include/esp32/include" "-I{compiler.sdk.path}/include/bt/common/api/include/api" "-I{compiler.sdk.path}/include/bt/common/btc/profile/esp/blufi/include" "-I{compiler.sdk.path}/include/bt/common/btc/profile/esp/include" "-I{compiler.sdk.path}/include/bt/host/bluedroid/api/include/api" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_common/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_common/tinycrypt/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core/storage" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/btc/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/common/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/client/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/server/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api/core/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api/models/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api" "-I{compiler.sdk.path}/include/cbor/port/include" "-I{compiler.sdk.path}/include/unity/include" "-I{compiler.sdk.path}/include/unity/unity/src" "-I{compiler.sdk.path}/include/cmock/CMock/src" "-I{compiler.sdk.path}/include/coap/port/include" "-I{compiler.sdk.path}/include/coap/libcoap/include" "-I{compiler.sdk.path}/include/nghttp/port/include" "-I{compiler.sdk.path}/include/nghttp/nghttp2/lib/includes" "-I{compiler.sdk.path}/include/esp-tls" "-I{compiler.sdk.path}/include/esp-tls/esp-tls-crypto" "-I{compiler.sdk.path}/include/esp_adc_cal/include" "-I{compiler.sdk.path}/include/esp_hid/include" "-I{compiler.sdk.path}/include/tcp_transport/include" "-I{compiler.sdk.path}/include/esp_http_client/include" "-I{compiler.sdk.path}/include/esp_http_server/include" "-I{compiler.sdk.path}/include/esp_https_ota/include" "-I{compiler.sdk.path}/include/esp_https_server/include" "-I{compiler.sdk.path}/include/esp_lcd/include" "-I{compiler.sdk.path}/include/esp_lcd/interface" "-I{compiler.sdk.path}/include/protobuf-c/protobuf-c" "-I{compiler.sdk.path}/include/protocomm/include/common" "-I{compiler.sdk.path}/include/protocomm/include/security" "-I{compiler.sdk.path}/include/protocomm/include/transports" "-I{compiler.sdk.path}/include/mdns/include" "-I{compiler.sdk.path}/include/esp_local_ctrl/include" "-I{compiler.sdk.path}/include/sdmmc/include" "-I{compiler.sdk.path}/include/esp_serial_slave_link/include" "-I{compiler.sdk.path}/include/esp_websocket_client/include" "-I{compiler.sdk.path}/include/expat/expat/expat/lib" "-I{compiler.sdk.path}/include/expat/port/include" "-I{compiler.sdk.path}/include/wear_levelling/include" "-I{compiler.sdk.path}/include/fatfs/diskio" "-I{compiler.sdk.path}/include/fatfs/vfs" "-I{compiler.sdk.path}/include/fatfs/src" "-I{compiler.sdk.path}/include/freemodbus/common/include" "-I{compiler.sdk.path}/include/idf_test/include" "-I{compiler.sdk.path}/include/idf_test/include/esp32" "-I{compiler.sdk.path}/include/jsmn/include" "-I{compiler.sdk.path}/include/json/cJSON" "-I{compiler.sdk.path}/include/libsodium/libsodium/src/libsodium/include" "-I{compiler.sdk.path}/include/libsodium/port_include" "-I{compiler.sdk.path}/include/mqtt/esp-mqtt/include" "-I{compiler.sdk.path}/include/openssl/include" "-I{compiler.sdk.path}/include/perfmon/include" "-I{compiler.sdk.path}/include/spiffs/include" "-I{compiler.sdk.path}/include/ulp/include" "-I{compiler.sdk.path}/include/wifi_provisioning/include" "-I{compiler.sdk.path}/include/button/button/include" "-I{compiler.sdk.path}/include/rmaker_common/include" "-I{compiler.sdk.path}/include/json_parser/upstream/include" "-I{compiler.sdk.path}/include/json_parser/upstream" "-I{compiler.sdk.path}/include/json_generator/upstream" "-I{compiler.sdk.path}/include/esp_schedule/include" "-I{compiler.sdk.path}/include/esp_rainmaker/include" "-I{compiler.sdk.path}/include/qrcode/include" "-I{compiler.sdk.path}/include/ws2812_led" "-I{compiler.sdk.path}/include/esp-dsp/modules/dotprod/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/support/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/hann/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_harris/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/flat_top/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/iir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/add/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sub/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mul/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/addc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mulc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sqrt/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/matrix/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fft/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/dct/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/conv/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/common/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf_imu13states/include" "-I{compiler.sdk.path}/include/esp_littlefs/src" "-I{compiler.sdk.path}/include/esp_littlefs/include" "-I{compiler.sdk.path}/include/esp-dl/include" "-I{compiler.sdk.path}/include/esp-dl/include/tool" "-I{compiler.sdk.path}/include/esp-dl/include/typedef" "-I{compiler.sdk.path}/include/esp-dl/include/image" "-I{compiler.sdk.path}/include/esp-dl/include/math" "-I{compiler.sdk.path}/include/esp-dl/include/nn" "-I{compiler.sdk.path}/include/esp-dl/include/layer" "-I{compiler.sdk.path}/include/esp-dl/include/detect" "-I{compiler.sdk.path}/include/esp-dl/include/model_zoo" "-I{compiler.sdk.path}/include/esp-sr/esp-tts/esp_tts_chinese/include" "-I{compiler.sdk.path}/include/esp-sr/include/esp32" "-I{compiler.sdk.path}/include/esp32-camera/driver/include" "-I{compiler.sdk.path}/include/esp32-camera/conversions/include" "-I{compiler.sdk.path}/include/fb_gfx/include"
+compiler.cpreprocessor.flags.esp32=-DHAVE_CONFIG_H -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h" -DUNITY_INCLUDE_CONFIG_H -DWITH_POSIX -D_GNU_SOURCE -DIDF_VER="v4.4.1-581-gee2029c38a" -DESP_PLATFORM -D_POSIX_READER_WRITER_LOCKS   "-I{compiler.sdk.path}/include/newlib/platform_include" "-I{compiler.sdk.path}/include/freertos/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions/freertos" "-I{compiler.sdk.path}/include/freertos/port/xtensa/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions" "-I{compiler.sdk.path}/include/esp_hw_support/include" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc/esp32" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32/private_include" "-I{compiler.sdk.path}/include/heap/include" "-I{compiler.sdk.path}/include/log/include" "-I{compiler.sdk.path}/include/lwip/include/apps" "-I{compiler.sdk.path}/include/lwip/include/apps/sntp" "-I{compiler.sdk.path}/include/lwip/lwip/src/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include/arch" "-I{compiler.sdk.path}/include/soc/include" "-I{compiler.sdk.path}/include/soc/esp32" "-I{compiler.sdk.path}/include/soc/esp32/include" "-I{compiler.sdk.path}/include/hal/esp32/include" "-I{compiler.sdk.path}/include/hal/include" "-I{compiler.sdk.path}/include/hal/platform_port/include" "-I{compiler.sdk.path}/include/esp_rom/include" "-I{compiler.sdk.path}/include/esp_rom/include/esp32" "-I{compiler.sdk.path}/include/esp_rom/esp32" "-I{compiler.sdk.path}/include/esp_common/include" "-I{compiler.sdk.path}/include/esp_system/include" "-I{compiler.sdk.path}/include/esp_system/port/soc" "-I{compiler.sdk.path}/include/esp_system/port/public_compat" "-I{compiler.sdk.path}/include/esp32/include" "-I{compiler.sdk.path}/include/xtensa/include" "-I{compiler.sdk.path}/include/xtensa/esp32/include" "-I{compiler.sdk.path}/include/driver/include" "-I{compiler.sdk.path}/include/driver/esp32/include" "-I{compiler.sdk.path}/include/esp_pm/include" "-I{compiler.sdk.path}/include/esp_ringbuf/include" "-I{compiler.sdk.path}/include/efuse/include" "-I{compiler.sdk.path}/include/efuse/esp32/include" "-I{compiler.sdk.path}/include/vfs/include" "-I{compiler.sdk.path}/include/esp_wifi/include" "-I{compiler.sdk.path}/include/esp_event/include" "-I{compiler.sdk.path}/include/esp_netif/include" "-I{compiler.sdk.path}/include/esp_eth/include" "-I{compiler.sdk.path}/include/tcpip_adapter/include" "-I{compiler.sdk.path}/include/esp_phy/include" "-I{compiler.sdk.path}/include/esp_phy/esp32/include" "-I{compiler.sdk.path}/include/esp_ipc/include" "-I{compiler.sdk.path}/include/app_trace/include" "-I{compiler.sdk.path}/include/esp_timer/include" "-I{compiler.sdk.path}/include/mbedtls/port/include" "-I{compiler.sdk.path}/include/mbedtls/mbedtls/include" "-I{compiler.sdk.path}/include/mbedtls/esp_crt_bundle/include" "-I{compiler.sdk.path}/include/app_update/include" "-I{compiler.sdk.path}/include/spi_flash/include" "-I{compiler.sdk.path}/include/bootloader_support/include" "-I{compiler.sdk.path}/include/nvs_flash/include" "-I{compiler.sdk.path}/include/pthread/include" "-I{compiler.sdk.path}/include/esp_gdbstub/include" "-I{compiler.sdk.path}/include/esp_gdbstub/xtensa" "-I{compiler.sdk.path}/include/esp_gdbstub/esp32" "-I{compiler.sdk.path}/include/espcoredump/include" "-I{compiler.sdk.path}/include/espcoredump/include/port/xtensa" "-I{compiler.sdk.path}/include/wpa_supplicant/include" "-I{compiler.sdk.path}/include/wpa_supplicant/port/include" "-I{compiler.sdk.path}/include/wpa_supplicant/esp_supplicant/include" "-I{compiler.sdk.path}/include/ieee802154/include" "-I{compiler.sdk.path}/include/console" "-I{compiler.sdk.path}/include/asio/asio/asio/include" "-I{compiler.sdk.path}/include/asio/port/include" "-I{compiler.sdk.path}/include/bt/common/osi/include" "-I{compiler.sdk.path}/include/bt/include/esp32/include" "-I{compiler.sdk.path}/include/bt/common/api/include/api" "-I{compiler.sdk.path}/include/bt/common/btc/profile/esp/blufi/include" "-I{compiler.sdk.path}/include/bt/common/btc/profile/esp/include" "-I{compiler.sdk.path}/include/bt/host/bluedroid/api/include/api" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_common/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_common/tinycrypt/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core/storage" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/btc/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/common/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/client/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/server/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api/core/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api/models/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api" "-I{compiler.sdk.path}/include/cbor/port/include" "-I{compiler.sdk.path}/include/unity/include" "-I{compiler.sdk.path}/include/unity/unity/src" "-I{compiler.sdk.path}/include/cmock/CMock/src" "-I{compiler.sdk.path}/include/coap/port/include" "-I{compiler.sdk.path}/include/coap/libcoap/include" "-I{compiler.sdk.path}/include/nghttp/port/include" "-I{compiler.sdk.path}/include/nghttp/nghttp2/lib/includes" "-I{compiler.sdk.path}/include/esp-tls" "-I{compiler.sdk.path}/include/esp-tls/esp-tls-crypto" "-I{compiler.sdk.path}/include/esp_adc_cal/include" "-I{compiler.sdk.path}/include/esp_hid/include" "-I{compiler.sdk.path}/include/tcp_transport/include" "-I{compiler.sdk.path}/include/esp_http_client/include" "-I{compiler.sdk.path}/include/esp_http_server/include" "-I{compiler.sdk.path}/include/esp_https_ota/include" "-I{compiler.sdk.path}/include/esp_https_server/include" "-I{compiler.sdk.path}/include/esp_lcd/include" "-I{compiler.sdk.path}/include/esp_lcd/interface" "-I{compiler.sdk.path}/include/protobuf-c/protobuf-c" "-I{compiler.sdk.path}/include/protocomm/include/common" "-I{compiler.sdk.path}/include/protocomm/include/security" "-I{compiler.sdk.path}/include/protocomm/include/transports" "-I{compiler.sdk.path}/include/mdns/include" "-I{compiler.sdk.path}/include/esp_local_ctrl/include" "-I{compiler.sdk.path}/include/sdmmc/include" "-I{compiler.sdk.path}/include/esp_serial_slave_link/include" "-I{compiler.sdk.path}/include/esp_websocket_client/include" "-I{compiler.sdk.path}/include/expat/expat/expat/lib" "-I{compiler.sdk.path}/include/expat/port/include" "-I{compiler.sdk.path}/include/wear_levelling/include" "-I{compiler.sdk.path}/include/fatfs/diskio" "-I{compiler.sdk.path}/include/fatfs/vfs" "-I{compiler.sdk.path}/include/fatfs/src" "-I{compiler.sdk.path}/include/freemodbus/common/include" "-I{compiler.sdk.path}/include/idf_test/include" "-I{compiler.sdk.path}/include/idf_test/include/esp32" "-I{compiler.sdk.path}/include/jsmn/include" "-I{compiler.sdk.path}/include/json/cJSON" "-I{compiler.sdk.path}/include/libsodium/libsodium/src/libsodium/include" "-I{compiler.sdk.path}/include/libsodium/port_include" "-I{compiler.sdk.path}/include/mqtt/esp-mqtt/include" "-I{compiler.sdk.path}/include/openssl/include" "-I{compiler.sdk.path}/include/perfmon/include" "-I{compiler.sdk.path}/include/spiffs/include" "-I{compiler.sdk.path}/include/ulp/include" "-I{compiler.sdk.path}/include/wifi_provisioning/include" "-I{compiler.sdk.path}/include/button/button/include" "-I{compiler.sdk.path}/include/rmaker_common/include" "-I{compiler.sdk.path}/include/json_parser/upstream/include" "-I{compiler.sdk.path}/include/json_parser/upstream" "-I{compiler.sdk.path}/include/json_generator/upstream" "-I{compiler.sdk.path}/include/esp_schedule/include" "-I{compiler.sdk.path}/include/esp_rainmaker/include" "-I{compiler.sdk.path}/include/qrcode/include" "-I{compiler.sdk.path}/include/ws2812_led" "-I{compiler.sdk.path}/include/esp-dsp/modules/dotprod/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/support/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/hann/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_harris/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/flat_top/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/iir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/add/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sub/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mul/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/addc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mulc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sqrt/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/matrix/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fft/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/dct/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/conv/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/common/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf_imu13states/include" "-I{compiler.sdk.path}/include/esp_littlefs/src" "-I{compiler.sdk.path}/include/esp_littlefs/include" "-I{compiler.sdk.path}/include/esp-dl/include" "-I{compiler.sdk.path}/include/esp-dl/include/tool" "-I{compiler.sdk.path}/include/esp-dl/include/typedef" "-I{compiler.sdk.path}/include/esp-dl/include/image" "-I{compiler.sdk.path}/include/esp-dl/include/math" "-I{compiler.sdk.path}/include/esp-dl/include/nn" "-I{compiler.sdk.path}/include/esp-dl/include/layer" "-I{compiler.sdk.path}/include/esp-dl/include/detect" "-I{compiler.sdk.path}/include/esp-dl/include/model_zoo" "-I{compiler.sdk.path}/include/esp-sr/esp-tts/esp_tts_chinese/include" "-I{compiler.sdk.path}/include/esp-sr/include/esp32" "-I{compiler.sdk.path}/include/esp32-camera/driver/include" "-I{compiler.sdk.path}/include/esp32-camera/conversions/include" "-I{compiler.sdk.path}/include/fb_gfx/include"
 compiler.c.elf.libs.esp32=-lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lasio -lbt -lcbor -lunity -lcmock -lcoap -lnghttp -lesp-tls -lesp_adc_cal -lesp_hid -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lesp_https_server -lesp_lcd -lprotobuf-c -lprotocomm -lmdns -lesp_local_ctrl -lsdmmc -lesp_serial_slave_link -lesp_websocket_client -lexpat -lwear_levelling -lfatfs -lfreemodbus -ljsmn -ljson -llibsodium -lmqtt -lopenssl -lperfmon -lspiffs -lulp -lwifi_provisioning -lbutton -lrmaker_common -ljson_parser -ljson_generator -lesp_schedule -lesp_rainmaker -lqrcode -lws2812_led -lesp-dsp -lesp-sr -lesp32-camera -lesp_littlefs -lfb_gfx -lasio -lcbor -lcmock -lunity -lcoap -lesp_lcd -lesp_websocket_client -lexpat -lfreemodbus -ljsmn -llibsodium -lperfmon -lesp_adc_cal -lesp_hid -lfatfs -lwear_levelling -lopenssl -lesp_rainmaker -lesp_local_ctrl -lesp_https_server -lwifi_provisioning -lprotocomm -lbt -lbtdm_app -lprotobuf-c -lmdns -lrmaker_common -lmqtt -ljson_parser -ljson_generator -lesp_schedule -lqrcode -lcat_face_detect -lhuman_face_detect -lcolor_detect -lmfn -ldl -lwakenet -lmultinet -lesp_audio_processor -lesp_audio_front_end -lesp-sr -lwakenet -lmultinet -lesp_audio_processor -lesp_audio_front_end -ljson -lspiffs -ldl_lib -lc_speech_features -lhilexin_wn5 -lhilexin_wn5X2 -lhilexin_wn5X3 -lnihaoxiaozhi_wn5 -lnihaoxiaozhi_wn5X2 -lnihaoxiaozhi_wn5X3 -lnihaoxiaoxin_wn5X3 -lcustomized_word_wn5 -lmultinet2_ch -lesp_tts_chinese -lvoice_set_xiaole -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lphy -lrtc -lesp_phy -lphy -lrtc -lesp_phy -lphy -lrtc -lxt_hal -lm -lnewlib -lstdc++ -lpthread -lgcc -lcxx -lapp_trace -lgcov -lapp_trace -lgcov -lc 
 compiler.c.flags.esp32=-mlongcalls -Wno-frame-address -ffunction-sections -fdata-sections -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wno-unused-parameter -Wno-sign-compare -ggdb -Os -freorder-blocks -Wwrite-strings -fstack-protector -fstrict-volatile-bitfields -Wno-error=unused-but-set-variable -fno-jump-tables -fno-tree-switch-conversion -std=gnu99 -Wno-old-style-declaration  -MMD -c
 compiler.cpp.flags.esp32=-mlongcalls -Wno-frame-address -ffunction-sections -fdata-sections -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wno-unused-parameter -Wno-sign-compare -ggdb -Os -freorder-blocks -Wwrite-strings -fstack-protector -fstrict-volatile-bitfields -Wno-error=unused-but-set-variable -fno-jump-tables -fno-tree-switch-conversion -std=gnu++11 -fexceptions -fno-rtti  -MMD -c
@@ -42,7 +42,7 @@ build.extra_flags.esp32=-DARDUINO_USB_CDC_ON_BOOT=0
 #
 # ESP32S3 Support Start
 #
-compiler.cpreprocessor.flags.esp32s3=-DHAVE_CONFIG_H -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h" -DUNITY_INCLUDE_CONFIG_H -DWITH_POSIX -D_GNU_SOURCE -DIDF_VER="v4.4.1-472-gc9140caf8c" -DESP_PLATFORM -D_POSIX_READER_WRITER_LOCKS   "-I{compiler.sdk.path}/include/newlib/platform_include" "-I{compiler.sdk.path}/include/freertos/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions/freertos" "-I{compiler.sdk.path}/include/freertos/port/xtensa/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions" "-I{compiler.sdk.path}/include/esp_hw_support/include" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc/esp32s3" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32s3" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32s3/private_include" "-I{compiler.sdk.path}/include/heap/include" "-I{compiler.sdk.path}/include/log/include" "-I{compiler.sdk.path}/include/lwip/include/apps" "-I{compiler.sdk.path}/include/lwip/include/apps/sntp" "-I{compiler.sdk.path}/include/lwip/lwip/src/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include/arch" "-I{compiler.sdk.path}/include/soc/include" "-I{compiler.sdk.path}/include/soc/esp32s3" "-I{compiler.sdk.path}/include/soc/esp32s3/include" "-I{compiler.sdk.path}/include/hal/esp32s3/include" "-I{compiler.sdk.path}/include/hal/include" "-I{compiler.sdk.path}/include/hal/platform_port/include" "-I{compiler.sdk.path}/include/esp_rom/include" "-I{compiler.sdk.path}/include/esp_rom/include/esp32s3" "-I{compiler.sdk.path}/include/esp_rom/esp32s3" "-I{compiler.sdk.path}/include/esp_common/include" "-I{compiler.sdk.path}/include/esp_system/include" "-I{compiler.sdk.path}/include/esp_system/port/soc" "-I{compiler.sdk.path}/include/esp_system/port/public_compat" "-I{compiler.sdk.path}/include/xtensa/include" "-I{compiler.sdk.path}/include/xtensa/esp32s3/include" "-I{compiler.sdk.path}/include/driver/include" "-I{compiler.sdk.path}/include/driver/esp32s3/include" "-I{compiler.sdk.path}/include/esp_pm/include" "-I{compiler.sdk.path}/include/esp_ringbuf/include" "-I{compiler.sdk.path}/include/efuse/include" "-I{compiler.sdk.path}/include/efuse/esp32s3/include" "-I{compiler.sdk.path}/include/vfs/include" "-I{compiler.sdk.path}/include/esp_wifi/include" "-I{compiler.sdk.path}/include/esp_event/include" "-I{compiler.sdk.path}/include/esp_netif/include" "-I{compiler.sdk.path}/include/esp_eth/include" "-I{compiler.sdk.path}/include/tcpip_adapter/include" "-I{compiler.sdk.path}/include/esp_phy/include" "-I{compiler.sdk.path}/include/esp_phy/esp32s3/include" "-I{compiler.sdk.path}/include/esp_ipc/include" "-I{compiler.sdk.path}/include/app_trace/include" "-I{compiler.sdk.path}/include/esp_timer/include" "-I{compiler.sdk.path}/include/mbedtls/port/include" "-I{compiler.sdk.path}/include/mbedtls/mbedtls/include" "-I{compiler.sdk.path}/include/mbedtls/esp_crt_bundle/include" "-I{compiler.sdk.path}/include/app_update/include" "-I{compiler.sdk.path}/include/spi_flash/include" "-I{compiler.sdk.path}/include/bootloader_support/include" "-I{compiler.sdk.path}/include/nvs_flash/include" "-I{compiler.sdk.path}/include/pthread/include" "-I{compiler.sdk.path}/include/esp_gdbstub/include" "-I{compiler.sdk.path}/include/esp_gdbstub/xtensa" "-I{compiler.sdk.path}/include/esp_gdbstub/esp32s3" "-I{compiler.sdk.path}/include/espcoredump/include" "-I{compiler.sdk.path}/include/espcoredump/include/port/xtensa" "-I{compiler.sdk.path}/include/wpa_supplicant/include" "-I{compiler.sdk.path}/include/wpa_supplicant/port/include" "-I{compiler.sdk.path}/include/wpa_supplicant/esp_supplicant/include" "-I{compiler.sdk.path}/include/ieee802154/include" "-I{compiler.sdk.path}/include/console" "-I{compiler.sdk.path}/include/asio/asio/asio/include" "-I{compiler.sdk.path}/include/asio/port/include" "-I{compiler.sdk.path}/include/bt/common/osi/include" "-I{compiler.sdk.path}/include/bt/include/esp32s3/include" "-I{compiler.sdk.path}/include/bt/common/api/include/api" "-I{compiler.sdk.path}/include/bt/common/btc/profile/esp/blufi/include" "-I{compiler.sdk.path}/include/bt/common/btc/profile/esp/include" "-I{compiler.sdk.path}/include/bt/host/bluedroid/api/include/api" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_common/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_common/tinycrypt/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core/storage" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/btc/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/common/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/client/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/server/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api/core/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api/models/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api" "-I{compiler.sdk.path}/include/cbor/port/include" "-I{compiler.sdk.path}/include/unity/include" "-I{compiler.sdk.path}/include/unity/unity/src" "-I{compiler.sdk.path}/include/cmock/CMock/src" "-I{compiler.sdk.path}/include/coap/port/include" "-I{compiler.sdk.path}/include/coap/libcoap/include" "-I{compiler.sdk.path}/include/nghttp/port/include" "-I{compiler.sdk.path}/include/nghttp/nghttp2/lib/includes" "-I{compiler.sdk.path}/include/esp-tls" "-I{compiler.sdk.path}/include/esp-tls/esp-tls-crypto" "-I{compiler.sdk.path}/include/esp_adc_cal/include" "-I{compiler.sdk.path}/include/esp_hid/include" "-I{compiler.sdk.path}/include/tcp_transport/include" "-I{compiler.sdk.path}/include/esp_http_client/include" "-I{compiler.sdk.path}/include/esp_http_server/include" "-I{compiler.sdk.path}/include/esp_https_ota/include" "-I{compiler.sdk.path}/include/esp_https_server/include" "-I{compiler.sdk.path}/include/esp_lcd/include" "-I{compiler.sdk.path}/include/esp_lcd/interface" "-I{compiler.sdk.path}/include/protobuf-c/protobuf-c" "-I{compiler.sdk.path}/include/protocomm/include/common" "-I{compiler.sdk.path}/include/protocomm/include/security" "-I{compiler.sdk.path}/include/protocomm/include/transports" "-I{compiler.sdk.path}/include/mdns/include" "-I{compiler.sdk.path}/include/esp_local_ctrl/include" "-I{compiler.sdk.path}/include/sdmmc/include" "-I{compiler.sdk.path}/include/esp_serial_slave_link/include" "-I{compiler.sdk.path}/include/esp_websocket_client/include" "-I{compiler.sdk.path}/include/expat/expat/expat/lib" "-I{compiler.sdk.path}/include/expat/port/include" "-I{compiler.sdk.path}/include/wear_levelling/include" "-I{compiler.sdk.path}/include/fatfs/diskio" "-I{compiler.sdk.path}/include/fatfs/vfs" "-I{compiler.sdk.path}/include/fatfs/src" "-I{compiler.sdk.path}/include/freemodbus/common/include" "-I{compiler.sdk.path}/include/idf_test/include" "-I{compiler.sdk.path}/include/idf_test/include/esp32s3" "-I{compiler.sdk.path}/include/jsmn/include" "-I{compiler.sdk.path}/include/json/cJSON" "-I{compiler.sdk.path}/include/libsodium/libsodium/src/libsodium/include" "-I{compiler.sdk.path}/include/libsodium/port_include" "-I{compiler.sdk.path}/include/mqtt/esp-mqtt/include" "-I{compiler.sdk.path}/include/openssl/include" "-I{compiler.sdk.path}/include/perfmon/include" "-I{compiler.sdk.path}/include/spiffs/include" "-I{compiler.sdk.path}/include/usb/include" "-I{compiler.sdk.path}/include/ulp/include" "-I{compiler.sdk.path}/include/wifi_provisioning/include" "-I{compiler.sdk.path}/include/button/button/include" "-I{compiler.sdk.path}/include/rmaker_common/include" "-I{compiler.sdk.path}/include/json_parser/upstream/include" "-I{compiler.sdk.path}/include/json_parser/upstream" "-I{compiler.sdk.path}/include/json_generator/upstream" "-I{compiler.sdk.path}/include/esp_schedule/include" "-I{compiler.sdk.path}/include/esp_rainmaker/include" "-I{compiler.sdk.path}/include/qrcode/include" "-I{compiler.sdk.path}/include/ws2812_led" "-I{compiler.sdk.path}/include/esp-dsp/modules/dotprod/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/support/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/hann/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_harris/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/flat_top/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/iir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/add/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sub/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mul/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/addc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mulc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sqrt/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/matrix/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fft/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/dct/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/conv/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/common/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf_imu13states/include" "-I{compiler.sdk.path}/include/freertos/include/freertos" "-I{compiler.sdk.path}/include/arduino_tinyusb/tinyusb/src" "-I{compiler.sdk.path}/include/arduino_tinyusb/include" "-I{compiler.sdk.path}/include/esp_littlefs/src" "-I{compiler.sdk.path}/include/esp_littlefs/include" "-I{compiler.sdk.path}/include/esp-dl/include" "-I{compiler.sdk.path}/include/esp-dl/include/tool" "-I{compiler.sdk.path}/include/esp-dl/include/typedef" "-I{compiler.sdk.path}/include/esp-dl/include/image" "-I{compiler.sdk.path}/include/esp-dl/include/math" "-I{compiler.sdk.path}/include/esp-dl/include/nn" "-I{compiler.sdk.path}/include/esp-dl/include/layer" "-I{compiler.sdk.path}/include/esp-dl/include/detect" "-I{compiler.sdk.path}/include/esp-dl/include/model_zoo" "-I{compiler.sdk.path}/include/esp-sr/esp-tts/esp_tts_chinese/include" "-I{compiler.sdk.path}/include/esp-sr/include/esp32s3" "-I{compiler.sdk.path}/include/esp32-camera/driver/include" "-I{compiler.sdk.path}/include/esp32-camera/conversions/include" "-I{compiler.sdk.path}/include/fb_gfx/include"
+compiler.cpreprocessor.flags.esp32s3=-DHAVE_CONFIG_H -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h" -DUNITY_INCLUDE_CONFIG_H -DWITH_POSIX -D_GNU_SOURCE -DIDF_VER="v4.4.1-581-gee2029c38a" -DESP_PLATFORM -D_POSIX_READER_WRITER_LOCKS   "-I{compiler.sdk.path}/include/newlib/platform_include" "-I{compiler.sdk.path}/include/freertos/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions/freertos" "-I{compiler.sdk.path}/include/freertos/port/xtensa/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions" "-I{compiler.sdk.path}/include/esp_hw_support/include" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc/esp32s3" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32s3" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32s3/private_include" "-I{compiler.sdk.path}/include/heap/include" "-I{compiler.sdk.path}/include/log/include" "-I{compiler.sdk.path}/include/lwip/include/apps" "-I{compiler.sdk.path}/include/lwip/include/apps/sntp" "-I{compiler.sdk.path}/include/lwip/lwip/src/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include/arch" "-I{compiler.sdk.path}/include/soc/include" "-I{compiler.sdk.path}/include/soc/esp32s3" "-I{compiler.sdk.path}/include/soc/esp32s3/include" "-I{compiler.sdk.path}/include/hal/esp32s3/include" "-I{compiler.sdk.path}/include/hal/include" "-I{compiler.sdk.path}/include/hal/platform_port/include" "-I{compiler.sdk.path}/include/esp_rom/include" "-I{compiler.sdk.path}/include/esp_rom/include/esp32s3" "-I{compiler.sdk.path}/include/esp_rom/esp32s3" "-I{compiler.sdk.path}/include/esp_common/include" "-I{compiler.sdk.path}/include/esp_system/include" "-I{compiler.sdk.path}/include/esp_system/port/soc" "-I{compiler.sdk.path}/include/esp_system/port/public_compat" "-I{compiler.sdk.path}/include/xtensa/include" "-I{compiler.sdk.path}/include/xtensa/esp32s3/include" "-I{compiler.sdk.path}/include/driver/include" "-I{compiler.sdk.path}/include/driver/esp32s3/include" "-I{compiler.sdk.path}/include/esp_pm/include" "-I{compiler.sdk.path}/include/esp_ringbuf/include" "-I{compiler.sdk.path}/include/efuse/include" "-I{compiler.sdk.path}/include/efuse/esp32s3/include" "-I{compiler.sdk.path}/include/vfs/include" "-I{compiler.sdk.path}/include/esp_wifi/include" "-I{compiler.sdk.path}/include/esp_event/include" "-I{compiler.sdk.path}/include/esp_netif/include" "-I{compiler.sdk.path}/include/esp_eth/include" "-I{compiler.sdk.path}/include/tcpip_adapter/include" "-I{compiler.sdk.path}/include/esp_phy/include" "-I{compiler.sdk.path}/include/esp_phy/esp32s3/include" "-I{compiler.sdk.path}/include/esp_ipc/include" "-I{compiler.sdk.path}/include/app_trace/include" "-I{compiler.sdk.path}/include/esp_timer/include" "-I{compiler.sdk.path}/include/mbedtls/port/include" "-I{compiler.sdk.path}/include/mbedtls/mbedtls/include" "-I{compiler.sdk.path}/include/mbedtls/esp_crt_bundle/include" "-I{compiler.sdk.path}/include/app_update/include" "-I{compiler.sdk.path}/include/spi_flash/include" "-I{compiler.sdk.path}/include/bootloader_support/include" "-I{compiler.sdk.path}/include/nvs_flash/include" "-I{compiler.sdk.path}/include/pthread/include" "-I{compiler.sdk.path}/include/esp_gdbstub/include" "-I{compiler.sdk.path}/include/esp_gdbstub/xtensa" "-I{compiler.sdk.path}/include/esp_gdbstub/esp32s3" "-I{compiler.sdk.path}/include/espcoredump/include" "-I{compiler.sdk.path}/include/espcoredump/include/port/xtensa" "-I{compiler.sdk.path}/include/wpa_supplicant/include" "-I{compiler.sdk.path}/include/wpa_supplicant/port/include" "-I{compiler.sdk.path}/include/wpa_supplicant/esp_supplicant/include" "-I{compiler.sdk.path}/include/ieee802154/include" "-I{compiler.sdk.path}/include/console" "-I{compiler.sdk.path}/include/asio/asio/asio/include" "-I{compiler.sdk.path}/include/asio/port/include" "-I{compiler.sdk.path}/include/bt/common/osi/include" "-I{compiler.sdk.path}/include/bt/include/esp32s3/include" "-I{compiler.sdk.path}/include/bt/common/api/include/api" "-I{compiler.sdk.path}/include/bt/common/btc/profile/esp/blufi/include" "-I{compiler.sdk.path}/include/bt/common/btc/profile/esp/include" "-I{compiler.sdk.path}/include/bt/host/bluedroid/api/include/api" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_common/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_common/tinycrypt/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core/storage" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/btc/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/common/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/client/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/server/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api/core/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api/models/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api" "-I{compiler.sdk.path}/include/cbor/port/include" "-I{compiler.sdk.path}/include/unity/include" "-I{compiler.sdk.path}/include/unity/unity/src" "-I{compiler.sdk.path}/include/cmock/CMock/src" "-I{compiler.sdk.path}/include/coap/port/include" "-I{compiler.sdk.path}/include/coap/libcoap/include" "-I{compiler.sdk.path}/include/nghttp/port/include" "-I{compiler.sdk.path}/include/nghttp/nghttp2/lib/includes" "-I{compiler.sdk.path}/include/esp-tls" "-I{compiler.sdk.path}/include/esp-tls/esp-tls-crypto" "-I{compiler.sdk.path}/include/esp_adc_cal/include" "-I{compiler.sdk.path}/include/esp_hid/include" "-I{compiler.sdk.path}/include/tcp_transport/include" "-I{compiler.sdk.path}/include/esp_http_client/include" "-I{compiler.sdk.path}/include/esp_http_server/include" "-I{compiler.sdk.path}/include/esp_https_ota/include" "-I{compiler.sdk.path}/include/esp_https_server/include" "-I{compiler.sdk.path}/include/esp_lcd/include" "-I{compiler.sdk.path}/include/esp_lcd/interface" "-I{compiler.sdk.path}/include/protobuf-c/protobuf-c" "-I{compiler.sdk.path}/include/protocomm/include/common" "-I{compiler.sdk.path}/include/protocomm/include/security" "-I{compiler.sdk.path}/include/protocomm/include/transports" "-I{compiler.sdk.path}/include/mdns/include" "-I{compiler.sdk.path}/include/esp_local_ctrl/include" "-I{compiler.sdk.path}/include/sdmmc/include" "-I{compiler.sdk.path}/include/esp_serial_slave_link/include" "-I{compiler.sdk.path}/include/esp_websocket_client/include" "-I{compiler.sdk.path}/include/expat/expat/expat/lib" "-I{compiler.sdk.path}/include/expat/port/include" "-I{compiler.sdk.path}/include/wear_levelling/include" "-I{compiler.sdk.path}/include/fatfs/diskio" "-I{compiler.sdk.path}/include/fatfs/vfs" "-I{compiler.sdk.path}/include/fatfs/src" "-I{compiler.sdk.path}/include/freemodbus/common/include" "-I{compiler.sdk.path}/include/idf_test/include" "-I{compiler.sdk.path}/include/idf_test/include/esp32s3" "-I{compiler.sdk.path}/include/jsmn/include" "-I{compiler.sdk.path}/include/json/cJSON" "-I{compiler.sdk.path}/include/libsodium/libsodium/src/libsodium/include" "-I{compiler.sdk.path}/include/libsodium/port_include" "-I{compiler.sdk.path}/include/mqtt/esp-mqtt/include" "-I{compiler.sdk.path}/include/openssl/include" "-I{compiler.sdk.path}/include/perfmon/include" "-I{compiler.sdk.path}/include/spiffs/include" "-I{compiler.sdk.path}/include/usb/include" "-I{compiler.sdk.path}/include/ulp/include" "-I{compiler.sdk.path}/include/wifi_provisioning/include" "-I{compiler.sdk.path}/include/button/button/include" "-I{compiler.sdk.path}/include/rmaker_common/include" "-I{compiler.sdk.path}/include/json_parser/upstream/include" "-I{compiler.sdk.path}/include/json_parser/upstream" "-I{compiler.sdk.path}/include/json_generator/upstream" "-I{compiler.sdk.path}/include/esp_schedule/include" "-I{compiler.sdk.path}/include/esp_rainmaker/include" "-I{compiler.sdk.path}/include/qrcode/include" "-I{compiler.sdk.path}/include/ws2812_led" "-I{compiler.sdk.path}/include/esp-dsp/modules/dotprod/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/support/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/hann/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_harris/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/flat_top/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/iir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/add/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sub/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mul/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/addc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mulc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sqrt/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/matrix/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fft/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/dct/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/conv/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/common/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf_imu13states/include" "-I{compiler.sdk.path}/include/freertos/include/freertos" "-I{compiler.sdk.path}/include/arduino_tinyusb/tinyusb/src" "-I{compiler.sdk.path}/include/arduino_tinyusb/include" "-I{compiler.sdk.path}/include/esp_littlefs/src" "-I{compiler.sdk.path}/include/esp_littlefs/include" "-I{compiler.sdk.path}/include/esp-dl/include" "-I{compiler.sdk.path}/include/esp-dl/include/tool" "-I{compiler.sdk.path}/include/esp-dl/include/typedef" "-I{compiler.sdk.path}/include/esp-dl/include/image" "-I{compiler.sdk.path}/include/esp-dl/include/math" "-I{compiler.sdk.path}/include/esp-dl/include/nn" "-I{compiler.sdk.path}/include/esp-dl/include/layer" "-I{compiler.sdk.path}/include/esp-dl/include/detect" "-I{compiler.sdk.path}/include/esp-dl/include/model_zoo" "-I{compiler.sdk.path}/include/esp-sr/esp-tts/esp_tts_chinese/include" "-I{compiler.sdk.path}/include/esp-sr/include/esp32s3" "-I{compiler.sdk.path}/include/esp32-camera/driver/include" "-I{compiler.sdk.path}/include/esp32-camera/conversions/include" "-I{compiler.sdk.path}/include/fb_gfx/include"
 compiler.c.elf.libs.esp32s3=-lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lasio -lbt -lcbor -lunity -lcmock -lcoap -lnghttp -lesp-tls -lesp_adc_cal -lesp_hid -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lesp_https_server -lesp_lcd -lprotobuf-c -lprotocomm -lmdns -lesp_local_ctrl -lsdmmc -lesp_serial_slave_link -lesp_websocket_client -lexpat -lwear_levelling -lfatfs -lfreemodbus -ljsmn -ljson -llibsodium -lmqtt -lopenssl -lperfmon -lspiffs -lusb -lulp -lwifi_provisioning -lbutton -lrmaker_common -ljson_parser -ljson_generator -lesp_schedule -lesp_rainmaker -lqrcode -lws2812_led -lesp-dsp -lesp-sr -lesp32-camera -lesp_littlefs -lfb_gfx -lasio -lcbor -lcmock -lunity -lcoap -lesp_lcd -lesp_websocket_client -lexpat -lfreemodbus -ljsmn -llibsodium -lperfmon -lusb -lesp_adc_cal -lesp_hid -lfatfs -lwear_levelling -lopenssl -lesp_rainmaker -lesp_local_ctrl -lesp_https_server -lwifi_provisioning -lprotocomm -lbt -lbtdm_app -lprotobuf-c -lmdns -lrmaker_common -lmqtt -ljson_parser -ljson_generator -lesp_schedule -lqrcode -larduino_tinyusb -lcat_face_detect -lhuman_face_detect -lcolor_detect -lmfn -ldl -lwakenet -lhufzip -lesp_audio_front_end -lesp_audio_processor -lmultinet -lesp-sr -lwakenet -lhufzip -lesp_audio_front_end -lesp_audio_processor -lmultinet -ljson -lspiffs -ldl_lib -lc_speech_features -lesp_tts_chinese -lvoice_set_xiaole -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lphy -lbtbb -lesp_phy -lphy -lbtbb -lesp_phy -lphy -lbtbb -lxt_hal -lm -lnewlib -lstdc++ -lpthread -lgcc -lcxx -lapp_trace -lgcov -lapp_trace -lgcov -lc 
 compiler.c.flags.esp32s3=-mlongcalls -ffunction-sections -fdata-sections -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wno-unused-parameter -Wno-sign-compare -ggdb -Os -freorder-blocks -Wwrite-strings -fstack-protector -fstrict-volatile-bitfields -Wno-error=unused-but-set-variable -fno-jump-tables -fno-tree-switch-conversion -std=gnu99 -Wno-old-style-declaration  -MMD -c
 compiler.cpp.flags.esp32s3=-mlongcalls -ffunction-sections -fdata-sections -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wno-unused-parameter -Wno-sign-compare -ggdb -Os -freorder-blocks -Wwrite-strings -fstack-protector -fstrict-volatile-bitfields -Wno-error=unused-but-set-variable -fno-jump-tables -fno-tree-switch-conversion -std=gnu++11 -fexceptions -fno-rtti  -MMD -c
@@ -57,7 +57,7 @@ build.extra_flags.esp32s3=-DARDUINO_USB_MODE={build.usb_mode} -DARDUINO_USB_CDC_
 #
 # ESP32S2 Support Start
 #
-compiler.cpreprocessor.flags.esp32s2=-DHAVE_CONFIG_H -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h" -DUNITY_INCLUDE_CONFIG_H -DWITH_POSIX -D_GNU_SOURCE -DIDF_VER="v4.4.1-472-gc9140caf8c" -DESP_PLATFORM -D_POSIX_READER_WRITER_LOCKS   "-I{compiler.sdk.path}/include/newlib/platform_include" "-I{compiler.sdk.path}/include/freertos/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions/freertos" "-I{compiler.sdk.path}/include/freertos/port/xtensa/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions" "-I{compiler.sdk.path}/include/esp_hw_support/include" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc/esp32s2" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32s2" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32s2/private_include" "-I{compiler.sdk.path}/include/heap/include" "-I{compiler.sdk.path}/include/log/include" "-I{compiler.sdk.path}/include/lwip/include/apps" "-I{compiler.sdk.path}/include/lwip/include/apps/sntp" "-I{compiler.sdk.path}/include/lwip/lwip/src/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include/arch" "-I{compiler.sdk.path}/include/soc/include" "-I{compiler.sdk.path}/include/soc/esp32s2" "-I{compiler.sdk.path}/include/soc/esp32s2/include" "-I{compiler.sdk.path}/include/hal/esp32s2/include" "-I{compiler.sdk.path}/include/hal/include" "-I{compiler.sdk.path}/include/hal/platform_port/include" "-I{compiler.sdk.path}/include/esp_rom/include" "-I{compiler.sdk.path}/include/esp_rom/include/esp32s2" "-I{compiler.sdk.path}/include/esp_rom/esp32s2" "-I{compiler.sdk.path}/include/esp_common/include" "-I{compiler.sdk.path}/include/esp_system/include" "-I{compiler.sdk.path}/include/esp_system/port/soc" "-I{compiler.sdk.path}/include/esp_system/port/public_compat" "-I{compiler.sdk.path}/include/xtensa/include" "-I{compiler.sdk.path}/include/xtensa/esp32s2/include" "-I{compiler.sdk.path}/include/driver/include" "-I{compiler.sdk.path}/include/driver/esp32s2/include" "-I{compiler.sdk.path}/include/esp_pm/include" "-I{compiler.sdk.path}/include/esp_ringbuf/include" "-I{compiler.sdk.path}/include/efuse/include" "-I{compiler.sdk.path}/include/efuse/esp32s2/include" "-I{compiler.sdk.path}/include/vfs/include" "-I{compiler.sdk.path}/include/esp_wifi/include" "-I{compiler.sdk.path}/include/esp_event/include" "-I{compiler.sdk.path}/include/esp_netif/include" "-I{compiler.sdk.path}/include/esp_eth/include" "-I{compiler.sdk.path}/include/tcpip_adapter/include" "-I{compiler.sdk.path}/include/esp_phy/include" "-I{compiler.sdk.path}/include/esp_phy/esp32s2/include" "-I{compiler.sdk.path}/include/esp_ipc/include" "-I{compiler.sdk.path}/include/app_trace/include" "-I{compiler.sdk.path}/include/esp_timer/include" "-I{compiler.sdk.path}/include/mbedtls/port/include" "-I{compiler.sdk.path}/include/mbedtls/mbedtls/include" "-I{compiler.sdk.path}/include/mbedtls/esp_crt_bundle/include" "-I{compiler.sdk.path}/include/app_update/include" "-I{compiler.sdk.path}/include/spi_flash/include" "-I{compiler.sdk.path}/include/bootloader_support/include" "-I{compiler.sdk.path}/include/nvs_flash/include" "-I{compiler.sdk.path}/include/pthread/include" "-I{compiler.sdk.path}/include/esp_gdbstub/include" "-I{compiler.sdk.path}/include/esp_gdbstub/xtensa" "-I{compiler.sdk.path}/include/esp_gdbstub/esp32s2" "-I{compiler.sdk.path}/include/espcoredump/include" "-I{compiler.sdk.path}/include/espcoredump/include/port/xtensa" "-I{compiler.sdk.path}/include/wpa_supplicant/include" "-I{compiler.sdk.path}/include/wpa_supplicant/port/include" "-I{compiler.sdk.path}/include/wpa_supplicant/esp_supplicant/include" "-I{compiler.sdk.path}/include/ieee802154/include" "-I{compiler.sdk.path}/include/console" "-I{compiler.sdk.path}/include/asio/asio/asio/include" "-I{compiler.sdk.path}/include/asio/port/include" "-I{compiler.sdk.path}/include/cbor/port/include" "-I{compiler.sdk.path}/include/unity/include" "-I{compiler.sdk.path}/include/unity/unity/src" "-I{compiler.sdk.path}/include/cmock/CMock/src" "-I{compiler.sdk.path}/include/coap/port/include" "-I{compiler.sdk.path}/include/coap/libcoap/include" "-I{compiler.sdk.path}/include/nghttp/port/include" "-I{compiler.sdk.path}/include/nghttp/nghttp2/lib/includes" "-I{compiler.sdk.path}/include/esp-tls" "-I{compiler.sdk.path}/include/esp-tls/esp-tls-crypto" "-I{compiler.sdk.path}/include/esp_adc_cal/include" "-I{compiler.sdk.path}/include/esp_hid/include" "-I{compiler.sdk.path}/include/tcp_transport/include" "-I{compiler.sdk.path}/include/esp_http_client/include" "-I{compiler.sdk.path}/include/esp_http_server/include" "-I{compiler.sdk.path}/include/esp_https_ota/include" "-I{compiler.sdk.path}/include/esp_https_server/include" "-I{compiler.sdk.path}/include/esp_lcd/include" "-I{compiler.sdk.path}/include/esp_lcd/interface" "-I{compiler.sdk.path}/include/protobuf-c/protobuf-c" "-I{compiler.sdk.path}/include/protocomm/include/common" "-I{compiler.sdk.path}/include/protocomm/include/security" "-I{compiler.sdk.path}/include/protocomm/include/transports" "-I{compiler.sdk.path}/include/mdns/include" "-I{compiler.sdk.path}/include/esp_local_ctrl/include" "-I{compiler.sdk.path}/include/sdmmc/include" "-I{compiler.sdk.path}/include/esp_serial_slave_link/include" "-I{compiler.sdk.path}/include/esp_websocket_client/include" "-I{compiler.sdk.path}/include/expat/expat/expat/lib" "-I{compiler.sdk.path}/include/expat/port/include" "-I{compiler.sdk.path}/include/wear_levelling/include" "-I{compiler.sdk.path}/include/fatfs/diskio" "-I{compiler.sdk.path}/include/fatfs/vfs" "-I{compiler.sdk.path}/include/fatfs/src" "-I{compiler.sdk.path}/include/freemodbus/common/include" "-I{compiler.sdk.path}/include/idf_test/include" "-I{compiler.sdk.path}/include/idf_test/include/esp32s2" "-I{compiler.sdk.path}/include/jsmn/include" "-I{compiler.sdk.path}/include/json/cJSON" "-I{compiler.sdk.path}/include/libsodium/libsodium/src/libsodium/include" "-I{compiler.sdk.path}/include/libsodium/port_include" "-I{compiler.sdk.path}/include/mqtt/esp-mqtt/include" "-I{compiler.sdk.path}/include/openssl/include" "-I{compiler.sdk.path}/include/perfmon/include" "-I{compiler.sdk.path}/include/spiffs/include" "-I{compiler.sdk.path}/include/usb/include" "-I{compiler.sdk.path}/include/touch_element/include" "-I{compiler.sdk.path}/include/ulp/include" "-I{compiler.sdk.path}/include/wifi_provisioning/include" "-I{compiler.sdk.path}/include/button/button/include" "-I{compiler.sdk.path}/include/rmaker_common/include" "-I{compiler.sdk.path}/include/json_parser/upstream/include" "-I{compiler.sdk.path}/include/json_parser/upstream" "-I{compiler.sdk.path}/include/json_generator/upstream" "-I{compiler.sdk.path}/include/esp_schedule/include" "-I{compiler.sdk.path}/include/esp_rainmaker/include" "-I{compiler.sdk.path}/include/qrcode/include" "-I{compiler.sdk.path}/include/ws2812_led" "-I{compiler.sdk.path}/include/esp-dsp/modules/dotprod/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/support/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/hann/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_harris/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/flat_top/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/iir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/add/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sub/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mul/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/addc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mulc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sqrt/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/matrix/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fft/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/dct/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/conv/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/common/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf_imu13states/include" "-I{compiler.sdk.path}/include/freertos/include/freertos" "-I{compiler.sdk.path}/include/arduino_tinyusb/tinyusb/src" "-I{compiler.sdk.path}/include/arduino_tinyusb/include" "-I{compiler.sdk.path}/include/esp_littlefs/src" "-I{compiler.sdk.path}/include/esp_littlefs/include" "-I{compiler.sdk.path}/include/esp-dl/include" "-I{compiler.sdk.path}/include/esp-dl/include/tool" "-I{compiler.sdk.path}/include/esp-dl/include/typedef" "-I{compiler.sdk.path}/include/esp-dl/include/image" "-I{compiler.sdk.path}/include/esp-dl/include/math" "-I{compiler.sdk.path}/include/esp-dl/include/nn" "-I{compiler.sdk.path}/include/esp-dl/include/layer" "-I{compiler.sdk.path}/include/esp-dl/include/detect" "-I{compiler.sdk.path}/include/esp-dl/include/model_zoo" "-I{compiler.sdk.path}/include/esp-sr/esp-tts/esp_tts_chinese/include" "-I{compiler.sdk.path}/include/esp-sr/include/esp32" "-I{compiler.sdk.path}/include/esp32-camera/driver/include" "-I{compiler.sdk.path}/include/esp32-camera/conversions/include" "-I{compiler.sdk.path}/include/fb_gfx/include"
+compiler.cpreprocessor.flags.esp32s2=-DHAVE_CONFIG_H -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h" -DUNITY_INCLUDE_CONFIG_H -DWITH_POSIX -D_GNU_SOURCE -DIDF_VER="v4.4.1-581-gee2029c38a" -DESP_PLATFORM -D_POSIX_READER_WRITER_LOCKS   "-I{compiler.sdk.path}/include/newlib/platform_include" "-I{compiler.sdk.path}/include/freertos/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions/freertos" "-I{compiler.sdk.path}/include/freertos/port/xtensa/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions" "-I{compiler.sdk.path}/include/esp_hw_support/include" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc/esp32s2" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32s2" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32s2/private_include" "-I{compiler.sdk.path}/include/heap/include" "-I{compiler.sdk.path}/include/log/include" "-I{compiler.sdk.path}/include/lwip/include/apps" "-I{compiler.sdk.path}/include/lwip/include/apps/sntp" "-I{compiler.sdk.path}/include/lwip/lwip/src/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include/arch" "-I{compiler.sdk.path}/include/soc/include" "-I{compiler.sdk.path}/include/soc/esp32s2" "-I{compiler.sdk.path}/include/soc/esp32s2/include" "-I{compiler.sdk.path}/include/hal/esp32s2/include" "-I{compiler.sdk.path}/include/hal/include" "-I{compiler.sdk.path}/include/hal/platform_port/include" "-I{compiler.sdk.path}/include/esp_rom/include" "-I{compiler.sdk.path}/include/esp_rom/include/esp32s2" "-I{compiler.sdk.path}/include/esp_rom/esp32s2" "-I{compiler.sdk.path}/include/esp_common/include" "-I{compiler.sdk.path}/include/esp_system/include" "-I{compiler.sdk.path}/include/esp_system/port/soc" "-I{compiler.sdk.path}/include/esp_system/port/public_compat" "-I{compiler.sdk.path}/include/xtensa/include" "-I{compiler.sdk.path}/include/xtensa/esp32s2/include" "-I{compiler.sdk.path}/include/driver/include" "-I{compiler.sdk.path}/include/driver/esp32s2/include" "-I{compiler.sdk.path}/include/esp_pm/include" "-I{compiler.sdk.path}/include/esp_ringbuf/include" "-I{compiler.sdk.path}/include/efuse/include" "-I{compiler.sdk.path}/include/efuse/esp32s2/include" "-I{compiler.sdk.path}/include/vfs/include" "-I{compiler.sdk.path}/include/esp_wifi/include" "-I{compiler.sdk.path}/include/esp_event/include" "-I{compiler.sdk.path}/include/esp_netif/include" "-I{compiler.sdk.path}/include/esp_eth/include" "-I{compiler.sdk.path}/include/tcpip_adapter/include" "-I{compiler.sdk.path}/include/esp_phy/include" "-I{compiler.sdk.path}/include/esp_phy/esp32s2/include" "-I{compiler.sdk.path}/include/esp_ipc/include" "-I{compiler.sdk.path}/include/app_trace/include" "-I{compiler.sdk.path}/include/esp_timer/include" "-I{compiler.sdk.path}/include/mbedtls/port/include" "-I{compiler.sdk.path}/include/mbedtls/mbedtls/include" "-I{compiler.sdk.path}/include/mbedtls/esp_crt_bundle/include" "-I{compiler.sdk.path}/include/app_update/include" "-I{compiler.sdk.path}/include/spi_flash/include" "-I{compiler.sdk.path}/include/bootloader_support/include" "-I{compiler.sdk.path}/include/nvs_flash/include" "-I{compiler.sdk.path}/include/pthread/include" "-I{compiler.sdk.path}/include/esp_gdbstub/include" "-I{compiler.sdk.path}/include/esp_gdbstub/xtensa" "-I{compiler.sdk.path}/include/esp_gdbstub/esp32s2" "-I{compiler.sdk.path}/include/espcoredump/include" "-I{compiler.sdk.path}/include/espcoredump/include/port/xtensa" "-I{compiler.sdk.path}/include/wpa_supplicant/include" "-I{compiler.sdk.path}/include/wpa_supplicant/port/include" "-I{compiler.sdk.path}/include/wpa_supplicant/esp_supplicant/include" "-I{compiler.sdk.path}/include/ieee802154/include" "-I{compiler.sdk.path}/include/console" "-I{compiler.sdk.path}/include/asio/asio/asio/include" "-I{compiler.sdk.path}/include/asio/port/include" "-I{compiler.sdk.path}/include/cbor/port/include" "-I{compiler.sdk.path}/include/unity/include" "-I{compiler.sdk.path}/include/unity/unity/src" "-I{compiler.sdk.path}/include/cmock/CMock/src" "-I{compiler.sdk.path}/include/coap/port/include" "-I{compiler.sdk.path}/include/coap/libcoap/include" "-I{compiler.sdk.path}/include/nghttp/port/include" "-I{compiler.sdk.path}/include/nghttp/nghttp2/lib/includes" "-I{compiler.sdk.path}/include/esp-tls" "-I{compiler.sdk.path}/include/esp-tls/esp-tls-crypto" "-I{compiler.sdk.path}/include/esp_adc_cal/include" "-I{compiler.sdk.path}/include/esp_hid/include" "-I{compiler.sdk.path}/include/tcp_transport/include" "-I{compiler.sdk.path}/include/esp_http_client/include" "-I{compiler.sdk.path}/include/esp_http_server/include" "-I{compiler.sdk.path}/include/esp_https_ota/include" "-I{compiler.sdk.path}/include/esp_https_server/include" "-I{compiler.sdk.path}/include/esp_lcd/include" "-I{compiler.sdk.path}/include/esp_lcd/interface" "-I{compiler.sdk.path}/include/protobuf-c/protobuf-c" "-I{compiler.sdk.path}/include/protocomm/include/common" "-I{compiler.sdk.path}/include/protocomm/include/security" "-I{compiler.sdk.path}/include/protocomm/include/transports" "-I{compiler.sdk.path}/include/mdns/include" "-I{compiler.sdk.path}/include/esp_local_ctrl/include" "-I{compiler.sdk.path}/include/sdmmc/include" "-I{compiler.sdk.path}/include/esp_serial_slave_link/include" "-I{compiler.sdk.path}/include/esp_websocket_client/include" "-I{compiler.sdk.path}/include/expat/expat/expat/lib" "-I{compiler.sdk.path}/include/expat/port/include" "-I{compiler.sdk.path}/include/wear_levelling/include" "-I{compiler.sdk.path}/include/fatfs/diskio" "-I{compiler.sdk.path}/include/fatfs/vfs" "-I{compiler.sdk.path}/include/fatfs/src" "-I{compiler.sdk.path}/include/freemodbus/common/include" "-I{compiler.sdk.path}/include/idf_test/include" "-I{compiler.sdk.path}/include/idf_test/include/esp32s2" "-I{compiler.sdk.path}/include/jsmn/include" "-I{compiler.sdk.path}/include/json/cJSON" "-I{compiler.sdk.path}/include/libsodium/libsodium/src/libsodium/include" "-I{compiler.sdk.path}/include/libsodium/port_include" "-I{compiler.sdk.path}/include/mqtt/esp-mqtt/include" "-I{compiler.sdk.path}/include/openssl/include" "-I{compiler.sdk.path}/include/perfmon/include" "-I{compiler.sdk.path}/include/spiffs/include" "-I{compiler.sdk.path}/include/usb/include" "-I{compiler.sdk.path}/include/touch_element/include" "-I{compiler.sdk.path}/include/ulp/include" "-I{compiler.sdk.path}/include/wifi_provisioning/include" "-I{compiler.sdk.path}/include/button/button/include" "-I{compiler.sdk.path}/include/rmaker_common/include" "-I{compiler.sdk.path}/include/json_parser/upstream/include" "-I{compiler.sdk.path}/include/json_parser/upstream" "-I{compiler.sdk.path}/include/json_generator/upstream" "-I{compiler.sdk.path}/include/esp_schedule/include" "-I{compiler.sdk.path}/include/esp_rainmaker/include" "-I{compiler.sdk.path}/include/qrcode/include" "-I{compiler.sdk.path}/include/ws2812_led" "-I{compiler.sdk.path}/include/esp-dsp/modules/dotprod/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/support/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/hann/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_harris/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/flat_top/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/iir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/add/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sub/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mul/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/addc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mulc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sqrt/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/matrix/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fft/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/dct/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/conv/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/common/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf_imu13states/include" "-I{compiler.sdk.path}/include/freertos/include/freertos" "-I{compiler.sdk.path}/include/arduino_tinyusb/tinyusb/src" "-I{compiler.sdk.path}/include/arduino_tinyusb/include" "-I{compiler.sdk.path}/include/esp_littlefs/src" "-I{compiler.sdk.path}/include/esp_littlefs/include" "-I{compiler.sdk.path}/include/esp-dl/include" "-I{compiler.sdk.path}/include/esp-dl/include/tool" "-I{compiler.sdk.path}/include/esp-dl/include/typedef" "-I{compiler.sdk.path}/include/esp-dl/include/image" "-I{compiler.sdk.path}/include/esp-dl/include/math" "-I{compiler.sdk.path}/include/esp-dl/include/nn" "-I{compiler.sdk.path}/include/esp-dl/include/layer" "-I{compiler.sdk.path}/include/esp-dl/include/detect" "-I{compiler.sdk.path}/include/esp-dl/include/model_zoo" "-I{compiler.sdk.path}/include/esp-sr/esp-tts/esp_tts_chinese/include" "-I{compiler.sdk.path}/include/esp-sr/include/esp32" "-I{compiler.sdk.path}/include/esp32-camera/driver/include" "-I{compiler.sdk.path}/include/esp32-camera/conversions/include" "-I{compiler.sdk.path}/include/fb_gfx/include"
 compiler.c.elf.libs.esp32s2=-lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lasio -lcbor -lunity -lcmock -lcoap -lnghttp -lesp-tls -lesp_adc_cal -lesp_hid -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lesp_https_server -lesp_lcd -lprotobuf-c -lprotocomm -lmdns -lesp_local_ctrl -lsdmmc -lesp_serial_slave_link -lesp_websocket_client -lexpat -lwear_levelling -lfatfs -lfreemodbus -ljsmn -ljson -llibsodium -lmqtt -lopenssl -lperfmon -lspiffs -lusb -ltouch_element -lulp -lwifi_provisioning -lbutton -lrmaker_common -ljson_parser -ljson_generator -lesp_schedule -lesp_rainmaker -lqrcode -lws2812_led -lesp-dsp -lesp-sr -lesp32-camera -lesp_littlefs -lfb_gfx -lasio -lcbor -lcmock -lunity -lcoap -lesp_lcd -lesp_websocket_client -lexpat -lfreemodbus -ljsmn -llibsodium -lperfmon -lusb -ltouch_element -lesp_adc_cal -lesp_hid -lfatfs -lwear_levelling -lopenssl -lesp_rainmaker -lesp_local_ctrl -lesp_https_server -lwifi_provisioning -lprotocomm -lprotobuf-c -lmdns -lrmaker_common -lmqtt -ljson_parser -ljson_generator -lesp_schedule -lqrcode -larduino_tinyusb -lcat_face_detect -lhuman_face_detect -lcolor_detect -lmfn -ldl -ljson -lspiffs -lesp_tts_chinese -lvoice_set_xiaole -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lxtensa -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lulp -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lphy -lesp_phy -lphy -lesp_phy -lphy -lxt_hal -lm -lnewlib -lstdc++ -lpthread -lgcc -lcxx -lapp_trace -lgcov -lapp_trace -lgcov -lc 
 compiler.c.flags.esp32s2=-mlongcalls -ffunction-sections -fdata-sections -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wno-unused-parameter -Wno-sign-compare -ggdb -Os -freorder-blocks -Wwrite-strings -fstack-protector -fstrict-volatile-bitfields -Wno-error=unused-but-set-variable -fno-jump-tables -fno-tree-switch-conversion -std=gnu99 -Wno-old-style-declaration  -MMD -c
 compiler.cpp.flags.esp32s2=-mlongcalls -ffunction-sections -fdata-sections -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wno-unused-parameter -Wno-sign-compare -ggdb -Os -freorder-blocks -Wwrite-strings -fstack-protector -fstrict-volatile-bitfields -Wno-error=unused-but-set-variable -fno-jump-tables -fno-tree-switch-conversion -std=gnu++11 -fexceptions -fno-rtti  -MMD -c
@@ -72,7 +72,7 @@ build.extra_flags.esp32s2=-DARDUINO_USB_MODE=0 -DARDUINO_USB_CDC_ON_BOOT={build.
 #
 # ESP32C3 Support Start
 #
-compiler.cpreprocessor.flags.esp32c3=-DHAVE_CONFIG_H -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h" -DUNITY_INCLUDE_CONFIG_H -DWITH_POSIX -D_GNU_SOURCE -DIDF_VER="v4.4.1-472-gc9140caf8c" -DESP_PLATFORM -D_POSIX_READER_WRITER_LOCKS   "-I{compiler.sdk.path}/include/newlib/platform_include" "-I{compiler.sdk.path}/include/freertos/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions/freertos" "-I{compiler.sdk.path}/include/freertos/port/riscv/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions" "-I{compiler.sdk.path}/include/esp_hw_support/include" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc/esp32c3" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32c3" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32c3/private_include" "-I{compiler.sdk.path}/include/heap/include" "-I{compiler.sdk.path}/include/log/include" "-I{compiler.sdk.path}/include/lwip/include/apps" "-I{compiler.sdk.path}/include/lwip/include/apps/sntp" "-I{compiler.sdk.path}/include/lwip/lwip/src/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include/arch" "-I{compiler.sdk.path}/include/soc/include" "-I{compiler.sdk.path}/include/soc/esp32c3" "-I{compiler.sdk.path}/include/soc/esp32c3/include" "-I{compiler.sdk.path}/include/hal/esp32c3/include" "-I{compiler.sdk.path}/include/hal/include" "-I{compiler.sdk.path}/include/hal/platform_port/include" "-I{compiler.sdk.path}/include/esp_rom/include" "-I{compiler.sdk.path}/include/esp_rom/include/esp32c3" "-I{compiler.sdk.path}/include/esp_rom/esp32c3" "-I{compiler.sdk.path}/include/esp_common/include" "-I{compiler.sdk.path}/include/esp_system/include" "-I{compiler.sdk.path}/include/esp_system/port/soc" "-I{compiler.sdk.path}/include/esp_system/port/include/riscv" "-I{compiler.sdk.path}/include/esp_system/port/public_compat" "-I{compiler.sdk.path}/include/riscv/include" "-I{compiler.sdk.path}/include/driver/include" "-I{compiler.sdk.path}/include/driver/esp32c3/include" "-I{compiler.sdk.path}/include/esp_pm/include" "-I{compiler.sdk.path}/include/esp_ringbuf/include" "-I{compiler.sdk.path}/include/efuse/include" "-I{compiler.sdk.path}/include/efuse/esp32c3/include" "-I{compiler.sdk.path}/include/vfs/include" "-I{compiler.sdk.path}/include/esp_wifi/include" "-I{compiler.sdk.path}/include/esp_event/include" "-I{compiler.sdk.path}/include/esp_netif/include" "-I{compiler.sdk.path}/include/esp_eth/include" "-I{compiler.sdk.path}/include/tcpip_adapter/include" "-I{compiler.sdk.path}/include/esp_phy/include" "-I{compiler.sdk.path}/include/esp_phy/esp32c3/include" "-I{compiler.sdk.path}/include/esp_ipc/include" "-I{compiler.sdk.path}/include/app_trace/include" "-I{compiler.sdk.path}/include/esp_timer/include" "-I{compiler.sdk.path}/include/mbedtls/port/include" "-I{compiler.sdk.path}/include/mbedtls/mbedtls/include" "-I{compiler.sdk.path}/include/mbedtls/esp_crt_bundle/include" "-I{compiler.sdk.path}/include/app_update/include" "-I{compiler.sdk.path}/include/spi_flash/include" "-I{compiler.sdk.path}/include/bootloader_support/include" "-I{compiler.sdk.path}/include/nvs_flash/include" "-I{compiler.sdk.path}/include/pthread/include" "-I{compiler.sdk.path}/include/esp_gdbstub/include" "-I{compiler.sdk.path}/include/esp_gdbstub/riscv" "-I{compiler.sdk.path}/include/esp_gdbstub/esp32c3" "-I{compiler.sdk.path}/include/espcoredump/include" "-I{compiler.sdk.path}/include/espcoredump/include/port/riscv" "-I{compiler.sdk.path}/include/wpa_supplicant/include" "-I{compiler.sdk.path}/include/wpa_supplicant/port/include" "-I{compiler.sdk.path}/include/wpa_supplicant/esp_supplicant/include" "-I{compiler.sdk.path}/include/ieee802154/include" "-I{compiler.sdk.path}/include/console" "-I{compiler.sdk.path}/include/asio/asio/asio/include" "-I{compiler.sdk.path}/include/asio/port/include" "-I{compiler.sdk.path}/include/bt/common/osi/include" "-I{compiler.sdk.path}/include/bt/include/esp32c3/include" "-I{compiler.sdk.path}/include/bt/common/api/include/api" "-I{compiler.sdk.path}/include/bt/common/btc/profile/esp/blufi/include" "-I{compiler.sdk.path}/include/bt/common/btc/profile/esp/include" "-I{compiler.sdk.path}/include/bt/host/bluedroid/api/include/api" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_common/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_common/tinycrypt/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core/storage" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/btc/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/common/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/client/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/server/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api/core/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api/models/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api" "-I{compiler.sdk.path}/include/cbor/port/include" "-I{compiler.sdk.path}/include/unity/include" "-I{compiler.sdk.path}/include/unity/unity/src" "-I{compiler.sdk.path}/include/cmock/CMock/src" "-I{compiler.sdk.path}/include/coap/port/include" "-I{compiler.sdk.path}/include/coap/libcoap/include" "-I{compiler.sdk.path}/include/nghttp/port/include" "-I{compiler.sdk.path}/include/nghttp/nghttp2/lib/includes" "-I{compiler.sdk.path}/include/esp-tls" "-I{compiler.sdk.path}/include/esp-tls/esp-tls-crypto" "-I{compiler.sdk.path}/include/esp_adc_cal/include" "-I{compiler.sdk.path}/include/esp_hid/include" "-I{compiler.sdk.path}/include/tcp_transport/include" "-I{compiler.sdk.path}/include/esp_http_client/include" "-I{compiler.sdk.path}/include/esp_http_server/include" "-I{compiler.sdk.path}/include/esp_https_ota/include" "-I{compiler.sdk.path}/include/esp_https_server/include" "-I{compiler.sdk.path}/include/esp_lcd/include" "-I{compiler.sdk.path}/include/esp_lcd/interface" "-I{compiler.sdk.path}/include/protobuf-c/protobuf-c" "-I{compiler.sdk.path}/include/protocomm/include/common" "-I{compiler.sdk.path}/include/protocomm/include/security" "-I{compiler.sdk.path}/include/protocomm/include/transports" "-I{compiler.sdk.path}/include/mdns/include" "-I{compiler.sdk.path}/include/esp_local_ctrl/include" "-I{compiler.sdk.path}/include/sdmmc/include" "-I{compiler.sdk.path}/include/esp_serial_slave_link/include" "-I{compiler.sdk.path}/include/esp_websocket_client/include" "-I{compiler.sdk.path}/include/expat/expat/expat/lib" "-I{compiler.sdk.path}/include/expat/port/include" "-I{compiler.sdk.path}/include/wear_levelling/include" "-I{compiler.sdk.path}/include/fatfs/diskio" "-I{compiler.sdk.path}/include/fatfs/vfs" "-I{compiler.sdk.path}/include/fatfs/src" "-I{compiler.sdk.path}/include/freemodbus/common/include" "-I{compiler.sdk.path}/include/idf_test/include" "-I{compiler.sdk.path}/include/idf_test/include/esp32c3" "-I{compiler.sdk.path}/include/jsmn/include" "-I{compiler.sdk.path}/include/json/cJSON" "-I{compiler.sdk.path}/include/libsodium/libsodium/src/libsodium/include" "-I{compiler.sdk.path}/include/libsodium/port_include" "-I{compiler.sdk.path}/include/mqtt/esp-mqtt/include" "-I{compiler.sdk.path}/include/openssl/include" "-I{compiler.sdk.path}/include/spiffs/include" "-I{compiler.sdk.path}/include/wifi_provisioning/include" "-I{compiler.sdk.path}/include/button/button/include" "-I{compiler.sdk.path}/include/rmaker_common/include" "-I{compiler.sdk.path}/include/json_parser/upstream/include" "-I{compiler.sdk.path}/include/json_parser/upstream" "-I{compiler.sdk.path}/include/json_generator/upstream" "-I{compiler.sdk.path}/include/esp_schedule/include" "-I{compiler.sdk.path}/include/esp_rainmaker/include" "-I{compiler.sdk.path}/include/qrcode/include" "-I{compiler.sdk.path}/include/ws2812_led" "-I{compiler.sdk.path}/include/esp-dsp/modules/dotprod/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/support/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/hann/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_harris/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/flat_top/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/iir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/add/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sub/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mul/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/addc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mulc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sqrt/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/matrix/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fft/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/dct/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/conv/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/common/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf_imu13states/include" "-I{compiler.sdk.path}/include/esp_littlefs/src" "-I{compiler.sdk.path}/include/esp_littlefs/include" "-I{compiler.sdk.path}/include/esp-dl/include" "-I{compiler.sdk.path}/include/esp-dl/include/tool" "-I{compiler.sdk.path}/include/esp-dl/include/typedef" "-I{compiler.sdk.path}/include/esp-dl/include/image" "-I{compiler.sdk.path}/include/esp-dl/include/math" "-I{compiler.sdk.path}/include/esp-dl/include/nn" "-I{compiler.sdk.path}/include/esp-dl/include/layer" "-I{compiler.sdk.path}/include/esp-dl/include/detect" "-I{compiler.sdk.path}/include/esp-dl/include/model_zoo" "-I{compiler.sdk.path}/include/esp32-camera/driver/include" "-I{compiler.sdk.path}/include/esp32-camera/conversions/include" "-I{compiler.sdk.path}/include/fb_gfx/include"
+compiler.cpreprocessor.flags.esp32c3=-DHAVE_CONFIG_H -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h" -DUNITY_INCLUDE_CONFIG_H -DWITH_POSIX -D_GNU_SOURCE -DIDF_VER="v4.4.1-581-gee2029c38a" -DESP_PLATFORM -D_POSIX_READER_WRITER_LOCKS   "-I{compiler.sdk.path}/include/newlib/platform_include" "-I{compiler.sdk.path}/include/freertos/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions/freertos" "-I{compiler.sdk.path}/include/freertos/port/riscv/include" "-I{compiler.sdk.path}/include/freertos/include/esp_additions" "-I{compiler.sdk.path}/include/esp_hw_support/include" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc" "-I{compiler.sdk.path}/include/esp_hw_support/include/soc/esp32c3" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32c3" "-I{compiler.sdk.path}/include/esp_hw_support/port/esp32c3/private_include" "-I{compiler.sdk.path}/include/heap/include" "-I{compiler.sdk.path}/include/log/include" "-I{compiler.sdk.path}/include/lwip/include/apps" "-I{compiler.sdk.path}/include/lwip/include/apps/sntp" "-I{compiler.sdk.path}/include/lwip/lwip/src/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include" "-I{compiler.sdk.path}/include/lwip/port/esp32/include/arch" "-I{compiler.sdk.path}/include/soc/include" "-I{compiler.sdk.path}/include/soc/esp32c3" "-I{compiler.sdk.path}/include/soc/esp32c3/include" "-I{compiler.sdk.path}/include/hal/esp32c3/include" "-I{compiler.sdk.path}/include/hal/include" "-I{compiler.sdk.path}/include/hal/platform_port/include" "-I{compiler.sdk.path}/include/esp_rom/include" "-I{compiler.sdk.path}/include/esp_rom/include/esp32c3" "-I{compiler.sdk.path}/include/esp_rom/esp32c3" "-I{compiler.sdk.path}/include/esp_common/include" "-I{compiler.sdk.path}/include/esp_system/include" "-I{compiler.sdk.path}/include/esp_system/port/soc" "-I{compiler.sdk.path}/include/esp_system/port/include/riscv" "-I{compiler.sdk.path}/include/esp_system/port/public_compat" "-I{compiler.sdk.path}/include/riscv/include" "-I{compiler.sdk.path}/include/driver/include" "-I{compiler.sdk.path}/include/driver/esp32c3/include" "-I{compiler.sdk.path}/include/esp_pm/include" "-I{compiler.sdk.path}/include/esp_ringbuf/include" "-I{compiler.sdk.path}/include/efuse/include" "-I{compiler.sdk.path}/include/efuse/esp32c3/include" "-I{compiler.sdk.path}/include/vfs/include" "-I{compiler.sdk.path}/include/esp_wifi/include" "-I{compiler.sdk.path}/include/esp_event/include" "-I{compiler.sdk.path}/include/esp_netif/include" "-I{compiler.sdk.path}/include/esp_eth/include" "-I{compiler.sdk.path}/include/tcpip_adapter/include" "-I{compiler.sdk.path}/include/esp_phy/include" "-I{compiler.sdk.path}/include/esp_phy/esp32c3/include" "-I{compiler.sdk.path}/include/esp_ipc/include" "-I{compiler.sdk.path}/include/app_trace/include" "-I{compiler.sdk.path}/include/esp_timer/include" "-I{compiler.sdk.path}/include/mbedtls/port/include" "-I{compiler.sdk.path}/include/mbedtls/mbedtls/include" "-I{compiler.sdk.path}/include/mbedtls/esp_crt_bundle/include" "-I{compiler.sdk.path}/include/app_update/include" "-I{compiler.sdk.path}/include/spi_flash/include" "-I{compiler.sdk.path}/include/bootloader_support/include" "-I{compiler.sdk.path}/include/nvs_flash/include" "-I{compiler.sdk.path}/include/pthread/include" "-I{compiler.sdk.path}/include/esp_gdbstub/include" "-I{compiler.sdk.path}/include/esp_gdbstub/riscv" "-I{compiler.sdk.path}/include/esp_gdbstub/esp32c3" "-I{compiler.sdk.path}/include/espcoredump/include" "-I{compiler.sdk.path}/include/espcoredump/include/port/riscv" "-I{compiler.sdk.path}/include/wpa_supplicant/include" "-I{compiler.sdk.path}/include/wpa_supplicant/port/include" "-I{compiler.sdk.path}/include/wpa_supplicant/esp_supplicant/include" "-I{compiler.sdk.path}/include/ieee802154/include" "-I{compiler.sdk.path}/include/console" "-I{compiler.sdk.path}/include/asio/asio/asio/include" "-I{compiler.sdk.path}/include/asio/port/include" "-I{compiler.sdk.path}/include/bt/common/osi/include" "-I{compiler.sdk.path}/include/bt/include/esp32c3/include" "-I{compiler.sdk.path}/include/bt/common/api/include/api" "-I{compiler.sdk.path}/include/bt/common/btc/profile/esp/blufi/include" "-I{compiler.sdk.path}/include/bt/common/btc/profile/esp/include" "-I{compiler.sdk.path}/include/bt/host/bluedroid/api/include/api" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_common/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_common/tinycrypt/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_core/storage" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/btc/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/common/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/client/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/mesh_models/server/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api/core/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api/models/include" "-I{compiler.sdk.path}/include/bt/esp_ble_mesh/api" "-I{compiler.sdk.path}/include/cbor/port/include" "-I{compiler.sdk.path}/include/unity/include" "-I{compiler.sdk.path}/include/unity/unity/src" "-I{compiler.sdk.path}/include/cmock/CMock/src" "-I{compiler.sdk.path}/include/coap/port/include" "-I{compiler.sdk.path}/include/coap/libcoap/include" "-I{compiler.sdk.path}/include/nghttp/port/include" "-I{compiler.sdk.path}/include/nghttp/nghttp2/lib/includes" "-I{compiler.sdk.path}/include/esp-tls" "-I{compiler.sdk.path}/include/esp-tls/esp-tls-crypto" "-I{compiler.sdk.path}/include/esp_adc_cal/include" "-I{compiler.sdk.path}/include/esp_hid/include" "-I{compiler.sdk.path}/include/tcp_transport/include" "-I{compiler.sdk.path}/include/esp_http_client/include" "-I{compiler.sdk.path}/include/esp_http_server/include" "-I{compiler.sdk.path}/include/esp_https_ota/include" "-I{compiler.sdk.path}/include/esp_https_server/include" "-I{compiler.sdk.path}/include/esp_lcd/include" "-I{compiler.sdk.path}/include/esp_lcd/interface" "-I{compiler.sdk.path}/include/protobuf-c/protobuf-c" "-I{compiler.sdk.path}/include/protocomm/include/common" "-I{compiler.sdk.path}/include/protocomm/include/security" "-I{compiler.sdk.path}/include/protocomm/include/transports" "-I{compiler.sdk.path}/include/mdns/include" "-I{compiler.sdk.path}/include/esp_local_ctrl/include" "-I{compiler.sdk.path}/include/sdmmc/include" "-I{compiler.sdk.path}/include/esp_serial_slave_link/include" "-I{compiler.sdk.path}/include/esp_websocket_client/include" "-I{compiler.sdk.path}/include/expat/expat/expat/lib" "-I{compiler.sdk.path}/include/expat/port/include" "-I{compiler.sdk.path}/include/wear_levelling/include" "-I{compiler.sdk.path}/include/fatfs/diskio" "-I{compiler.sdk.path}/include/fatfs/vfs" "-I{compiler.sdk.path}/include/fatfs/src" "-I{compiler.sdk.path}/include/freemodbus/common/include" "-I{compiler.sdk.path}/include/idf_test/include" "-I{compiler.sdk.path}/include/idf_test/include/esp32c3" "-I{compiler.sdk.path}/include/jsmn/include" "-I{compiler.sdk.path}/include/json/cJSON" "-I{compiler.sdk.path}/include/libsodium/libsodium/src/libsodium/include" "-I{compiler.sdk.path}/include/libsodium/port_include" "-I{compiler.sdk.path}/include/mqtt/esp-mqtt/include" "-I{compiler.sdk.path}/include/openssl/include" "-I{compiler.sdk.path}/include/spiffs/include" "-I{compiler.sdk.path}/include/wifi_provisioning/include" "-I{compiler.sdk.path}/include/button/button/include" "-I{compiler.sdk.path}/include/rmaker_common/include" "-I{compiler.sdk.path}/include/json_parser/upstream/include" "-I{compiler.sdk.path}/include/json_parser/upstream" "-I{compiler.sdk.path}/include/json_generator/upstream" "-I{compiler.sdk.path}/include/esp_schedule/include" "-I{compiler.sdk.path}/include/esp_rainmaker/include" "-I{compiler.sdk.path}/include/qrcode/include" "-I{compiler.sdk.path}/include/ws2812_led" "-I{compiler.sdk.path}/include/esp-dsp/modules/dotprod/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/support/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/hann/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_harris/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/blackman_nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/nuttall/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/windows/flat_top/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/iir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fir/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/add/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sub/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mul/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/addc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/mulc/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/math/sqrt/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/matrix/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/fft/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/dct/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/conv/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/common/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf/include" "-I{compiler.sdk.path}/include/esp-dsp/modules/kalman/ekf_imu13states/include" "-I{compiler.sdk.path}/include/esp_littlefs/src" "-I{compiler.sdk.path}/include/esp_littlefs/include" "-I{compiler.sdk.path}/include/esp-dl/include" "-I{compiler.sdk.path}/include/esp-dl/include/tool" "-I{compiler.sdk.path}/include/esp-dl/include/typedef" "-I{compiler.sdk.path}/include/esp-dl/include/image" "-I{compiler.sdk.path}/include/esp-dl/include/math" "-I{compiler.sdk.path}/include/esp-dl/include/nn" "-I{compiler.sdk.path}/include/esp-dl/include/layer" "-I{compiler.sdk.path}/include/esp-dl/include/detect" "-I{compiler.sdk.path}/include/esp-dl/include/model_zoo" "-I{compiler.sdk.path}/include/esp32-camera/driver/include" "-I{compiler.sdk.path}/include/esp32-camera/conversions/include" "-I{compiler.sdk.path}/include/fb_gfx/include"
 compiler.c.elf.libs.esp32c3=-lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lriscv -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lasio -lbt -lcbor -lunity -lcmock -lcoap -lnghttp -lesp-tls -lesp_adc_cal -lesp_hid -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lesp_https_server -lesp_lcd -lprotobuf-c -lprotocomm -lmdns -lesp_local_ctrl -lsdmmc -lesp_serial_slave_link -lesp_websocket_client -lexpat -lwear_levelling -lfatfs -lfreemodbus -ljsmn -ljson -llibsodium -lmqtt -lopenssl -lspiffs -lwifi_provisioning -lbutton -lrmaker_common -ljson_parser -ljson_generator -lesp_schedule -lesp_rainmaker -lqrcode -lws2812_led -lesp-dsp -lesp32-camera -lesp_littlefs -lfb_gfx -lasio -lcbor -lcmock -lunity -lcoap -lesp_lcd -lesp_websocket_client -lexpat -lfreemodbus -ljsmn -llibsodium -lesp_adc_cal -lesp_hid -lfatfs -lwear_levelling -lopenssl -lspiffs -lesp_rainmaker -lesp_local_ctrl -lesp_https_server -lwifi_provisioning -lprotocomm -lbt -lbtdm_app -lprotobuf-c -lmdns -ljson -lrmaker_common -lmqtt -ljson_parser -ljson_generator -lesp_schedule -lqrcode -lcat_face_detect -lhuman_face_detect -lcolor_detect -lmfn -ldl -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lriscv -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lriscv -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lriscv -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lriscv -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lriscv -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lesp_ringbuf -lefuse -lesp_ipc -ldriver -lesp_pm -lmbedtls -lapp_update -lbootloader_support -lspi_flash -lnvs_flash -lpthread -lesp_gdbstub -lespcoredump -lesp_phy -lesp_system -lesp_rom -lhal -lvfs -lesp_eth -ltcpip_adapter -lesp_netif -lesp_event -lwpa_supplicant -lesp_wifi -lconsole -llwip -llog -lheap -lsoc -lesp_hw_support -lriscv -lesp_common -lesp_timer -lfreertos -lnewlib -lcxx -lapp_trace -lnghttp -lesp-tls -ltcp_transport -lesp_http_client -lesp_http_server -lesp_https_ota -lsdmmc -lesp_serial_slave_link -lmbedtls_2 -lmbedcrypto -lmbedx509 -lcoexist -lcore -lespnow -lmesh -lnet80211 -lpp -lsmartconfig -lwapi -lphy -lbtbb -lesp_phy -lphy -lbtbb -lesp_phy -lphy -lbtbb -lm -lnewlib -lstdc++ -lpthread -lgcc -lcxx -lapp_trace -lgcov -lapp_trace -lgcov -lc 
 compiler.c.flags.esp32c3=-march=rv32imc -ffunction-sections -fdata-sections -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wno-unused-parameter -Wno-sign-compare -ggdb -Wno-error=format= -nostartfiles -Wno-format -Os -freorder-blocks -Wwrite-strings -fstack-protector -fstrict-volatile-bitfields -Wno-error=unused-but-set-variable -fno-jump-tables -fno-tree-switch-conversion -std=gnu99 -Wno-old-style-declaration  -MMD -c
 compiler.cpp.flags.esp32c3=-march=rv32imc -ffunction-sections -fdata-sections -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wno-unused-parameter -Wno-sign-compare -ggdb -Wno-error=format= -nostartfiles -Wno-format -Os -freorder-blocks -Wwrite-strings -fstack-protector -fstrict-volatile-bitfields -Wno-error=unused-but-set-variable -fno-jump-tables -fno-tree-switch-conversion -std=gnu++11 -fexceptions -fno-rtti  -MMD -c
diff --git a/tools/platformio-build-esp32.py b/tools/platformio-build-esp32.py
index a5226bef9a0..45ad269a9fd 100644
--- a/tools/platformio-build-esp32.py
+++ b/tools/platformio-build-esp32.py
@@ -323,7 +323,7 @@
         "UNITY_INCLUDE_CONFIG_H",
         "WITH_POSIX",
         "_GNU_SOURCE",
-        ("IDF_VER", '\\"v4.4.1-472-gc9140caf8c\\"'),
+        ("IDF_VER", '\\"v4.4.1-581-gee2029c38a\\"'),
         "ESP_PLATFORM",
         "_POSIX_READER_WRITER_LOCKS",
         "ARDUINO_ARCH_ESP32",
diff --git a/tools/platformio-build-esp32c3.py b/tools/platformio-build-esp32c3.py
index f72cf5f81e1..c504f9062ca 100644
--- a/tools/platformio-build-esp32c3.py
+++ b/tools/platformio-build-esp32c3.py
@@ -318,7 +318,7 @@
         "UNITY_INCLUDE_CONFIG_H",
         "WITH_POSIX",
         "_GNU_SOURCE",
-        ("IDF_VER", '\\"v4.4.1-472-gc9140caf8c\\"'),
+        ("IDF_VER", '\\"v4.4.1-581-gee2029c38a\\"'),
         "ESP_PLATFORM",
         "_POSIX_READER_WRITER_LOCKS",
         "ARDUINO_ARCH_ESP32",
diff --git a/tools/platformio-build-esp32s2.py b/tools/platformio-build-esp32s2.py
index 9f5562ea8e8..46a750b19ea 100644
--- a/tools/platformio-build-esp32s2.py
+++ b/tools/platformio-build-esp32s2.py
@@ -306,7 +306,7 @@
         "UNITY_INCLUDE_CONFIG_H",
         "WITH_POSIX",
         "_GNU_SOURCE",
-        ("IDF_VER", '\\"v4.4.1-472-gc9140caf8c\\"'),
+        ("IDF_VER", '\\"v4.4.1-581-gee2029c38a\\"'),
         "ESP_PLATFORM",
         "_POSIX_READER_WRITER_LOCKS",
         "ARDUINO_ARCH_ESP32",
diff --git a/tools/platformio-build-esp32s3.py b/tools/platformio-build-esp32s3.py
index e92949021ae..23c337cf375 100644
--- a/tools/platformio-build-esp32s3.py
+++ b/tools/platformio-build-esp32s3.py
@@ -322,7 +322,7 @@
         "UNITY_INCLUDE_CONFIG_H",
         "WITH_POSIX",
         "_GNU_SOURCE",
-        ("IDF_VER", '\\"v4.4.1-472-gc9140caf8c\\"'),
+        ("IDF_VER", '\\"v4.4.1-581-gee2029c38a\\"'),
         "ESP_PLATFORM",
         "_POSIX_READER_WRITER_LOCKS",
         "ARDUINO_ARCH_ESP32",
diff --git a/tools/sdk/esp32/dio_qspi/include/sdkconfig.h b/tools/sdk/esp32/dio_qspi/include/sdkconfig.h
index 4c1fa5e7a63..78bbf1b7920 100644
--- a/tools/sdk/esp32/dio_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32/dio_qspi/include/sdkconfig.h
@@ -60,6 +60,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -122,7 +123,7 @@
 #define CONFIG_BTDM_SCAN_DUPL_TYPE 0
 #define CONFIG_BTDM_SCAN_DUPL_CACHE_SIZE 20
 #define CONFIG_BTDM_BLE_MESH_SCAN_DUPL_EN 1
-#define CONFIG_BTDM_MESH_DUPL_SCAN_CACHE_SIZE 200
+#define CONFIG_BTDM_MESH_DUPL_SCAN_CACHE_SIZE 100
 #define CONFIG_BTDM_CTRL_FULL_SCAN_SUPPORTED 1
 #define CONFIG_BTDM_BLE_ADV_REPORT_FLOW_CTRL_SUPP 1
 #define CONFIG_BTDM_BLE_ADV_REPORT_FLOW_CTRL_NUM 100
@@ -747,5 +748,5 @@
 #define CONFIG_ULP_COPROC_ENABLED CONFIG_ESP32_ULP_COPROC_ENABLED
 #define CONFIG_ULP_COPROC_RESERVE_MEM CONFIG_ESP32_ULP_COPROC_RESERVE_MEM
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32/dio_qspi/libspi_flash.a b/tools/sdk/esp32/dio_qspi/libspi_flash.a
index f44e2ff7c39..63c40deaffa 100644
Binary files a/tools/sdk/esp32/dio_qspi/libspi_flash.a and b/tools/sdk/esp32/dio_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32/dout_qspi/include/sdkconfig.h b/tools/sdk/esp32/dout_qspi/include/sdkconfig.h
index c9f3e85f722..fa726f4ec7b 100644
--- a/tools/sdk/esp32/dout_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32/dout_qspi/include/sdkconfig.h
@@ -60,6 +60,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -122,7 +123,7 @@
 #define CONFIG_BTDM_SCAN_DUPL_TYPE 0
 #define CONFIG_BTDM_SCAN_DUPL_CACHE_SIZE 20
 #define CONFIG_BTDM_BLE_MESH_SCAN_DUPL_EN 1
-#define CONFIG_BTDM_MESH_DUPL_SCAN_CACHE_SIZE 200
+#define CONFIG_BTDM_MESH_DUPL_SCAN_CACHE_SIZE 100
 #define CONFIG_BTDM_CTRL_FULL_SCAN_SUPPORTED 1
 #define CONFIG_BTDM_BLE_ADV_REPORT_FLOW_CTRL_SUPP 1
 #define CONFIG_BTDM_BLE_ADV_REPORT_FLOW_CTRL_NUM 100
@@ -747,5 +748,5 @@
 #define CONFIG_ULP_COPROC_ENABLED CONFIG_ESP32_ULP_COPROC_ENABLED
 #define CONFIG_ULP_COPROC_RESERVE_MEM CONFIG_ESP32_ULP_COPROC_RESERVE_MEM
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32/dout_qspi/libspi_flash.a b/tools/sdk/esp32/dout_qspi/libspi_flash.a
index 26e49ab2e93..04aa772b5b8 100644
Binary files a/tools/sdk/esp32/dout_qspi/libspi_flash.a and b/tools/sdk/esp32/dout_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32/include/app_update/include/esp_ota_ops.h b/tools/sdk/esp32/include/app_update/include/esp_ota_ops.h
index ba07c013d90..ece5275db3b 100644
--- a/tools/sdk/esp32/include/app_update/include/esp_ota_ops.h
+++ b/tools/sdk/esp32/include/app_update/include/esp_ota_ops.h
@@ -327,9 +327,9 @@ typedef enum {
 /**
  * @brief Revokes the old signature digest. To be called in the application after the rollback logic.
  *
- * Relevant for Secure boot v2 on ESP32-S2 where upto 3 key digests can be stored (Key #N-1, Key #N, Key #N+1).
- * When key #N-1 used to sign an app is invalidated, an OTA update is to be sent with an app signed with key #N-1 & Key #N.
- * After successfully booting the OTA app should call this function to revoke Key #N-1.
+ * Relevant for Secure boot v2 on ESP32-S2, ESP32-S3, ESP32-C3 where upto 3 key digests can be stored (Key \#N-1, Key \#N, Key \#N+1).
+ * When key \#N-1 used to sign an app is invalidated, an OTA update is to be sent with an app signed with key \#N-1 & Key \#N.
+ * After successfully booting the OTA app should call this function to revoke Key \#N-1.
  *
  * @param index - The index of the signature block to be revoked
  *
diff --git a/tools/sdk/esp32/include/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h b/tools/sdk/esp32/include/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
index dd48ab982dd..f81ad21800e 100644
--- a/tools/sdk/esp32/include/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
+++ b/tools/sdk/esp32/include/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
@@ -1455,7 +1455,7 @@ esp_err_t esp_ble_gap_config_local_privacy (bool privacy_enable);
  *
  *
  * @param[in]       icon   - External appearance value, these values are defined by the Bluetooth SIG, please refer to
- *                  https://www.bluetooth.com/specifications/gatt/viewer?attributeXmlFile=org.bluetooth.characteristic.gap.appearance.xml
+ *                  https://specificationrefs.bluetooth.com/assigned-values/Appearance%20Values.pdf
  *
  * @return
  *                  - ESP_OK : success
diff --git a/tools/sdk/esp32/include/bt/include/esp32/include/esp_bt.h b/tools/sdk/esp32/include/bt/include/esp32/include/esp_bt.h
index 65b08ab6871..fad01b97bf3 100644
--- a/tools/sdk/esp32/include/bt/include/esp32/include/esp_bt.h
+++ b/tools/sdk/esp32/include/bt/include/esp32/include/esp_bt.h
@@ -354,6 +354,8 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg);
 
 /**
  * @brief  De-initialize BT controller to free resource and delete task.
+ *         You should stop advertising and scanning, as well as
+ *         disconnect all existing connections before de-initializing BT controller.
  *
  * This function should be called only once, after any other BT functions are called.
  * @return  ESP_OK - success, other - failed
diff --git a/tools/sdk/esp32/include/driver/include/driver/gpio.h b/tools/sdk/esp32/include/driver/include/driver/gpio.h
index 77bb2dd78c0..b904def347b 100644
--- a/tools/sdk/esp32/include/driver/include/driver/gpio.h
+++ b/tools/sdk/esp32/include/driver/include/driver/gpio.h
@@ -97,9 +97,9 @@ esp_err_t gpio_set_intr_type(gpio_num_t gpio_num, gpio_int_type_t intr_type);
 /**
  * @brief  Enable GPIO module interrupt signal
  *
- * @note Please do not use the interrupt of GPIO36 and GPIO39 when using ADC or Wi-Fi and Bluetooth with sleep mode enabled.
+ * @note ESP32: Please do not use the interrupt of GPIO36 and GPIO39 when using ADC or Wi-Fi and Bluetooth with sleep mode enabled.
  *       Please refer to the comments of `adc1_get_raw`.
- *       Please refer to section 3.11 of 'ECO_and_Workarounds_for_Bugs_in_ESP32' for the description of this issue.
+ *       Please refer to Section 3.11 of <a href="https://espressif.com/documentation/eco_and_workarounds_for_bugs_in_esp32_en.pdf">ESP32 ECO and Workarounds for Bugs</a> for the description of this issue.
  *       As a workaround, call adc_power_acquire() in the app. This will result in higher power consumption (by ~1mA),
  *       but will remove the glitches on GPIO36 and GPIO39.
  *
@@ -169,7 +169,7 @@ esp_err_t gpio_set_direction(gpio_num_t gpio_num, gpio_mode_t mode);
 /**
  * @brief  Configure GPIO pull-up/pull-down resistors
  *
- * Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
+ * @note ESP32: Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
  *
  * @param  gpio_num GPIO number. If you want to set pull up or down mode for e.g. GPIO16, gpio_num should be GPIO_NUM_16 (16);
  * @param  pull GPIO pull up/down mode.
@@ -484,7 +484,7 @@ esp_err_t gpio_sleep_set_direction(gpio_num_t gpio_num, gpio_mode_t mode);
 /**
  * @brief  Configure GPIO pull-up/pull-down resistors at sleep
  *
- * Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
+ * @note ESP32: Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
  *
  * @param  gpio_num GPIO number. If you want to set pull up or down mode for e.g. GPIO16, gpio_num should be GPIO_NUM_16 (16);
  * @param  pull GPIO pull up/down mode.
diff --git a/tools/sdk/esp32/include/driver/include/driver/uart.h b/tools/sdk/esp32/include/driver/include/driver/uart.h
index 4524516338b..f0c2ae10132 100644
--- a/tools/sdk/esp32/include/driver/include/driver/uart.h
+++ b/tools/sdk/esp32/include/driver/include/driver/uart.h
@@ -594,6 +594,18 @@ esp_err_t uart_flush_input(uart_port_t uart_num);
  */
 esp_err_t uart_get_buffered_data_len(uart_port_t uart_num, size_t* size);
 
+/**
+ * @brief   UART get TX ring buffer free space size
+ *
+ * @param   uart_num UART port number, the max port number is (UART_NUM_MAX -1).
+ * @param   size Pointer of size_t to accept the free space size
+ *
+ * @return
+ *     - ESP_OK Success
+ *     - ESP_ERR_INVALID_ARG Parameter error
+ */
+esp_err_t uart_get_tx_buffer_free_size(uart_port_t uart_num, size_t *size);
+
 /**
  * @brief   UART disable pattern detect function.
  *          Designed for applications like 'AT commands'.
diff --git a/tools/sdk/esp32/include/esp32-camera/driver/include/esp_camera.h b/tools/sdk/esp32/include/esp32-camera/driver/include/esp_camera.h
index b6047d312ae..2025bb403a9 100755
--- a/tools/sdk/esp32/include/esp32-camera/driver/include/esp_camera.h
+++ b/tools/sdk/esp32/include/esp32-camera/driver/include/esp_camera.h
@@ -70,6 +70,7 @@
 #include "driver/ledc.h"
 #include "sensor.h"
 #include "sys/time.h"
+#include "sdkconfig.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -91,6 +92,19 @@ typedef enum {
     CAMERA_FB_IN_DRAM           /*!< Frame buffer is placed in internal DRAM */
 } camera_fb_location_t;
 
+#if CONFIG_CAMERA_CONVERTER_ENABLED
+/**
+ * @brief Camera RGB\YUV conversion mode
+ */
+typedef enum {
+    CONV_DISABLE,
+    RGB565_TO_YUV422,
+        
+    YUV422_TO_RGB565,
+    YUV422_TO_YUV420
+} camera_conv_mode_t;
+#endif
+
 /**
  * @brief Configuration structure for camera initialization
  */
@@ -124,6 +138,9 @@ typedef struct {
     size_t fb_count;                /*!< Number of frame buffers to be allocated. If more than one, then each frame will be acquired (double speed)  */
     camera_fb_location_t fb_location; /*!< The location where the frame buffer will be allocated */
     camera_grab_mode_t grab_mode;   /*!< When buffers should be filled */
+#if CONFIG_CAMERA_CONVERTER_ENABLED
+    camera_conv_mode_t conv_mode;   /*!< RGB<->YUV Conversion mode */
+#endif
 } camera_config_t;
 
 /**
diff --git a/tools/sdk/esp32/include/esp32-camera/driver/include/sensor.h b/tools/sdk/esp32/include/esp32-camera/driver/include/sensor.h
index c1b882acd21..d5ec7463fd3 100755
--- a/tools/sdk/esp32/include/esp32-camera/driver/include/sensor.h
+++ b/tools/sdk/esp32/include/esp32-camera/driver/include/sensor.h
@@ -69,6 +69,7 @@ typedef enum {
 typedef enum {
     PIXFORMAT_RGB565,    // 2BPP/RGB565
     PIXFORMAT_YUV422,    // 2BPP/YUV422
+    PIXFORMAT_YUV420,    // 1.5BPP/YUV420
     PIXFORMAT_GRAYSCALE, // 1BPP/GRAYSCALE
     PIXFORMAT_JPEG,      // JPEG/COMPRESSED
     PIXFORMAT_RGB888,    // 3BPP/RGB888
diff --git a/tools/sdk/esp32/include/esp_eth/include/esp_eth_mac.h b/tools/sdk/esp32/include/esp_eth/include/esp_eth_mac.h
index db462728a18..be23792d2d8 100644
--- a/tools/sdk/esp32/include/esp_eth/include/esp_eth_mac.h
+++ b/tools/sdk/esp32/include/esp_eth/include/esp_eth_mac.h
@@ -411,7 +411,7 @@ typedef struct {
 /**
 * @brief Create ESP32 Ethernet MAC instance
 *
-* @param config: Ethernet MAC configuration
+* @param config:       Ethernet MAC configuration
 *
 * @return
 *      - instance: create MAC instance successfully
diff --git a/tools/sdk/esp32/include/esp_https_server/include/esp_https_server.h b/tools/sdk/esp32/include/esp_https_server/include/esp_https_server.h
index efe726e9e70..75720bd1ce7 100644
--- a/tools/sdk/esp32/include/esp_https_server/include/esp_https_server.h
+++ b/tools/sdk/esp32/include/esp_https_server/include/esp_https_server.h
@@ -25,7 +25,7 @@ typedef enum {
  * @brief Callback data struct, contains the ESP-TLS connection handle
  */
 typedef struct esp_https_server_user_cb_arg {
-    const esp_tls_t *tls;
+    const esp_tls_t *tls;        /*!< ESP-TLS connection handle */
 } esp_https_server_user_cb_arg_t;
 
 /**
diff --git a/tools/sdk/esp32/include/esp_hw_support/include/esp_mac.h b/tools/sdk/esp32/include/esp_hw_support/include/esp_mac.h
index f0efddfc2f7..e700b72ffe0 100644
--- a/tools/sdk/esp32/include/esp_hw_support/include/esp_mac.h
+++ b/tools/sdk/esp32/include/esp_hw_support/include/esp_mac.h
@@ -139,7 +139,7 @@ esp_err_t esp_read_mac(uint8_t *mac, esp_mac_type_t type);
   * address, then the first octet is XORed with 0x4 in order to create a different
   * locally administered MAC address.
   *
-  * @param  mac base MAC address, length: 6 bytes/8 bytes.
+  * @param  local_mac base MAC address, length: 6 bytes/8 bytes.
   *         length: 6 bytes for MAC-48
   *                 8 bytes for EUI-64(used for IEEE 802.15.4)
   * @param  universal_mac  Source universal MAC address, length: 6 bytes.
diff --git a/tools/sdk/esp32/include/esp_lcd/include/esp_lcd_panel_io.h b/tools/sdk/esp32/include/esp_lcd/include/esp_lcd_panel_io.h
index 7b99bde3f17..57f27ac96aa 100644
--- a/tools/sdk/esp32/include/esp_lcd/include/esp_lcd_panel_io.h
+++ b/tools/sdk/esp32/include/esp_lcd/include/esp_lcd_panel_io.h
@@ -134,6 +134,10 @@ typedef struct {
  */
 esp_err_t esp_lcd_new_panel_io_spi(esp_lcd_spi_bus_handle_t bus, const esp_lcd_panel_io_spi_config_t *io_config, esp_lcd_panel_io_handle_t *ret_io);
 
+/**
+ * @brief Panel IO configuration structure, for I2C interface
+ *
+ */
 typedef struct {
     uint32_t dev_addr; /*!< I2C device address */
     esp_lcd_panel_io_color_trans_done_cb_t on_color_trans_done; /*!< Callback invoked when color data transfer has finished */
@@ -145,7 +149,7 @@ typedef struct {
     struct {
         unsigned int dc_low_on_data: 1;  /*!< If this flag is enabled, DC line = 0 means transfer data, DC line = 1 means transfer command; vice versa */
         unsigned int disable_control_phase: 1; /*!< If this flag is enabled, the control phase isn't used */
-    } flags;
+    } flags; /*!< Extra flags to fine-tune the I2C device */
 } esp_lcd_panel_io_i2c_config_t;
 
 /**
@@ -223,7 +227,7 @@ typedef struct {
         unsigned int swap_color_bytes: 1;   /*!< Swap adjacent two color bytes */
         unsigned int pclk_active_neg: 1;    /*!< The display will write data lines when there's a falling edge on WR signal (a.k.a the PCLK) */
         unsigned int pclk_idle_low: 1;      /*!< The WR signal (a.k.a the PCLK) stays at low level in IDLE phase */
-    } flags;
+    } flags;                                /*!< Panel IO config flags */
 } esp_lcd_panel_io_i80_config_t;
 
 /**
diff --git a/tools/sdk/esp32/include/esp_lcd/include/esp_lcd_panel_rgb.h b/tools/sdk/esp32/include/esp_lcd/include/esp_lcd_panel_rgb.h
index 95dfb6ba4fc..f821a758839 100644
--- a/tools/sdk/esp32/include/esp_lcd/include/esp_lcd_panel_rgb.h
+++ b/tools/sdk/esp32/include/esp_lcd/include/esp_lcd_panel_rgb.h
@@ -66,7 +66,7 @@ typedef struct {
         unsigned int de_idle_high: 1;    /*!< The de signal is high in IDLE state */
         unsigned int pclk_active_neg: 1; /*!< Whether the display data is clocked out at the falling edge of PCLK */
         unsigned int pclk_idle_high: 1;  /*!< The PCLK stays at high level in IDLE phase */
-    } flags;
+    } flags;                             /*!< LCD RGB timing flags */
 } esp_lcd_rgb_timing_t;
 
 /**
@@ -106,7 +106,7 @@ typedef struct {
         unsigned int disp_active_low: 1; /*!< If this flag is enabled, a low level of display control signal can turn the screen on; vice versa */
         unsigned int relax_on_idle: 1;   /*!< If this flag is enabled, the host won't refresh the LCD if nothing changed in host's frame buffer (this is usefull for LCD with built-in GRAM) */
         unsigned int fb_in_psram: 1;     /*!< If this flag is enabled, the frame buffer will be allocated from PSRAM preferentially */
-    } flags;
+    } flags;                             /*!< LCD RGB panel configuration flags */
 } esp_lcd_rgb_panel_config_t;
 
 /**
diff --git a/tools/sdk/esp32/include/esp_lcd/include/esp_lcd_panel_vendor.h b/tools/sdk/esp32/include/esp_lcd/include/esp_lcd_panel_vendor.h
index dde8be68d3b..2503adeb7ea 100644
--- a/tools/sdk/esp32/include/esp_lcd/include/esp_lcd_panel_vendor.h
+++ b/tools/sdk/esp32/include/esp_lcd/include/esp_lcd_panel_vendor.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -22,8 +22,8 @@ typedef struct {
     unsigned int bits_per_pixel;       /*!< Color depth, in bpp */
     struct {
         unsigned int reset_active_high: 1; /*!< Setting this if the panel reset is high level active */
-    } flags;
-    void *vendor_config; /* vendor specific configuration, optional, left as NULL if not used */
+    } flags;                               /*!< LCD panel config flags */
+    void *vendor_config; /*!< vendor specific configuration, optional, left as NULL if not used */
 } esp_lcd_panel_dev_config_t;
 
 /**
diff --git a/tools/sdk/esp32/include/esp_netif/include/esp_netif.h b/tools/sdk/esp32/include/esp_netif/include/esp_netif.h
index 92c937c1294..e248db0cb41 100644
--- a/tools/sdk/esp32/include/esp_netif/include/esp_netif.h
+++ b/tools/sdk/esp32/include/esp_netif/include/esp_netif.h
@@ -619,9 +619,10 @@ esp_err_t esp_netif_dhcps_stop(esp_netif_t *esp_netif);
  *
  *   If DHCP server is enabled, the Main DNS Server setting is used by the DHCP server to provide a DNS Server option
  *   to DHCP clients (Wi-Fi stations).
- *   - The default Main DNS server is typically the IP of the Wi-Fi AP interface itself.
+ *   - The default Main DNS server is typically the IP of the DHCP server itself.
  *   - This function can override it by setting server type ESP_NETIF_DNS_MAIN.
- *   - Other DNS Server types are not supported for the Wi-Fi AP interface.
+ *   - Other DNS Server types are not supported for the DHCP server.
+ *   - To propagate the DNS info to client, please stop the DHCP server before using this API.
  *
  * @param[in]  esp_netif Handle to esp-netif instance
  * @param[in]  type Type of DNS Server to set: ESP_NETIF_DNS_MAIN, ESP_NETIF_DNS_BACKUP, ESP_NETIF_DNS_FALLBACK
diff --git a/tools/sdk/esp32/include/esp_netif/include/esp_netif_ip_addr.h b/tools/sdk/esp32/include/esp_netif/include/esp_netif_ip_addr.h
index 25b877d359d..57f10999b31 100644
--- a/tools/sdk/esp32/include/esp_netif/include/esp_netif_ip_addr.h
+++ b/tools/sdk/esp32/include/esp_netif/include/esp_netif_ip_addr.h
@@ -81,25 +81,37 @@ extern "C" {
 #define ESP_IP4ADDR_INIT(a, b, c, d)  { .type = ESP_IPADDR_TYPE_V4, .u_addr = { .ip4 = { .addr = ESP_IP4TOADDR(a, b, c, d) }}};
 #define ESP_IP6ADDR_INIT(a, b, c, d)  { .type = ESP_IPADDR_TYPE_V6, .u_addr = { .ip6 = { .addr = { a, b, c, d }, .zone = 0 }}};
 
+/**
+ * @brief IPv6 address
+ *
+ */
 struct esp_ip6_addr {
-    uint32_t addr[4];
-    uint8_t zone;
+    uint32_t addr[4]; /*!< IPv6 address */
+    uint8_t zone;     /*!< zone ID */
 };
 
+/**
+ * @brief IPv4 address
+ *
+ */
 struct esp_ip4_addr {
-    uint32_t addr;
+    uint32_t addr;  /*!< IPv4 address */
 };
 
 typedef struct esp_ip4_addr esp_ip4_addr_t;
 
 typedef struct esp_ip6_addr esp_ip6_addr_t;
 
+/**
+ * @brief IP address
+ *
+ */
 typedef struct _ip_addr {
     union {
-        esp_ip6_addr_t ip6;
-        esp_ip4_addr_t ip4;
-    } u_addr;
-    uint8_t type;
+        esp_ip6_addr_t ip6; /*!< IPv6 address type */
+        esp_ip4_addr_t ip4; /*!< IPv4 address type */
+    } u_addr;               /*!< IP address union */
+    uint8_t type;           /*!< ipaddress type */
 } esp_ip_addr_t;
 
 typedef enum {
diff --git a/tools/sdk/esp32/include/esp_netif/include/esp_netif_types.h b/tools/sdk/esp32/include/esp_netif/include/esp_netif_types.h
index cc7a37b9c49..ee6b92a3b24 100644
--- a/tools/sdk/esp32/include/esp_netif/include/esp_netif_types.h
+++ b/tools/sdk/esp32/include/esp_netif/include/esp_netif_types.h
@@ -112,6 +112,11 @@ typedef struct {
     esp_ip6_addr_t ip; /**< Interface IPV6 address */
 } esp_netif_ip6_info_t;
 
+
+/**
+ * @brief Event structure for IP_EVENT_GOT_IP event
+ *
+ */
 typedef struct {
     int if_index;                    /*!< Interface index for which the event is received (left for legacy compilation) */
     esp_netif_t *esp_netif;          /*!< Pointer to corresponding esp-netif object */
@@ -164,6 +169,10 @@ typedef enum esp_netif_ip_event_type {
 //      3) network stack specific config (esp_netif_net_stack_ifconfig_t) -- no publicly available
 //
 
+/**
+ * @brief ESP-netif inherent config parameters
+ *
+ */
 typedef struct esp_netif_inherent_config {
     esp_netif_flags_t flags;         /*!< flags that define esp-netif behavior */
     uint8_t mac[6];                  /*!< initial mac address for this interface */
@@ -185,19 +194,23 @@ typedef struct esp_netif_config esp_netif_config_t;
  */
 typedef void * esp_netif_iodriver_handle;
 
+/**
+ * @brief ESP-netif driver base handle
+ *
+ */
 typedef struct esp_netif_driver_base_s {
-    esp_err_t (*post_attach)(esp_netif_t *netif, esp_netif_iodriver_handle h);
-    esp_netif_t *netif;
+    esp_err_t (*post_attach)(esp_netif_t *netif, esp_netif_iodriver_handle h); /*!< post attach function pointer */
+    esp_netif_t *netif; /*!< netif handle */
 } esp_netif_driver_base_t;
 
 /**
  * @brief  Specific IO driver configuration
  */
 struct esp_netif_driver_ifconfig {
-    esp_netif_iodriver_handle handle;
-    esp_err_t (*transmit)(void *h, void *buffer, size_t len);
-    esp_err_t (*transmit_wrap)(void *h, void *buffer, size_t len, void *netstack_buffer);
-    void (*driver_free_rx_buffer)(void *h, void* buffer);
+    esp_netif_iodriver_handle handle; /*!< io-driver handle */
+    esp_err_t (*transmit)(void *h, void *buffer, size_t len); /*!< transmit function pointer */
+    esp_err_t (*transmit_wrap)(void *h, void *buffer, size_t len, void *netstack_buffer); /*!< transmit wrap function pointer */
+    void (*driver_free_rx_buffer)(void *h, void* buffer); /*!< free rx buffer function pointer */
 };
 
 typedef struct esp_netif_driver_ifconfig esp_netif_driver_ifconfig_t;
@@ -212,9 +225,9 @@ typedef struct esp_netif_netstack_config esp_netif_netstack_config_t;
  * @brief  Generic esp_netif configuration
  */
 struct esp_netif_config {
-    const esp_netif_inherent_config_t *base;
-    const esp_netif_driver_ifconfig_t *driver;
-    const esp_netif_netstack_config_t *stack;
+    const esp_netif_inherent_config_t *base; /*!< base config */
+    const esp_netif_driver_ifconfig_t *driver; /*!< driver config */
+    const esp_netif_netstack_config_t *stack; /*!< stack config */
 };
 
 /**
diff --git a/tools/sdk/esp32/include/esp_phy/include/esp_phy_init.h b/tools/sdk/esp32/include/esp_phy/include/esp_phy_init.h
index ec682139506..efefd114d4f 100644
--- a/tools/sdk/esp32/include/esp_phy/include/esp_phy_init.h
+++ b/tools/sdk/esp32/include/esp_phy/include/esp_phy_init.h
@@ -14,7 +14,8 @@ extern "C" {
 #endif
 
 /**
- * @file PHY init parameters and API
+ * @file
+ *          init parameters and API
  */
 
 
@@ -34,6 +35,10 @@ typedef struct {
     uint8_t opaque[1894];                   /*!< calibration data */
 } esp_phy_calibration_data_t;
 
+/**
+ * @brief PHY calibration mode
+ *
+ */
 typedef enum {
     PHY_RF_CAL_PARTIAL = 0x00000000,        /*!< Do part of RF calibration. This should be used after power-on reset. */
     PHY_RF_CAL_NONE    = 0x00000001,        /*!< Don't do any RF calibration. This mode is only suggested to be used after deep sleep reset. */
@@ -223,6 +228,10 @@ int64_t esp_phy_rf_get_on_ts(void);
 
 /**
  * @brief Update the corresponding PHY init type according to the country code of Wi-Fi.
+ *
+ * @param country country code
+ * @return ESP_OK on success.
+ * @return esp_err_t code describing the error on fail
  */
 esp_err_t esp_phy_update_country_info(const char *country);
 
diff --git a/tools/sdk/esp32/include/esp_wifi/include/esp_now.h b/tools/sdk/esp32/include/esp_wifi/include/esp_now.h
index de41a879363..191d1d1ccec 100644
--- a/tools/sdk/esp32/include/esp_wifi/include/esp_now.h
+++ b/tools/sdk/esp32/include/esp_wifi/include/esp_now.h
@@ -1,16 +1,8 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #ifndef __ESP_NOW_H__
 #define __ESP_NOW_H__
@@ -190,7 +182,7 @@ esp_err_t esp_now_unregister_send_cb(void);
   *          - ESP_ERR_ESPNOW_NOT_INIT : ESPNOW is not initialized
   *          - ESP_ERR_ESPNOW_ARG : invalid argument
   *          - ESP_ERR_ESPNOW_INTERNAL : internal error
-  *          - ESP_ERR_ESPNOW_NO_MEM : out of memory
+  *          - ESP_ERR_ESPNOW_NO_MEM : out of memory, when this happens, you can delay a while before sending the next data
   *          - ESP_ERR_ESPNOW_NOT_FOUND : peer is not found
   *          - ESP_ERR_ESPNOW_IF : current WiFi interface doesn't match that of peer
   */
@@ -237,6 +229,20 @@ esp_err_t esp_now_del_peer(const uint8_t *peer_addr);
   */
 esp_err_t esp_now_mod_peer(const esp_now_peer_info_t *peer);
 
+/**
+  * @brief      Config ESPNOW rate of specified interface
+  *
+  * @attention  1. This API should be called after esp_wifi_start().
+  *
+  * @param      ifx  Interface to be configured.
+  * @param      rate Phy rate to be configured.
+  *
+  * @return
+  *    - ESP_OK: succeed
+  *    - others: failed
+  */
+esp_err_t esp_wifi_config_espnow_rate(wifi_interface_t ifx, wifi_phy_rate_t rate);
+
 /**
   * @brief     Get a peer whose MAC address matches peer_addr from peer list
   *
diff --git a/tools/sdk/esp32/include/esp_wifi/include/esp_private/wifi.h b/tools/sdk/esp32/include/esp_wifi/include/esp_private/wifi.h
index 957f68791bd..a2c763260e5 100644
--- a/tools/sdk/esp32/include/esp_wifi/include/esp_private/wifi.h
+++ b/tools/sdk/esp32/include/esp_wifi/include/esp_private/wifi.h
@@ -251,6 +251,7 @@ esp_err_t esp_wifi_internal_set_sta_ip(void);
   *
   * @attention 1. If fixed rate is enabled, both management and data frame are transmitted with fixed rate
   * @attention 2. Make sure that the receiver is able to receive the frame with the fixed rate if you want the frame to be received
+  * @attention 3. Not support to set fix rate for espnow and 80211_tx
   *
   * @param  ifx : wifi interface
   * @param  en : false - disable, true - enable
diff --git a/tools/sdk/esp32/include/esp_wifi/include/esp_wifi.h b/tools/sdk/esp32/include/esp_wifi/include/esp_wifi.h
index 3d62c5c297c..e06569dfc15 100644
--- a/tools/sdk/esp32/include/esp_wifi/include/esp_wifi.h
+++ b/tools/sdk/esp32/include/esp_wifi/include/esp_wifi.h
@@ -498,7 +498,7 @@ esp_err_t esp_wifi_get_ps(wifi_ps_type_t *type);
   * @brief     Set protocol type of specified interface
   *            The default protocol is (WIFI_PROTOCOL_11B|WIFI_PROTOCOL_11G|WIFI_PROTOCOL_11N)
   *
-  * @attention Currently we only support 802.11b or 802.11bg or 802.11bgn mode
+  * @attention Support 802.11b or 802.11bg or 802.11bgn or LR mode
   *
   * @param     ifx  interfaces
   * @param     protocol_bitmap  WiFi protocol bitmap
@@ -1210,20 +1210,6 @@ esp_err_t esp_wifi_ftm_resp_set_offset(int16_t offset_cm);
   */
 esp_err_t esp_wifi_config_11b_rate(wifi_interface_t ifx, bool disable);
 
-/**
-  * @brief      Config ESPNOW rate of specified interface
-  *
-  * @attention  1. This API should be called after esp_wifi_init() and before esp_wifi_start().
-  *
-  * @param      ifx  Interface to be configured.
-  * @param      rate Phy rate to be configured.
-  *
-  * @return
-  *    - ESP_OK: succeed
-  *    - others: failed
-  */
-esp_err_t esp_wifi_config_espnow_rate(wifi_interface_t ifx, wifi_phy_rate_t rate);
-
 /**
   * @brief      Set interval for station to wake up periodically at disconnected.
   *
diff --git a/tools/sdk/esp32/include/esp_wifi/include/esp_wifi_types.h b/tools/sdk/esp32/include/esp_wifi/include/esp_wifi_types.h
index 47f5c79281b..89020d4abbf 100644
--- a/tools/sdk/esp32/include/esp_wifi/include/esp_wifi_types.h
+++ b/tools/sdk/esp32/include/esp_wifi/include/esp_wifi_types.h
@@ -343,7 +343,7 @@ typedef struct {
     unsigned fec_coding:1;        /**< Flag is set for 11n packets which are LDPC */
     unsigned sgi:1;               /**< Short Guide Interval(SGI). 0: Long GI; 1: Short GI */
 #if CONFIG_IDF_TARGET_ESP32
-    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: 0.25dBm*/
+    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: dBm*/
 #elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C3
     unsigned :8;                  /**< reserved */
 #endif
@@ -356,14 +356,14 @@ typedef struct {
 #if CONFIG_IDF_TARGET_ESP32S2
     unsigned :32;                 /**< reserved */
 #elif CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C3
-    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: 0.25dBm*/
+    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: dBm*/
     unsigned :24;                 /**< reserved */
     unsigned :32;                 /**< reserved */
 #endif
     unsigned :31;                 /**< reserved */
     unsigned ant:1;               /**< antenna number from which this packet is received. 0: WiFi antenna 0; 1: WiFi antenna 1 */
 #if CONFIG_IDF_TARGET_ESP32S2
-    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: 0.25dBm*/
+    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: dBm*/
     unsigned :24;                 /**< reserved */
 #elif CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C3
     unsigned :32;                 /**< reserved */
diff --git a/tools/sdk/esp32/include/freertos/include/freertos/queue.h b/tools/sdk/esp32/include/freertos/include/freertos/queue.h
index 05ca7de4546..5070b76e79c 100644
--- a/tools/sdk/esp32/include/freertos/include/freertos/queue.h
+++ b/tools/sdk/esp32/include/freertos/include/freertos/queue.h
@@ -1398,9 +1398,6 @@ BaseType_t xQueueGenericSendFromISR( QueueHandle_t xQueue,
                                      const BaseType_t xCopyPosition ) PRIVILEGED_FUNCTION;
 BaseType_t xQueueGiveFromISR( QueueHandle_t xQueue,
                               BaseType_t * const pxHigherPriorityTaskWoken ) PRIVILEGED_FUNCTION;
-/**@}*/
-/** @endcond */
-
 /**
  * @cond !DOC_EXCLUDE_HEADER_SECTION
  * queue. h
diff --git a/tools/sdk/esp32/include/freertos/include/freertos/task.h b/tools/sdk/esp32/include/freertos/include/freertos/task.h
index 125a924d061..88b2730933d 100644
--- a/tools/sdk/esp32/include/freertos/include/freertos/task.h
+++ b/tools/sdk/esp32/include/freertos/include/freertos/task.h
@@ -392,7 +392,7 @@ typedef enum
  * example, to create a privileged task at priority 2 the uxPriority parameter
  * should be set to ( 2 | portPRIVILEGE_BIT ).
  *
- * @param pvCreatedTask Used to pass back a handle by which the created task
+ * @param pxCreatedTask Used to pass back a handle by which the created task
  * can be referenced.
  *
  * @return pdPASS if the task was successfully created and added to a ready
@@ -538,7 +538,7 @@ typedef enum
  *
  * @param uxPriority The priority at which the task will run.
  *
- * @param pxStackBuffer Must point to a StackType_t array that has at least
+ * @param puxStackBuffer Must point to a StackType_t array that has at least
  * ulStackDepth indexes - the array will then be used as the task's stack,
  * removing the need for the stack to be allocated dynamically.
  *
@@ -2368,7 +2368,7 @@ uint32_t ulTaskGetIdleRunTimeCounter( void ) PRIVILEGED_FUNCTION;
  * notification value at that index being updated.  ulValue is not used and
  * xTaskNotifyIndexed() always returns pdPASS in this case.
  *
- * pulPreviousNotificationValue -
+ * @param pulPreviousNotificationValue -
  * Can be used to pass out the subject task's notification value before any
  * bits are modified by the notify function.
  *
@@ -2532,6 +2532,10 @@ BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify,
  * requested from an ISR is dependent on the port - see the documentation page
  * for the port in use.
  *
+ * @param pulPreviousNotificationValue -
+ * Can be used to pass out the subject task's notification value before any
+ * bits are modified by the notify function.
+ *
  * @return Dependent on the value of eAction.  See the description of the
  * eAction parameter.
  *
@@ -2778,11 +2782,10 @@ BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWaitOn,
  * @endcond
  * \ingroup TaskNotifications
  */
-#define xTaskNotifyGive( xTaskToNotify ) \
-    xTaskGenericNotify( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( 0 ), eIncrement, NULL )
 #define xTaskNotifyGiveIndexed( xTaskToNotify, uxIndexToNotify ) \
     xTaskGenericNotify( ( xTaskToNotify ), ( uxIndexToNotify ), ( 0 ), eIncrement, NULL )
-
+#define xTaskNotifyGive( xTaskToNotify ) \
+    xTaskGenericNotify( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( 0 ), eIncrement, NULL )
 /**
  * @cond !DOC_EXCLUDE_HEADER_SECTION
  * task. h
diff --git a/tools/sdk/esp32/include/hal/include/hal/adc_types.h b/tools/sdk/esp32/include/hal/include/hal/adc_types.h
index f5efb1d4273..dc07531e0b9 100644
--- a/tools/sdk/esp32/include/hal/include/hal/adc_types.h
+++ b/tools/sdk/esp32/include/hal/include/hal/adc_types.h
@@ -121,7 +121,7 @@ typedef struct {
         struct {
             uint16_t data:     12;  /*!<ADC real output data info. Resolution: 12 bit. */
             uint16_t channel:   4;  /*!<ADC channel index info. */
-        } type1;
+        } type1;                    /*!<ADC type1 */
         struct {
             uint16_t data:     11;  /*!<ADC real output data info. Resolution: 11 bit. */
             uint16_t channel:   4;  /*!<ADC channel index info. For ESP32-S2:
diff --git a/tools/sdk/esp32/include/lwip/include/apps/ping/ping_sock.h b/tools/sdk/esp32/include/lwip/include/apps/ping/ping_sock.h
index 57938480d54..fb946f7e162 100644
--- a/tools/sdk/esp32/include/lwip/include/apps/ping/ping_sock.h
+++ b/tools/sdk/esp32/include/lwip/include/apps/ping/ping_sock.h
@@ -67,7 +67,8 @@ typedef struct {
     uint32_t interval_ms;     /*!< Milliseconds between each ping procedure */
     uint32_t timeout_ms;      /*!< Timeout value (in milliseconds) of each ping procedure */
     uint32_t data_size;       /*!< Size of the data next to ICMP packet header */
-    uint8_t tos;              /*!< Type of Service, a field specified in the IP header */
+    int tos;                  /*!< Type of Service, a field specified in the IP header */
+    int ttl;                  /*!< Time to Live,a field specified in the IP header */
     ip_addr_t target_addr;    /*!< Target IP address, either IPv4 or IPv6 */
     uint32_t task_stack_size; /*!< Stack size of internal ping task */
     uint32_t task_prio;       /*!< Priority of internal ping task */
@@ -85,6 +86,7 @@ typedef struct {
         .timeout_ms = 1000,              \
         .data_size = 64,                 \
         .tos = 0,                        \
+        .ttl = IP_DEFAULT_TTL,           \
         .target_addr = *(IP_ANY_TYPE),   \
         .task_stack_size = 2048,         \
         .task_prio = 2,                  \
@@ -99,6 +101,7 @@ typedef struct {
 */
 typedef enum {
     ESP_PING_PROF_SEQNO,   /*!< Sequence number of a ping procedure */
+    ESP_PING_PROF_TOS,     /*!< Type of service of a ping procedure */
     ESP_PING_PROF_TTL,     /*!< Time to live of a ping procedure */
     ESP_PING_PROF_REQUEST, /*!< Number of request packets sent out */
     ESP_PING_PROF_REPLY,   /*!< Number of reply packets received */
diff --git a/tools/sdk/esp32/include/lwip/port/esp32/include/arch/cc.h b/tools/sdk/esp32/include/lwip/port/esp32/include/arch/cc.h
index f17c49783a5..8f0ffa60e33 100644
--- a/tools/sdk/esp32/include/lwip/port/esp32/include/arch/cc.h
+++ b/tools/sdk/esp32/include/lwip/port/esp32/include/arch/cc.h
@@ -79,7 +79,15 @@ typedef int sys_prot_t;
 
 #include <stdio.h>
 
+#ifdef CONFIG_LWIP_DEBUG_ESP_LOG
+// lwip debugs routed to ESP_LOGD
+#include "esp_log.h"
+#define LWIP_ESP_LOG_FUNC(format, ...) ESP_LOG_LEVEL(ESP_LOG_DEBUG, "lwip", format, ##__VA_ARGS__)
+#define LWIP_PLATFORM_DIAG(x) LWIP_ESP_LOG_FUNC x
+#else
+// lwip debugs routed to printf
 #define LWIP_PLATFORM_DIAG(x)   do {printf x;} while(0)
+#endif
 
 #ifdef NDEBUG
 
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/aes.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/aes.h
index e280dbb1c66..401ac39de87 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/aes.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/aes.h
@@ -564,7 +564,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
  *             for example, with 96-bit random nonces, you should not encrypt
  *             more than 2**32 messages with the same key.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that an AES block is 16 bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/aria.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/aria.h
index 226e2dbf3c8..d294c47f2d9 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/aria.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/aria.h
@@ -44,7 +44,7 @@
 #define MBEDTLS_ARIA_DECRYPT     0 /**< ARIA decryption. */
 
 #define MBEDTLS_ARIA_BLOCKSIZE   16 /**< ARIA block size in bytes. */
-#define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maxiumum number of rounds in ARIA. */
+#define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maximum number of rounds in ARIA. */
 #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -321,7 +321,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
  *             for example, with 96-bit random nonces, you should not encrypt
  *             more than 2**32 messages with the same key.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that an ARIA block is 16 bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/asn1.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/asn1.h
index 10f7905b7e6..5117fc7a418 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/asn1.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/asn1.h
@@ -61,7 +61,7 @@
 /** Buffer too small when writing ASN.1 data structure. */
 #define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C
 
-/* \} name */
+/** \} name ASN1 Error codes */
 
 /**
  * \name DER constants
@@ -121,8 +121,7 @@
 #define MBEDTLS_ASN1_TAG_PC_MASK             0x20
 #define MBEDTLS_ASN1_TAG_VALUE_MASK          0x1F
 
-/* \} name */
-/* \} addtogroup asn1_module */
+/** \} name DER constants */
 
 /** Returns the size of the binary string, without the trailing \\0 */
 #define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
@@ -210,7 +209,7 @@ mbedtls_asn1_named_data;
  * \return      0 if successful.
  * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
  *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
  */
 int mbedtls_asn1_get_len( unsigned char **p,
                           const unsigned char *end,
@@ -235,7 +234,7 @@ int mbedtls_asn1_get_len( unsigned char **p,
  *              with the requested tag.
  * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
  *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
  */
 int mbedtls_asn1_get_tag( unsigned char **p,
                           const unsigned char *end,
@@ -607,6 +606,9 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
  */
 void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
 
+/** \} name Functions to parse ASN.1 data structures */
+/** \} addtogroup asn1_module */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/bignum.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/bignum.h
index 4de452980b8..c71a1d40227 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/bignum.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/bignum.h
@@ -991,7 +991,7 @@ MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
  *                 generate yourself and that are supposed to be prime, then
  *                 \p rounds should be at least the half of the security
  *                 strength of the cryptographic algorithm. On the other hand,
- *                 if \p X is chosen uniformly or non-adversially (as is the
+ *                 if \p X is chosen uniformly or non-adversarially (as is the
  *                 case when mbedtls_mpi_gen_prime calls this function), then
  *                 \p rounds can be much lower.
  *
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/blowfish.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/blowfish.h
index 77dca70d314..d5f809921fa 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/blowfish.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/blowfish.h
@@ -185,7 +185,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
  *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
  *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
  * \param length   The length of the input data in Bytes.
- * \param iv_off   The offset in the initialiation vector.
+ * \param iv_off   The offset in the initialization vector.
  *                 The value pointed to must be smaller than \c 8 Bytes.
  *                 It is updated by this function to support the aforementioned
  *                 streaming usage.
@@ -246,7 +246,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
  *             The recommended way to ensure uniqueness is to use a message
  *             counter.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that a Blowfish block is 8 bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/camellia.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/camellia.h
index 925a623e47e..d39d932fa2c 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/camellia.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/camellia.h
@@ -273,7 +273,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
  *             encrypted: for example, with 96-bit random nonces, you should
  *             not encrypt more than 2**32 messages with the same key.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that a CAMELLIA block is \c 16 Bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h
index c4ec7b5f2a9..ed568bc98b7 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h
@@ -161,7 +161,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
  * \param ctx       The ChaCha20-Poly1305 context. This must be initialized
  *                  and bound to a key.
  * \param nonce     The nonce/IV to use for the message.
- *                  This must be a redable buffer of length \c 12 Bytes.
+ *                  This must be a readable buffer of length \c 12 Bytes.
  * \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
  *                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
  *
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/check_config.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/check_config.h
index 396fe7dfc2b..be5c548e561 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/check_config.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/check_config.h
@@ -173,7 +173,11 @@
 #endif
 
 #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
@@ -214,11 +218,32 @@
 #error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
 #endif
 
+#if defined(MBEDTLS_CCM_C) && (                                        \
+    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+#error "MBEDTLS_CCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CCM_C) && !defined(MBEDTLS_CIPHER_C)
+#error "MBEDTLS_CCM_C defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_GCM_C) && (                                        \
-        !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+#error "MBEDTLS_GCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CIPHER_C)
 #error "MBEDTLS_GCM_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C)
+#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_POLY1305_C)
+#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
 #error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
 #endif
@@ -338,11 +363,11 @@
 #endif
 
 #if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
@@ -619,6 +644,18 @@
 #error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
 #endif
 
+#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) && \
+    !defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_ECDSA_C)
+#error "MBEDTLS_PK_C in configuration with MBEDTLS_USE_PSA_CRYPTO and \
+        MBEDTLS_ECDSA_C requires MBEDTLS_PK_WRITE_C to be defined."
+#endif
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) && \
+    !defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PSA_CRYPTO_C)
+#error "MBEDTLS_PSA_CRYPTO_C, MBEDTLS_RSA_C and  MBEDTLS_PKCS1_V15 defined, \
+        but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
     !defined(MBEDTLS_OID_C) )
 #error "MBEDTLS_RSA_C defined, but not all prerequisites"
@@ -761,14 +798,14 @@
     !defined(MBEDTLS_SSL_PROTO_TLS1)   &&      \
     !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
     !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
     !defined(MBEDTLS_SSL_PROTO_TLS1)   &&          \
     !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&          \
     !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/config.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/config.h
index 87b4e9192e7..1cd6eb66348 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/config.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/config.h
@@ -128,7 +128,12 @@
  * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
  * MBEDTLS_PLATFORM_STD_TIME.
  *
- * Comment if your system does not support time functions
+ * Comment if your system does not support time functions.
+ *
+ * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
+ *       interface - timing.c will include time.h on suitable platforms
+ *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
  */
 #define MBEDTLS_HAVE_TIME
 
@@ -321,7 +326,7 @@
  */
 //#define MBEDTLS_CHECK_PARAMS_ASSERT
 
-/* \} name SECTION: System support */
+/** \} name SECTION: System support */
 
 /**
  * \name SECTION: mbed TLS feature support
@@ -395,7 +400,7 @@
 //#define MBEDTLS_XTEA_ALT
 
 /*
- * When replacing the elliptic curve module, pleace consider, that it is
+ * When replacing the elliptic curve module, please consider, that it is
  * implemented with two .c files:
  *      - ecp.c
  *      - ecp_curves.c
@@ -1493,7 +1498,7 @@
  * Enable an implementation of SHA-256 that has lower ROM footprint but also
  * lower performance.
  *
- * The default implementation is meant to be a reasonnable compromise between
+ * The default implementation is meant to be a reasonable compromise between
  * performance and size. This version optimizes more aggressively for size at
  * the expense of performance. Eg on Cortex-M4 it reduces the size of
  * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
@@ -1658,7 +1663,7 @@
  * Enable support for RFC 7627: Session Hash and Extended Master Secret
  * Extension.
  *
- * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * This was introduced as "the proper fix" to the Triple Handshake family of
  * attacks, but it is recommended to always use it (even if you disable
  * renegotiation), since it actually fixes a more fundamental issue in the
  * original SSL/TLS design, and has implications beyond Triple Handshake.
@@ -1704,7 +1709,7 @@
  * \note This option has no influence on the protection against the
  *       triple handshake attack. Even if it is disabled, Mbed TLS will
  *       still ensure that certificates do not change during renegotiation,
- *       for exaple by keeping a hash of the peer's certificate.
+ *       for example by keeping a hash of the peer's certificate.
  *
  * Comment this macro to disable storing the peer's certificate
  * after the handshake.
@@ -1909,7 +1914,7 @@
  * unless you know for sure amplification cannot be a problem in the
  * environment in which your server operates.
  *
- * \warning Disabling this can ba a security risk! (see above)
+ * \warning Disabling this can be a security risk! (see above)
  *
  * Requires: MBEDTLS_SSL_PROTO_DTLS
  *
@@ -2162,8 +2167,19 @@
  * This setting allows support for cryptographic mechanisms through the PSA
  * API to be configured separately from support through the mbedtls API.
  *
- * Uncomment this to enable use of PSA Crypto configuration settings which
- * can be found in include/psa/crypto_config.h.
+ * When this option is disabled, the PSA API exposes the cryptographic
+ * mechanisms that can be implemented on top of the `mbedtls_xxx` API
+ * configured with `MBEDTLS_XXX` symbols.
+ *
+ * When this option is enabled, the PSA API exposes the cryptographic
+ * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
+ * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
+ * automatically enabled if required (i.e. if no PSA driver provides the
+ * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
+ * in config.h.
+ *
+ * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
+ * an alternative header to include instead of include/psa/crypto_config.h.
  *
  * If you enable this option and write your own configuration file, you must
  * include mbedtls/config_psa.h in your configuration file. The default
@@ -2289,7 +2305,7 @@
  * Uncomment to enable use of ZLIB
  */
 //#define MBEDTLS_ZLIB_SUPPORT
-/* \} name SECTION: mbed TLS feature support */
+/** \} name SECTION: mbed TLS feature support */
 
 /**
  * \name SECTION: mbed TLS modules
@@ -2902,7 +2918,7 @@
  *
  * Requires: MBEDTLS_MD_C
  *
- * Uncomment to enable the HMAC_DRBG random number geerator.
+ * Uncomment to enable the HMAC_DRBG random number generator.
  */
 #define MBEDTLS_HMAC_DRBG_C
 
@@ -3096,7 +3112,7 @@
 /**
  * \def MBEDTLS_PK_C
  *
- * Enable the generic public (asymetric) key layer.
+ * Enable the generic public (asymmetric) key layer.
  *
  * Module:  library/pk.c
  * Caller:  library/ssl_tls.c
@@ -3112,7 +3128,7 @@
 /**
  * \def MBEDTLS_PK_PARSE_C
  *
- * Enable the generic public (asymetric) key parser.
+ * Enable the generic public (asymmetric) key parser.
  *
  * Module:  library/pkparse.c
  * Caller:  library/x509_crt.c
@@ -3127,7 +3143,7 @@
 /**
  * \def MBEDTLS_PK_WRITE_C
  *
- * Enable the generic public (asymetric) key writer.
+ * Enable the generic public (asymmetric) key writer.
  *
  * Module:  library/pkwrite.c
  * Caller:  library/x509write.c
@@ -3466,6 +3482,10 @@
  * your own implementation of the whole module by setting
  * \c MBEDTLS_TIMING_ALT in the current file.
  *
+ * \note The timing module will include time.h on suitable platforms
+ *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
+ *
  * \note See also our Knowledge Base article about porting to a new
  * environment:
  * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
@@ -3598,7 +3618,88 @@
  */
 #define MBEDTLS_XTEA_C
 
-/* \} name SECTION: mbed TLS modules */
+/** \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: General configuration options
+ *
+ * This section contains Mbed TLS build settings that are not associated
+ * with a particular module.
+ *
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"mbedtls/config.h"`.
+ * This header file specifies the compile-time configuration of Mbed TLS.
+ * Unlike other configuration options, this one must be defined on the
+ * compiler command line: a definition in `config.h` would have no effect.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_CONFIG_FILE "mbedtls/config.h"
+
+/**
+ * \def MBEDTLS_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"mbedtls/config.h"` or #MBEDTLS_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_config.h"`.
+ * This header file specifies which cryptographic mechanisms are available
+ * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
+ * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
+
+/** \} name SECTION: General configuration options */
 
 /**
  * \name SECTION: Module configuration options
@@ -3609,11 +3710,15 @@
  *
  * Our advice is to enable options and change their values here
  * only if you have a good reason and know the consequences.
- *
- * Please check the respective header file for documentation on these
- * parameters (to prevent duplicate documentation).
  * \{
  */
+/* The Doxygen documentation here is used when a user comments out a
+ * setting and runs doxygen themselves. On the other hand, when we typeset
+ * the full documentation including disabled settings, the documentation
+ * in specific modules' header files is used if present. When editing this
+ * file, make sure that each option is documented in exactly one place,
+ * plus optionally a same-line Doxygen comment here if there is a Doxygen
+ * comment in the specific module. */
 
 /* MPI / BIGNUM options */
 //#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum window size used. */
@@ -4002,7 +4107,7 @@
  */
 //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
 
-/* \} name SECTION: Customisation configuration options */
+/** \} name SECTION: Module configuration options */
 
 /* Target and application specific configurations
  *
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/config_psa.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/config_psa.h
index 189f6c21734..1bf750ad5ee 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/config_psa.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/config_psa.h
@@ -31,9 +31,17 @@
 #define MBEDTLS_CONFIG_PSA_H
 
 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+#else
 #include "psa/crypto_config.h"
+#endif
 #endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
 
+#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -264,7 +272,6 @@ extern "C" {
 #if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
     (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
     (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
-    (defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \
     defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
     (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
      !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
@@ -393,15 +400,8 @@ extern "C" {
 #endif
 #endif /* PSA_WANT_ALG_OFB */
 
-#if defined(PSA_WANT_ALG_XTS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define MBEDTLS_CIPHER_MODE_XTS
-#endif
-#endif /* PSA_WANT_ALG_XTS */
-
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING) &&     \
+    !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
 #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
 #endif
 
@@ -483,7 +483,7 @@ extern "C" {
 #if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
 /*
  * Curve448 is not yet supported via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/4249).
+ * (https://github.com/Mbed-TLS/mbedtls/issues/4249).
  */
 #error "Curve448 is not yet supported via the PSA API in Mbed TLS."
 #define MBEDTLS_ECP_DP_CURVE448_ENABLED
@@ -537,7 +537,7 @@ extern "C" {
 #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
 /*
  * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541).
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541).
  */
 #error "SECP224K1 is buggy via the PSA API in Mbed TLS."
 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
@@ -751,11 +751,6 @@ extern "C" {
 #define PSA_WANT_ALG_OFB 1
 #endif
 
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define PSA_WANT_ALG_XTS 1
-#endif
-
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256
@@ -776,7 +771,7 @@ extern "C" {
 #define PSA_WANT_ECC_MONTGOMERY_255
 #endif
 
-/* Curve448 is not yet supported via the PSA API (https://github.com/ARMmbed/mbedtls/issues/4249) */
+/* Curve448 is not yet supported via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/4249) */
 #if 0 && defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
 #define PSA_WANT_ECC_MONTGOMERY_448
@@ -812,7 +807,7 @@ extern "C" {
 #define PSA_WANT_ECC_SECP_K1_192
 #endif
 
-/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
+/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
 #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
 #define PSA_WANT_ECC_SECP_K1_224
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
index dc4adc896d4..e68237a439a 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
@@ -138,7 +138,7 @@
 /**< The maximum size of seed or reseed buffer in bytes. */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #define MBEDTLS_CTR_DRBG_PR_OFF             0
 /**< Prediction resistance is disabled. */
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/debug.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/debug.h
index 3c08244f3da..4fc4662d9ab 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/debug.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/debug.h
@@ -139,7 +139,7 @@ extern "C" {
  *          discarded.
  *          (Default value: 0 = No debug )
  *
- * \param threshold     theshold level of messages to filter on. Messages at a
+ * \param threshold     threshold level of messages to filter on. Messages at a
  *                      higher level will be discarded.
  *                          - Debug levels
  *                              - 0 No debug
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h
index 891705d8c4f..3564ff8dd3e 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h
@@ -68,7 +68,7 @@ typedef enum {
  * (KeyExchange) as defined by the Thread spec.
  *
  * In order to benefit from this symmetry, we choose a different naming
- * convetion from the Thread v1.0 spec. Correspondance is indicated in the
+ * convention from the Thread v1.0 spec. Correspondence is indicated in the
  * description as a pair C: client name, S: server name
  */
 typedef struct mbedtls_ecjpake_context
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ecp.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ecp.h
index 0924341e002..64a0bccda05 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ecp.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ecp.h
@@ -315,7 +315,7 @@ mbedtls_ecp_group;
 #if !defined(MBEDTLS_ECP_WINDOW_SIZE)
 /*
  * Maximum "window" size used for point multiplication.
- * Default: a point where higher memory usage yields disminishing performance
+ * Default: a point where higher memory usage yields diminishing performance
  *          returns.
  * Minimum value: 2. Maximum value: 7.
  *
@@ -351,7 +351,7 @@ mbedtls_ecp_group;
 #define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up. */
 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #else  /* MBEDTLS_ECP_ALT */
 #include "ecp_alt.h"
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/entropy.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/entropy.h
index deb3c50300b..40259ebc8a1 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/entropy.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/entropy.h
@@ -75,7 +75,7 @@
 #define MBEDTLS_ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
 #define MBEDTLS_ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/hkdf.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/hkdf.h
index 223004b8ede..111d960e568 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/hkdf.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/hkdf.h
@@ -39,7 +39,7 @@
  */
 /** Bad input parameters to function. */
 #define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA  -0x5F80
-/* \} name */
+/** \} name */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
index 79132d4d910..6d372b9788e 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
@@ -74,7 +74,7 @@
 #define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT    384     /**< Maximum size of (re)seed buffer */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #define MBEDTLS_HMAC_DRBG_PR_OFF   0   /**< No prediction resistance       */
 #define MBEDTLS_HMAC_DRBG_PR_ON    1   /**< Prediction resistance enabled  */
@@ -207,7 +207,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
                     size_t len );
 
 /**
- * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
+ * \brief               Initialisation of simplified HMAC_DRBG (never reseeds).
  *
  * This function is meant for use in algorithms that need a pseudorandom
  * input such as deterministic ECDSA.
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
index 233977252a3..3954b36ab56 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
@@ -42,7 +42,7 @@
 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE       4 /**< Align on multiples of this value */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #define MBEDTLS_MEMORY_VERIFY_NONE         0
 #define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/oid.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/oid.h
index 1c39186a491..01862178044 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/oid.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/oid.h
@@ -143,7 +143,7 @@
 #define MBEDTLS_OID_AT_GIVEN_NAME               MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
 #define MBEDTLS_OID_AT_INITIALS                 MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
 #define MBEDTLS_OID_AT_GENERATION_QUALIFIER     MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
+#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */
 #define MBEDTLS_OID_AT_DN_QUALIFIER             MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
 #define MBEDTLS_OID_AT_PSEUDONYM                MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
 
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/pem.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/pem.h
index dfb4ff218e6..daa71c886ba 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/pem.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/pem.h
@@ -54,7 +54,7 @@
 #define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400
 /** Bad input parameters to function. */
 #define MBEDTLS_ERR_PEM_BAD_INPUT_DATA                    -0x1480
-/* \} name */
+/** \} name PEM Error codes */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/pk.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/pk.h
index 8f2abf2a608..c9a13f484ed 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/pk.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/pk.h
@@ -217,32 +217,6 @@ typedef struct
 typedef void mbedtls_pk_restart_ctx;
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 
-#if defined(MBEDTLS_RSA_C)
-/**
- * Quick access to an RSA context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an RSA context
- * before using this function!
- */
-static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
-{
-    return( (mbedtls_rsa_context *) (pk).pk_ctx );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * Quick access to an EC context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an EC context
- * before using this function!
- */
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
-{
-    return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
-}
-#endif /* MBEDTLS_ECP_C */
-
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /**
  * \brief           Types for RSA-alt abstraction
@@ -656,6 +630,55 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
  */
 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
 
+#if defined(MBEDTLS_RSA_C)
+/**
+ * Quick access to an RSA context inside a PK context.
+ *
+ * \warning This function can only be used when the type of the context, as
+ * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_RSA.
+ * Ensuring that is the caller's responsibility.
+ * Alternatively, you can check whether this function returns NULL.
+ *
+ * \return The internal RSA context held by the PK context, or NULL.
+ */
+static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
+{
+    switch( mbedtls_pk_get_type( &pk ) )
+    {
+        case MBEDTLS_PK_RSA:
+            return( (mbedtls_rsa_context *) (pk).pk_ctx );
+        default:
+            return( NULL );
+    }
+}
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * Quick access to an EC context inside a PK context.
+ *
+ * \warning This function can only be used when the type of the context, as
+ * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_ECKEY,
+ * #MBEDTLS_PK_ECKEY_DH, or #MBEDTLS_PK_ECDSA.
+ * Ensuring that is the caller's responsibility.
+ * Alternatively, you can check whether this function returns NULL.
+ *
+ * \return The internal EC context held by the PK context, or NULL.
+ */
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
+{
+    switch( mbedtls_pk_get_type( &pk ) )
+    {
+        case MBEDTLS_PK_ECKEY:
+        case MBEDTLS_PK_ECKEY_DH:
+        case MBEDTLS_PK_ECDSA:
+            return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
+        default:
+            return( NULL );
+    }
+}
+#endif /* MBEDTLS_ECP_C */
+
 #if defined(MBEDTLS_PK_PARSE_C)
 /** \ingroup pk_module */
 /**
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/platform.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/platform.h
index bdef07498d7..06dd192eab9 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/platform.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/platform.h
@@ -70,7 +70,9 @@ extern "C" {
 #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
 #include <stdio.h>
 #include <stdlib.h>
+#if defined(MBEDTLS_HAVE_TIME)
 #include <time.h>
+#endif
 #if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
 #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
 #define MBEDTLS_PLATFORM_STD_SNPRINTF   mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use.  */
@@ -127,7 +129,7 @@ extern "C" {
 #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
 
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 /*
  * The function pointers for calloc and free.
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/platform_time.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/platform_time.h
index 7e7daab6920..94055711b2e 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/platform_time.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/platform_time.h
@@ -32,14 +32,6 @@
 extern "C" {
 #endif
 
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
 /*
  * The time_t datatype
  */
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/platform_util.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/platform_util.h
index f982db8c01c..cd112ab58e2 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/platform_util.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/platform_util.h
@@ -67,7 +67,7 @@ extern "C" {
  * \brief       User supplied callback function for parameter validation failure.
  *              See #MBEDTLS_CHECK_PARAMS for context.
  *
- *              This function will be called unless an alternative treatement
+ *              This function will be called unless an alternative treatment
  *              is defined through the #MBEDTLS_PARAM_FAILED macro.
  *
  *              This function can return, and the operation will be aborted, or
@@ -198,7 +198,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
  *
  * This macro has an empty expansion. It exists for documentation purposes:
  * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
- * has been analyzed for return-check usefuless, whereas the lack of
+ * has been analyzed for return-check usefulness, whereas the lack of
  * an annotation indicates that the function has not been analyzed and its
  * return-check usefulness is unknown.
  */
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/rsa.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/rsa.h
index 3c481e12a17..062df73aa06 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/rsa.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/rsa.h
@@ -88,7 +88,7 @@
 
 /*
  * The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
+ * eg for alternative (PKCS#11) RSA implementations in the PK layers.
  */
 
 #ifdef __cplusplus
@@ -552,7 +552,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
  *
  * \note           Blinding is used if and only if a PRNG is provided.
  *
- * \note           If blinding is used, both the base of exponentation
+ * \note           If blinding is used, both the base of exponentiation
  *                 and the exponent are blinded, providing protection
  *                 against some side-channel attacks.
  *
@@ -687,7 +687,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
  *                   mode being set to #MBEDTLS_RSA_PRIVATE and might instead
  *                   return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx        The initnialized RSA context to use.
+ * \param ctx        The initialized RSA context to use.
  * \param f_rng      The RNG function to use. This is needed for padding
  *                   generation and must be provided.
  * \param p_rng      The RNG context to be passed to \p f_rng. This may
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl.h
index 209dbf6053c..5064ec56891 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl.h
@@ -349,7 +349,7 @@
 #define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 /*
  * Length of the verify data for secure renegotiation
@@ -1152,7 +1152,7 @@ struct mbedtls_ssl_config
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    /** Callback to create & write a cookie for ClientHello veirifcation    */
+    /** Callback to create & write a cookie for ClientHello verification    */
     int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
                            const unsigned char *, size_t );
     /** Callback to verify validity of a ClientHello cookie                 */
@@ -1405,7 +1405,7 @@ struct mbedtls_ssl_context
     unsigned char *compress_buf;        /*!<  zlib data buffer        */
 #endif /* MBEDTLS_ZLIB_SUPPORT */
 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-    signed char split_done;     /*!< current record already splitted? */
+    signed char split_done;     /*!< current record already split? */
 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
 
     /*
@@ -1688,7 +1688,7 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
  *
  * \note           The two most common use cases are:
  *                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
- *                 - blocking I/O, f_recv == NULL, f_recv_timout != NULL
+ *                 - blocking I/O, f_recv == NULL, f_recv_timeout != NULL
  *
  * \note           For DTLS, you need to provide either a non-NULL
  *                 f_recv_timeout callback, or a f_recv that doesn't block.
@@ -1846,7 +1846,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 /**
- * \brief          Set the Maximum Tranport Unit (MTU).
+ * \brief          Set the Maximum Transport Unit (MTU).
  *                 Special value: 0 means unset (no limit).
  *                 This represents the maximum size of a datagram payload
  *                 handled by the transport layer (usually UDP) as determined
@@ -2387,7 +2387,7 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
  *                 ones going through the authentication-decryption phase.
  *
  * \note           This is a security trade-off related to the fact that it's
- *                 often relatively easy for an active attacker ot inject UDP
+ *                 often relatively easy for an active attacker to inject UDP
  *                 datagrams. On one hand, setting a low limit here makes it
  *                 easier for such an attacker to forcibly terminated a
  *                 connection. On the other hand, a high limit or no limit
@@ -2498,7 +2498,7 @@ void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min,
  *                 successfully cached, return 1 otherwise.
  *
  * \param conf           SSL configuration
- * \param p_cache        parmater (context) for both callbacks
+ * \param p_cache        parameter (context) for both callbacks
  * \param f_get_cache    session get callback
  * \param f_set_cache    session set callback
  */
@@ -2529,7 +2529,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
 /**
  * \brief          Load serialized session data into a session structure.
  *                 On client, this can be used for loading saved sessions
- *                 before resuming them with mbedstls_ssl_set_session().
+ *                 before resuming them with mbedtls_ssl_set_session().
  *                 On server, this can be used for alternative implementations
  *                 of session cache or session tickets.
  *
@@ -2793,7 +2793,7 @@ void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
  *
  * \note           On client, only the first call has any effect. That is,
  *                 only one client certificate can be provisioned. The
- *                 server's preferences in its CertficateRequest message will
+ *                 server's preferences in its CertificateRequest message will
  *                 be ignored and our only cert will be sent regardless of
  *                 whether it matches those preferences - the server can then
  *                 decide what it wants to do with it.
@@ -3241,7 +3241,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
  * \param protos   Pointer to a NULL-terminated list of supported protocols,
  *                 in decreasing preference order. The pointer to the list is
  *                 recorded by the library for later reference as required, so
- *                 the lifetime of the table must be atleast as long as the
+ *                 the lifetime of the table must be at least as long as the
  *                 lifetime of the SSL configuration structure.
  *
  * \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
@@ -3255,7 +3255,7 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot
  *
  * \param ssl      SSL context
  *
- * \return         Protcol name, or NULL if no protocol was negotiated.
+ * \return         Protocol name, or NULL if no protocol was negotiated.
  */
 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_ALPN */
@@ -3338,7 +3338,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
                                          unsigned char *mki_value,
                                          uint16_t mki_len );
 /**
- * \brief                  Get the negotiated DTLS-SRTP informations:
+ * \brief                  Get the negotiated DTLS-SRTP information:
  *                         Protection profile and MKI value.
  *
  * \warning                This function must be called after the handshake is
@@ -3346,7 +3346,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
  *                         not be trusted or acted upon before the handshake completes.
  *
  * \param ssl              The SSL context to query.
- * \param dtls_srtp_info   The negotiated DTLS-SRTP informations:
+ * \param dtls_srtp_info   The negotiated DTLS-SRTP information:
  *                         - Protection profile in use.
  *                         A direct mapping of the iana defined value for protection
  *                         profile on an uint16_t.
@@ -3508,7 +3508,7 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
  *                 \c mbedtls_ssl_get_record_expansion().
  *
  * \note           For DTLS, it is also possible to set a limit for the total
- *                 size of daragrams passed to the transport layer, including
+ *                 size of datagrams passed to the transport layer, including
  *                 record overhead, see \c mbedtls_ssl_set_mtu().
  *
  * \param conf     SSL configuration
@@ -3568,7 +3568,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
  *                 initiated by peer
  *                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
  *
- * \warning        It is recommended to always disable renegotation unless you
+ * \warning        It is recommended to always disable renegotiation unless you
  *                 know you need it and you know what you're doing. In the
  *                 past, there have been several issues associated with
  *                 renegotiation or a poor understanding of its properties.
@@ -3631,7 +3631,7 @@ void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_
  *                 scenario.
  *
  * \note           With DTLS and server-initiated renegotiation, the
- *                 HelloRequest is retransmited every time mbedtls_ssl_read() times
+ *                 HelloRequest is retransmitted every time mbedtls_ssl_read() times
  *                 out or receives Application Data, until:
  *                 - max_records records have beens seen, if it is >= 0, or
  *                 - the number of retransmits that would happen during an
@@ -4263,7 +4263,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
  * \return         \c 0 if successful.
  * \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
  * \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
- *                 while reseting the context.
+ *                 while resetting the context.
  * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
  *                 progress, or there is pending data for reading or sending,
  *                 or the connection does not use DTLS 1.2 with an AEAD
@@ -4357,7 +4357,7 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
 void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
 
 /**
- * \brief          Load reasonnable default SSL configuration values.
+ * \brief          Load reasonable default SSL configuration values.
  *                 (You need to call mbedtls_ssl_config_init() first.)
  *
  * \param conf     SSL configuration context
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
index c6ef2960f4d..02eab96d452 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
@@ -50,7 +50,7 @@
 #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
index 0a238708e59..2aa373177b8 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
@@ -45,7 +45,7 @@
 #define MBEDTLS_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #ifdef __cplusplus
 extern "C" {
@@ -84,7 +84,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
  * \brief          Set expiration delay for cookies
  *                 (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
  *
- * \param ctx      Cookie contex
+ * \param ctx      Cookie context
  * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
  *                 issued in the meantime.
  *                 0 to disable expiration (NOT recommended)
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
index 6913dc0f668..46ade67b9c4 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
@@ -934,16 +934,22 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
  */
 void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
 
@@ -1023,27 +1029,39 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
  *              following the above definition.
  *
  */
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
                              unsigned update_hs_digest );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
                             const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
 
 /**
@@ -1108,13 +1126,18 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
 
 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
 
 #if defined(MBEDTLS_ECP_C)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
                                 mbedtls_md_type_t md );
 #endif
@@ -1170,6 +1193,7 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
  *
  * Return 0 if everything is OK, -1 if not.
  */
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
                           const mbedtls_ssl_ciphersuite_t *ciphersuite,
                           int cert_endpoint,
@@ -1218,21 +1242,26 @@ static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
 #endif
 
 /* Visible for testing purposes only */
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl );
 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
 #endif
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
                               const mbedtls_ssl_session *src );
 
 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_1)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
                                         unsigned char *output,
                                         unsigned char *data, size_t data_len );
@@ -1242,6 +1271,7 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_2)
 /* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
                                             unsigned char *hash, size_t *hashlen,
                                             unsigned char *data, size_t data_len,
@@ -1254,11 +1284,13 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
 #endif
 
 void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
                              mbedtls_ssl_transform *transform,
                              mbedtls_record *rec,
                              int (*f_rng)(void *, unsigned char *, size_t),
                              void *p_rng );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
                              mbedtls_ssl_transform *transform,
                              mbedtls_record *rec );
@@ -1276,10 +1308,12 @@ static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl )
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
@@ -1287,6 +1321,7 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
                               mbedtls_ssl_transform *transform );
 void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@@ -1296,6 +1331,7 @@ void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
@@ -1305,4 +1341,12 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
+#if defined(MBEDTLS_TEST_HOOKS)
+int mbedtls_ssl_check_dtls_clihlo_cookie(
+                          mbedtls_ssl_context *ssl,
+                          const unsigned char *cli_id, size_t cli_id_len,
+                          const unsigned char *in, size_t in_len,
+                          unsigned char *obuf, size_t buf_len, size_t *olen );
+#endif
+
 #endif /* ssl_internal.h */
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
index a882eed23b9..8221051b247 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
@@ -101,7 +101,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
  *                  supported. Usually that means a 256-bit key.
  *
  * \note            The lifetime of the keys is twice the lifetime of tickets.
- *                  It is recommended to pick a reasonnable lifetime so as not
+ *                  It is recommended to pick a reasonable lifetime so as not
  *                  to negate the benefits of forward secrecy.
  *
  * \return          0 if successful,
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/version.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/version.h
index b1a92b2bcf3..44adcbfe037 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/version.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/version.h
@@ -38,16 +38,16 @@
  */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  28
-#define MBEDTLS_VERSION_PATCH  0
+#define MBEDTLS_VERSION_PATCH  1
 
 /**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x021C0000
-#define MBEDTLS_VERSION_STRING         "2.28.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.28.0"
+#define MBEDTLS_VERSION_NUMBER         0x021C0100
+#define MBEDTLS_VERSION_STRING         "2.28.1"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.28.1"
 
 #if defined(MBEDTLS_VERSION_C)
 
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509.h
index c1775014300..31b78df32f5 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509.h
@@ -96,7 +96,7 @@
 #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980
 /** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
 #define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000
-/* \} name */
+/** \} name X509 Error codes */
 
 /**
  * \name X509 Verify codes
@@ -124,8 +124,8 @@
 #define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
 #define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name X509 Verify codes */
+/** \} addtogroup x509_module */
 
 /*
  * X.509 v3 Subject Alternative Name types.
@@ -255,7 +255,6 @@ typedef struct mbedtls_x509_time
 mbedtls_x509_time;
 
 /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
-/** \} addtogroup x509_module */
 
 /**
  * \brief          Store the certificate DN in printable form into buf;
@@ -311,6 +310,8 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
  */
 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
 
+/** \} addtogroup x509_module */
+
 #if defined(MBEDTLS_SELF_TEST)
 
 /**
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h
index 7e9e8885f41..92220090197 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h
@@ -162,8 +162,8 @@ void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
  */
 void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for parsing CRLs */
+/** \} addtogroup x509_module */
 
 #ifdef __cplusplus
 }
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h
index 64ccb433ba8..0f2885a7ee4 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h
@@ -107,7 +107,7 @@ mbedtls_x509_crt;
 typedef struct mbedtls_x509_san_other_name
 {
     /**
-     * The type_id is an OID as deifned in RFC 5280.
+     * The type_id is an OID as defined in RFC 5280.
      * To check the value of the type id, you should use
      * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
      */
@@ -159,7 +159,9 @@ mbedtls_x509_subject_alternative_name;
 typedef struct mbedtls_x509_crt_profile
 {
     uint32_t allowed_mds;       /**< MDs for signatures         */
-    uint32_t allowed_pks;       /**< PK algs for signatures     */
+    uint32_t allowed_pks;       /**< PK algs for public keys;
+                                 *   this applies to all certificates
+                                 *   in the provided chain.     */
     uint32_t allowed_curves;    /**< Elliptic curves for ECDSA  */
     uint32_t rsa_min_bitlen;    /**< Minimum size for RSA keys  */
 }
@@ -850,8 +852,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for parsing and writing X.509 certificates */
 
 #if defined(MBEDTLS_X509_CRT_WRITE_C)
 /**
@@ -862,7 +863,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
 
 /**
- * \brief           Set the verion for a Certificate
+ * \brief           Set the version for a Certificate
  *                  Default: MBEDTLS_X509_CRT_VERSION_3
  *
  * \param ctx       CRT context to use
@@ -978,7 +979,7 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
  * \param is_ca     is this a CA certificate
  * \param max_pathlen   maximum length of certificate chains below this
  *                      certificate (only for CA certificates, -1 is
- *                      inlimited)
+ *                      unlimited)
  *
  * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
  */
@@ -1087,6 +1088,8 @@ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf,
 #endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_X509_CRT_WRITE_C */
 
+/** \} addtogroup x509_module */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h
index b1dfc21f1fb..2a1c0461315 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h
@@ -151,8 +151,7 @@ void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
 void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
 #endif /* MBEDTLS_X509_CSR_PARSE_C */
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for X.509 Certificate Signing Requests (CSR) */
 
 #if defined(MBEDTLS_X509_CSR_WRITE_C)
 /**
@@ -182,7 +181,7 @@ int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
  *                  private key used to sign the CSR when writing it)
  *
  * \param ctx       CSR context to use
- * \param key       Asymetric key to include
+ * \param key       Asymmetric key to include
  */
 void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
 
@@ -298,6 +297,8 @@ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, s
 #endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_X509_CSR_WRITE_C */
 
+/** \} addtogroup x509_module */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto.h
index b0b57c3a6ba..d6d3e4f559f 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto.h
@@ -499,17 +499,14 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
  *         This is an attempt to create a persistent key, and there is
  *         already a persistent key with the given identifier.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The lifetime or identifier in \p attributes are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The policy constraints on the source and specified in
- *         \p attributes are incompatible.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The lifetime or identifier in \p attributes are invalid, or
+ *         the policy constraints on the source and specified in
+ *         \p attributes are incompatible, or
  *         \p attributes specifies a key type or key size
  *         which does not match the attributes of the source key.
  * \retval #PSA_ERROR_NOT_PERMITTED
- *         The source key does not have the #PSA_KEY_USAGE_COPY usage flag.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The source key is not exportable and its lifetime does not
+ *         The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
+ *         the source key is not exportable and its lifetime does not
  *         allow copying it to the target's lifetime.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -636,11 +633,9 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);
  *         The key type or key size is not supported, either by the
  *         implementation in general or in this particular persistent location.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key attributes, as a whole, are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key data is not correctly formatted.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The size in \p attributes is nonzero and does not match the size
+ *         The key attributes, as a whole, are invalid, or
+ *         the key data is not correctly formatted, or
+ *         the size in \p attributes is nonzero and does not match the size
  *         of the key data.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -864,7 +859,6 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -900,7 +894,6 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -996,14 +989,13 @@ static psa_hash_operation_t psa_hash_operation_init(void);
  *         \p alg is not a supported hash algorithm.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p alg is not a hash algorithm.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1023,14 +1015,13 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it muct be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1044,7 +1035,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
  * This function calculates the hash of the message formed by concatenating
  * the inputs passed to preceding calls to psa_hash_update().
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_hash_abort().
  *
@@ -1066,8 +1057,6 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p hash buffer is too small. You can determine a
  *         sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
@@ -1077,7 +1066,8 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1095,7 +1085,7 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
  * compares the calculated hash with the expected hash passed as a
  * parameter to this function.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_hash_abort().
  *
@@ -1112,14 +1102,13 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The hash of the message was calculated successfully, but it
  *         differs from the expected hash.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1170,16 +1159,14 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation);
  *                                  It must be initialized but not active.
  *
  * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- *         The \p source_operation state is not valid (it must be active).
- * \retval #PSA_ERROR_BAD_STATE
- *         The \p target_operation state is not valid (it must be inactive).
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The \p source_operation state is not valid (it must be active), or
+ *         the \p target_operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1381,9 +1368,8 @@ static psa_mac_operation_t psa_mac_operation_init(void);
  * \retval #PSA_ERROR_STORAGE_FAILURE
  *         The key could not be retrieved from storage.
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1442,11 +1428,10 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
- *         The key could not be retrieved from storage
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
+ *         The key could not be retrieved from storage.
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1469,15 +1454,14 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1491,7 +1475,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
  * This function calculates the MAC of the message formed by concatenating
  * the inputs passed to preceding calls to psa_mac_update().
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_mac_abort().
  *
@@ -1515,9 +1499,6 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active mac sign
- *         operation).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p mac buffer is too small. You can determine a
  *         sufficient buffer size by calling PSA_MAC_LENGTH().
@@ -1527,7 +1508,9 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active mac sign
+ *         operation), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1545,7 +1528,7 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
  * compares the calculated MAC with the expected MAC passed as a
  * parameter to this function.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_mac_abort().
  *
@@ -1562,16 +1545,15 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The MAC of the message was calculated successfully, but it
  *         differs from the expected MAC.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active mac verify
- *         operation).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active mac verify
+ *         operation), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1806,9 +1788,8 @@ static psa_cipher_operation_t psa_cipher_operation_init(void);
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1870,9 +1851,8 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1900,8 +1880,6 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with no IV set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p iv buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1910,7 +1888,9 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with no IV set),
+ *         or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1940,9 +1920,6 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active cipher
- *         encrypt operation, with no IV set).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The size of \p iv is not acceptable for the chosen algorithm,
  *         or the chosen algorithm does not use an IV.
@@ -1952,7 +1929,9 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active cipher
+ *         encrypt operation, with no IV set), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1983,9 +1962,6 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with an IV set
- *         if required for the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1994,7 +1970,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with an IV set
+ *         if required for the algorithm), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2016,7 +1994,7 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  * formed by concatenating the inputs passed to preceding calls to
  * psa_cipher_update().
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_cipher_abort().
  *
@@ -2036,9 +2014,6 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_PADDING
  *         This is a decryption operation for an algorithm that includes
  *         padding, and the ciphertext does not contain valid padding.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with an IV set
- *         if required for the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2047,7 +2022,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with an IV set
+ *         if required for the algorithm), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2330,7 +2307,8 @@ static psa_aead_operation_t psa_aead_operation_init(void);
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2342,7 +2320,6 @@ static psa_aead_operation_t psa_aead_operation_init(void);
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
@@ -2396,8 +2373,6 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2410,7 +2385,8 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or the
+ *         library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2439,9 +2415,6 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active aead encrypt
- *         operation, with no nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p nonce buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2450,7 +2423,9 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active aead encrypt
+ *         operation, with no nonce set), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2480,9 +2455,6 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with no nonce
- *         set).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The size of \p nonce is not acceptable for the chosen algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2491,7 +2463,9 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with no nonce
+ *         set), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2525,10 +2499,6 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, and
- *         psa_aead_update_ad() and psa_aead_update() must not have been
- *         called yet).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         At least one of the lengths is not acceptable for the chosen
  *         algorithm.
@@ -2537,7 +2507,10 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, and
+ *         psa_aead_update_ad() and psa_aead_update() must not have been
+ *         called yet), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2573,10 +2546,6 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, have a nonce
- *         set, have lengths set if required by the algorithm, and
- *         psa_aead_update() must not have been called yet).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total input length overflows the additional data length that
  *         was previously specified with psa_aead_set_lengths().
@@ -2586,7 +2555,10 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, have a nonce
+ *         set, have lengths set if required by the algorithm, and
+ *         psa_aead_update() must not have been called yet), or the library
+ *         has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2651,9 +2623,6 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, have a nonce
- *         set, and have lengths set if required by the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
@@ -2662,9 +2631,8 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total input length overflows the plaintext length that
+ *         specified with psa_aead_set_lengths(), or
+ *         the total input length overflows the plaintext length that
  *         was previously specified with psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -2672,7 +2640,9 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, have a nonce
+ *         set, and have lengths set if required by the algorithm), or the
+ *         library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2697,7 +2667,7 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  *   preceding calls to psa_aead_update().
  * - \p tag contains the authentication tag.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_aead_abort().
  *
@@ -2736,9 +2706,6 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active encryption
- *         operation with a nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p ciphertext or \p tag buffer is too small.
  *         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2749,9 +2716,8 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to psa_aead_update() so far is
+ *         specified with psa_aead_set_lengths(), or
+ *         the total length of input to psa_aead_update() so far is
  *         less than the plaintext length that was previously
  *         specified with psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2760,7 +2726,9 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active encryption
+ *         operation with a nonce set), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2789,7 +2757,7 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * plaintext and reports success. If the authentication tag is not correct,
  * this function returns #PSA_ERROR_INVALID_SIGNATURE.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_aead_abort().
  *
@@ -2823,9 +2791,6 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The calculations were successful, but the authentication tag is
  *         not correct.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active decryption
- *         operation with a nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p plaintext buffer is too small.
  *         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2834,9 +2799,8 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to psa_aead_update() so far is
+ *         specified with psa_aead_set_lengths(), or
+ *         the total length of input to psa_aead_update() so far is
  *         less than the plaintext length that was previously
  *         specified with psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2845,7 +2809,9 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active decryption
+ *         operation with a nonce set), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3089,7 +3055,7 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The calculation was perfomed successfully, but the passed
+ *         The calculation was performed successfully, but the passed
  *         signature is not a valid signature.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -3113,7 +3079,7 @@ psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
 /**
  * \brief Encrypt a short message with a public key.
  *
- * \param key                   Identifer of the key to use for the operation.
+ * \param key                   Identifier of the key to use for the operation.
  *                              It must be a public key or an asymmetric key
  *                              pair. It must allow the usage
  *                              #PSA_KEY_USAGE_ENCRYPT.
@@ -3338,9 +3304,8 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3359,12 +3324,11 @@ psa_status_t psa_key_derivation_setup(
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3387,13 +3351,12 @@ psa_status_t psa_key_derivation_get_capacity(
  *         \p capacity is larger than the operation's current capacity.
  *         In this case, the operation object remains valid and its capacity
  *         remains unchanged.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or the
+ *         library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3437,8 +3400,7 @@ psa_status_t psa_key_derivation_set_capacity(
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \c step is not compatible with the operation's algorithm, or
  *         \c step does not allow direct inputs.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3446,9 +3408,8 @@ psa_status_t psa_key_derivation_set_capacity(
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid for this input \p step, or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3489,8 +3450,7 @@ psa_status_t psa_key_derivation_input_bytes(
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \c step is not compatible with the operation's algorithm, or
  *         \c step does not allow key inputs of the given type
  *         or does not allow key inputs at all.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -3499,9 +3459,8 @@ psa_status_t psa_key_derivation_input_bytes(
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid for this input \p step, or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3553,25 +3512,23 @@ psa_status_t psa_key_derivation_input_key(
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this key agreement \p step.
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \c private_key is not compatible with \c alg,
  *         or \p peer_key is not valid for \c alg or not compatible with
- *         \c private_key.
+ *         \c private_key, or \c step does not allow an input resulting
+ *         from a key agreement.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \c alg is not supported or is not a key derivation algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step does not allow an input resulting from a key agreement.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid for this key agreement \p step,
+ *         or the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3607,16 +3564,15 @@ psa_status_t psa_key_derivation_key_agreement(
  *                          The operation's capacity is set to 0, thus
  *                          subsequent calls to this function will not
  *                          succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active and completed
- *         all required input steps).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active and completed
+ *         all required input steps), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3749,9 +3705,6 @@ psa_status_t psa_key_derivation_output_bytes(
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The #PSA_KEY_DERIVATION_INPUT_SECRET input was not provided through
  *         a key.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active and completed
- *         all required input steps).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3761,7 +3714,9 @@ psa_status_t psa_key_derivation_output_bytes(
  * \retval #PSA_ERROR_DATA_CORRUPT
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active and completed
+ *         all required input steps), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3828,8 +3783,7 @@ psa_status_t psa_key_derivation_abort(
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p alg is not a key agreement algorithm
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p alg is not a key agreement algorithm, or
  *         \p private_key is not compatible with \p alg,
  *         or \p peer_key is not valid for \p alg or not compatible with
  *         \p private_key.
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h
index 62a0e6f3704..96c45290bdb 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h
@@ -103,7 +103,6 @@ typedef struct
     defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_XTS) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_config.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_config.h
index e2446cb26c4..f261e013e07 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_config.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_config.h
@@ -60,7 +60,6 @@
 #define PSA_WANT_ALG_CMAC                       1
 #define PSA_WANT_ALG_CFB                        1
 #define PSA_WANT_ALG_CHACHA20_POLY1305          1
-#define PSA_WANT_ALG_CMAC                       1
 #define PSA_WANT_ALG_CTR                        1
 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA        1
 #define PSA_WANT_ALG_ECB_NO_PADDING             1
@@ -86,7 +85,9 @@
 #define PSA_WANT_ALG_STREAM_CIPHER              1
 #define PSA_WANT_ALG_TLS12_PRF                  1
 #define PSA_WANT_ALG_TLS12_PSK_TO_MS            1
-#define PSA_WANT_ALG_XTS                        1
+/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
+ * Note: when adding support, also adjust include/mbedtls/config_psa.h */
+//#define PSA_WANT_ALG_XTS                        1
 
 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256         1
 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384         1
@@ -94,14 +95,14 @@
 #define PSA_WANT_ECC_MONTGOMERY_255             1
 /*
  * Curve448 is not yet supported via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/4249). Thus, do not enable it by
+ * (https://github.com/Mbed-TLS/mbedtls/issues/4249). Thus, do not enable it by
  * default.
  */
 //#define PSA_WANT_ECC_MONTGOMERY_448             1
 #define PSA_WANT_ECC_SECP_K1_192                1
 /*
  * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541). Thus, do not enable it by
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
  * default.
  */
 //#define PSA_WANT_ECC_SECP_K1_224                1
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_extra.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_extra.h
index 3ee0482cbda..a48a4bb5eb9 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_extra.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_extra.h
@@ -181,12 +181,9 @@ static inline void psa_clear_key_slot_number(
  *         support registering a key.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The identifier in \p attributes is invalid, namely the identifier is
- *         not in the user range.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         not in the user range, or
  *         \p attributes specifies a lifetime which is not located
- *         in a secure element.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         No slot number is specified in \p attributes,
+ *         in a secure element, or no slot number is specified in \p attributes,
  *         or the specified slot number is not valid.
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The caller is not authorized to register the specified key slot.
@@ -348,7 +345,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
  * length of the byte string is the private key size in bytes (leading zeroes
  * are not stripped).
  *
- * Determinstic DSA key derivation with psa_generate_derived_key follows
+ * Deterministic DSA key derivation with psa_generate_derived_key follows
  * FIPS 186-4 &sect;B.1.2: interpret the byte string as integer
  * in big-endian order. Discard it if it is not in the range
  * [0, *N* - 2] where *N* is the boundary of the private key domain
@@ -448,9 +445,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
  *   As an exception, the public exponent 65537 is represented by an empty
  *   byte string.
  * - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
- *   the `Dss-Parms` format as defined by RFC 3279 &sect;2.3.2.
+ *   the `Dss-Params` format as defined by RFC 3279 &sect;2.3.2.
  *   ```
- *   Dss-Parms ::= SEQUENCE  {
+ *   Dss-Params ::= SEQUENCE  {
  *      p       INTEGER,
  *      q       INTEGER,
  *      g       INTEGER
@@ -466,9 +463,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
  *      g               INTEGER,                    -- generator, g
  *      q               INTEGER,                    -- factor of p-1
  *      j               INTEGER OPTIONAL,           -- subgroup factor
- *      validationParms ValidationParms OPTIONAL
+ *      validationParams ValidationParams OPTIONAL
  *   }
- *   ValidationParms ::= SEQUENCE {
+ *   ValidationParams ::= SEQUENCE {
  *      seed            BIT STRING,
  *      pgenCounter     INTEGER
  *   }
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_sizes.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_sizes.h
index e2ae5965d4f..0d4532200e7 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_sizes.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_sizes.h
@@ -747,7 +747,7 @@
  *      subjectPublicKey     BIT STRING  } -- contains DSAPublicKey
  * AlgorithmIdentifier  ::=  SEQUENCE  {
  *      algorithm               OBJECT IDENTIFIER,
- *      parameters              Dss-Parms  } -- SEQUENCE of 3 INTEGERs
+ *      parameters              Dss-Params  } -- SEQUENCE of 3 INTEGERs
  * DSAPublicKey  ::=  INTEGER -- public key, Y
  *
  * - 3 * 4 bytes of SEQUENCE overhead;
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_struct.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_struct.h
index 23a02a5d8ef..511b3973b86 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_struct.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_struct.h
@@ -442,7 +442,7 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes,
     }
     else
     {
-        /* Call the bigger function to free the old domain paramteres.
+        /* Call the bigger function to free the old domain parameters.
          * Ignore any errors which may arise due to type requiring
          * non-default domain parameters, since this function can't
          * report errors. */
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_types.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_types.h
index 386c7d794b4..8f23021a45a 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_types.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_types.h
@@ -69,10 +69,21 @@ typedef int32_t psa_status_t;
  */
 
 /** \brief Encoding of a key type.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_TYPE_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint16_t psa_key_type_t;
 
 /** The type of PSA elliptic curve family identifiers.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_ECC_FAMILY_xxx`.
  *
  * The curve identifier is required to create an ECC key using the
  * PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
@@ -80,10 +91,18 @@ typedef uint16_t psa_key_type_t;
  *
  * Values defined by this standard will never be in the range 0x80-0xff.
  * Vendors who define additional families must use an encoding in this range.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint8_t psa_ecc_family_t;
 
 /** The type of PSA Diffie-Hellman group family identifiers.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_DH_FAMILY_xxx`.
  *
  * The group identifier is required to create an Diffie-Hellman key using the
  * PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
@@ -91,16 +110,29 @@ typedef uint8_t psa_ecc_family_t;
  *
  * Values defined by this standard will never be in the range 0x80-0xff.
  * Vendors who define additional families must use an encoding in this range.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint8_t psa_dh_family_t;
 
 /** \brief Encoding of a cryptographic algorithm.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_ALG_xxx`.
  *
  * For algorithms that can be applied to multiple key types, this type
  * does not encode the key type. For example, for symmetric ciphers
  * based on a block cipher, #psa_algorithm_t encodes the block cipher
  * mode and the padding mode while the block cipher itself is encoded
  * via #psa_key_type_t.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint32_t psa_algorithm_t;
 
@@ -142,6 +174,14 @@ typedef uint32_t psa_algorithm_t;
  * #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is
  * available. Other lifetime values may be supported depending on the
  * library configuration.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_LIFETIME_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint32_t psa_key_lifetime_t;
 
@@ -173,6 +213,11 @@ typedef uint32_t psa_key_lifetime_t;
  * \note Key persistence levels are 8-bit values. Key management
  *       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
  *       encode the persistence as the lower 8 bits of a 32-bit value.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint8_t psa_key_persistence_t;
 
@@ -209,6 +254,11 @@ typedef uint8_t psa_key_persistence_t;
  * \note Key location indicators are 24-bit values. Key management
  *       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
  *       encode the location as the upper 24 bits of a 32-bit value.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint32_t psa_key_location_t;
 
@@ -220,9 +270,27 @@ typedef uint32_t psa_key_location_t;
  *   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
  * - 0 is reserved as an invalid key identifier.
  * - Key identifiers outside these ranges are reserved for future use.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to how values are allocated must require careful
+ *       consideration to allow backward compatibility.
  */
 typedef uint32_t psa_key_id_t;
 
+/** Encoding of key identifiers as seen inside the PSA Crypto implementation.
+ *
+ * When PSA Crypto is built as a library inside an application, this type
+ * is identical to #psa_key_id_t. When PSA Crypto is built as a service
+ * that can store keys on behalf of multiple clients, this type
+ * encodes the #psa_key_id_t value seen by each client application as
+ * well as extra information that identifies the client that owns
+ * the key.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
+*/
 #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
 typedef psa_key_id_t mbedtls_svc_key_id_t;
 
@@ -246,7 +314,16 @@ typedef struct
  * @{
  */
 
-/** \brief Encoding of permitted usage on a key. */
+/** \brief Encoding of permitted usage on a key.
+ *
+ * Values of this type are generally constructed as bitwise-ors of macros
+ * called `PSA_KEY_USAGE_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
+ */
 typedef uint32_t psa_key_usage_t;
 
 /**@}*/
@@ -375,7 +452,11 @@ typedef uint64_t psa_key_slot_number_t;
  * @{
  */
 
-/** \brief Encoding of the step of a key derivation. */
+/** \brief Encoding of the step of a key derivation.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_DERIVATION_INPUT_xxx`.
+ */
 typedef uint16_t psa_key_derivation_step_t;
 
 /**@}*/
diff --git a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_values.h b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_values.h
index fafe93cf9ba..8b3a815ac19 100644
--- a/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_values.h
+++ b/tools/sdk/esp32/include/mbedtls/mbedtls/include/psa/crypto_values.h
@@ -12,6 +12,11 @@
  * designations of cryptographic algorithms, and error codes returned by
  * the library.
  *
+ * Note that many of the constants defined in this file are embedded in
+ * the persistent key store, as part of key metadata (including usage
+ * policies). As a consequence, they must not be changed (unless the storage
+ * format version changes).
+ *
  * This header file only defines preprocessor macros.
  */
 /*
@@ -40,6 +45,18 @@
 
 /* PSA error codes */
 
+/* Error codes are standardized across PSA domains (framework, crypto, storage,
+ * etc.). Do not change the values in this section or even the expansions
+ * of each macro: it must be possible to `#include` both this header
+ * and some other PSA component's headers in the same C source,
+ * which will lead to duplicate definitions of the `PSA_SUCCESS` and
+ * `PSA_ERROR_xxx` macros, which is ok if and only if the macros expand
+ * to the same sequence of tokens.
+ *
+ * If you must add a new
+ * value, check with the Arm PSA framework group to pick one that other
+ * domains aren't already using. */
+
 /** The action was completed successfully. */
 #define PSA_SUCCESS ((psa_status_t)0)
 
@@ -316,6 +333,12 @@
  * @{
  */
 
+/* Note that key type values, including ECC family and DH group values, are
+ * embedded in the persistent key store, as part of key metadata. As a
+ * consequence, they must not be changed (unless the storage format version
+ * changes).
+ */
+
 /** An invalid key type value.
  *
  * Zero is not the encoding of any key type.
@@ -440,9 +463,9 @@
  * Camellia block cipher. */
 #define PSA_KEY_TYPE_CAMELLIA                       ((psa_key_type_t)0x2403)
 
-/** Key for the RC4 stream cipher.
+/** Key for the ARC4 stream cipher (also known as RC4 or ARCFOUR).
  *
- * Note that RC4 is weak and deprecated and should only be used in
+ * Note that ARC4 is weak and deprecated and should only be used in
  * legacy protocols. */
 #define PSA_KEY_TYPE_ARC4                           ((psa_key_type_t)0x2002)
 
@@ -673,6 +696,11 @@
      1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) :                         \
      0u)
 
+/* Note that algorithm values are embedded in the persistent key store,
+ * as part of key metadata. As a consequence, they must not be changed
+ * (unless the storage format version changes).
+ */
+
 /** Vendor-defined algorithm flag.
  *
  * Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG
@@ -1390,7 +1418,7 @@
  * with a random per-message secret number (*k*).
  *
  * The representation of the signature as a byte string consists of
- * the concatentation of the signature values *r* and *s*. Each of
+ * the concatenation of the signature values *r* and *s*. Each of
  * *r* and *s* is encoded as an *N*-octet string, where *N* is the length
  * of the base point of the curve in octets. Each value is represented
  * in big-endian order (most significant octet first).
@@ -1928,6 +1956,11 @@
  * @{
  */
 
+/* Note that location and persistence level values are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
 /** The default lifetime for volatile keys.
  *
  * A volatile key only exists as long as the identifier to it is not destroyed.
@@ -2043,6 +2076,11 @@
 
 #define PSA_KEY_LOCATION_VENDOR_FLAG            ((psa_key_location_t)0x800000)
 
+/* Note that key identifier values are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
 /** The null key identifier.
  */
 #define PSA_KEY_ID_NULL                         ((psa_key_id_t)0)
@@ -2154,6 +2192,11 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
  * @{
  */
 
+/* Note that key usage flags are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
 /** Whether the key may be exported.
  *
  * A public key or the public part of a key pair may always be exported
@@ -2255,6 +2298,9 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
  * @{
  */
 
+/* Key input steps are not embedded in the persistent storage, so you can
+ * change them if needed: it's only an ABI change. */
+
 /** A secret input for key derivation.
  *
  * This should be a key of type #PSA_KEY_TYPE_DERIVE
diff --git a/tools/sdk/esp32/include/protocomm/include/transports/protocomm_ble.h b/tools/sdk/esp32/include/protocomm/include/transports/protocomm_ble.h
index 2447c1c5d25..d684e7e921a 100644
--- a/tools/sdk/esp32/include/protocomm/include/transports/protocomm_ble.h
+++ b/tools/sdk/esp32/include/protocomm/include/transports/protocomm_ble.h
@@ -79,10 +79,14 @@ typedef struct protocomm_ble_config {
      */
     protocomm_ble_name_uuid_t *nu_lookup;
 
-    /* BLE bonding */
+    /**
+     * BLE bonding
+     */
     unsigned ble_bonding:1;
 
-    /* BLE security flag */
+    /**
+     * BLE security flag
+     */
     unsigned ble_sm_sc:1;
 
 } protocomm_ble_config_t;
diff --git a/tools/sdk/esp32/include/soc/esp32/include/soc/soc_caps.h b/tools/sdk/esp32/include/soc/esp32/include/soc/soc_caps.h
index a72c340581a..18bd1c762be 100644
--- a/tools/sdk/esp32/include/soc/esp32/include/soc/soc_caps.h
+++ b/tools/sdk/esp32/include/soc/esp32/include/soc/soc_caps.h
@@ -72,7 +72,6 @@
 /**
  * TO BE REMOVED
  * Check if adc support digital controller (DMA) mode.
- * @value
  *      - 1 : support;
  *      - 0 : not support;
  */
diff --git a/tools/sdk/esp32/include/xtensa/include/xtensa/xtensa_context.h b/tools/sdk/esp32/include/xtensa/include/xtensa/xtensa_context.h
index e655904423f..8c25b186701 100644
--- a/tools/sdk/esp32/include/xtensa/include/xtensa/xtensa_context.h
+++ b/tools/sdk/esp32/include/xtensa/include/xtensa/xtensa_context.h
@@ -188,6 +188,14 @@ STRUCT_END(XtExcFrame)
   by the callee according to the compiler's ABI conventions, some space to save
   the return address for returning to the caller, and the caller's PS register.
 
+  Note: Although the xtensa ABI considers the threadptr as "global" across
+  functions (meaning it is neither caller or callee saved), it is treated as a
+  callee-saved register in a solicited stack frame. This omits the need for the
+  OS to include extra logic to save "global" registers on each context switch.
+  Only the threadptr register is treated as callee-saved, as all other NCP
+  (non-coprocessor extra) registers are caller-saved. See "tie.h" for more
+  details.
+
   For Windowed ABI, this stack frame includes the caller's base save area.
 
   Note on XT_SOL_EXIT field:
@@ -204,7 +212,11 @@ STRUCT_BEGIN
 STRUCT_FIELD (long, 4, XT_SOL_EXIT, exit)
 STRUCT_FIELD (long, 4, XT_SOL_PC,   pc)
 STRUCT_FIELD (long, 4, XT_SOL_PS,   ps)
-STRUCT_FIELD (long, 4, XT_SOL_NEXT, next)
+#if XCHAL_HAVE_THREADPTR
+STRUCT_FIELD (long, 4, XT_SOL_THREADPTR, threadptr)
+#else
+STRUCT_FIELD (long, 4, XT_SOL_NEXT, next)   /* Dummy register for 16-byte alignment */
+#endif
 STRUCT_FIELD (long, 4, XT_SOL_A12,  a12)    /* should be on 16-byte alignment */
 STRUCT_FIELD (long, 4, XT_SOL_A13,  a13)
 STRUCT_FIELD (long, 4, XT_SOL_A14,  a14)
@@ -213,7 +225,11 @@ STRUCT_FIELD (long, 4, XT_SOL_A15,  a15)
 STRUCT_FIELD (long, 4, XT_SOL_EXIT, exit)
 STRUCT_FIELD (long, 4, XT_SOL_PC,   pc)
 STRUCT_FIELD (long, 4, XT_SOL_PS,   ps)
-STRUCT_FIELD (long, 4, XT_SOL_NEXT, next)
+#if XCHAL_HAVE_THREADPTR
+STRUCT_FIELD (long, 4, XT_SOL_THREADPTR, threadptr)
+#else
+STRUCT_FIELD (long, 4, XT_SOL_NEXT, next)   /* Dummy register for 16-byte alignment */
+#endif
 STRUCT_FIELD (long, 4, XT_SOL_A0,   a0)    /* should be on 16-byte alignment */
 STRUCT_FIELD (long, 4, XT_SOL_A1,   a1)
 STRUCT_FIELD (long, 4, XT_SOL_A2,   a2)
diff --git a/tools/sdk/esp32/ld/libbtdm_app.a b/tools/sdk/esp32/ld/libbtdm_app.a
index a6fb5cf8efa..e833f6de564 100644
Binary files a/tools/sdk/esp32/ld/libbtdm_app.a and b/tools/sdk/esp32/ld/libbtdm_app.a differ
diff --git a/tools/sdk/esp32/ld/sections.ld b/tools/sdk/esp32/ld/sections.ld
index a305460a50d..93619f1c739 100644
--- a/tools/sdk/esp32/ld/sections.ld
+++ b/tools/sdk/esp32/ld/sections.ld
@@ -323,7 +323,7 @@ SECTIONS
     *libesp_system.a:ubsan.*(.literal .literal.* .text .text.*)
     *libfreertos.a:(EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal.* EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text.*)
     *libfreertos.a:port.*(.literal.pxPortInitialiseStack .literal.unlikely.vPortEndScheduler .literal.vApplicationStackOverflowHook .literal.vPortAssertIfInISR .literal.vPortExitCritical .literal.vPortExitCriticalCompliance .literal.vPortReleaseTaskMPUSettings .literal.vPortSetStackWatchpoint .literal.vPortYieldOtherCore .literal.xPortEnterCriticalTimeout .literal.xPortEnterCriticalTimeoutCompliance .literal.xPortInIsrContext .literal.xPortStartScheduler .text .text.pxPortInitialiseStack .text.unlikely.vPortEndScheduler .text.vApplicationStackOverflowHook .text.vPortAssertIfInISR .text.vPortExitCritical .text.vPortExitCriticalCompliance .text.vPortReleaseTaskMPUSettings .text.vPortSetStackWatchpoint .text.vPortStoreTaskMPUSettings .text.vPortYieldOtherCore .text.xPortEnterCriticalTimeout .text.xPortEnterCriticalTimeoutCompliance .text.xPortGetTickRateHz .text.xPortInIsrContext .text.xPortStartScheduler)
-    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.s_app_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.s_app_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
+    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.other_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.other_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
     *libgcc.a:lib2funcs.*(.literal .literal.* .text .text.*)
     *libgcov.a:(.literal .literal.* .text .text.*)
     *libhal.a:cpu_hal.*(.literal .literal.* .text .text.*)
@@ -373,8 +373,6 @@ SECTIONS
     *(.sdata)
     *(.sdata.*)
     *(.gnu.linkonce.s.*)
-    *(.sdata2)
-    *(.sdata2.*)
     *(.gnu.linkonce.s2.*)
     *(.jcr)
 
@@ -387,8 +385,8 @@ SECTIONS
     _coredump_dram_start = ABSOLUTE(.);
     *(.dram2.coredump .dram2.coredump.*)
     _coredump_dram_end = ABSOLUTE(.);
-    *libapp_trace.a:app_trace.*(.rodata .rodata.*)
-    *libapp_trace.a:app_trace_util.*(.rodata .rodata.*)
+    *libapp_trace.a:app_trace.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libapp_trace.a:app_trace_util.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _bt_data_start = ABSOLUTE(.);
     *libbt.a:(.data .data.*)
     . = ALIGN(4);
@@ -397,166 +395,166 @@ SECTIONS
     *libbtdm_app.a:(.data .data.*)
     . = ALIGN(4);
     _btdm_data_end = ABSOLUTE(.);
-    *libc.a:creat.*(.rodata .rodata.*)
-    *libc.a:isatty.*(.rodata .rodata.*)
-    *libc.a:lib_a-abs.*(.rodata .rodata.*)
-    *libc.a:lib_a-asctime.*(.rodata .rodata.*)
-    *libc.a:lib_a-asctime_r.*(.rodata .rodata.*)
-    *libc.a:lib_a-atoi.*(.rodata .rodata.*)
-    *libc.a:lib_a-atol.*(.rodata .rodata.*)
-    *libc.a:lib_a-bzero.*(.rodata .rodata.*)
-    *libc.a:lib_a-close.*(.rodata .rodata.*)
-    *libc.a:lib_a-creat.*(.rodata .rodata.*)
-    *libc.a:lib_a-ctime.*(.rodata .rodata.*)
-    *libc.a:lib_a-ctime_r.*(.rodata .rodata.*)
-    *libc.a:lib_a-ctype_.*(.rodata .rodata.*)
-    *libc.a:lib_a-div.*(.rodata .rodata.*)
-    *libc.a:lib_a-environ.*(.rodata .rodata.*)
-    *libc.a:lib_a-envlock.*(.rodata .rodata.*)
-    *libc.a:lib_a-fclose.*(.rodata .rodata.*)
-    *libc.a:lib_a-fflush.*(.rodata .rodata.*)
-    *libc.a:lib_a-findfp.*(.rodata .rodata.*)
-    *libc.a:lib_a-fputwc.*(.rodata .rodata.*)
-    *libc.a:lib_a-fvwrite.*(.rodata .rodata.*)
-    *libc.a:lib_a-fwalk.*(.rodata .rodata.*)
-    *libc.a:lib_a-getenv_r.*(.rodata .rodata.*)
-    *libc.a:lib_a-gettzinfo.*(.rodata .rodata.*)
-    *libc.a:lib_a-gmtime.*(.rodata .rodata.*)
-    *libc.a:lib_a-gmtime_r.*(.rodata .rodata.*)
-    *libc.a:lib_a-impure.*(.rodata .rodata.*)
-    *libc.a:lib_a-isalnum.*(.rodata .rodata.*)
-    *libc.a:lib_a-isalpha.*(.rodata .rodata.*)
-    *libc.a:lib_a-isascii.*(.rodata .rodata.*)
-    *libc.a:lib_a-isblank.*(.rodata .rodata.*)
-    *libc.a:lib_a-iscntrl.*(.rodata .rodata.*)
-    *libc.a:lib_a-isdigit.*(.rodata .rodata.*)
-    *libc.a:lib_a-isgraph.*(.rodata .rodata.*)
-    *libc.a:lib_a-islower.*(.rodata .rodata.*)
-    *libc.a:lib_a-isprint.*(.rodata .rodata.*)
-    *libc.a:lib_a-ispunct.*(.rodata .rodata.*)
-    *libc.a:lib_a-isspace.*(.rodata .rodata.*)
-    *libc.a:lib_a-isupper.*(.rodata .rodata.*)
-    *libc.a:lib_a-itoa.*(.rodata .rodata.*)
-    *libc.a:lib_a-labs.*(.rodata .rodata.*)
-    *libc.a:lib_a-lcltime.*(.rodata .rodata.*)
-    *libc.a:lib_a-lcltime_r.*(.rodata .rodata.*)
-    *libc.a:lib_a-ldiv.*(.rodata .rodata.*)
-    *libc.a:lib_a-longjmp.*(.rodata .rodata.*)
-    *libc.a:lib_a-makebuf.*(.rodata .rodata.*)
-    *libc.a:lib_a-memccpy.*(.rodata .rodata.*)
-    *libc.a:lib_a-memchr.*(.rodata .rodata.*)
-    *libc.a:lib_a-memcmp.*(.rodata .rodata.*)
-    *libc.a:lib_a-memcpy.*(.rodata .rodata.*)
-    *libc.a:lib_a-memmove.*(.rodata .rodata.*)
-    *libc.a:lib_a-memrchr.*(.rodata .rodata.*)
-    *libc.a:lib_a-memset.*(.rodata .rodata.*)
-    *libc.a:lib_a-mktime.*(.rodata .rodata.*)
-    *libc.a:lib_a-month_lengths.*(.rodata .rodata.*)
-    *libc.a:lib_a-open.*(.rodata .rodata.*)
-    *libc.a:lib_a-quorem.*(.rodata .rodata.*)
-    *libc.a:lib_a-raise.*(.rodata .rodata.*)
-    *libc.a:lib_a-rand.*(.rodata .rodata.*)
-    *libc.a:lib_a-rand_r.*(.rodata .rodata.*)
-    *libc.a:lib_a-read.*(.rodata .rodata.*)
-    *libc.a:lib_a-refill.*(.rodata .rodata.*)
-    *libc.a:lib_a-rshift.*(.rodata .rodata.*)
-    *libc.a:lib_a-s_fpclassify.*(.rodata .rodata.*)
-    *libc.a:lib_a-sbrk.*(.rodata .rodata.*)
-    *libc.a:lib_a-sccl.*(.rodata .rodata.*)
-    *libc.a:lib_a-setjmp.*(.rodata .rodata.*)
-    *libc.a:lib_a-sf_nan.*(.rodata .rodata.*)
-    *libc.a:lib_a-srand.*(.rodata .rodata.*)
-    *libc.a:lib_a-stdio.*(.rodata .rodata.*)
-    *libc.a:lib_a-strcasecmp.*(.rodata .rodata.*)
-    *libc.a:lib_a-strcasestr.*(.rodata .rodata.*)
-    *libc.a:lib_a-strcat.*(.rodata .rodata.*)
-    *libc.a:lib_a-strchr.*(.rodata .rodata.*)
-    *libc.a:lib_a-strcmp.*(.rodata .rodata.*)
-    *libc.a:lib_a-strcoll.*(.rodata .rodata.*)
-    *libc.a:lib_a-strcpy.*(.rodata .rodata.*)
-    *libc.a:lib_a-strcspn.*(.rodata .rodata.*)
-    *libc.a:lib_a-strdup.*(.rodata .rodata.*)
-    *libc.a:lib_a-strdup_r.*(.rodata .rodata.*)
-    *libc.a:lib_a-strftime.*(.rodata .rodata.*)
-    *libc.a:lib_a-strlcat.*(.rodata .rodata.*)
-    *libc.a:lib_a-strlcpy.*(.rodata .rodata.*)
-    *libc.a:lib_a-strlen.*(.rodata .rodata.*)
-    *libc.a:lib_a-strlwr.*(.rodata .rodata.*)
-    *libc.a:lib_a-strncasecmp.*(.rodata .rodata.*)
-    *libc.a:lib_a-strncat.*(.rodata .rodata.*)
-    *libc.a:lib_a-strncmp.*(.rodata .rodata.*)
-    *libc.a:lib_a-strncpy.*(.rodata .rodata.*)
-    *libc.a:lib_a-strndup.*(.rodata .rodata.*)
-    *libc.a:lib_a-strndup_r.*(.rodata .rodata.*)
-    *libc.a:lib_a-strnlen.*(.rodata .rodata.*)
-    *libc.a:lib_a-strptime.*(.rodata .rodata.*)
-    *libc.a:lib_a-strrchr.*(.rodata .rodata.*)
-    *libc.a:lib_a-strsep.*(.rodata .rodata.*)
-    *libc.a:lib_a-strspn.*(.rodata .rodata.*)
-    *libc.a:lib_a-strstr.*(.rodata .rodata.*)
-    *libc.a:lib_a-strtok_r.*(.rodata .rodata.*)
-    *libc.a:lib_a-strtol.*(.rodata .rodata.*)
-    *libc.a:lib_a-strtoul.*(.rodata .rodata.*)
-    *libc.a:lib_a-strupr.*(.rodata .rodata.*)
-    *libc.a:lib_a-sysclose.*(.rodata .rodata.*)
-    *libc.a:lib_a-sysopen.*(.rodata .rodata.*)
-    *libc.a:lib_a-sysread.*(.rodata .rodata.*)
-    *libc.a:lib_a-syssbrk.*(.rodata .rodata.*)
-    *libc.a:lib_a-system.*(.rodata .rodata.*)
-    *libc.a:lib_a-systimes.*(.rodata .rodata.*)
-    *libc.a:lib_a-syswrite.*(.rodata .rodata.*)
-    *libc.a:lib_a-time.*(.rodata .rodata.*)
-    *libc.a:lib_a-timelocal.*(.rodata .rodata.*)
-    *libc.a:lib_a-toascii.*(.rodata .rodata.*)
-    *libc.a:lib_a-tolower.*(.rodata .rodata.*)
-    *libc.a:lib_a-toupper.*(.rodata .rodata.*)
-    *libc.a:lib_a-tzcalc_limits.*(.rodata .rodata.*)
-    *libc.a:lib_a-tzlock.*(.rodata .rodata.*)
-    *libc.a:lib_a-tzset.*(.rodata .rodata.*)
-    *libc.a:lib_a-tzset_r.*(.rodata .rodata.*)
-    *libc.a:lib_a-tzvars.*(.rodata .rodata.*)
-    *libc.a:lib_a-ungetc.*(.rodata .rodata.*)
-    *libc.a:lib_a-utoa.*(.rodata .rodata.*)
-    *libc.a:lib_a-wbuf.*(.rodata .rodata.*)
-    *libc.a:lib_a-wcrtomb.*(.rodata .rodata.*)
-    *libc.a:lib_a-wctomb_r.*(.rodata .rodata.*)
-    *libc.a:lib_a-wsetup.*(.rodata .rodata.*)
-    *libc.a:lock.*(.rodata .rodata.*)
-    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.*)
-    *libesp_system.a:esp_err.*(.rodata .rodata.*)
-    *libesp_system.a:ubsan.*(.rodata .rodata.*)
-    *libgcov.a:(.rodata .rodata.*)
-    *libhal.a:cpu_hal.*(.rodata .rodata.*)
-    *libhal.a:i2c_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:ledc_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:soc_hal.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:wdt_hal_iram.*(.rodata .rodata.*)
-    *libheap.a:heap_tlsf.*(.rodata .rodata.*)
-    *libheap.a:multi_heap.*(.rodata .rodata.*)
-    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.*)
-    *libnewlib.a:abort.*(.rodata .rodata.*)
-    *libnewlib.a:assert.*(.rodata .rodata.*)
-    *libnewlib.a:heap.*(.rodata .rodata.*)
-    *libnewlib.a:stdatomic.*(.rodata .rodata.*)
+    *libc.a:creat.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:isatty.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-abs.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-asctime.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-asctime_r.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-atoi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-atol.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-bzero.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-close.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-creat.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-ctime.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-ctime_r.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-ctype_.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-div.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-environ.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-envlock.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-fclose.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-fflush.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-findfp.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-fputwc.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-fvwrite.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-fwalk.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-getenv_r.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-gettzinfo.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-gmtime.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-gmtime_r.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-impure.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-isalnum.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-isalpha.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-isascii.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-isblank.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-iscntrl.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-isdigit.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-isgraph.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-islower.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-isprint.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-ispunct.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-isspace.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-isupper.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-itoa.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-labs.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-lcltime.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-lcltime_r.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-ldiv.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-longjmp.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-makebuf.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-memccpy.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-memchr.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-memcmp.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-memcpy.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-memmove.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-memrchr.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-memset.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-mktime.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-month_lengths.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-open.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-quorem.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-raise.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-rand.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-rand_r.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-read.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-refill.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-rshift.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-s_fpclassify.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-sbrk.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-sccl.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-setjmp.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-sf_nan.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-srand.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-stdio.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strcasecmp.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strcasestr.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strcat.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strchr.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strcmp.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strcoll.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strcpy.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strcspn.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strdup.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strdup_r.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strftime.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strlcat.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strlcpy.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strlen.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strlwr.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strncasecmp.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strncat.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strncmp.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strncpy.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strndup.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strndup_r.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strnlen.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strptime.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strrchr.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strsep.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strspn.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strstr.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strtok_r.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strtol.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strtoul.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-strupr.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-sysclose.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-sysopen.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-sysread.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-syssbrk.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-system.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-systimes.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-syswrite.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-time.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-timelocal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-toascii.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-tolower.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-toupper.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-tzcalc_limits.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-tzlock.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-tzset.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-tzset_r.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-tzvars.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-ungetc.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-utoa.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-wbuf.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-wcrtomb.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-wctomb_r.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lib_a-wsetup.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libc.a:lock.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:esp_err.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:ubsan.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcov.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:cpu_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:i2c_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:ledc_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:soc_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:wdt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:heap_tlsf.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:abort.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:assert.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:stdatomic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _nimble_data_start = ABSOLUTE(.);
     *libnimble.a:(.data .data.*)
     . = ALIGN(4);
     _nimble_data_end = ABSOLUTE(.);
-    *libphy.a:(.rodata .rodata.*)
-    *libsoc.a:lldesc.*(.rodata .rodata.*)
-    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.*)
+    *libphy.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libsoc.a:lldesc.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
 
     _data_end = ABSOLUTE(.);
     . = ALIGN(4);
@@ -645,7 +643,7 @@ SECTIONS
   {
     _flash_rodata_start = ABSOLUTE(.);
 
-    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libc.a:creat.* *libc.a:isatty.* *libc.a:lib_a-abs.* *libc.a:lib_a-asctime.* *libc.a:lib_a-asctime_r.* *libc.a:lib_a-atoi.* *libc.a:lib_a-atol.* *libc.a:lib_a-bzero.* *libc.a:lib_a-close.* *libc.a:lib_a-creat.* *libc.a:lib_a-ctime.* *libc.a:lib_a-ctime_r.* *libc.a:lib_a-ctype_.* *libc.a:lib_a-div.* *libc.a:lib_a-environ.* *libc.a:lib_a-envlock.* *libc.a:lib_a-fclose.* *libc.a:lib_a-fflush.* *libc.a:lib_a-findfp.* *libc.a:lib_a-fputwc.* *libc.a:lib_a-fvwrite.* *libc.a:lib_a-fwalk.* *libc.a:lib_a-getenv_r.* *libc.a:lib_a-gettzinfo.* *libc.a:lib_a-gmtime.* *libc.a:lib_a-gmtime_r.* *libc.a:lib_a-impure.* *libc.a:lib_a-isalnum.* *libc.a:lib_a-isalpha.* *libc.a:lib_a-isascii.* *libc.a:lib_a-isblank.* *libc.a:lib_a-iscntrl.* *libc.a:lib_a-isdigit.* *libc.a:lib_a-isgraph.* *libc.a:lib_a-islower.* *libc.a:lib_a-isprint.* *libc.a:lib_a-ispunct.* *libc.a:lib_a-isspace.* *libc.a:lib_a-isupper.* *libc.a:lib_a-itoa.* *libc.a:lib_a-labs.* *libc.a:lib_a-lcltime.* *libc.a:lib_a-lcltime_r.* *libc.a:lib_a-ldiv.* *libc.a:lib_a-longjmp.* *libc.a:lib_a-makebuf.* *libc.a:lib_a-memccpy.* *libc.a:lib_a-memchr.* *libc.a:lib_a-memcmp.* *libc.a:lib_a-memcpy.* *libc.a:lib_a-memmove.* *libc.a:lib_a-memrchr.* *libc.a:lib_a-memset.* *libc.a:lib_a-mktime.* *libc.a:lib_a-month_lengths.* *libc.a:lib_a-open.* *libc.a:lib_a-quorem.* *libc.a:lib_a-raise.* *libc.a:lib_a-rand.* *libc.a:lib_a-rand_r.* *libc.a:lib_a-read.* *libc.a:lib_a-refill.* *libc.a:lib_a-rshift.* *libc.a:lib_a-s_fpclassify.* *libc.a:lib_a-sbrk.* *libc.a:lib_a-sccl.* *libc.a:lib_a-setjmp.* *libc.a:lib_a-sf_nan.* *libc.a:lib_a-srand.* *libc.a:lib_a-stdio.* *libc.a:lib_a-strcasecmp.* *libc.a:lib_a-strcasestr.* *libc.a:lib_a-strcat.* *libc.a:lib_a-strchr.* *libc.a:lib_a-strcmp.* *libc.a:lib_a-strcoll.* *libc.a:lib_a-strcpy.* *libc.a:lib_a-strcspn.* *libc.a:lib_a-strdup.* *libc.a:lib_a-strdup_r.* *libc.a:lib_a-strftime.* *libc.a:lib_a-strlcat.* *libc.a:lib_a-strlcpy.* *libc.a:lib_a-strlen.* *libc.a:lib_a-strlwr.* *libc.a:lib_a-strncasecmp.* *libc.a:lib_a-strncat.* *libc.a:lib_a-strncmp.* *libc.a:lib_a-strncpy.* *libc.a:lib_a-strndup.* *libc.a:lib_a-strndup_r.* *libc.a:lib_a-strnlen.* *libc.a:lib_a-strptime.* *libc.a:lib_a-strrchr.* *libc.a:lib_a-strsep.* *libc.a:lib_a-strspn.* *libc.a:lib_a-strstr.* *libc.a:lib_a-strtok_r.* *libc.a:lib_a-strtol.* *libc.a:lib_a-strtoul.* *libc.a:lib_a-strupr.* *libc.a:lib_a-sysclose.* *libc.a:lib_a-sysopen.* *libc.a:lib_a-sysread.* *libc.a:lib_a-syssbrk.* *libc.a:lib_a-system.* *libc.a:lib_a-systimes.* *libc.a:lib_a-syswrite.* *libc.a:lib_a-time.* *libc.a:lib_a-timelocal.* *libc.a:lib_a-toascii.* *libc.a:lib_a-tolower.* *libc.a:lib_a-toupper.* *libc.a:lib_a-tzcalc_limits.* *libc.a:lib_a-tzlock.* *libc.a:lib_a-tzset.* *libc.a:lib_a-tzset_r.* *libc.a:lib_a-tzvars.* *libc.a:lib_a-ungetc.* *libc.a:lib_a-utoa.* *libc.a:lib_a-wbuf.* *libc.a:lib_a-wcrtomb.* *libc.a:lib_a-wctomb_r.* *libc.a:lib_a-wsetup.* *libc.a:lock.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libc.a:creat.* *libc.a:isatty.* *libc.a:lib_a-abs.* *libc.a:lib_a-asctime.* *libc.a:lib_a-asctime_r.* *libc.a:lib_a-atoi.* *libc.a:lib_a-atol.* *libc.a:lib_a-bzero.* *libc.a:lib_a-close.* *libc.a:lib_a-creat.* *libc.a:lib_a-ctime.* *libc.a:lib_a-ctime_r.* *libc.a:lib_a-ctype_.* *libc.a:lib_a-div.* *libc.a:lib_a-environ.* *libc.a:lib_a-envlock.* *libc.a:lib_a-fclose.* *libc.a:lib_a-fflush.* *libc.a:lib_a-findfp.* *libc.a:lib_a-fputwc.* *libc.a:lib_a-fvwrite.* *libc.a:lib_a-fwalk.* *libc.a:lib_a-getenv_r.* *libc.a:lib_a-gettzinfo.* *libc.a:lib_a-gmtime.* *libc.a:lib_a-gmtime_r.* *libc.a:lib_a-impure.* *libc.a:lib_a-isalnum.* *libc.a:lib_a-isalpha.* *libc.a:lib_a-isascii.* *libc.a:lib_a-isblank.* *libc.a:lib_a-iscntrl.* *libc.a:lib_a-isdigit.* *libc.a:lib_a-isgraph.* *libc.a:lib_a-islower.* *libc.a:lib_a-isprint.* *libc.a:lib_a-ispunct.* *libc.a:lib_a-isspace.* *libc.a:lib_a-isupper.* *libc.a:lib_a-itoa.* *libc.a:lib_a-labs.* *libc.a:lib_a-lcltime.* *libc.a:lib_a-lcltime_r.* *libc.a:lib_a-ldiv.* *libc.a:lib_a-longjmp.* *libc.a:lib_a-makebuf.* *libc.a:lib_a-memccpy.* *libc.a:lib_a-memchr.* *libc.a:lib_a-memcmp.* *libc.a:lib_a-memcpy.* *libc.a:lib_a-memmove.* *libc.a:lib_a-memrchr.* *libc.a:lib_a-memset.* *libc.a:lib_a-mktime.* *libc.a:lib_a-month_lengths.* *libc.a:lib_a-open.* *libc.a:lib_a-quorem.* *libc.a:lib_a-raise.* *libc.a:lib_a-rand.* *libc.a:lib_a-rand_r.* *libc.a:lib_a-read.* *libc.a:lib_a-refill.* *libc.a:lib_a-rshift.* *libc.a:lib_a-s_fpclassify.* *libc.a:lib_a-sbrk.* *libc.a:lib_a-sccl.* *libc.a:lib_a-setjmp.* *libc.a:lib_a-sf_nan.* *libc.a:lib_a-srand.* *libc.a:lib_a-stdio.* *libc.a:lib_a-strcasecmp.* *libc.a:lib_a-strcasestr.* *libc.a:lib_a-strcat.* *libc.a:lib_a-strchr.* *libc.a:lib_a-strcmp.* *libc.a:lib_a-strcoll.* *libc.a:lib_a-strcpy.* *libc.a:lib_a-strcspn.* *libc.a:lib_a-strdup.* *libc.a:lib_a-strdup_r.* *libc.a:lib_a-strftime.* *libc.a:lib_a-strlcat.* *libc.a:lib_a-strlcpy.* *libc.a:lib_a-strlen.* *libc.a:lib_a-strlwr.* *libc.a:lib_a-strncasecmp.* *libc.a:lib_a-strncat.* *libc.a:lib_a-strncmp.* *libc.a:lib_a-strncpy.* *libc.a:lib_a-strndup.* *libc.a:lib_a-strndup_r.* *libc.a:lib_a-strnlen.* *libc.a:lib_a-strptime.* *libc.a:lib_a-strrchr.* *libc.a:lib_a-strsep.* *libc.a:lib_a-strspn.* *libc.a:lib_a-strstr.* *libc.a:lib_a-strtok_r.* *libc.a:lib_a-strtol.* *libc.a:lib_a-strtoul.* *libc.a:lib_a-strupr.* *libc.a:lib_a-sysclose.* *libc.a:lib_a-sysopen.* *libc.a:lib_a-sysread.* *libc.a:lib_a-syssbrk.* *libc.a:lib_a-system.* *libc.a:lib_a-systimes.* *libc.a:lib_a-syswrite.* *libc.a:lib_a-time.* *libc.a:lib_a-timelocal.* *libc.a:lib_a-toascii.* *libc.a:lib_a-tolower.* *libc.a:lib_a-toupper.* *libc.a:lib_a-tzcalc_limits.* *libc.a:lib_a-tzlock.* *libc.a:lib_a-tzset.* *libc.a:lib_a-tzset_r.* *libc.a:lib_a-tzvars.* *libc.a:lib_a-ungetc.* *libc.a:lib_a-utoa.* *libc.a:lib_a-wbuf.* *libc.a:lib_a-wcrtomb.* *libc.a:lib_a-wctomb_r.* *libc.a:lib_a-wsetup.* *libc.a:lock.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .rodata.*)
+    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libc.a:creat.* *libc.a:isatty.* *libc.a:lib_a-abs.* *libc.a:lib_a-asctime.* *libc.a:lib_a-asctime_r.* *libc.a:lib_a-atoi.* *libc.a:lib_a-atol.* *libc.a:lib_a-bzero.* *libc.a:lib_a-close.* *libc.a:lib_a-creat.* *libc.a:lib_a-ctime.* *libc.a:lib_a-ctime_r.* *libc.a:lib_a-ctype_.* *libc.a:lib_a-div.* *libc.a:lib_a-environ.* *libc.a:lib_a-envlock.* *libc.a:lib_a-fclose.* *libc.a:lib_a-fflush.* *libc.a:lib_a-findfp.* *libc.a:lib_a-fputwc.* *libc.a:lib_a-fvwrite.* *libc.a:lib_a-fwalk.* *libc.a:lib_a-getenv_r.* *libc.a:lib_a-gettzinfo.* *libc.a:lib_a-gmtime.* *libc.a:lib_a-gmtime_r.* *libc.a:lib_a-impure.* *libc.a:lib_a-isalnum.* *libc.a:lib_a-isalpha.* *libc.a:lib_a-isascii.* *libc.a:lib_a-isblank.* *libc.a:lib_a-iscntrl.* *libc.a:lib_a-isdigit.* *libc.a:lib_a-isgraph.* *libc.a:lib_a-islower.* *libc.a:lib_a-isprint.* *libc.a:lib_a-ispunct.* *libc.a:lib_a-isspace.* *libc.a:lib_a-isupper.* *libc.a:lib_a-itoa.* *libc.a:lib_a-labs.* *libc.a:lib_a-lcltime.* *libc.a:lib_a-lcltime_r.* *libc.a:lib_a-ldiv.* *libc.a:lib_a-longjmp.* *libc.a:lib_a-makebuf.* *libc.a:lib_a-memccpy.* *libc.a:lib_a-memchr.* *libc.a:lib_a-memcmp.* *libc.a:lib_a-memcpy.* *libc.a:lib_a-memmove.* *libc.a:lib_a-memrchr.* *libc.a:lib_a-memset.* *libc.a:lib_a-mktime.* *libc.a:lib_a-month_lengths.* *libc.a:lib_a-open.* *libc.a:lib_a-quorem.* *libc.a:lib_a-raise.* *libc.a:lib_a-rand.* *libc.a:lib_a-rand_r.* *libc.a:lib_a-read.* *libc.a:lib_a-refill.* *libc.a:lib_a-rshift.* *libc.a:lib_a-s_fpclassify.* *libc.a:lib_a-sbrk.* *libc.a:lib_a-sccl.* *libc.a:lib_a-setjmp.* *libc.a:lib_a-sf_nan.* *libc.a:lib_a-srand.* *libc.a:lib_a-stdio.* *libc.a:lib_a-strcasecmp.* *libc.a:lib_a-strcasestr.* *libc.a:lib_a-strcat.* *libc.a:lib_a-strchr.* *libc.a:lib_a-strcmp.* *libc.a:lib_a-strcoll.* *libc.a:lib_a-strcpy.* *libc.a:lib_a-strcspn.* *libc.a:lib_a-strdup.* *libc.a:lib_a-strdup_r.* *libc.a:lib_a-strftime.* *libc.a:lib_a-strlcat.* *libc.a:lib_a-strlcpy.* *libc.a:lib_a-strlen.* *libc.a:lib_a-strlwr.* *libc.a:lib_a-strncasecmp.* *libc.a:lib_a-strncat.* *libc.a:lib_a-strncmp.* *libc.a:lib_a-strncpy.* *libc.a:lib_a-strndup.* *libc.a:lib_a-strndup_r.* *libc.a:lib_a-strnlen.* *libc.a:lib_a-strptime.* *libc.a:lib_a-strrchr.* *libc.a:lib_a-strsep.* *libc.a:lib_a-strspn.* *libc.a:lib_a-strstr.* *libc.a:lib_a-strtok_r.* *libc.a:lib_a-strtol.* *libc.a:lib_a-strtoul.* *libc.a:lib_a-strupr.* *libc.a:lib_a-sysclose.* *libc.a:lib_a-sysopen.* *libc.a:lib_a-sysread.* *libc.a:lib_a-syssbrk.* *libc.a:lib_a-system.* *libc.a:lib_a-systimes.* *libc.a:lib_a-syswrite.* *libc.a:lib_a-time.* *libc.a:lib_a-timelocal.* *libc.a:lib_a-toascii.* *libc.a:lib_a-tolower.* *libc.a:lib_a-toupper.* *libc.a:lib_a-tzcalc_limits.* *libc.a:lib_a-tzlock.* *libc.a:lib_a-tzset.* *libc.a:lib_a-tzset_r.* *libc.a:lib_a-tzvars.* *libc.a:lib_a-ungetc.* *libc.a:lib_a-utoa.* *libc.a:lib_a-wbuf.* *libc.a:lib_a-wcrtomb.* *libc.a:lib_a-wctomb_r.* *libc.a:lib_a-wsetup.* *libc.a:lock.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libc.a:creat.* *libc.a:isatty.* *libc.a:lib_a-abs.* *libc.a:lib_a-asctime.* *libc.a:lib_a-asctime_r.* *libc.a:lib_a-atoi.* *libc.a:lib_a-atol.* *libc.a:lib_a-bzero.* *libc.a:lib_a-close.* *libc.a:lib_a-creat.* *libc.a:lib_a-ctime.* *libc.a:lib_a-ctime_r.* *libc.a:lib_a-ctype_.* *libc.a:lib_a-div.* *libc.a:lib_a-environ.* *libc.a:lib_a-envlock.* *libc.a:lib_a-fclose.* *libc.a:lib_a-fflush.* *libc.a:lib_a-findfp.* *libc.a:lib_a-fputwc.* *libc.a:lib_a-fvwrite.* *libc.a:lib_a-fwalk.* *libc.a:lib_a-getenv_r.* *libc.a:lib_a-gettzinfo.* *libc.a:lib_a-gmtime.* *libc.a:lib_a-gmtime_r.* *libc.a:lib_a-impure.* *libc.a:lib_a-isalnum.* *libc.a:lib_a-isalpha.* *libc.a:lib_a-isascii.* *libc.a:lib_a-isblank.* *libc.a:lib_a-iscntrl.* *libc.a:lib_a-isdigit.* *libc.a:lib_a-isgraph.* *libc.a:lib_a-islower.* *libc.a:lib_a-isprint.* *libc.a:lib_a-ispunct.* *libc.a:lib_a-isspace.* *libc.a:lib_a-isupper.* *libc.a:lib_a-itoa.* *libc.a:lib_a-labs.* *libc.a:lib_a-lcltime.* *libc.a:lib_a-lcltime_r.* *libc.a:lib_a-ldiv.* *libc.a:lib_a-longjmp.* *libc.a:lib_a-makebuf.* *libc.a:lib_a-memccpy.* *libc.a:lib_a-memchr.* *libc.a:lib_a-memcmp.* *libc.a:lib_a-memcpy.* *libc.a:lib_a-memmove.* *libc.a:lib_a-memrchr.* *libc.a:lib_a-memset.* *libc.a:lib_a-mktime.* *libc.a:lib_a-month_lengths.* *libc.a:lib_a-open.* *libc.a:lib_a-quorem.* *libc.a:lib_a-raise.* *libc.a:lib_a-rand.* *libc.a:lib_a-rand_r.* *libc.a:lib_a-read.* *libc.a:lib_a-refill.* *libc.a:lib_a-rshift.* *libc.a:lib_a-s_fpclassify.* *libc.a:lib_a-sbrk.* *libc.a:lib_a-sccl.* *libc.a:lib_a-setjmp.* *libc.a:lib_a-sf_nan.* *libc.a:lib_a-srand.* *libc.a:lib_a-stdio.* *libc.a:lib_a-strcasecmp.* *libc.a:lib_a-strcasestr.* *libc.a:lib_a-strcat.* *libc.a:lib_a-strchr.* *libc.a:lib_a-strcmp.* *libc.a:lib_a-strcoll.* *libc.a:lib_a-strcpy.* *libc.a:lib_a-strcspn.* *libc.a:lib_a-strdup.* *libc.a:lib_a-strdup_r.* *libc.a:lib_a-strftime.* *libc.a:lib_a-strlcat.* *libc.a:lib_a-strlcpy.* *libc.a:lib_a-strlen.* *libc.a:lib_a-strlwr.* *libc.a:lib_a-strncasecmp.* *libc.a:lib_a-strncat.* *libc.a:lib_a-strncmp.* *libc.a:lib_a-strncpy.* *libc.a:lib_a-strndup.* *libc.a:lib_a-strndup_r.* *libc.a:lib_a-strnlen.* *libc.a:lib_a-strptime.* *libc.a:lib_a-strrchr.* *libc.a:lib_a-strsep.* *libc.a:lib_a-strspn.* *libc.a:lib_a-strstr.* *libc.a:lib_a-strtok_r.* *libc.a:lib_a-strtol.* *libc.a:lib_a-strtoul.* *libc.a:lib_a-strupr.* *libc.a:lib_a-sysclose.* *libc.a:lib_a-sysopen.* *libc.a:lib_a-sysread.* *libc.a:lib_a-syssbrk.* *libc.a:lib_a-system.* *libc.a:lib_a-systimes.* *libc.a:lib_a-syswrite.* *libc.a:lib_a-time.* *libc.a:lib_a-timelocal.* *libc.a:lib_a-toascii.* *libc.a:lib_a-tolower.* *libc.a:lib_a-toupper.* *libc.a:lib_a-tzcalc_limits.* *libc.a:lib_a-tzlock.* *libc.a:lib_a-tzset.* *libc.a:lib_a-tzset_r.* *libc.a:lib_a-tzvars.* *libc.a:lib_a-ungetc.* *libc.a:lib_a-utoa.* *libc.a:lib_a-wbuf.* *libc.a:lib_a-wcrtomb.* *libc.a:lib_a-wctomb_r.* *libc.a:lib_a-wsetup.* *libc.a:lock.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .rodata.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libc.a:creat.* *libc.a:isatty.* *libc.a:lib_a-abs.* *libc.a:lib_a-asctime.* *libc.a:lib_a-asctime_r.* *libc.a:lib_a-atoi.* *libc.a:lib_a-atol.* *libc.a:lib_a-bzero.* *libc.a:lib_a-close.* *libc.a:lib_a-creat.* *libc.a:lib_a-ctime.* *libc.a:lib_a-ctime_r.* *libc.a:lib_a-ctype_.* *libc.a:lib_a-div.* *libc.a:lib_a-environ.* *libc.a:lib_a-envlock.* *libc.a:lib_a-fclose.* *libc.a:lib_a-fflush.* *libc.a:lib_a-findfp.* *libc.a:lib_a-fputwc.* *libc.a:lib_a-fvwrite.* *libc.a:lib_a-fwalk.* *libc.a:lib_a-getenv_r.* *libc.a:lib_a-gettzinfo.* *libc.a:lib_a-gmtime.* *libc.a:lib_a-gmtime_r.* *libc.a:lib_a-impure.* *libc.a:lib_a-isalnum.* *libc.a:lib_a-isalpha.* *libc.a:lib_a-isascii.* *libc.a:lib_a-isblank.* *libc.a:lib_a-iscntrl.* *libc.a:lib_a-isdigit.* *libc.a:lib_a-isgraph.* *libc.a:lib_a-islower.* *libc.a:lib_a-isprint.* *libc.a:lib_a-ispunct.* *libc.a:lib_a-isspace.* *libc.a:lib_a-isupper.* *libc.a:lib_a-itoa.* *libc.a:lib_a-labs.* *libc.a:lib_a-lcltime.* *libc.a:lib_a-lcltime_r.* *libc.a:lib_a-ldiv.* *libc.a:lib_a-longjmp.* *libc.a:lib_a-makebuf.* *libc.a:lib_a-memccpy.* *libc.a:lib_a-memchr.* *libc.a:lib_a-memcmp.* *libc.a:lib_a-memcpy.* *libc.a:lib_a-memmove.* *libc.a:lib_a-memrchr.* *libc.a:lib_a-memset.* *libc.a:lib_a-mktime.* *libc.a:lib_a-month_lengths.* *libc.a:lib_a-open.* *libc.a:lib_a-quorem.* *libc.a:lib_a-raise.* *libc.a:lib_a-rand.* *libc.a:lib_a-rand_r.* *libc.a:lib_a-read.* *libc.a:lib_a-refill.* *libc.a:lib_a-rshift.* *libc.a:lib_a-s_fpclassify.* *libc.a:lib_a-sbrk.* *libc.a:lib_a-sccl.* *libc.a:lib_a-setjmp.* *libc.a:lib_a-sf_nan.* *libc.a:lib_a-srand.* *libc.a:lib_a-stdio.* *libc.a:lib_a-strcasecmp.* *libc.a:lib_a-strcasestr.* *libc.a:lib_a-strcat.* *libc.a:lib_a-strchr.* *libc.a:lib_a-strcmp.* *libc.a:lib_a-strcoll.* *libc.a:lib_a-strcpy.* *libc.a:lib_a-strcspn.* *libc.a:lib_a-strdup.* *libc.a:lib_a-strdup_r.* *libc.a:lib_a-strftime.* *libc.a:lib_a-strlcat.* *libc.a:lib_a-strlcpy.* *libc.a:lib_a-strlen.* *libc.a:lib_a-strlwr.* *libc.a:lib_a-strncasecmp.* *libc.a:lib_a-strncat.* *libc.a:lib_a-strncmp.* *libc.a:lib_a-strncpy.* *libc.a:lib_a-strndup.* *libc.a:lib_a-strndup_r.* *libc.a:lib_a-strnlen.* *libc.a:lib_a-strptime.* *libc.a:lib_a-strrchr.* *libc.a:lib_a-strsep.* *libc.a:lib_a-strspn.* *libc.a:lib_a-strstr.* *libc.a:lib_a-strtok_r.* *libc.a:lib_a-strtol.* *libc.a:lib_a-strtoul.* *libc.a:lib_a-strupr.* *libc.a:lib_a-sysclose.* *libc.a:lib_a-sysopen.* *libc.a:lib_a-sysread.* *libc.a:lib_a-syssbrk.* *libc.a:lib_a-system.* *libc.a:lib_a-systimes.* *libc.a:lib_a-syswrite.* *libc.a:lib_a-time.* *libc.a:lib_a-timelocal.* *libc.a:lib_a-toascii.* *libc.a:lib_a-tolower.* *libc.a:lib_a-toupper.* *libc.a:lib_a-tzcalc_limits.* *libc.a:lib_a-tzlock.* *libc.a:lib_a-tzset.* *libc.a:lib_a-tzset_r.* *libc.a:lib_a-tzvars.* *libc.a:lib_a-ungetc.* *libc.a:lib_a-utoa.* *libc.a:lib_a-wbuf.* *libc.a:lib_a-wcrtomb.* *libc.a:lib_a-wctomb_r.* *libc.a:lib_a-wsetup.* *libc.a:lock.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .sdata2 EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libc.a:creat.* *libc.a:isatty.* *libc.a:lib_a-abs.* *libc.a:lib_a-asctime.* *libc.a:lib_a-asctime_r.* *libc.a:lib_a-atoi.* *libc.a:lib_a-atol.* *libc.a:lib_a-bzero.* *libc.a:lib_a-close.* *libc.a:lib_a-creat.* *libc.a:lib_a-ctime.* *libc.a:lib_a-ctime_r.* *libc.a:lib_a-ctype_.* *libc.a:lib_a-div.* *libc.a:lib_a-environ.* *libc.a:lib_a-envlock.* *libc.a:lib_a-fclose.* *libc.a:lib_a-fflush.* *libc.a:lib_a-findfp.* *libc.a:lib_a-fputwc.* *libc.a:lib_a-fvwrite.* *libc.a:lib_a-fwalk.* *libc.a:lib_a-getenv_r.* *libc.a:lib_a-gettzinfo.* *libc.a:lib_a-gmtime.* *libc.a:lib_a-gmtime_r.* *libc.a:lib_a-impure.* *libc.a:lib_a-isalnum.* *libc.a:lib_a-isalpha.* *libc.a:lib_a-isascii.* *libc.a:lib_a-isblank.* *libc.a:lib_a-iscntrl.* *libc.a:lib_a-isdigit.* *libc.a:lib_a-isgraph.* *libc.a:lib_a-islower.* *libc.a:lib_a-isprint.* *libc.a:lib_a-ispunct.* *libc.a:lib_a-isspace.* *libc.a:lib_a-isupper.* *libc.a:lib_a-itoa.* *libc.a:lib_a-labs.* *libc.a:lib_a-lcltime.* *libc.a:lib_a-lcltime_r.* *libc.a:lib_a-ldiv.* *libc.a:lib_a-longjmp.* *libc.a:lib_a-makebuf.* *libc.a:lib_a-memccpy.* *libc.a:lib_a-memchr.* *libc.a:lib_a-memcmp.* *libc.a:lib_a-memcpy.* *libc.a:lib_a-memmove.* *libc.a:lib_a-memrchr.* *libc.a:lib_a-memset.* *libc.a:lib_a-mktime.* *libc.a:lib_a-month_lengths.* *libc.a:lib_a-open.* *libc.a:lib_a-quorem.* *libc.a:lib_a-raise.* *libc.a:lib_a-rand.* *libc.a:lib_a-rand_r.* *libc.a:lib_a-read.* *libc.a:lib_a-refill.* *libc.a:lib_a-rshift.* *libc.a:lib_a-s_fpclassify.* *libc.a:lib_a-sbrk.* *libc.a:lib_a-sccl.* *libc.a:lib_a-setjmp.* *libc.a:lib_a-sf_nan.* *libc.a:lib_a-srand.* *libc.a:lib_a-stdio.* *libc.a:lib_a-strcasecmp.* *libc.a:lib_a-strcasestr.* *libc.a:lib_a-strcat.* *libc.a:lib_a-strchr.* *libc.a:lib_a-strcmp.* *libc.a:lib_a-strcoll.* *libc.a:lib_a-strcpy.* *libc.a:lib_a-strcspn.* *libc.a:lib_a-strdup.* *libc.a:lib_a-strdup_r.* *libc.a:lib_a-strftime.* *libc.a:lib_a-strlcat.* *libc.a:lib_a-strlcpy.* *libc.a:lib_a-strlen.* *libc.a:lib_a-strlwr.* *libc.a:lib_a-strncasecmp.* *libc.a:lib_a-strncat.* *libc.a:lib_a-strncmp.* *libc.a:lib_a-strncpy.* *libc.a:lib_a-strndup.* *libc.a:lib_a-strndup_r.* *libc.a:lib_a-strnlen.* *libc.a:lib_a-strptime.* *libc.a:lib_a-strrchr.* *libc.a:lib_a-strsep.* *libc.a:lib_a-strspn.* *libc.a:lib_a-strstr.* *libc.a:lib_a-strtok_r.* *libc.a:lib_a-strtol.* *libc.a:lib_a-strtoul.* *libc.a:lib_a-strupr.* *libc.a:lib_a-sysclose.* *libc.a:lib_a-sysopen.* *libc.a:lib_a-sysread.* *libc.a:lib_a-syssbrk.* *libc.a:lib_a-system.* *libc.a:lib_a-systimes.* *libc.a:lib_a-syswrite.* *libc.a:lib_a-time.* *libc.a:lib_a-timelocal.* *libc.a:lib_a-toascii.* *libc.a:lib_a-tolower.* *libc.a:lib_a-toupper.* *libc.a:lib_a-tzcalc_limits.* *libc.a:lib_a-tzlock.* *libc.a:lib_a-tzset.* *libc.a:lib_a-tzset_r.* *libc.a:lib_a-tzvars.* *libc.a:lib_a-ungetc.* *libc.a:lib_a-utoa.* *libc.a:lib_a-wbuf.* *libc.a:lib_a-wcrtomb.* *libc.a:lib_a-wctomb_r.* *libc.a:lib_a-wsetup.* *libc.a:lock.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .sdata2.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libc.a:creat.* *libc.a:isatty.* *libc.a:lib_a-abs.* *libc.a:lib_a-asctime.* *libc.a:lib_a-asctime_r.* *libc.a:lib_a-atoi.* *libc.a:lib_a-atol.* *libc.a:lib_a-bzero.* *libc.a:lib_a-close.* *libc.a:lib_a-creat.* *libc.a:lib_a-ctime.* *libc.a:lib_a-ctime_r.* *libc.a:lib_a-ctype_.* *libc.a:lib_a-div.* *libc.a:lib_a-environ.* *libc.a:lib_a-envlock.* *libc.a:lib_a-fclose.* *libc.a:lib_a-fflush.* *libc.a:lib_a-findfp.* *libc.a:lib_a-fputwc.* *libc.a:lib_a-fvwrite.* *libc.a:lib_a-fwalk.* *libc.a:lib_a-getenv_r.* *libc.a:lib_a-gettzinfo.* *libc.a:lib_a-gmtime.* *libc.a:lib_a-gmtime_r.* *libc.a:lib_a-impure.* *libc.a:lib_a-isalnum.* *libc.a:lib_a-isalpha.* *libc.a:lib_a-isascii.* *libc.a:lib_a-isblank.* *libc.a:lib_a-iscntrl.* *libc.a:lib_a-isdigit.* *libc.a:lib_a-isgraph.* *libc.a:lib_a-islower.* *libc.a:lib_a-isprint.* *libc.a:lib_a-ispunct.* *libc.a:lib_a-isspace.* *libc.a:lib_a-isupper.* *libc.a:lib_a-itoa.* *libc.a:lib_a-labs.* *libc.a:lib_a-lcltime.* *libc.a:lib_a-lcltime_r.* *libc.a:lib_a-ldiv.* *libc.a:lib_a-longjmp.* *libc.a:lib_a-makebuf.* *libc.a:lib_a-memccpy.* *libc.a:lib_a-memchr.* *libc.a:lib_a-memcmp.* *libc.a:lib_a-memcpy.* *libc.a:lib_a-memmove.* *libc.a:lib_a-memrchr.* *libc.a:lib_a-memset.* *libc.a:lib_a-mktime.* *libc.a:lib_a-month_lengths.* *libc.a:lib_a-open.* *libc.a:lib_a-quorem.* *libc.a:lib_a-raise.* *libc.a:lib_a-rand.* *libc.a:lib_a-rand_r.* *libc.a:lib_a-read.* *libc.a:lib_a-refill.* *libc.a:lib_a-rshift.* *libc.a:lib_a-s_fpclassify.* *libc.a:lib_a-sbrk.* *libc.a:lib_a-sccl.* *libc.a:lib_a-setjmp.* *libc.a:lib_a-sf_nan.* *libc.a:lib_a-srand.* *libc.a:lib_a-stdio.* *libc.a:lib_a-strcasecmp.* *libc.a:lib_a-strcasestr.* *libc.a:lib_a-strcat.* *libc.a:lib_a-strchr.* *libc.a:lib_a-strcmp.* *libc.a:lib_a-strcoll.* *libc.a:lib_a-strcpy.* *libc.a:lib_a-strcspn.* *libc.a:lib_a-strdup.* *libc.a:lib_a-strdup_r.* *libc.a:lib_a-strftime.* *libc.a:lib_a-strlcat.* *libc.a:lib_a-strlcpy.* *libc.a:lib_a-strlen.* *libc.a:lib_a-strlwr.* *libc.a:lib_a-strncasecmp.* *libc.a:lib_a-strncat.* *libc.a:lib_a-strncmp.* *libc.a:lib_a-strncpy.* *libc.a:lib_a-strndup.* *libc.a:lib_a-strndup_r.* *libc.a:lib_a-strnlen.* *libc.a:lib_a-strptime.* *libc.a:lib_a-strrchr.* *libc.a:lib_a-strsep.* *libc.a:lib_a-strspn.* *libc.a:lib_a-strstr.* *libc.a:lib_a-strtok_r.* *libc.a:lib_a-strtol.* *libc.a:lib_a-strtoul.* *libc.a:lib_a-strupr.* *libc.a:lib_a-sysclose.* *libc.a:lib_a-sysopen.* *libc.a:lib_a-sysread.* *libc.a:lib_a-syssbrk.* *libc.a:lib_a-system.* *libc.a:lib_a-systimes.* *libc.a:lib_a-syswrite.* *libc.a:lib_a-time.* *libc.a:lib_a-timelocal.* *libc.a:lib_a-toascii.* *libc.a:lib_a-tolower.* *libc.a:lib_a-toupper.* *libc.a:lib_a-tzcalc_limits.* *libc.a:lib_a-tzlock.* *libc.a:lib_a-tzset.* *libc.a:lib_a-tzset_r.* *libc.a:lib_a-tzvars.* *libc.a:lib_a-ungetc.* *libc.a:lib_a-utoa.* *libc.a:lib_a-wbuf.* *libc.a:lib_a-wcrtomb.* *libc.a:lib_a-wctomb_r.* *libc.a:lib_a-wsetup.* *libc.a:lock.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .srodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libc.a:creat.* *libc.a:isatty.* *libc.a:lib_a-abs.* *libc.a:lib_a-asctime.* *libc.a:lib_a-asctime_r.* *libc.a:lib_a-atoi.* *libc.a:lib_a-atol.* *libc.a:lib_a-bzero.* *libc.a:lib_a-close.* *libc.a:lib_a-creat.* *libc.a:lib_a-ctime.* *libc.a:lib_a-ctime_r.* *libc.a:lib_a-ctype_.* *libc.a:lib_a-div.* *libc.a:lib_a-environ.* *libc.a:lib_a-envlock.* *libc.a:lib_a-fclose.* *libc.a:lib_a-fflush.* *libc.a:lib_a-findfp.* *libc.a:lib_a-fputwc.* *libc.a:lib_a-fvwrite.* *libc.a:lib_a-fwalk.* *libc.a:lib_a-getenv_r.* *libc.a:lib_a-gettzinfo.* *libc.a:lib_a-gmtime.* *libc.a:lib_a-gmtime_r.* *libc.a:lib_a-impure.* *libc.a:lib_a-isalnum.* *libc.a:lib_a-isalpha.* *libc.a:lib_a-isascii.* *libc.a:lib_a-isblank.* *libc.a:lib_a-iscntrl.* *libc.a:lib_a-isdigit.* *libc.a:lib_a-isgraph.* *libc.a:lib_a-islower.* *libc.a:lib_a-isprint.* *libc.a:lib_a-ispunct.* *libc.a:lib_a-isspace.* *libc.a:lib_a-isupper.* *libc.a:lib_a-itoa.* *libc.a:lib_a-labs.* *libc.a:lib_a-lcltime.* *libc.a:lib_a-lcltime_r.* *libc.a:lib_a-ldiv.* *libc.a:lib_a-longjmp.* *libc.a:lib_a-makebuf.* *libc.a:lib_a-memccpy.* *libc.a:lib_a-memchr.* *libc.a:lib_a-memcmp.* *libc.a:lib_a-memcpy.* *libc.a:lib_a-memmove.* *libc.a:lib_a-memrchr.* *libc.a:lib_a-memset.* *libc.a:lib_a-mktime.* *libc.a:lib_a-month_lengths.* *libc.a:lib_a-open.* *libc.a:lib_a-quorem.* *libc.a:lib_a-raise.* *libc.a:lib_a-rand.* *libc.a:lib_a-rand_r.* *libc.a:lib_a-read.* *libc.a:lib_a-refill.* *libc.a:lib_a-rshift.* *libc.a:lib_a-s_fpclassify.* *libc.a:lib_a-sbrk.* *libc.a:lib_a-sccl.* *libc.a:lib_a-setjmp.* *libc.a:lib_a-sf_nan.* *libc.a:lib_a-srand.* *libc.a:lib_a-stdio.* *libc.a:lib_a-strcasecmp.* *libc.a:lib_a-strcasestr.* *libc.a:lib_a-strcat.* *libc.a:lib_a-strchr.* *libc.a:lib_a-strcmp.* *libc.a:lib_a-strcoll.* *libc.a:lib_a-strcpy.* *libc.a:lib_a-strcspn.* *libc.a:lib_a-strdup.* *libc.a:lib_a-strdup_r.* *libc.a:lib_a-strftime.* *libc.a:lib_a-strlcat.* *libc.a:lib_a-strlcpy.* *libc.a:lib_a-strlen.* *libc.a:lib_a-strlwr.* *libc.a:lib_a-strncasecmp.* *libc.a:lib_a-strncat.* *libc.a:lib_a-strncmp.* *libc.a:lib_a-strncpy.* *libc.a:lib_a-strndup.* *libc.a:lib_a-strndup_r.* *libc.a:lib_a-strnlen.* *libc.a:lib_a-strptime.* *libc.a:lib_a-strrchr.* *libc.a:lib_a-strsep.* *libc.a:lib_a-strspn.* *libc.a:lib_a-strstr.* *libc.a:lib_a-strtok_r.* *libc.a:lib_a-strtol.* *libc.a:lib_a-strtoul.* *libc.a:lib_a-strupr.* *libc.a:lib_a-sysclose.* *libc.a:lib_a-sysopen.* *libc.a:lib_a-sysread.* *libc.a:lib_a-syssbrk.* *libc.a:lib_a-system.* *libc.a:lib_a-systimes.* *libc.a:lib_a-syswrite.* *libc.a:lib_a-time.* *libc.a:lib_a-timelocal.* *libc.a:lib_a-toascii.* *libc.a:lib_a-tolower.* *libc.a:lib_a-toupper.* *libc.a:lib_a-tzcalc_limits.* *libc.a:lib_a-tzlock.* *libc.a:lib_a-tzset.* *libc.a:lib_a-tzset_r.* *libc.a:lib_a-tzvars.* *libc.a:lib_a-ungetc.* *libc.a:lib_a-utoa.* *libc.a:lib_a-wbuf.* *libc.a:lib_a-wcrtomb.* *libc.a:lib_a-wctomb_r.* *libc.a:lib_a-wsetup.* *libc.a:lock.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .srodata.*)
     *(.rodata_wlog_error .rodata_wlog_error.*)
 
 
diff --git a/tools/sdk/esp32/lib/libapp_update.a b/tools/sdk/esp32/lib/libapp_update.a
index 369c9332790..11183ecdb75 100644
Binary files a/tools/sdk/esp32/lib/libapp_update.a and b/tools/sdk/esp32/lib/libapp_update.a differ
diff --git a/tools/sdk/esp32/lib/libbt.a b/tools/sdk/esp32/lib/libbt.a
index b7adc5cba65..5ca3740ed7a 100644
Binary files a/tools/sdk/esp32/lib/libbt.a and b/tools/sdk/esp32/lib/libbt.a differ
diff --git a/tools/sdk/esp32/lib/libbutton.a b/tools/sdk/esp32/lib/libbutton.a
index c9fb2ffb706..1256838b6ac 100644
Binary files a/tools/sdk/esp32/lib/libbutton.a and b/tools/sdk/esp32/lib/libbutton.a differ
diff --git a/tools/sdk/esp32/lib/libcoap.a b/tools/sdk/esp32/lib/libcoap.a
index c0ea8e5f67a..8e57613c7b3 100644
Binary files a/tools/sdk/esp32/lib/libcoap.a and b/tools/sdk/esp32/lib/libcoap.a differ
diff --git a/tools/sdk/esp32/lib/libcoexist.a b/tools/sdk/esp32/lib/libcoexist.a
index 6a59d699072..82f51d7a5f9 100644
Binary files a/tools/sdk/esp32/lib/libcoexist.a and b/tools/sdk/esp32/lib/libcoexist.a differ
diff --git a/tools/sdk/esp32/lib/libconsole.a b/tools/sdk/esp32/lib/libconsole.a
index 3d2d21c0dea..0ead7bc2ddd 100644
Binary files a/tools/sdk/esp32/lib/libconsole.a and b/tools/sdk/esp32/lib/libconsole.a differ
diff --git a/tools/sdk/esp32/lib/libcore.a b/tools/sdk/esp32/lib/libcore.a
index 6fcbbdaea3f..34bb238bc6b 100644
Binary files a/tools/sdk/esp32/lib/libcore.a and b/tools/sdk/esp32/lib/libcore.a differ
diff --git a/tools/sdk/esp32/lib/libcxx.a b/tools/sdk/esp32/lib/libcxx.a
index d1b2a5e62bb..e6d8046f808 100644
Binary files a/tools/sdk/esp32/lib/libcxx.a and b/tools/sdk/esp32/lib/libcxx.a differ
diff --git a/tools/sdk/esp32/lib/libdriver.a b/tools/sdk/esp32/lib/libdriver.a
index 8fbd2f2b992..08b67185eb9 100644
Binary files a/tools/sdk/esp32/lib/libdriver.a and b/tools/sdk/esp32/lib/libdriver.a differ
diff --git a/tools/sdk/esp32/lib/libesp-tls.a b/tools/sdk/esp32/lib/libesp-tls.a
index 2823dbd9332..b533490b4ec 100644
Binary files a/tools/sdk/esp32/lib/libesp-tls.a and b/tools/sdk/esp32/lib/libesp-tls.a differ
diff --git a/tools/sdk/esp32/lib/libesp32-camera.a b/tools/sdk/esp32/lib/libesp32-camera.a
index 288db343c9b..2946f57c1d0 100644
Binary files a/tools/sdk/esp32/lib/libesp32-camera.a and b/tools/sdk/esp32/lib/libesp32-camera.a differ
diff --git a/tools/sdk/esp32/lib/libesp_common.a b/tools/sdk/esp32/lib/libesp_common.a
index 849dd669e43..19b7e915df9 100644
Binary files a/tools/sdk/esp32/lib/libesp_common.a and b/tools/sdk/esp32/lib/libesp_common.a differ
diff --git a/tools/sdk/esp32/lib/libesp_eth.a b/tools/sdk/esp32/lib/libesp_eth.a
index 5bf0ef679af..4e38183487c 100644
Binary files a/tools/sdk/esp32/lib/libesp_eth.a and b/tools/sdk/esp32/lib/libesp_eth.a differ
diff --git a/tools/sdk/esp32/lib/libesp_event.a b/tools/sdk/esp32/lib/libesp_event.a
index d85b1c2a580..f4e9af4467b 100644
Binary files a/tools/sdk/esp32/lib/libesp_event.a and b/tools/sdk/esp32/lib/libesp_event.a differ
diff --git a/tools/sdk/esp32/lib/libesp_gdbstub.a b/tools/sdk/esp32/lib/libesp_gdbstub.a
index 5d4175d8a58..05bd43cc76b 100644
Binary files a/tools/sdk/esp32/lib/libesp_gdbstub.a and b/tools/sdk/esp32/lib/libesp_gdbstub.a differ
diff --git a/tools/sdk/esp32/lib/libesp_hid.a b/tools/sdk/esp32/lib/libesp_hid.a
index 5f2dc52e7ab..69adac38f87 100644
Binary files a/tools/sdk/esp32/lib/libesp_hid.a and b/tools/sdk/esp32/lib/libesp_hid.a differ
diff --git a/tools/sdk/esp32/lib/libesp_http_client.a b/tools/sdk/esp32/lib/libesp_http_client.a
index 88b7851149d..a6cbb446458 100644
Binary files a/tools/sdk/esp32/lib/libesp_http_client.a and b/tools/sdk/esp32/lib/libesp_http_client.a differ
diff --git a/tools/sdk/esp32/lib/libesp_http_server.a b/tools/sdk/esp32/lib/libesp_http_server.a
index 07427396973..d43ddbbc574 100644
Binary files a/tools/sdk/esp32/lib/libesp_http_server.a and b/tools/sdk/esp32/lib/libesp_http_server.a differ
diff --git a/tools/sdk/esp32/lib/libesp_https_server.a b/tools/sdk/esp32/lib/libesp_https_server.a
index a286e41d666..952405f0a70 100644
Binary files a/tools/sdk/esp32/lib/libesp_https_server.a and b/tools/sdk/esp32/lib/libesp_https_server.a differ
diff --git a/tools/sdk/esp32/lib/libesp_hw_support.a b/tools/sdk/esp32/lib/libesp_hw_support.a
index b26894b8ba1..c3b69b8fa27 100644
Binary files a/tools/sdk/esp32/lib/libesp_hw_support.a and b/tools/sdk/esp32/lib/libesp_hw_support.a differ
diff --git a/tools/sdk/esp32/lib/libesp_ipc.a b/tools/sdk/esp32/lib/libesp_ipc.a
index 2f1fc9a2f7a..50db34a9ea3 100644
Binary files a/tools/sdk/esp32/lib/libesp_ipc.a and b/tools/sdk/esp32/lib/libesp_ipc.a differ
diff --git a/tools/sdk/esp32/lib/libesp_lcd.a b/tools/sdk/esp32/lib/libesp_lcd.a
index 35b8747b515..14f5bf3583c 100644
Binary files a/tools/sdk/esp32/lib/libesp_lcd.a and b/tools/sdk/esp32/lib/libesp_lcd.a differ
diff --git a/tools/sdk/esp32/lib/libesp_littlefs.a b/tools/sdk/esp32/lib/libesp_littlefs.a
index 691df671590..a659706cc7a 100644
Binary files a/tools/sdk/esp32/lib/libesp_littlefs.a and b/tools/sdk/esp32/lib/libesp_littlefs.a differ
diff --git a/tools/sdk/esp32/lib/libesp_local_ctrl.a b/tools/sdk/esp32/lib/libesp_local_ctrl.a
index 983e2ed081b..590a46ec340 100644
Binary files a/tools/sdk/esp32/lib/libesp_local_ctrl.a and b/tools/sdk/esp32/lib/libesp_local_ctrl.a differ
diff --git a/tools/sdk/esp32/lib/libesp_netif.a b/tools/sdk/esp32/lib/libesp_netif.a
index 6b941906384..fcf901a746f 100644
Binary files a/tools/sdk/esp32/lib/libesp_netif.a and b/tools/sdk/esp32/lib/libesp_netif.a differ
diff --git a/tools/sdk/esp32/lib/libesp_phy.a b/tools/sdk/esp32/lib/libesp_phy.a
index dd1138cb8de..af4a0547aed 100644
Binary files a/tools/sdk/esp32/lib/libesp_phy.a and b/tools/sdk/esp32/lib/libesp_phy.a differ
diff --git a/tools/sdk/esp32/lib/libesp_rainmaker.a b/tools/sdk/esp32/lib/libesp_rainmaker.a
index af888d25957..0b91640b6e6 100644
Binary files a/tools/sdk/esp32/lib/libesp_rainmaker.a and b/tools/sdk/esp32/lib/libesp_rainmaker.a differ
diff --git a/tools/sdk/esp32/lib/libesp_ringbuf.a b/tools/sdk/esp32/lib/libesp_ringbuf.a
index 42663cd7224..d947bd41ab5 100644
Binary files a/tools/sdk/esp32/lib/libesp_ringbuf.a and b/tools/sdk/esp32/lib/libesp_ringbuf.a differ
diff --git a/tools/sdk/esp32/lib/libesp_system.a b/tools/sdk/esp32/lib/libesp_system.a
index 810a8211246..e869662e1e4 100644
Binary files a/tools/sdk/esp32/lib/libesp_system.a and b/tools/sdk/esp32/lib/libesp_system.a differ
diff --git a/tools/sdk/esp32/lib/libesp_timer.a b/tools/sdk/esp32/lib/libesp_timer.a
index 999bb0c058b..a3b72dfde04 100644
Binary files a/tools/sdk/esp32/lib/libesp_timer.a and b/tools/sdk/esp32/lib/libesp_timer.a differ
diff --git a/tools/sdk/esp32/lib/libesp_websocket_client.a b/tools/sdk/esp32/lib/libesp_websocket_client.a
index 0a1f7eba054..ffc4cbbd9ee 100644
Binary files a/tools/sdk/esp32/lib/libesp_websocket_client.a and b/tools/sdk/esp32/lib/libesp_websocket_client.a differ
diff --git a/tools/sdk/esp32/lib/libesp_wifi.a b/tools/sdk/esp32/lib/libesp_wifi.a
index b57b3e04190..c4481a39023 100644
Binary files a/tools/sdk/esp32/lib/libesp_wifi.a and b/tools/sdk/esp32/lib/libesp_wifi.a differ
diff --git a/tools/sdk/esp32/lib/libespnow.a b/tools/sdk/esp32/lib/libespnow.a
index 6dab6499704..6910a0c42a2 100644
Binary files a/tools/sdk/esp32/lib/libespnow.a and b/tools/sdk/esp32/lib/libespnow.a differ
diff --git a/tools/sdk/esp32/lib/libfatfs.a b/tools/sdk/esp32/lib/libfatfs.a
index 4c2b28a72d8..03e2ad810f0 100644
Binary files a/tools/sdk/esp32/lib/libfatfs.a and b/tools/sdk/esp32/lib/libfatfs.a differ
diff --git a/tools/sdk/esp32/lib/libfreemodbus.a b/tools/sdk/esp32/lib/libfreemodbus.a
index 16f353e99a0..7a3cfb26c96 100644
Binary files a/tools/sdk/esp32/lib/libfreemodbus.a and b/tools/sdk/esp32/lib/libfreemodbus.a differ
diff --git a/tools/sdk/esp32/lib/libfreertos.a b/tools/sdk/esp32/lib/libfreertos.a
index e1fdb49ee75..c4f2a792a96 100644
Binary files a/tools/sdk/esp32/lib/libfreertos.a and b/tools/sdk/esp32/lib/libfreertos.a differ
diff --git a/tools/sdk/esp32/lib/liblog.a b/tools/sdk/esp32/lib/liblog.a
index de0ba9d0ba9..52395e96f26 100644
Binary files a/tools/sdk/esp32/lib/liblog.a and b/tools/sdk/esp32/lib/liblog.a differ
diff --git a/tools/sdk/esp32/lib/liblwip.a b/tools/sdk/esp32/lib/liblwip.a
index 50171ac99d8..e69861ef6f8 100644
Binary files a/tools/sdk/esp32/lib/liblwip.a and b/tools/sdk/esp32/lib/liblwip.a differ
diff --git a/tools/sdk/esp32/lib/libmbedcrypto.a b/tools/sdk/esp32/lib/libmbedcrypto.a
index 0399e7a4be7..f7578aada94 100644
Binary files a/tools/sdk/esp32/lib/libmbedcrypto.a and b/tools/sdk/esp32/lib/libmbedcrypto.a differ
diff --git a/tools/sdk/esp32/lib/libmbedtls.a b/tools/sdk/esp32/lib/libmbedtls.a
index 05aa98586c4..d369ba61de7 100644
Binary files a/tools/sdk/esp32/lib/libmbedtls.a and b/tools/sdk/esp32/lib/libmbedtls.a differ
diff --git a/tools/sdk/esp32/lib/libmbedtls_2.a b/tools/sdk/esp32/lib/libmbedtls_2.a
index 69d9b7954b7..38b666ad3a8 100644
Binary files a/tools/sdk/esp32/lib/libmbedtls_2.a and b/tools/sdk/esp32/lib/libmbedtls_2.a differ
diff --git a/tools/sdk/esp32/lib/libmbedx509.a b/tools/sdk/esp32/lib/libmbedx509.a
index 4aa185e0cb6..8f0dc1fa2dc 100644
Binary files a/tools/sdk/esp32/lib/libmbedx509.a and b/tools/sdk/esp32/lib/libmbedx509.a differ
diff --git a/tools/sdk/esp32/lib/libmdns.a b/tools/sdk/esp32/lib/libmdns.a
index 011a8663fa1..d61c0886c54 100644
Binary files a/tools/sdk/esp32/lib/libmdns.a and b/tools/sdk/esp32/lib/libmdns.a differ
diff --git a/tools/sdk/esp32/lib/libmesh.a b/tools/sdk/esp32/lib/libmesh.a
index 000b0b3f541..19a26c19c0a 100644
Binary files a/tools/sdk/esp32/lib/libmesh.a and b/tools/sdk/esp32/lib/libmesh.a differ
diff --git a/tools/sdk/esp32/lib/libmqtt.a b/tools/sdk/esp32/lib/libmqtt.a
index 5a254cff8c9..31287669539 100644
Binary files a/tools/sdk/esp32/lib/libmqtt.a and b/tools/sdk/esp32/lib/libmqtt.a differ
diff --git a/tools/sdk/esp32/lib/libnet80211.a b/tools/sdk/esp32/lib/libnet80211.a
index 56ccdb6a705..a3a46d5b547 100644
Binary files a/tools/sdk/esp32/lib/libnet80211.a and b/tools/sdk/esp32/lib/libnet80211.a differ
diff --git a/tools/sdk/esp32/lib/libnewlib.a b/tools/sdk/esp32/lib/libnewlib.a
index f841bcfd8ea..c4570ff55c5 100644
Binary files a/tools/sdk/esp32/lib/libnewlib.a and b/tools/sdk/esp32/lib/libnewlib.a differ
diff --git a/tools/sdk/esp32/lib/libnvs_flash.a b/tools/sdk/esp32/lib/libnvs_flash.a
index 28a818db339..c8c1372e9a9 100644
Binary files a/tools/sdk/esp32/lib/libnvs_flash.a and b/tools/sdk/esp32/lib/libnvs_flash.a differ
diff --git a/tools/sdk/esp32/lib/libopenssl.a b/tools/sdk/esp32/lib/libopenssl.a
index 5c668bac5ce..21712389419 100644
Binary files a/tools/sdk/esp32/lib/libopenssl.a and b/tools/sdk/esp32/lib/libopenssl.a differ
diff --git a/tools/sdk/esp32/lib/libpp.a b/tools/sdk/esp32/lib/libpp.a
index 5fb11cfe5fa..b372ce87b48 100644
Binary files a/tools/sdk/esp32/lib/libpp.a and b/tools/sdk/esp32/lib/libpp.a differ
diff --git a/tools/sdk/esp32/lib/libprotocomm.a b/tools/sdk/esp32/lib/libprotocomm.a
index 7ffce654793..d6396bac4e9 100644
Binary files a/tools/sdk/esp32/lib/libprotocomm.a and b/tools/sdk/esp32/lib/libprotocomm.a differ
diff --git a/tools/sdk/esp32/lib/libpthread.a b/tools/sdk/esp32/lib/libpthread.a
index c9478bcb3c0..8084d3ad532 100644
Binary files a/tools/sdk/esp32/lib/libpthread.a and b/tools/sdk/esp32/lib/libpthread.a differ
diff --git a/tools/sdk/esp32/lib/librmaker_common.a b/tools/sdk/esp32/lib/librmaker_common.a
index a4ed58b9296..06bf60dfd20 100644
Binary files a/tools/sdk/esp32/lib/librmaker_common.a and b/tools/sdk/esp32/lib/librmaker_common.a differ
diff --git a/tools/sdk/esp32/lib/libsmartconfig.a b/tools/sdk/esp32/lib/libsmartconfig.a
index 9d49c7ab19c..4e05d64b69f 100644
Binary files a/tools/sdk/esp32/lib/libsmartconfig.a and b/tools/sdk/esp32/lib/libsmartconfig.a differ
diff --git a/tools/sdk/esp32/lib/libspiffs.a b/tools/sdk/esp32/lib/libspiffs.a
index 8519a6d40e9..4a1e0e81ec5 100644
Binary files a/tools/sdk/esp32/lib/libspiffs.a and b/tools/sdk/esp32/lib/libspiffs.a differ
diff --git a/tools/sdk/esp32/lib/libtcp_transport.a b/tools/sdk/esp32/lib/libtcp_transport.a
index 90e2904727f..a83b14ccf18 100644
Binary files a/tools/sdk/esp32/lib/libtcp_transport.a and b/tools/sdk/esp32/lib/libtcp_transport.a differ
diff --git a/tools/sdk/esp32/lib/libtcpip_adapter.a b/tools/sdk/esp32/lib/libtcpip_adapter.a
index d9c5462b8b4..b170ff2dc93 100644
Binary files a/tools/sdk/esp32/lib/libtcpip_adapter.a and b/tools/sdk/esp32/lib/libtcpip_adapter.a differ
diff --git a/tools/sdk/esp32/lib/libvfs.a b/tools/sdk/esp32/lib/libvfs.a
index 66b0a727791..f7520a4e337 100644
Binary files a/tools/sdk/esp32/lib/libvfs.a and b/tools/sdk/esp32/lib/libvfs.a differ
diff --git a/tools/sdk/esp32/lib/libwapi.a b/tools/sdk/esp32/lib/libwapi.a
index 70644fb6d60..6c57cba89d3 100644
Binary files a/tools/sdk/esp32/lib/libwapi.a and b/tools/sdk/esp32/lib/libwapi.a differ
diff --git a/tools/sdk/esp32/lib/libwifi_provisioning.a b/tools/sdk/esp32/lib/libwifi_provisioning.a
index a50a97a426f..c1dbabd352e 100644
Binary files a/tools/sdk/esp32/lib/libwifi_provisioning.a and b/tools/sdk/esp32/lib/libwifi_provisioning.a differ
diff --git a/tools/sdk/esp32/lib/libwpa_supplicant.a b/tools/sdk/esp32/lib/libwpa_supplicant.a
index da219aa6ecf..c2a021d22c0 100644
Binary files a/tools/sdk/esp32/lib/libwpa_supplicant.a and b/tools/sdk/esp32/lib/libwpa_supplicant.a differ
diff --git a/tools/sdk/esp32/lib/libxtensa.a b/tools/sdk/esp32/lib/libxtensa.a
index f42772f759d..73e0034e99a 100644
Binary files a/tools/sdk/esp32/lib/libxtensa.a and b/tools/sdk/esp32/lib/libxtensa.a differ
diff --git a/tools/sdk/esp32/qio_qspi/include/sdkconfig.h b/tools/sdk/esp32/qio_qspi/include/sdkconfig.h
index 561264e7465..45cc92cc9bc 100644
--- a/tools/sdk/esp32/qio_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32/qio_qspi/include/sdkconfig.h
@@ -61,6 +61,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -123,7 +124,7 @@
 #define CONFIG_BTDM_SCAN_DUPL_TYPE 0
 #define CONFIG_BTDM_SCAN_DUPL_CACHE_SIZE 20
 #define CONFIG_BTDM_BLE_MESH_SCAN_DUPL_EN 1
-#define CONFIG_BTDM_MESH_DUPL_SCAN_CACHE_SIZE 200
+#define CONFIG_BTDM_MESH_DUPL_SCAN_CACHE_SIZE 100
 #define CONFIG_BTDM_CTRL_FULL_SCAN_SUPPORTED 1
 #define CONFIG_BTDM_BLE_ADV_REPORT_FLOW_CTRL_SUPP 1
 #define CONFIG_BTDM_BLE_ADV_REPORT_FLOW_CTRL_NUM 100
@@ -747,5 +748,5 @@
 #define CONFIG_ULP_COPROC_ENABLED CONFIG_ESP32_ULP_COPROC_ENABLED
 #define CONFIG_ULP_COPROC_RESERVE_MEM CONFIG_ESP32_ULP_COPROC_RESERVE_MEM
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32/qio_qspi/libspi_flash.a b/tools/sdk/esp32/qio_qspi/libspi_flash.a
index e73b8d602e5..bba7f6cf4c0 100644
Binary files a/tools/sdk/esp32/qio_qspi/libspi_flash.a and b/tools/sdk/esp32/qio_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32/qout_qspi/include/sdkconfig.h b/tools/sdk/esp32/qout_qspi/include/sdkconfig.h
index 6ed98005ef2..fed472c37d5 100644
--- a/tools/sdk/esp32/qout_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32/qout_qspi/include/sdkconfig.h
@@ -61,6 +61,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -123,7 +124,7 @@
 #define CONFIG_BTDM_SCAN_DUPL_TYPE 0
 #define CONFIG_BTDM_SCAN_DUPL_CACHE_SIZE 20
 #define CONFIG_BTDM_BLE_MESH_SCAN_DUPL_EN 1
-#define CONFIG_BTDM_MESH_DUPL_SCAN_CACHE_SIZE 200
+#define CONFIG_BTDM_MESH_DUPL_SCAN_CACHE_SIZE 100
 #define CONFIG_BTDM_CTRL_FULL_SCAN_SUPPORTED 1
 #define CONFIG_BTDM_BLE_ADV_REPORT_FLOW_CTRL_SUPP 1
 #define CONFIG_BTDM_BLE_ADV_REPORT_FLOW_CTRL_NUM 100
@@ -747,5 +748,5 @@
 #define CONFIG_ULP_COPROC_ENABLED CONFIG_ESP32_ULP_COPROC_ENABLED
 #define CONFIG_ULP_COPROC_RESERVE_MEM CONFIG_ESP32_ULP_COPROC_RESERVE_MEM
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32/qout_qspi/libspi_flash.a b/tools/sdk/esp32/qout_qspi/libspi_flash.a
index 6f2204cb625..bb810a086ac 100644
Binary files a/tools/sdk/esp32/qout_qspi/libspi_flash.a and b/tools/sdk/esp32/qout_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32/sdkconfig b/tools/sdk/esp32/sdkconfig
index 310e260a3a2..06ff31681e0 100644
--- a/tools/sdk/esp32/sdkconfig
+++ b/tools/sdk/esp32/sdkconfig
@@ -163,6 +163,7 @@ CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD=0
 # CONFIG_ESP_RMAKER_SKIP_VERSION_CHECK is not set
 # CONFIG_ESP_RMAKER_SKIP_PROJECT_NAME_CHECK is not set
 CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE=1024
+CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD=90
 # end of ESP RainMaker OTA Config
 
 #
@@ -346,7 +347,7 @@ CONFIG_BTDM_SCAN_DUPL_TYPE_DEVICE=y
 CONFIG_BTDM_SCAN_DUPL_TYPE=0
 CONFIG_BTDM_SCAN_DUPL_CACHE_SIZE=20
 CONFIG_BTDM_BLE_MESH_SCAN_DUPL_EN=y
-CONFIG_BTDM_MESH_DUPL_SCAN_CACHE_SIZE=200
+CONFIG_BTDM_MESH_DUPL_SCAN_CACHE_SIZE=100
 CONFIG_BTDM_CTRL_FULL_SCAN_SUPPORTED=y
 CONFIG_BTDM_BLE_ADV_REPORT_FLOW_CTRL_SUPP=y
 CONFIG_BTDM_BLE_ADV_REPORT_FLOW_CTRL_NUM=100
@@ -1831,7 +1832,7 @@ CONFIG_SCAN_DUPLICATE_BY_DEVICE_ADDR=y
 CONFIG_SCAN_DUPLICATE_TYPE=0
 CONFIG_DUPLICATE_SCAN_CACHE_SIZE=20
 CONFIG_BLE_MESH_SCAN_DUPLICATE_EN=y
-CONFIG_MESH_DUPLICATE_SCAN_CACHE_SIZE=200
+CONFIG_MESH_DUPLICATE_SCAN_CACHE_SIZE=100
 CONFIG_BTDM_CONTROLLER_FULL_SCAN_SUPPORTED=y
 CONFIG_BLE_ADV_REPORT_FLOW_CONTROL_SUPPORTED=y
 CONFIG_BLE_ADV_REPORT_FLOW_CONTROL_NUM=100
diff --git a/tools/sdk/esp32c3/dio_qspi/include/sdkconfig.h b/tools/sdk/esp32c3/dio_qspi/include/sdkconfig.h
index 0e37b2c869a..756798521ca 100644
--- a/tools/sdk/esp32c3/dio_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32c3/dio_qspi/include/sdkconfig.h
@@ -64,6 +64,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -741,5 +742,5 @@
 #define CONFIG_TOOLPREFIX CONFIG_SDK_TOOLPREFIX
 #define CONFIG_UDP_RECVMBOX_SIZE CONFIG_LWIP_UDP_RECVMBOX_SIZE
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32c3/dio_qspi/libspi_flash.a b/tools/sdk/esp32c3/dio_qspi/libspi_flash.a
index 433ca380bc6..835d6b90c9d 100644
Binary files a/tools/sdk/esp32c3/dio_qspi/libspi_flash.a and b/tools/sdk/esp32c3/dio_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32c3/dout_qspi/include/sdkconfig.h b/tools/sdk/esp32c3/dout_qspi/include/sdkconfig.h
index b797228d5d2..bb74342c0d5 100644
--- a/tools/sdk/esp32c3/dout_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32c3/dout_qspi/include/sdkconfig.h
@@ -64,6 +64,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -741,5 +742,5 @@
 #define CONFIG_TOOLPREFIX CONFIG_SDK_TOOLPREFIX
 #define CONFIG_UDP_RECVMBOX_SIZE CONFIG_LWIP_UDP_RECVMBOX_SIZE
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32c3/dout_qspi/libspi_flash.a b/tools/sdk/esp32c3/dout_qspi/libspi_flash.a
index 30d0a9bade4..dea58cb4585 100644
Binary files a/tools/sdk/esp32c3/dout_qspi/libspi_flash.a and b/tools/sdk/esp32c3/dout_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32c3/include/app_update/include/esp_ota_ops.h b/tools/sdk/esp32c3/include/app_update/include/esp_ota_ops.h
index ba07c013d90..ece5275db3b 100644
--- a/tools/sdk/esp32c3/include/app_update/include/esp_ota_ops.h
+++ b/tools/sdk/esp32c3/include/app_update/include/esp_ota_ops.h
@@ -327,9 +327,9 @@ typedef enum {
 /**
  * @brief Revokes the old signature digest. To be called in the application after the rollback logic.
  *
- * Relevant for Secure boot v2 on ESP32-S2 where upto 3 key digests can be stored (Key #N-1, Key #N, Key #N+1).
- * When key #N-1 used to sign an app is invalidated, an OTA update is to be sent with an app signed with key #N-1 & Key #N.
- * After successfully booting the OTA app should call this function to revoke Key #N-1.
+ * Relevant for Secure boot v2 on ESP32-S2, ESP32-S3, ESP32-C3 where upto 3 key digests can be stored (Key \#N-1, Key \#N, Key \#N+1).
+ * When key \#N-1 used to sign an app is invalidated, an OTA update is to be sent with an app signed with key \#N-1 & Key \#N.
+ * After successfully booting the OTA app should call this function to revoke Key \#N-1.
  *
  * @param index - The index of the signature block to be revoked
  *
diff --git a/tools/sdk/esp32c3/include/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h b/tools/sdk/esp32c3/include/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
index dd48ab982dd..f81ad21800e 100644
--- a/tools/sdk/esp32c3/include/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
+++ b/tools/sdk/esp32c3/include/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
@@ -1455,7 +1455,7 @@ esp_err_t esp_ble_gap_config_local_privacy (bool privacy_enable);
  *
  *
  * @param[in]       icon   - External appearance value, these values are defined by the Bluetooth SIG, please refer to
- *                  https://www.bluetooth.com/specifications/gatt/viewer?attributeXmlFile=org.bluetooth.characteristic.gap.appearance.xml
+ *                  https://specificationrefs.bluetooth.com/assigned-values/Appearance%20Values.pdf
  *
  * @return
  *                  - ESP_OK : success
diff --git a/tools/sdk/esp32c3/include/bt/include/esp32c3/include/esp_bt.h b/tools/sdk/esp32c3/include/bt/include/esp32c3/include/esp_bt.h
index d62b7a4a949..2ec3064d6eb 100644
--- a/tools/sdk/esp32c3/include/bt/include/esp32c3/include/esp_bt.h
+++ b/tools/sdk/esp32c3/include/bt/include/esp32c3/include/esp_bt.h
@@ -337,6 +337,8 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg);
 
 /**
  * @brief  De-initialize BT controller to free resource and delete task.
+ *         You should stop advertising and scanning, as well as
+ *         disconnect all existing connections before de-initializing BT controller.
  *
  * This function should be called only once, after any other BT functions are called.
  * This function is not whole completed, esp_bt_controller_init cannot called after this function.
diff --git a/tools/sdk/esp32c3/include/driver/include/driver/gpio.h b/tools/sdk/esp32c3/include/driver/include/driver/gpio.h
index 77bb2dd78c0..b904def347b 100644
--- a/tools/sdk/esp32c3/include/driver/include/driver/gpio.h
+++ b/tools/sdk/esp32c3/include/driver/include/driver/gpio.h
@@ -97,9 +97,9 @@ esp_err_t gpio_set_intr_type(gpio_num_t gpio_num, gpio_int_type_t intr_type);
 /**
  * @brief  Enable GPIO module interrupt signal
  *
- * @note Please do not use the interrupt of GPIO36 and GPIO39 when using ADC or Wi-Fi and Bluetooth with sleep mode enabled.
+ * @note ESP32: Please do not use the interrupt of GPIO36 and GPIO39 when using ADC or Wi-Fi and Bluetooth with sleep mode enabled.
  *       Please refer to the comments of `adc1_get_raw`.
- *       Please refer to section 3.11 of 'ECO_and_Workarounds_for_Bugs_in_ESP32' for the description of this issue.
+ *       Please refer to Section 3.11 of <a href="https://espressif.com/documentation/eco_and_workarounds_for_bugs_in_esp32_en.pdf">ESP32 ECO and Workarounds for Bugs</a> for the description of this issue.
  *       As a workaround, call adc_power_acquire() in the app. This will result in higher power consumption (by ~1mA),
  *       but will remove the glitches on GPIO36 and GPIO39.
  *
@@ -169,7 +169,7 @@ esp_err_t gpio_set_direction(gpio_num_t gpio_num, gpio_mode_t mode);
 /**
  * @brief  Configure GPIO pull-up/pull-down resistors
  *
- * Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
+ * @note ESP32: Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
  *
  * @param  gpio_num GPIO number. If you want to set pull up or down mode for e.g. GPIO16, gpio_num should be GPIO_NUM_16 (16);
  * @param  pull GPIO pull up/down mode.
@@ -484,7 +484,7 @@ esp_err_t gpio_sleep_set_direction(gpio_num_t gpio_num, gpio_mode_t mode);
 /**
  * @brief  Configure GPIO pull-up/pull-down resistors at sleep
  *
- * Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
+ * @note ESP32: Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
  *
  * @param  gpio_num GPIO number. If you want to set pull up or down mode for e.g. GPIO16, gpio_num should be GPIO_NUM_16 (16);
  * @param  pull GPIO pull up/down mode.
diff --git a/tools/sdk/esp32c3/include/driver/include/driver/uart.h b/tools/sdk/esp32c3/include/driver/include/driver/uart.h
index 4524516338b..f0c2ae10132 100644
--- a/tools/sdk/esp32c3/include/driver/include/driver/uart.h
+++ b/tools/sdk/esp32c3/include/driver/include/driver/uart.h
@@ -594,6 +594,18 @@ esp_err_t uart_flush_input(uart_port_t uart_num);
  */
 esp_err_t uart_get_buffered_data_len(uart_port_t uart_num, size_t* size);
 
+/**
+ * @brief   UART get TX ring buffer free space size
+ *
+ * @param   uart_num UART port number, the max port number is (UART_NUM_MAX -1).
+ * @param   size Pointer of size_t to accept the free space size
+ *
+ * @return
+ *     - ESP_OK Success
+ *     - ESP_ERR_INVALID_ARG Parameter error
+ */
+esp_err_t uart_get_tx_buffer_free_size(uart_port_t uart_num, size_t *size);
+
 /**
  * @brief   UART disable pattern detect function.
  *          Designed for applications like 'AT commands'.
diff --git a/tools/sdk/esp32c3/include/esp32-camera/driver/include/esp_camera.h b/tools/sdk/esp32c3/include/esp32-camera/driver/include/esp_camera.h
index b6047d312ae..2025bb403a9 100755
--- a/tools/sdk/esp32c3/include/esp32-camera/driver/include/esp_camera.h
+++ b/tools/sdk/esp32c3/include/esp32-camera/driver/include/esp_camera.h
@@ -70,6 +70,7 @@
 #include "driver/ledc.h"
 #include "sensor.h"
 #include "sys/time.h"
+#include "sdkconfig.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -91,6 +92,19 @@ typedef enum {
     CAMERA_FB_IN_DRAM           /*!< Frame buffer is placed in internal DRAM */
 } camera_fb_location_t;
 
+#if CONFIG_CAMERA_CONVERTER_ENABLED
+/**
+ * @brief Camera RGB\YUV conversion mode
+ */
+typedef enum {
+    CONV_DISABLE,
+    RGB565_TO_YUV422,
+        
+    YUV422_TO_RGB565,
+    YUV422_TO_YUV420
+} camera_conv_mode_t;
+#endif
+
 /**
  * @brief Configuration structure for camera initialization
  */
@@ -124,6 +138,9 @@ typedef struct {
     size_t fb_count;                /*!< Number of frame buffers to be allocated. If more than one, then each frame will be acquired (double speed)  */
     camera_fb_location_t fb_location; /*!< The location where the frame buffer will be allocated */
     camera_grab_mode_t grab_mode;   /*!< When buffers should be filled */
+#if CONFIG_CAMERA_CONVERTER_ENABLED
+    camera_conv_mode_t conv_mode;   /*!< RGB<->YUV Conversion mode */
+#endif
 } camera_config_t;
 
 /**
diff --git a/tools/sdk/esp32c3/include/esp32-camera/driver/include/sensor.h b/tools/sdk/esp32c3/include/esp32-camera/driver/include/sensor.h
index c1b882acd21..d5ec7463fd3 100755
--- a/tools/sdk/esp32c3/include/esp32-camera/driver/include/sensor.h
+++ b/tools/sdk/esp32c3/include/esp32-camera/driver/include/sensor.h
@@ -69,6 +69,7 @@ typedef enum {
 typedef enum {
     PIXFORMAT_RGB565,    // 2BPP/RGB565
     PIXFORMAT_YUV422,    // 2BPP/YUV422
+    PIXFORMAT_YUV420,    // 1.5BPP/YUV420
     PIXFORMAT_GRAYSCALE, // 1BPP/GRAYSCALE
     PIXFORMAT_JPEG,      // JPEG/COMPRESSED
     PIXFORMAT_RGB888,    // 3BPP/RGB888
diff --git a/tools/sdk/esp32c3/include/esp_eth/include/esp_eth_mac.h b/tools/sdk/esp32c3/include/esp_eth/include/esp_eth_mac.h
index db462728a18..be23792d2d8 100644
--- a/tools/sdk/esp32c3/include/esp_eth/include/esp_eth_mac.h
+++ b/tools/sdk/esp32c3/include/esp_eth/include/esp_eth_mac.h
@@ -411,7 +411,7 @@ typedef struct {
 /**
 * @brief Create ESP32 Ethernet MAC instance
 *
-* @param config: Ethernet MAC configuration
+* @param config:       Ethernet MAC configuration
 *
 * @return
 *      - instance: create MAC instance successfully
diff --git a/tools/sdk/esp32c3/include/esp_https_server/include/esp_https_server.h b/tools/sdk/esp32c3/include/esp_https_server/include/esp_https_server.h
index efe726e9e70..75720bd1ce7 100644
--- a/tools/sdk/esp32c3/include/esp_https_server/include/esp_https_server.h
+++ b/tools/sdk/esp32c3/include/esp_https_server/include/esp_https_server.h
@@ -25,7 +25,7 @@ typedef enum {
  * @brief Callback data struct, contains the ESP-TLS connection handle
  */
 typedef struct esp_https_server_user_cb_arg {
-    const esp_tls_t *tls;
+    const esp_tls_t *tls;        /*!< ESP-TLS connection handle */
 } esp_https_server_user_cb_arg_t;
 
 /**
diff --git a/tools/sdk/esp32c3/include/esp_hw_support/include/esp_mac.h b/tools/sdk/esp32c3/include/esp_hw_support/include/esp_mac.h
index f0efddfc2f7..e700b72ffe0 100644
--- a/tools/sdk/esp32c3/include/esp_hw_support/include/esp_mac.h
+++ b/tools/sdk/esp32c3/include/esp_hw_support/include/esp_mac.h
@@ -139,7 +139,7 @@ esp_err_t esp_read_mac(uint8_t *mac, esp_mac_type_t type);
   * address, then the first octet is XORed with 0x4 in order to create a different
   * locally administered MAC address.
   *
-  * @param  mac base MAC address, length: 6 bytes/8 bytes.
+  * @param  local_mac base MAC address, length: 6 bytes/8 bytes.
   *         length: 6 bytes for MAC-48
   *                 8 bytes for EUI-64(used for IEEE 802.15.4)
   * @param  universal_mac  Source universal MAC address, length: 6 bytes.
diff --git a/tools/sdk/esp32c3/include/esp_lcd/include/esp_lcd_panel_io.h b/tools/sdk/esp32c3/include/esp_lcd/include/esp_lcd_panel_io.h
index 7b99bde3f17..57f27ac96aa 100644
--- a/tools/sdk/esp32c3/include/esp_lcd/include/esp_lcd_panel_io.h
+++ b/tools/sdk/esp32c3/include/esp_lcd/include/esp_lcd_panel_io.h
@@ -134,6 +134,10 @@ typedef struct {
  */
 esp_err_t esp_lcd_new_panel_io_spi(esp_lcd_spi_bus_handle_t bus, const esp_lcd_panel_io_spi_config_t *io_config, esp_lcd_panel_io_handle_t *ret_io);
 
+/**
+ * @brief Panel IO configuration structure, for I2C interface
+ *
+ */
 typedef struct {
     uint32_t dev_addr; /*!< I2C device address */
     esp_lcd_panel_io_color_trans_done_cb_t on_color_trans_done; /*!< Callback invoked when color data transfer has finished */
@@ -145,7 +149,7 @@ typedef struct {
     struct {
         unsigned int dc_low_on_data: 1;  /*!< If this flag is enabled, DC line = 0 means transfer data, DC line = 1 means transfer command; vice versa */
         unsigned int disable_control_phase: 1; /*!< If this flag is enabled, the control phase isn't used */
-    } flags;
+    } flags; /*!< Extra flags to fine-tune the I2C device */
 } esp_lcd_panel_io_i2c_config_t;
 
 /**
@@ -223,7 +227,7 @@ typedef struct {
         unsigned int swap_color_bytes: 1;   /*!< Swap adjacent two color bytes */
         unsigned int pclk_active_neg: 1;    /*!< The display will write data lines when there's a falling edge on WR signal (a.k.a the PCLK) */
         unsigned int pclk_idle_low: 1;      /*!< The WR signal (a.k.a the PCLK) stays at low level in IDLE phase */
-    } flags;
+    } flags;                                /*!< Panel IO config flags */
 } esp_lcd_panel_io_i80_config_t;
 
 /**
diff --git a/tools/sdk/esp32c3/include/esp_lcd/include/esp_lcd_panel_rgb.h b/tools/sdk/esp32c3/include/esp_lcd/include/esp_lcd_panel_rgb.h
index 95dfb6ba4fc..f821a758839 100644
--- a/tools/sdk/esp32c3/include/esp_lcd/include/esp_lcd_panel_rgb.h
+++ b/tools/sdk/esp32c3/include/esp_lcd/include/esp_lcd_panel_rgb.h
@@ -66,7 +66,7 @@ typedef struct {
         unsigned int de_idle_high: 1;    /*!< The de signal is high in IDLE state */
         unsigned int pclk_active_neg: 1; /*!< Whether the display data is clocked out at the falling edge of PCLK */
         unsigned int pclk_idle_high: 1;  /*!< The PCLK stays at high level in IDLE phase */
-    } flags;
+    } flags;                             /*!< LCD RGB timing flags */
 } esp_lcd_rgb_timing_t;
 
 /**
@@ -106,7 +106,7 @@ typedef struct {
         unsigned int disp_active_low: 1; /*!< If this flag is enabled, a low level of display control signal can turn the screen on; vice versa */
         unsigned int relax_on_idle: 1;   /*!< If this flag is enabled, the host won't refresh the LCD if nothing changed in host's frame buffer (this is usefull for LCD with built-in GRAM) */
         unsigned int fb_in_psram: 1;     /*!< If this flag is enabled, the frame buffer will be allocated from PSRAM preferentially */
-    } flags;
+    } flags;                             /*!< LCD RGB panel configuration flags */
 } esp_lcd_rgb_panel_config_t;
 
 /**
diff --git a/tools/sdk/esp32c3/include/esp_lcd/include/esp_lcd_panel_vendor.h b/tools/sdk/esp32c3/include/esp_lcd/include/esp_lcd_panel_vendor.h
index dde8be68d3b..2503adeb7ea 100644
--- a/tools/sdk/esp32c3/include/esp_lcd/include/esp_lcd_panel_vendor.h
+++ b/tools/sdk/esp32c3/include/esp_lcd/include/esp_lcd_panel_vendor.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -22,8 +22,8 @@ typedef struct {
     unsigned int bits_per_pixel;       /*!< Color depth, in bpp */
     struct {
         unsigned int reset_active_high: 1; /*!< Setting this if the panel reset is high level active */
-    } flags;
-    void *vendor_config; /* vendor specific configuration, optional, left as NULL if not used */
+    } flags;                               /*!< LCD panel config flags */
+    void *vendor_config; /*!< vendor specific configuration, optional, left as NULL if not used */
 } esp_lcd_panel_dev_config_t;
 
 /**
diff --git a/tools/sdk/esp32c3/include/esp_netif/include/esp_netif.h b/tools/sdk/esp32c3/include/esp_netif/include/esp_netif.h
index 92c937c1294..e248db0cb41 100644
--- a/tools/sdk/esp32c3/include/esp_netif/include/esp_netif.h
+++ b/tools/sdk/esp32c3/include/esp_netif/include/esp_netif.h
@@ -619,9 +619,10 @@ esp_err_t esp_netif_dhcps_stop(esp_netif_t *esp_netif);
  *
  *   If DHCP server is enabled, the Main DNS Server setting is used by the DHCP server to provide a DNS Server option
  *   to DHCP clients (Wi-Fi stations).
- *   - The default Main DNS server is typically the IP of the Wi-Fi AP interface itself.
+ *   - The default Main DNS server is typically the IP of the DHCP server itself.
  *   - This function can override it by setting server type ESP_NETIF_DNS_MAIN.
- *   - Other DNS Server types are not supported for the Wi-Fi AP interface.
+ *   - Other DNS Server types are not supported for the DHCP server.
+ *   - To propagate the DNS info to client, please stop the DHCP server before using this API.
  *
  * @param[in]  esp_netif Handle to esp-netif instance
  * @param[in]  type Type of DNS Server to set: ESP_NETIF_DNS_MAIN, ESP_NETIF_DNS_BACKUP, ESP_NETIF_DNS_FALLBACK
diff --git a/tools/sdk/esp32c3/include/esp_netif/include/esp_netif_ip_addr.h b/tools/sdk/esp32c3/include/esp_netif/include/esp_netif_ip_addr.h
index 25b877d359d..57f10999b31 100644
--- a/tools/sdk/esp32c3/include/esp_netif/include/esp_netif_ip_addr.h
+++ b/tools/sdk/esp32c3/include/esp_netif/include/esp_netif_ip_addr.h
@@ -81,25 +81,37 @@ extern "C" {
 #define ESP_IP4ADDR_INIT(a, b, c, d)  { .type = ESP_IPADDR_TYPE_V4, .u_addr = { .ip4 = { .addr = ESP_IP4TOADDR(a, b, c, d) }}};
 #define ESP_IP6ADDR_INIT(a, b, c, d)  { .type = ESP_IPADDR_TYPE_V6, .u_addr = { .ip6 = { .addr = { a, b, c, d }, .zone = 0 }}};
 
+/**
+ * @brief IPv6 address
+ *
+ */
 struct esp_ip6_addr {
-    uint32_t addr[4];
-    uint8_t zone;
+    uint32_t addr[4]; /*!< IPv6 address */
+    uint8_t zone;     /*!< zone ID */
 };
 
+/**
+ * @brief IPv4 address
+ *
+ */
 struct esp_ip4_addr {
-    uint32_t addr;
+    uint32_t addr;  /*!< IPv4 address */
 };
 
 typedef struct esp_ip4_addr esp_ip4_addr_t;
 
 typedef struct esp_ip6_addr esp_ip6_addr_t;
 
+/**
+ * @brief IP address
+ *
+ */
 typedef struct _ip_addr {
     union {
-        esp_ip6_addr_t ip6;
-        esp_ip4_addr_t ip4;
-    } u_addr;
-    uint8_t type;
+        esp_ip6_addr_t ip6; /*!< IPv6 address type */
+        esp_ip4_addr_t ip4; /*!< IPv4 address type */
+    } u_addr;               /*!< IP address union */
+    uint8_t type;           /*!< ipaddress type */
 } esp_ip_addr_t;
 
 typedef enum {
diff --git a/tools/sdk/esp32c3/include/esp_netif/include/esp_netif_types.h b/tools/sdk/esp32c3/include/esp_netif/include/esp_netif_types.h
index cc7a37b9c49..ee6b92a3b24 100644
--- a/tools/sdk/esp32c3/include/esp_netif/include/esp_netif_types.h
+++ b/tools/sdk/esp32c3/include/esp_netif/include/esp_netif_types.h
@@ -112,6 +112,11 @@ typedef struct {
     esp_ip6_addr_t ip; /**< Interface IPV6 address */
 } esp_netif_ip6_info_t;
 
+
+/**
+ * @brief Event structure for IP_EVENT_GOT_IP event
+ *
+ */
 typedef struct {
     int if_index;                    /*!< Interface index for which the event is received (left for legacy compilation) */
     esp_netif_t *esp_netif;          /*!< Pointer to corresponding esp-netif object */
@@ -164,6 +169,10 @@ typedef enum esp_netif_ip_event_type {
 //      3) network stack specific config (esp_netif_net_stack_ifconfig_t) -- no publicly available
 //
 
+/**
+ * @brief ESP-netif inherent config parameters
+ *
+ */
 typedef struct esp_netif_inherent_config {
     esp_netif_flags_t flags;         /*!< flags that define esp-netif behavior */
     uint8_t mac[6];                  /*!< initial mac address for this interface */
@@ -185,19 +194,23 @@ typedef struct esp_netif_config esp_netif_config_t;
  */
 typedef void * esp_netif_iodriver_handle;
 
+/**
+ * @brief ESP-netif driver base handle
+ *
+ */
 typedef struct esp_netif_driver_base_s {
-    esp_err_t (*post_attach)(esp_netif_t *netif, esp_netif_iodriver_handle h);
-    esp_netif_t *netif;
+    esp_err_t (*post_attach)(esp_netif_t *netif, esp_netif_iodriver_handle h); /*!< post attach function pointer */
+    esp_netif_t *netif; /*!< netif handle */
 } esp_netif_driver_base_t;
 
 /**
  * @brief  Specific IO driver configuration
  */
 struct esp_netif_driver_ifconfig {
-    esp_netif_iodriver_handle handle;
-    esp_err_t (*transmit)(void *h, void *buffer, size_t len);
-    esp_err_t (*transmit_wrap)(void *h, void *buffer, size_t len, void *netstack_buffer);
-    void (*driver_free_rx_buffer)(void *h, void* buffer);
+    esp_netif_iodriver_handle handle; /*!< io-driver handle */
+    esp_err_t (*transmit)(void *h, void *buffer, size_t len); /*!< transmit function pointer */
+    esp_err_t (*transmit_wrap)(void *h, void *buffer, size_t len, void *netstack_buffer); /*!< transmit wrap function pointer */
+    void (*driver_free_rx_buffer)(void *h, void* buffer); /*!< free rx buffer function pointer */
 };
 
 typedef struct esp_netif_driver_ifconfig esp_netif_driver_ifconfig_t;
@@ -212,9 +225,9 @@ typedef struct esp_netif_netstack_config esp_netif_netstack_config_t;
  * @brief  Generic esp_netif configuration
  */
 struct esp_netif_config {
-    const esp_netif_inherent_config_t *base;
-    const esp_netif_driver_ifconfig_t *driver;
-    const esp_netif_netstack_config_t *stack;
+    const esp_netif_inherent_config_t *base; /*!< base config */
+    const esp_netif_driver_ifconfig_t *driver; /*!< driver config */
+    const esp_netif_netstack_config_t *stack; /*!< stack config */
 };
 
 /**
diff --git a/tools/sdk/esp32c3/include/esp_phy/include/esp_phy_init.h b/tools/sdk/esp32c3/include/esp_phy/include/esp_phy_init.h
index ec682139506..efefd114d4f 100644
--- a/tools/sdk/esp32c3/include/esp_phy/include/esp_phy_init.h
+++ b/tools/sdk/esp32c3/include/esp_phy/include/esp_phy_init.h
@@ -14,7 +14,8 @@ extern "C" {
 #endif
 
 /**
- * @file PHY init parameters and API
+ * @file
+ *          init parameters and API
  */
 
 
@@ -34,6 +35,10 @@ typedef struct {
     uint8_t opaque[1894];                   /*!< calibration data */
 } esp_phy_calibration_data_t;
 
+/**
+ * @brief PHY calibration mode
+ *
+ */
 typedef enum {
     PHY_RF_CAL_PARTIAL = 0x00000000,        /*!< Do part of RF calibration. This should be used after power-on reset. */
     PHY_RF_CAL_NONE    = 0x00000001,        /*!< Don't do any RF calibration. This mode is only suggested to be used after deep sleep reset. */
@@ -223,6 +228,10 @@ int64_t esp_phy_rf_get_on_ts(void);
 
 /**
  * @brief Update the corresponding PHY init type according to the country code of Wi-Fi.
+ *
+ * @param country country code
+ * @return ESP_OK on success.
+ * @return esp_err_t code describing the error on fail
  */
 esp_err_t esp_phy_update_country_info(const char *country);
 
diff --git a/tools/sdk/esp32c3/include/esp_wifi/include/esp_now.h b/tools/sdk/esp32c3/include/esp_wifi/include/esp_now.h
index de41a879363..191d1d1ccec 100644
--- a/tools/sdk/esp32c3/include/esp_wifi/include/esp_now.h
+++ b/tools/sdk/esp32c3/include/esp_wifi/include/esp_now.h
@@ -1,16 +1,8 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #ifndef __ESP_NOW_H__
 #define __ESP_NOW_H__
@@ -190,7 +182,7 @@ esp_err_t esp_now_unregister_send_cb(void);
   *          - ESP_ERR_ESPNOW_NOT_INIT : ESPNOW is not initialized
   *          - ESP_ERR_ESPNOW_ARG : invalid argument
   *          - ESP_ERR_ESPNOW_INTERNAL : internal error
-  *          - ESP_ERR_ESPNOW_NO_MEM : out of memory
+  *          - ESP_ERR_ESPNOW_NO_MEM : out of memory, when this happens, you can delay a while before sending the next data
   *          - ESP_ERR_ESPNOW_NOT_FOUND : peer is not found
   *          - ESP_ERR_ESPNOW_IF : current WiFi interface doesn't match that of peer
   */
@@ -237,6 +229,20 @@ esp_err_t esp_now_del_peer(const uint8_t *peer_addr);
   */
 esp_err_t esp_now_mod_peer(const esp_now_peer_info_t *peer);
 
+/**
+  * @brief      Config ESPNOW rate of specified interface
+  *
+  * @attention  1. This API should be called after esp_wifi_start().
+  *
+  * @param      ifx  Interface to be configured.
+  * @param      rate Phy rate to be configured.
+  *
+  * @return
+  *    - ESP_OK: succeed
+  *    - others: failed
+  */
+esp_err_t esp_wifi_config_espnow_rate(wifi_interface_t ifx, wifi_phy_rate_t rate);
+
 /**
   * @brief     Get a peer whose MAC address matches peer_addr from peer list
   *
diff --git a/tools/sdk/esp32c3/include/esp_wifi/include/esp_private/wifi.h b/tools/sdk/esp32c3/include/esp_wifi/include/esp_private/wifi.h
index 957f68791bd..a2c763260e5 100644
--- a/tools/sdk/esp32c3/include/esp_wifi/include/esp_private/wifi.h
+++ b/tools/sdk/esp32c3/include/esp_wifi/include/esp_private/wifi.h
@@ -251,6 +251,7 @@ esp_err_t esp_wifi_internal_set_sta_ip(void);
   *
   * @attention 1. If fixed rate is enabled, both management and data frame are transmitted with fixed rate
   * @attention 2. Make sure that the receiver is able to receive the frame with the fixed rate if you want the frame to be received
+  * @attention 3. Not support to set fix rate for espnow and 80211_tx
   *
   * @param  ifx : wifi interface
   * @param  en : false - disable, true - enable
diff --git a/tools/sdk/esp32c3/include/esp_wifi/include/esp_wifi.h b/tools/sdk/esp32c3/include/esp_wifi/include/esp_wifi.h
index 3d62c5c297c..e06569dfc15 100644
--- a/tools/sdk/esp32c3/include/esp_wifi/include/esp_wifi.h
+++ b/tools/sdk/esp32c3/include/esp_wifi/include/esp_wifi.h
@@ -498,7 +498,7 @@ esp_err_t esp_wifi_get_ps(wifi_ps_type_t *type);
   * @brief     Set protocol type of specified interface
   *            The default protocol is (WIFI_PROTOCOL_11B|WIFI_PROTOCOL_11G|WIFI_PROTOCOL_11N)
   *
-  * @attention Currently we only support 802.11b or 802.11bg or 802.11bgn mode
+  * @attention Support 802.11b or 802.11bg or 802.11bgn or LR mode
   *
   * @param     ifx  interfaces
   * @param     protocol_bitmap  WiFi protocol bitmap
@@ -1210,20 +1210,6 @@ esp_err_t esp_wifi_ftm_resp_set_offset(int16_t offset_cm);
   */
 esp_err_t esp_wifi_config_11b_rate(wifi_interface_t ifx, bool disable);
 
-/**
-  * @brief      Config ESPNOW rate of specified interface
-  *
-  * @attention  1. This API should be called after esp_wifi_init() and before esp_wifi_start().
-  *
-  * @param      ifx  Interface to be configured.
-  * @param      rate Phy rate to be configured.
-  *
-  * @return
-  *    - ESP_OK: succeed
-  *    - others: failed
-  */
-esp_err_t esp_wifi_config_espnow_rate(wifi_interface_t ifx, wifi_phy_rate_t rate);
-
 /**
   * @brief      Set interval for station to wake up periodically at disconnected.
   *
diff --git a/tools/sdk/esp32c3/include/esp_wifi/include/esp_wifi_types.h b/tools/sdk/esp32c3/include/esp_wifi/include/esp_wifi_types.h
index 47f5c79281b..89020d4abbf 100644
--- a/tools/sdk/esp32c3/include/esp_wifi/include/esp_wifi_types.h
+++ b/tools/sdk/esp32c3/include/esp_wifi/include/esp_wifi_types.h
@@ -343,7 +343,7 @@ typedef struct {
     unsigned fec_coding:1;        /**< Flag is set for 11n packets which are LDPC */
     unsigned sgi:1;               /**< Short Guide Interval(SGI). 0: Long GI; 1: Short GI */
 #if CONFIG_IDF_TARGET_ESP32
-    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: 0.25dBm*/
+    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: dBm*/
 #elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C3
     unsigned :8;                  /**< reserved */
 #endif
@@ -356,14 +356,14 @@ typedef struct {
 #if CONFIG_IDF_TARGET_ESP32S2
     unsigned :32;                 /**< reserved */
 #elif CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C3
-    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: 0.25dBm*/
+    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: dBm*/
     unsigned :24;                 /**< reserved */
     unsigned :32;                 /**< reserved */
 #endif
     unsigned :31;                 /**< reserved */
     unsigned ant:1;               /**< antenna number from which this packet is received. 0: WiFi antenna 0; 1: WiFi antenna 1 */
 #if CONFIG_IDF_TARGET_ESP32S2
-    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: 0.25dBm*/
+    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: dBm*/
     unsigned :24;                 /**< reserved */
 #elif CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C3
     unsigned :32;                 /**< reserved */
diff --git a/tools/sdk/esp32c3/include/freertos/include/freertos/queue.h b/tools/sdk/esp32c3/include/freertos/include/freertos/queue.h
index 05ca7de4546..5070b76e79c 100644
--- a/tools/sdk/esp32c3/include/freertos/include/freertos/queue.h
+++ b/tools/sdk/esp32c3/include/freertos/include/freertos/queue.h
@@ -1398,9 +1398,6 @@ BaseType_t xQueueGenericSendFromISR( QueueHandle_t xQueue,
                                      const BaseType_t xCopyPosition ) PRIVILEGED_FUNCTION;
 BaseType_t xQueueGiveFromISR( QueueHandle_t xQueue,
                               BaseType_t * const pxHigherPriorityTaskWoken ) PRIVILEGED_FUNCTION;
-/**@}*/
-/** @endcond */
-
 /**
  * @cond !DOC_EXCLUDE_HEADER_SECTION
  * queue. h
diff --git a/tools/sdk/esp32c3/include/freertos/include/freertos/task.h b/tools/sdk/esp32c3/include/freertos/include/freertos/task.h
index 125a924d061..88b2730933d 100644
--- a/tools/sdk/esp32c3/include/freertos/include/freertos/task.h
+++ b/tools/sdk/esp32c3/include/freertos/include/freertos/task.h
@@ -392,7 +392,7 @@ typedef enum
  * example, to create a privileged task at priority 2 the uxPriority parameter
  * should be set to ( 2 | portPRIVILEGE_BIT ).
  *
- * @param pvCreatedTask Used to pass back a handle by which the created task
+ * @param pxCreatedTask Used to pass back a handle by which the created task
  * can be referenced.
  *
  * @return pdPASS if the task was successfully created and added to a ready
@@ -538,7 +538,7 @@ typedef enum
  *
  * @param uxPriority The priority at which the task will run.
  *
- * @param pxStackBuffer Must point to a StackType_t array that has at least
+ * @param puxStackBuffer Must point to a StackType_t array that has at least
  * ulStackDepth indexes - the array will then be used as the task's stack,
  * removing the need for the stack to be allocated dynamically.
  *
@@ -2368,7 +2368,7 @@ uint32_t ulTaskGetIdleRunTimeCounter( void ) PRIVILEGED_FUNCTION;
  * notification value at that index being updated.  ulValue is not used and
  * xTaskNotifyIndexed() always returns pdPASS in this case.
  *
- * pulPreviousNotificationValue -
+ * @param pulPreviousNotificationValue -
  * Can be used to pass out the subject task's notification value before any
  * bits are modified by the notify function.
  *
@@ -2532,6 +2532,10 @@ BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify,
  * requested from an ISR is dependent on the port - see the documentation page
  * for the port in use.
  *
+ * @param pulPreviousNotificationValue -
+ * Can be used to pass out the subject task's notification value before any
+ * bits are modified by the notify function.
+ *
  * @return Dependent on the value of eAction.  See the description of the
  * eAction parameter.
  *
@@ -2778,11 +2782,10 @@ BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWaitOn,
  * @endcond
  * \ingroup TaskNotifications
  */
-#define xTaskNotifyGive( xTaskToNotify ) \
-    xTaskGenericNotify( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( 0 ), eIncrement, NULL )
 #define xTaskNotifyGiveIndexed( xTaskToNotify, uxIndexToNotify ) \
     xTaskGenericNotify( ( xTaskToNotify ), ( uxIndexToNotify ), ( 0 ), eIncrement, NULL )
-
+#define xTaskNotifyGive( xTaskToNotify ) \
+    xTaskGenericNotify( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( 0 ), eIncrement, NULL )
 /**
  * @cond !DOC_EXCLUDE_HEADER_SECTION
  * task. h
diff --git a/tools/sdk/esp32c3/include/hal/esp32c3/include/hal/clk_gate_ll.h b/tools/sdk/esp32c3/include/hal/esp32c3/include/hal/clk_gate_ll.h
index f7382650d5a..b90813919fa 100644
--- a/tools/sdk/esp32c3/include/hal/esp32c3/include/hal/clk_gate_ll.h
+++ b/tools/sdk/esp32c3/include/hal/esp32c3/include/hal/clk_gate_ll.h
@@ -97,6 +97,8 @@ static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool en
         return SYSTEM_RMT_RST;
     case PERIPH_LEDC_MODULE:
         return SYSTEM_LEDC_RST;
+    case PERIPH_BT_MODULE:
+        return  (SYSTEM_BTBB_RST | SYSTEM_BTBB_REG_RST | SYSTEM_RW_BTMAC_RST | SYSTEM_RW_BTLP_RST | SYSTEM_RW_BTMAC_REG_RST | SYSTEM_RW_BTLP_REG_RST);
     case PERIPH_UART0_MODULE:
         return SYSTEM_UART_RST;
     case PERIPH_UART1_MODULE:
diff --git a/tools/sdk/esp32c3/include/hal/include/hal/adc_types.h b/tools/sdk/esp32c3/include/hal/include/hal/adc_types.h
index f5efb1d4273..dc07531e0b9 100644
--- a/tools/sdk/esp32c3/include/hal/include/hal/adc_types.h
+++ b/tools/sdk/esp32c3/include/hal/include/hal/adc_types.h
@@ -121,7 +121,7 @@ typedef struct {
         struct {
             uint16_t data:     12;  /*!<ADC real output data info. Resolution: 12 bit. */
             uint16_t channel:   4;  /*!<ADC channel index info. */
-        } type1;
+        } type1;                    /*!<ADC type1 */
         struct {
             uint16_t data:     11;  /*!<ADC real output data info. Resolution: 11 bit. */
             uint16_t channel:   4;  /*!<ADC channel index info. For ESP32-S2:
diff --git a/tools/sdk/esp32c3/include/lwip/include/apps/ping/ping_sock.h b/tools/sdk/esp32c3/include/lwip/include/apps/ping/ping_sock.h
index 57938480d54..fb946f7e162 100644
--- a/tools/sdk/esp32c3/include/lwip/include/apps/ping/ping_sock.h
+++ b/tools/sdk/esp32c3/include/lwip/include/apps/ping/ping_sock.h
@@ -67,7 +67,8 @@ typedef struct {
     uint32_t interval_ms;     /*!< Milliseconds between each ping procedure */
     uint32_t timeout_ms;      /*!< Timeout value (in milliseconds) of each ping procedure */
     uint32_t data_size;       /*!< Size of the data next to ICMP packet header */
-    uint8_t tos;              /*!< Type of Service, a field specified in the IP header */
+    int tos;                  /*!< Type of Service, a field specified in the IP header */
+    int ttl;                  /*!< Time to Live,a field specified in the IP header */
     ip_addr_t target_addr;    /*!< Target IP address, either IPv4 or IPv6 */
     uint32_t task_stack_size; /*!< Stack size of internal ping task */
     uint32_t task_prio;       /*!< Priority of internal ping task */
@@ -85,6 +86,7 @@ typedef struct {
         .timeout_ms = 1000,              \
         .data_size = 64,                 \
         .tos = 0,                        \
+        .ttl = IP_DEFAULT_TTL,           \
         .target_addr = *(IP_ANY_TYPE),   \
         .task_stack_size = 2048,         \
         .task_prio = 2,                  \
@@ -99,6 +101,7 @@ typedef struct {
 */
 typedef enum {
     ESP_PING_PROF_SEQNO,   /*!< Sequence number of a ping procedure */
+    ESP_PING_PROF_TOS,     /*!< Type of service of a ping procedure */
     ESP_PING_PROF_TTL,     /*!< Time to live of a ping procedure */
     ESP_PING_PROF_REQUEST, /*!< Number of request packets sent out */
     ESP_PING_PROF_REPLY,   /*!< Number of reply packets received */
diff --git a/tools/sdk/esp32c3/include/lwip/port/esp32/include/arch/cc.h b/tools/sdk/esp32c3/include/lwip/port/esp32/include/arch/cc.h
index f17c49783a5..8f0ffa60e33 100644
--- a/tools/sdk/esp32c3/include/lwip/port/esp32/include/arch/cc.h
+++ b/tools/sdk/esp32c3/include/lwip/port/esp32/include/arch/cc.h
@@ -79,7 +79,15 @@ typedef int sys_prot_t;
 
 #include <stdio.h>
 
+#ifdef CONFIG_LWIP_DEBUG_ESP_LOG
+// lwip debugs routed to ESP_LOGD
+#include "esp_log.h"
+#define LWIP_ESP_LOG_FUNC(format, ...) ESP_LOG_LEVEL(ESP_LOG_DEBUG, "lwip", format, ##__VA_ARGS__)
+#define LWIP_PLATFORM_DIAG(x) LWIP_ESP_LOG_FUNC x
+#else
+// lwip debugs routed to printf
 #define LWIP_PLATFORM_DIAG(x)   do {printf x;} while(0)
+#endif
 
 #ifdef NDEBUG
 
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/aes.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/aes.h
index e280dbb1c66..401ac39de87 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/aes.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/aes.h
@@ -564,7 +564,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
  *             for example, with 96-bit random nonces, you should not encrypt
  *             more than 2**32 messages with the same key.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that an AES block is 16 bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/aria.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/aria.h
index 226e2dbf3c8..d294c47f2d9 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/aria.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/aria.h
@@ -44,7 +44,7 @@
 #define MBEDTLS_ARIA_DECRYPT     0 /**< ARIA decryption. */
 
 #define MBEDTLS_ARIA_BLOCKSIZE   16 /**< ARIA block size in bytes. */
-#define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maxiumum number of rounds in ARIA. */
+#define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maximum number of rounds in ARIA. */
 #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -321,7 +321,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
  *             for example, with 96-bit random nonces, you should not encrypt
  *             more than 2**32 messages with the same key.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that an ARIA block is 16 bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/asn1.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/asn1.h
index 10f7905b7e6..5117fc7a418 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/asn1.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/asn1.h
@@ -61,7 +61,7 @@
 /** Buffer too small when writing ASN.1 data structure. */
 #define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C
 
-/* \} name */
+/** \} name ASN1 Error codes */
 
 /**
  * \name DER constants
@@ -121,8 +121,7 @@
 #define MBEDTLS_ASN1_TAG_PC_MASK             0x20
 #define MBEDTLS_ASN1_TAG_VALUE_MASK          0x1F
 
-/* \} name */
-/* \} addtogroup asn1_module */
+/** \} name DER constants */
 
 /** Returns the size of the binary string, without the trailing \\0 */
 #define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
@@ -210,7 +209,7 @@ mbedtls_asn1_named_data;
  * \return      0 if successful.
  * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
  *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
  */
 int mbedtls_asn1_get_len( unsigned char **p,
                           const unsigned char *end,
@@ -235,7 +234,7 @@ int mbedtls_asn1_get_len( unsigned char **p,
  *              with the requested tag.
  * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
  *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
  */
 int mbedtls_asn1_get_tag( unsigned char **p,
                           const unsigned char *end,
@@ -607,6 +606,9 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
  */
 void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
 
+/** \} name Functions to parse ASN.1 data structures */
+/** \} addtogroup asn1_module */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/bignum.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/bignum.h
index 4de452980b8..c71a1d40227 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/bignum.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/bignum.h
@@ -991,7 +991,7 @@ MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
  *                 generate yourself and that are supposed to be prime, then
  *                 \p rounds should be at least the half of the security
  *                 strength of the cryptographic algorithm. On the other hand,
- *                 if \p X is chosen uniformly or non-adversially (as is the
+ *                 if \p X is chosen uniformly or non-adversarially (as is the
  *                 case when mbedtls_mpi_gen_prime calls this function), then
  *                 \p rounds can be much lower.
  *
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/blowfish.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/blowfish.h
index 77dca70d314..d5f809921fa 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/blowfish.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/blowfish.h
@@ -185,7 +185,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
  *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
  *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
  * \param length   The length of the input data in Bytes.
- * \param iv_off   The offset in the initialiation vector.
+ * \param iv_off   The offset in the initialization vector.
  *                 The value pointed to must be smaller than \c 8 Bytes.
  *                 It is updated by this function to support the aforementioned
  *                 streaming usage.
@@ -246,7 +246,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
  *             The recommended way to ensure uniqueness is to use a message
  *             counter.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that a Blowfish block is 8 bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/camellia.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/camellia.h
index 925a623e47e..d39d932fa2c 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/camellia.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/camellia.h
@@ -273,7 +273,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
  *             encrypted: for example, with 96-bit random nonces, you should
  *             not encrypt more than 2**32 messages with the same key.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that a CAMELLIA block is \c 16 Bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h
index c4ec7b5f2a9..ed568bc98b7 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h
@@ -161,7 +161,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
  * \param ctx       The ChaCha20-Poly1305 context. This must be initialized
  *                  and bound to a key.
  * \param nonce     The nonce/IV to use for the message.
- *                  This must be a redable buffer of length \c 12 Bytes.
+ *                  This must be a readable buffer of length \c 12 Bytes.
  * \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
  *                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
  *
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/check_config.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/check_config.h
index 396fe7dfc2b..be5c548e561 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/check_config.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/check_config.h
@@ -173,7 +173,11 @@
 #endif
 
 #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
@@ -214,11 +218,32 @@
 #error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
 #endif
 
+#if defined(MBEDTLS_CCM_C) && (                                        \
+    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+#error "MBEDTLS_CCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CCM_C) && !defined(MBEDTLS_CIPHER_C)
+#error "MBEDTLS_CCM_C defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_GCM_C) && (                                        \
-        !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+#error "MBEDTLS_GCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CIPHER_C)
 #error "MBEDTLS_GCM_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C)
+#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_POLY1305_C)
+#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
 #error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
 #endif
@@ -338,11 +363,11 @@
 #endif
 
 #if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
@@ -619,6 +644,18 @@
 #error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
 #endif
 
+#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) && \
+    !defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_ECDSA_C)
+#error "MBEDTLS_PK_C in configuration with MBEDTLS_USE_PSA_CRYPTO and \
+        MBEDTLS_ECDSA_C requires MBEDTLS_PK_WRITE_C to be defined."
+#endif
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) && \
+    !defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PSA_CRYPTO_C)
+#error "MBEDTLS_PSA_CRYPTO_C, MBEDTLS_RSA_C and  MBEDTLS_PKCS1_V15 defined, \
+        but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
     !defined(MBEDTLS_OID_C) )
 #error "MBEDTLS_RSA_C defined, but not all prerequisites"
@@ -761,14 +798,14 @@
     !defined(MBEDTLS_SSL_PROTO_TLS1)   &&      \
     !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
     !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
     !defined(MBEDTLS_SSL_PROTO_TLS1)   &&          \
     !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&          \
     !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/config.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/config.h
index 87b4e9192e7..1cd6eb66348 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/config.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/config.h
@@ -128,7 +128,12 @@
  * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
  * MBEDTLS_PLATFORM_STD_TIME.
  *
- * Comment if your system does not support time functions
+ * Comment if your system does not support time functions.
+ *
+ * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
+ *       interface - timing.c will include time.h on suitable platforms
+ *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
  */
 #define MBEDTLS_HAVE_TIME
 
@@ -321,7 +326,7 @@
  */
 //#define MBEDTLS_CHECK_PARAMS_ASSERT
 
-/* \} name SECTION: System support */
+/** \} name SECTION: System support */
 
 /**
  * \name SECTION: mbed TLS feature support
@@ -395,7 +400,7 @@
 //#define MBEDTLS_XTEA_ALT
 
 /*
- * When replacing the elliptic curve module, pleace consider, that it is
+ * When replacing the elliptic curve module, please consider, that it is
  * implemented with two .c files:
  *      - ecp.c
  *      - ecp_curves.c
@@ -1493,7 +1498,7 @@
  * Enable an implementation of SHA-256 that has lower ROM footprint but also
  * lower performance.
  *
- * The default implementation is meant to be a reasonnable compromise between
+ * The default implementation is meant to be a reasonable compromise between
  * performance and size. This version optimizes more aggressively for size at
  * the expense of performance. Eg on Cortex-M4 it reduces the size of
  * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
@@ -1658,7 +1663,7 @@
  * Enable support for RFC 7627: Session Hash and Extended Master Secret
  * Extension.
  *
- * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * This was introduced as "the proper fix" to the Triple Handshake family of
  * attacks, but it is recommended to always use it (even if you disable
  * renegotiation), since it actually fixes a more fundamental issue in the
  * original SSL/TLS design, and has implications beyond Triple Handshake.
@@ -1704,7 +1709,7 @@
  * \note This option has no influence on the protection against the
  *       triple handshake attack. Even if it is disabled, Mbed TLS will
  *       still ensure that certificates do not change during renegotiation,
- *       for exaple by keeping a hash of the peer's certificate.
+ *       for example by keeping a hash of the peer's certificate.
  *
  * Comment this macro to disable storing the peer's certificate
  * after the handshake.
@@ -1909,7 +1914,7 @@
  * unless you know for sure amplification cannot be a problem in the
  * environment in which your server operates.
  *
- * \warning Disabling this can ba a security risk! (see above)
+ * \warning Disabling this can be a security risk! (see above)
  *
  * Requires: MBEDTLS_SSL_PROTO_DTLS
  *
@@ -2162,8 +2167,19 @@
  * This setting allows support for cryptographic mechanisms through the PSA
  * API to be configured separately from support through the mbedtls API.
  *
- * Uncomment this to enable use of PSA Crypto configuration settings which
- * can be found in include/psa/crypto_config.h.
+ * When this option is disabled, the PSA API exposes the cryptographic
+ * mechanisms that can be implemented on top of the `mbedtls_xxx` API
+ * configured with `MBEDTLS_XXX` symbols.
+ *
+ * When this option is enabled, the PSA API exposes the cryptographic
+ * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
+ * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
+ * automatically enabled if required (i.e. if no PSA driver provides the
+ * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
+ * in config.h.
+ *
+ * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
+ * an alternative header to include instead of include/psa/crypto_config.h.
  *
  * If you enable this option and write your own configuration file, you must
  * include mbedtls/config_psa.h in your configuration file. The default
@@ -2289,7 +2305,7 @@
  * Uncomment to enable use of ZLIB
  */
 //#define MBEDTLS_ZLIB_SUPPORT
-/* \} name SECTION: mbed TLS feature support */
+/** \} name SECTION: mbed TLS feature support */
 
 /**
  * \name SECTION: mbed TLS modules
@@ -2902,7 +2918,7 @@
  *
  * Requires: MBEDTLS_MD_C
  *
- * Uncomment to enable the HMAC_DRBG random number geerator.
+ * Uncomment to enable the HMAC_DRBG random number generator.
  */
 #define MBEDTLS_HMAC_DRBG_C
 
@@ -3096,7 +3112,7 @@
 /**
  * \def MBEDTLS_PK_C
  *
- * Enable the generic public (asymetric) key layer.
+ * Enable the generic public (asymmetric) key layer.
  *
  * Module:  library/pk.c
  * Caller:  library/ssl_tls.c
@@ -3112,7 +3128,7 @@
 /**
  * \def MBEDTLS_PK_PARSE_C
  *
- * Enable the generic public (asymetric) key parser.
+ * Enable the generic public (asymmetric) key parser.
  *
  * Module:  library/pkparse.c
  * Caller:  library/x509_crt.c
@@ -3127,7 +3143,7 @@
 /**
  * \def MBEDTLS_PK_WRITE_C
  *
- * Enable the generic public (asymetric) key writer.
+ * Enable the generic public (asymmetric) key writer.
  *
  * Module:  library/pkwrite.c
  * Caller:  library/x509write.c
@@ -3466,6 +3482,10 @@
  * your own implementation of the whole module by setting
  * \c MBEDTLS_TIMING_ALT in the current file.
  *
+ * \note The timing module will include time.h on suitable platforms
+ *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
+ *
  * \note See also our Knowledge Base article about porting to a new
  * environment:
  * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
@@ -3598,7 +3618,88 @@
  */
 #define MBEDTLS_XTEA_C
 
-/* \} name SECTION: mbed TLS modules */
+/** \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: General configuration options
+ *
+ * This section contains Mbed TLS build settings that are not associated
+ * with a particular module.
+ *
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"mbedtls/config.h"`.
+ * This header file specifies the compile-time configuration of Mbed TLS.
+ * Unlike other configuration options, this one must be defined on the
+ * compiler command line: a definition in `config.h` would have no effect.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_CONFIG_FILE "mbedtls/config.h"
+
+/**
+ * \def MBEDTLS_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"mbedtls/config.h"` or #MBEDTLS_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_config.h"`.
+ * This header file specifies which cryptographic mechanisms are available
+ * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
+ * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
+
+/** \} name SECTION: General configuration options */
 
 /**
  * \name SECTION: Module configuration options
@@ -3609,11 +3710,15 @@
  *
  * Our advice is to enable options and change their values here
  * only if you have a good reason and know the consequences.
- *
- * Please check the respective header file for documentation on these
- * parameters (to prevent duplicate documentation).
  * \{
  */
+/* The Doxygen documentation here is used when a user comments out a
+ * setting and runs doxygen themselves. On the other hand, when we typeset
+ * the full documentation including disabled settings, the documentation
+ * in specific modules' header files is used if present. When editing this
+ * file, make sure that each option is documented in exactly one place,
+ * plus optionally a same-line Doxygen comment here if there is a Doxygen
+ * comment in the specific module. */
 
 /* MPI / BIGNUM options */
 //#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum window size used. */
@@ -4002,7 +4107,7 @@
  */
 //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
 
-/* \} name SECTION: Customisation configuration options */
+/** \} name SECTION: Module configuration options */
 
 /* Target and application specific configurations
  *
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/config_psa.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/config_psa.h
index 189f6c21734..1bf750ad5ee 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/config_psa.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/config_psa.h
@@ -31,9 +31,17 @@
 #define MBEDTLS_CONFIG_PSA_H
 
 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+#else
 #include "psa/crypto_config.h"
+#endif
 #endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
 
+#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -264,7 +272,6 @@ extern "C" {
 #if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
     (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
     (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
-    (defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \
     defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
     (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
      !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
@@ -393,15 +400,8 @@ extern "C" {
 #endif
 #endif /* PSA_WANT_ALG_OFB */
 
-#if defined(PSA_WANT_ALG_XTS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define MBEDTLS_CIPHER_MODE_XTS
-#endif
-#endif /* PSA_WANT_ALG_XTS */
-
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING) &&     \
+    !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
 #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
 #endif
 
@@ -483,7 +483,7 @@ extern "C" {
 #if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
 /*
  * Curve448 is not yet supported via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/4249).
+ * (https://github.com/Mbed-TLS/mbedtls/issues/4249).
  */
 #error "Curve448 is not yet supported via the PSA API in Mbed TLS."
 #define MBEDTLS_ECP_DP_CURVE448_ENABLED
@@ -537,7 +537,7 @@ extern "C" {
 #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
 /*
  * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541).
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541).
  */
 #error "SECP224K1 is buggy via the PSA API in Mbed TLS."
 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
@@ -751,11 +751,6 @@ extern "C" {
 #define PSA_WANT_ALG_OFB 1
 #endif
 
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define PSA_WANT_ALG_XTS 1
-#endif
-
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256
@@ -776,7 +771,7 @@ extern "C" {
 #define PSA_WANT_ECC_MONTGOMERY_255
 #endif
 
-/* Curve448 is not yet supported via the PSA API (https://github.com/ARMmbed/mbedtls/issues/4249) */
+/* Curve448 is not yet supported via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/4249) */
 #if 0 && defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
 #define PSA_WANT_ECC_MONTGOMERY_448
@@ -812,7 +807,7 @@ extern "C" {
 #define PSA_WANT_ECC_SECP_K1_192
 #endif
 
-/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
+/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
 #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
 #define PSA_WANT_ECC_SECP_K1_224
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
index dc4adc896d4..e68237a439a 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
@@ -138,7 +138,7 @@
 /**< The maximum size of seed or reseed buffer in bytes. */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #define MBEDTLS_CTR_DRBG_PR_OFF             0
 /**< Prediction resistance is disabled. */
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/debug.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/debug.h
index 3c08244f3da..4fc4662d9ab 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/debug.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/debug.h
@@ -139,7 +139,7 @@ extern "C" {
  *          discarded.
  *          (Default value: 0 = No debug )
  *
- * \param threshold     theshold level of messages to filter on. Messages at a
+ * \param threshold     threshold level of messages to filter on. Messages at a
  *                      higher level will be discarded.
  *                          - Debug levels
  *                              - 0 No debug
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h
index 891705d8c4f..3564ff8dd3e 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h
@@ -68,7 +68,7 @@ typedef enum {
  * (KeyExchange) as defined by the Thread spec.
  *
  * In order to benefit from this symmetry, we choose a different naming
- * convetion from the Thread v1.0 spec. Correspondance is indicated in the
+ * convention from the Thread v1.0 spec. Correspondence is indicated in the
  * description as a pair C: client name, S: server name
  */
 typedef struct mbedtls_ecjpake_context
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ecp.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ecp.h
index 0924341e002..64a0bccda05 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ecp.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ecp.h
@@ -315,7 +315,7 @@ mbedtls_ecp_group;
 #if !defined(MBEDTLS_ECP_WINDOW_SIZE)
 /*
  * Maximum "window" size used for point multiplication.
- * Default: a point where higher memory usage yields disminishing performance
+ * Default: a point where higher memory usage yields diminishing performance
  *          returns.
  * Minimum value: 2. Maximum value: 7.
  *
@@ -351,7 +351,7 @@ mbedtls_ecp_group;
 #define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up. */
 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #else  /* MBEDTLS_ECP_ALT */
 #include "ecp_alt.h"
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/entropy.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/entropy.h
index deb3c50300b..40259ebc8a1 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/entropy.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/entropy.h
@@ -75,7 +75,7 @@
 #define MBEDTLS_ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
 #define MBEDTLS_ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/hkdf.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/hkdf.h
index 223004b8ede..111d960e568 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/hkdf.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/hkdf.h
@@ -39,7 +39,7 @@
  */
 /** Bad input parameters to function. */
 #define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA  -0x5F80
-/* \} name */
+/** \} name */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
index 79132d4d910..6d372b9788e 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
@@ -74,7 +74,7 @@
 #define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT    384     /**< Maximum size of (re)seed buffer */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #define MBEDTLS_HMAC_DRBG_PR_OFF   0   /**< No prediction resistance       */
 #define MBEDTLS_HMAC_DRBG_PR_ON    1   /**< Prediction resistance enabled  */
@@ -207,7 +207,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
                     size_t len );
 
 /**
- * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
+ * \brief               Initialisation of simplified HMAC_DRBG (never reseeds).
  *
  * This function is meant for use in algorithms that need a pseudorandom
  * input such as deterministic ECDSA.
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
index 233977252a3..3954b36ab56 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
@@ -42,7 +42,7 @@
 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE       4 /**< Align on multiples of this value */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #define MBEDTLS_MEMORY_VERIFY_NONE         0
 #define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/oid.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/oid.h
index 1c39186a491..01862178044 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/oid.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/oid.h
@@ -143,7 +143,7 @@
 #define MBEDTLS_OID_AT_GIVEN_NAME               MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
 #define MBEDTLS_OID_AT_INITIALS                 MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
 #define MBEDTLS_OID_AT_GENERATION_QUALIFIER     MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
+#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */
 #define MBEDTLS_OID_AT_DN_QUALIFIER             MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
 #define MBEDTLS_OID_AT_PSEUDONYM                MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
 
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/pem.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/pem.h
index dfb4ff218e6..daa71c886ba 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/pem.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/pem.h
@@ -54,7 +54,7 @@
 #define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400
 /** Bad input parameters to function. */
 #define MBEDTLS_ERR_PEM_BAD_INPUT_DATA                    -0x1480
-/* \} name */
+/** \} name PEM Error codes */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/pk.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/pk.h
index 8f2abf2a608..c9a13f484ed 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/pk.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/pk.h
@@ -217,32 +217,6 @@ typedef struct
 typedef void mbedtls_pk_restart_ctx;
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 
-#if defined(MBEDTLS_RSA_C)
-/**
- * Quick access to an RSA context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an RSA context
- * before using this function!
- */
-static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
-{
-    return( (mbedtls_rsa_context *) (pk).pk_ctx );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * Quick access to an EC context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an EC context
- * before using this function!
- */
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
-{
-    return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
-}
-#endif /* MBEDTLS_ECP_C */
-
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /**
  * \brief           Types for RSA-alt abstraction
@@ -656,6 +630,55 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
  */
 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
 
+#if defined(MBEDTLS_RSA_C)
+/**
+ * Quick access to an RSA context inside a PK context.
+ *
+ * \warning This function can only be used when the type of the context, as
+ * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_RSA.
+ * Ensuring that is the caller's responsibility.
+ * Alternatively, you can check whether this function returns NULL.
+ *
+ * \return The internal RSA context held by the PK context, or NULL.
+ */
+static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
+{
+    switch( mbedtls_pk_get_type( &pk ) )
+    {
+        case MBEDTLS_PK_RSA:
+            return( (mbedtls_rsa_context *) (pk).pk_ctx );
+        default:
+            return( NULL );
+    }
+}
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * Quick access to an EC context inside a PK context.
+ *
+ * \warning This function can only be used when the type of the context, as
+ * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_ECKEY,
+ * #MBEDTLS_PK_ECKEY_DH, or #MBEDTLS_PK_ECDSA.
+ * Ensuring that is the caller's responsibility.
+ * Alternatively, you can check whether this function returns NULL.
+ *
+ * \return The internal EC context held by the PK context, or NULL.
+ */
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
+{
+    switch( mbedtls_pk_get_type( &pk ) )
+    {
+        case MBEDTLS_PK_ECKEY:
+        case MBEDTLS_PK_ECKEY_DH:
+        case MBEDTLS_PK_ECDSA:
+            return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
+        default:
+            return( NULL );
+    }
+}
+#endif /* MBEDTLS_ECP_C */
+
 #if defined(MBEDTLS_PK_PARSE_C)
 /** \ingroup pk_module */
 /**
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/platform.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/platform.h
index bdef07498d7..06dd192eab9 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/platform.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/platform.h
@@ -70,7 +70,9 @@ extern "C" {
 #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
 #include <stdio.h>
 #include <stdlib.h>
+#if defined(MBEDTLS_HAVE_TIME)
 #include <time.h>
+#endif
 #if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
 #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
 #define MBEDTLS_PLATFORM_STD_SNPRINTF   mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use.  */
@@ -127,7 +129,7 @@ extern "C" {
 #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
 
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 /*
  * The function pointers for calloc and free.
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/platform_time.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/platform_time.h
index 7e7daab6920..94055711b2e 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/platform_time.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/platform_time.h
@@ -32,14 +32,6 @@
 extern "C" {
 #endif
 
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
 /*
  * The time_t datatype
  */
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/platform_util.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/platform_util.h
index f982db8c01c..cd112ab58e2 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/platform_util.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/platform_util.h
@@ -67,7 +67,7 @@ extern "C" {
  * \brief       User supplied callback function for parameter validation failure.
  *              See #MBEDTLS_CHECK_PARAMS for context.
  *
- *              This function will be called unless an alternative treatement
+ *              This function will be called unless an alternative treatment
  *              is defined through the #MBEDTLS_PARAM_FAILED macro.
  *
  *              This function can return, and the operation will be aborted, or
@@ -198,7 +198,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
  *
  * This macro has an empty expansion. It exists for documentation purposes:
  * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
- * has been analyzed for return-check usefuless, whereas the lack of
+ * has been analyzed for return-check usefulness, whereas the lack of
  * an annotation indicates that the function has not been analyzed and its
  * return-check usefulness is unknown.
  */
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/rsa.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/rsa.h
index 3c481e12a17..062df73aa06 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/rsa.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/rsa.h
@@ -88,7 +88,7 @@
 
 /*
  * The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
+ * eg for alternative (PKCS#11) RSA implementations in the PK layers.
  */
 
 #ifdef __cplusplus
@@ -552,7 +552,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
  *
  * \note           Blinding is used if and only if a PRNG is provided.
  *
- * \note           If blinding is used, both the base of exponentation
+ * \note           If blinding is used, both the base of exponentiation
  *                 and the exponent are blinded, providing protection
  *                 against some side-channel attacks.
  *
@@ -687,7 +687,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
  *                   mode being set to #MBEDTLS_RSA_PRIVATE and might instead
  *                   return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx        The initnialized RSA context to use.
+ * \param ctx        The initialized RSA context to use.
  * \param f_rng      The RNG function to use. This is needed for padding
  *                   generation and must be provided.
  * \param p_rng      The RNG context to be passed to \p f_rng. This may
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl.h
index 209dbf6053c..5064ec56891 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl.h
@@ -349,7 +349,7 @@
 #define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 /*
  * Length of the verify data for secure renegotiation
@@ -1152,7 +1152,7 @@ struct mbedtls_ssl_config
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    /** Callback to create & write a cookie for ClientHello veirifcation    */
+    /** Callback to create & write a cookie for ClientHello verification    */
     int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
                            const unsigned char *, size_t );
     /** Callback to verify validity of a ClientHello cookie                 */
@@ -1405,7 +1405,7 @@ struct mbedtls_ssl_context
     unsigned char *compress_buf;        /*!<  zlib data buffer        */
 #endif /* MBEDTLS_ZLIB_SUPPORT */
 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-    signed char split_done;     /*!< current record already splitted? */
+    signed char split_done;     /*!< current record already split? */
 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
 
     /*
@@ -1688,7 +1688,7 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
  *
  * \note           The two most common use cases are:
  *                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
- *                 - blocking I/O, f_recv == NULL, f_recv_timout != NULL
+ *                 - blocking I/O, f_recv == NULL, f_recv_timeout != NULL
  *
  * \note           For DTLS, you need to provide either a non-NULL
  *                 f_recv_timeout callback, or a f_recv that doesn't block.
@@ -1846,7 +1846,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 /**
- * \brief          Set the Maximum Tranport Unit (MTU).
+ * \brief          Set the Maximum Transport Unit (MTU).
  *                 Special value: 0 means unset (no limit).
  *                 This represents the maximum size of a datagram payload
  *                 handled by the transport layer (usually UDP) as determined
@@ -2387,7 +2387,7 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
  *                 ones going through the authentication-decryption phase.
  *
  * \note           This is a security trade-off related to the fact that it's
- *                 often relatively easy for an active attacker ot inject UDP
+ *                 often relatively easy for an active attacker to inject UDP
  *                 datagrams. On one hand, setting a low limit here makes it
  *                 easier for such an attacker to forcibly terminated a
  *                 connection. On the other hand, a high limit or no limit
@@ -2498,7 +2498,7 @@ void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min,
  *                 successfully cached, return 1 otherwise.
  *
  * \param conf           SSL configuration
- * \param p_cache        parmater (context) for both callbacks
+ * \param p_cache        parameter (context) for both callbacks
  * \param f_get_cache    session get callback
  * \param f_set_cache    session set callback
  */
@@ -2529,7 +2529,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
 /**
  * \brief          Load serialized session data into a session structure.
  *                 On client, this can be used for loading saved sessions
- *                 before resuming them with mbedstls_ssl_set_session().
+ *                 before resuming them with mbedtls_ssl_set_session().
  *                 On server, this can be used for alternative implementations
  *                 of session cache or session tickets.
  *
@@ -2793,7 +2793,7 @@ void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
  *
  * \note           On client, only the first call has any effect. That is,
  *                 only one client certificate can be provisioned. The
- *                 server's preferences in its CertficateRequest message will
+ *                 server's preferences in its CertificateRequest message will
  *                 be ignored and our only cert will be sent regardless of
  *                 whether it matches those preferences - the server can then
  *                 decide what it wants to do with it.
@@ -3241,7 +3241,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
  * \param protos   Pointer to a NULL-terminated list of supported protocols,
  *                 in decreasing preference order. The pointer to the list is
  *                 recorded by the library for later reference as required, so
- *                 the lifetime of the table must be atleast as long as the
+ *                 the lifetime of the table must be at least as long as the
  *                 lifetime of the SSL configuration structure.
  *
  * \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
@@ -3255,7 +3255,7 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot
  *
  * \param ssl      SSL context
  *
- * \return         Protcol name, or NULL if no protocol was negotiated.
+ * \return         Protocol name, or NULL if no protocol was negotiated.
  */
 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_ALPN */
@@ -3338,7 +3338,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
                                          unsigned char *mki_value,
                                          uint16_t mki_len );
 /**
- * \brief                  Get the negotiated DTLS-SRTP informations:
+ * \brief                  Get the negotiated DTLS-SRTP information:
  *                         Protection profile and MKI value.
  *
  * \warning                This function must be called after the handshake is
@@ -3346,7 +3346,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
  *                         not be trusted or acted upon before the handshake completes.
  *
  * \param ssl              The SSL context to query.
- * \param dtls_srtp_info   The negotiated DTLS-SRTP informations:
+ * \param dtls_srtp_info   The negotiated DTLS-SRTP information:
  *                         - Protection profile in use.
  *                         A direct mapping of the iana defined value for protection
  *                         profile on an uint16_t.
@@ -3508,7 +3508,7 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
  *                 \c mbedtls_ssl_get_record_expansion().
  *
  * \note           For DTLS, it is also possible to set a limit for the total
- *                 size of daragrams passed to the transport layer, including
+ *                 size of datagrams passed to the transport layer, including
  *                 record overhead, see \c mbedtls_ssl_set_mtu().
  *
  * \param conf     SSL configuration
@@ -3568,7 +3568,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
  *                 initiated by peer
  *                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
  *
- * \warning        It is recommended to always disable renegotation unless you
+ * \warning        It is recommended to always disable renegotiation unless you
  *                 know you need it and you know what you're doing. In the
  *                 past, there have been several issues associated with
  *                 renegotiation or a poor understanding of its properties.
@@ -3631,7 +3631,7 @@ void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_
  *                 scenario.
  *
  * \note           With DTLS and server-initiated renegotiation, the
- *                 HelloRequest is retransmited every time mbedtls_ssl_read() times
+ *                 HelloRequest is retransmitted every time mbedtls_ssl_read() times
  *                 out or receives Application Data, until:
  *                 - max_records records have beens seen, if it is >= 0, or
  *                 - the number of retransmits that would happen during an
@@ -4263,7 +4263,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
  * \return         \c 0 if successful.
  * \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
  * \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
- *                 while reseting the context.
+ *                 while resetting the context.
  * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
  *                 progress, or there is pending data for reading or sending,
  *                 or the connection does not use DTLS 1.2 with an AEAD
@@ -4357,7 +4357,7 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
 void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
 
 /**
- * \brief          Load reasonnable default SSL configuration values.
+ * \brief          Load reasonable default SSL configuration values.
  *                 (You need to call mbedtls_ssl_config_init() first.)
  *
  * \param conf     SSL configuration context
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
index c6ef2960f4d..02eab96d452 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
@@ -50,7 +50,7 @@
 #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
index 0a238708e59..2aa373177b8 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
@@ -45,7 +45,7 @@
 #define MBEDTLS_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #ifdef __cplusplus
 extern "C" {
@@ -84,7 +84,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
  * \brief          Set expiration delay for cookies
  *                 (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
  *
- * \param ctx      Cookie contex
+ * \param ctx      Cookie context
  * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
  *                 issued in the meantime.
  *                 0 to disable expiration (NOT recommended)
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
index 6913dc0f668..46ade67b9c4 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
@@ -934,16 +934,22 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
  */
 void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
 
@@ -1023,27 +1029,39 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
  *              following the above definition.
  *
  */
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
                              unsigned update_hs_digest );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
                             const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
 
 /**
@@ -1108,13 +1126,18 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
 
 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
 
 #if defined(MBEDTLS_ECP_C)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
                                 mbedtls_md_type_t md );
 #endif
@@ -1170,6 +1193,7 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
  *
  * Return 0 if everything is OK, -1 if not.
  */
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
                           const mbedtls_ssl_ciphersuite_t *ciphersuite,
                           int cert_endpoint,
@@ -1218,21 +1242,26 @@ static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
 #endif
 
 /* Visible for testing purposes only */
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl );
 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
 #endif
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
                               const mbedtls_ssl_session *src );
 
 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_1)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
                                         unsigned char *output,
                                         unsigned char *data, size_t data_len );
@@ -1242,6 +1271,7 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_2)
 /* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
                                             unsigned char *hash, size_t *hashlen,
                                             unsigned char *data, size_t data_len,
@@ -1254,11 +1284,13 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
 #endif
 
 void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
                              mbedtls_ssl_transform *transform,
                              mbedtls_record *rec,
                              int (*f_rng)(void *, unsigned char *, size_t),
                              void *p_rng );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
                              mbedtls_ssl_transform *transform,
                              mbedtls_record *rec );
@@ -1276,10 +1308,12 @@ static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl )
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
@@ -1287,6 +1321,7 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
                               mbedtls_ssl_transform *transform );
 void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@@ -1296,6 +1331,7 @@ void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
@@ -1305,4 +1341,12 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
+#if defined(MBEDTLS_TEST_HOOKS)
+int mbedtls_ssl_check_dtls_clihlo_cookie(
+                          mbedtls_ssl_context *ssl,
+                          const unsigned char *cli_id, size_t cli_id_len,
+                          const unsigned char *in, size_t in_len,
+                          unsigned char *obuf, size_t buf_len, size_t *olen );
+#endif
+
 #endif /* ssl_internal.h */
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
index a882eed23b9..8221051b247 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
@@ -101,7 +101,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
  *                  supported. Usually that means a 256-bit key.
  *
  * \note            The lifetime of the keys is twice the lifetime of tickets.
- *                  It is recommended to pick a reasonnable lifetime so as not
+ *                  It is recommended to pick a reasonable lifetime so as not
  *                  to negate the benefits of forward secrecy.
  *
  * \return          0 if successful,
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/version.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/version.h
index b1a92b2bcf3..44adcbfe037 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/version.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/version.h
@@ -38,16 +38,16 @@
  */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  28
-#define MBEDTLS_VERSION_PATCH  0
+#define MBEDTLS_VERSION_PATCH  1
 
 /**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x021C0000
-#define MBEDTLS_VERSION_STRING         "2.28.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.28.0"
+#define MBEDTLS_VERSION_NUMBER         0x021C0100
+#define MBEDTLS_VERSION_STRING         "2.28.1"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.28.1"
 
 #if defined(MBEDTLS_VERSION_C)
 
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509.h
index c1775014300..31b78df32f5 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509.h
@@ -96,7 +96,7 @@
 #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980
 /** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
 #define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000
-/* \} name */
+/** \} name X509 Error codes */
 
 /**
  * \name X509 Verify codes
@@ -124,8 +124,8 @@
 #define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
 #define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name X509 Verify codes */
+/** \} addtogroup x509_module */
 
 /*
  * X.509 v3 Subject Alternative Name types.
@@ -255,7 +255,6 @@ typedef struct mbedtls_x509_time
 mbedtls_x509_time;
 
 /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
-/** \} addtogroup x509_module */
 
 /**
  * \brief          Store the certificate DN in printable form into buf;
@@ -311,6 +310,8 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
  */
 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
 
+/** \} addtogroup x509_module */
+
 #if defined(MBEDTLS_SELF_TEST)
 
 /**
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h
index 7e9e8885f41..92220090197 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h
@@ -162,8 +162,8 @@ void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
  */
 void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for parsing CRLs */
+/** \} addtogroup x509_module */
 
 #ifdef __cplusplus
 }
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h
index 64ccb433ba8..0f2885a7ee4 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h
@@ -107,7 +107,7 @@ mbedtls_x509_crt;
 typedef struct mbedtls_x509_san_other_name
 {
     /**
-     * The type_id is an OID as deifned in RFC 5280.
+     * The type_id is an OID as defined in RFC 5280.
      * To check the value of the type id, you should use
      * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
      */
@@ -159,7 +159,9 @@ mbedtls_x509_subject_alternative_name;
 typedef struct mbedtls_x509_crt_profile
 {
     uint32_t allowed_mds;       /**< MDs for signatures         */
-    uint32_t allowed_pks;       /**< PK algs for signatures     */
+    uint32_t allowed_pks;       /**< PK algs for public keys;
+                                 *   this applies to all certificates
+                                 *   in the provided chain.     */
     uint32_t allowed_curves;    /**< Elliptic curves for ECDSA  */
     uint32_t rsa_min_bitlen;    /**< Minimum size for RSA keys  */
 }
@@ -850,8 +852,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for parsing and writing X.509 certificates */
 
 #if defined(MBEDTLS_X509_CRT_WRITE_C)
 /**
@@ -862,7 +863,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
 
 /**
- * \brief           Set the verion for a Certificate
+ * \brief           Set the version for a Certificate
  *                  Default: MBEDTLS_X509_CRT_VERSION_3
  *
  * \param ctx       CRT context to use
@@ -978,7 +979,7 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
  * \param is_ca     is this a CA certificate
  * \param max_pathlen   maximum length of certificate chains below this
  *                      certificate (only for CA certificates, -1 is
- *                      inlimited)
+ *                      unlimited)
  *
  * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
  */
@@ -1087,6 +1088,8 @@ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf,
 #endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_X509_CRT_WRITE_C */
 
+/** \} addtogroup x509_module */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h
index b1dfc21f1fb..2a1c0461315 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h
@@ -151,8 +151,7 @@ void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
 void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
 #endif /* MBEDTLS_X509_CSR_PARSE_C */
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for X.509 Certificate Signing Requests (CSR) */
 
 #if defined(MBEDTLS_X509_CSR_WRITE_C)
 /**
@@ -182,7 +181,7 @@ int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
  *                  private key used to sign the CSR when writing it)
  *
  * \param ctx       CSR context to use
- * \param key       Asymetric key to include
+ * \param key       Asymmetric key to include
  */
 void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
 
@@ -298,6 +297,8 @@ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, s
 #endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_X509_CSR_WRITE_C */
 
+/** \} addtogroup x509_module */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto.h
index b0b57c3a6ba..d6d3e4f559f 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto.h
@@ -499,17 +499,14 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
  *         This is an attempt to create a persistent key, and there is
  *         already a persistent key with the given identifier.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The lifetime or identifier in \p attributes are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The policy constraints on the source and specified in
- *         \p attributes are incompatible.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The lifetime or identifier in \p attributes are invalid, or
+ *         the policy constraints on the source and specified in
+ *         \p attributes are incompatible, or
  *         \p attributes specifies a key type or key size
  *         which does not match the attributes of the source key.
  * \retval #PSA_ERROR_NOT_PERMITTED
- *         The source key does not have the #PSA_KEY_USAGE_COPY usage flag.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The source key is not exportable and its lifetime does not
+ *         The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
+ *         the source key is not exportable and its lifetime does not
  *         allow copying it to the target's lifetime.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -636,11 +633,9 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);
  *         The key type or key size is not supported, either by the
  *         implementation in general or in this particular persistent location.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key attributes, as a whole, are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key data is not correctly formatted.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The size in \p attributes is nonzero and does not match the size
+ *         The key attributes, as a whole, are invalid, or
+ *         the key data is not correctly formatted, or
+ *         the size in \p attributes is nonzero and does not match the size
  *         of the key data.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -864,7 +859,6 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -900,7 +894,6 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -996,14 +989,13 @@ static psa_hash_operation_t psa_hash_operation_init(void);
  *         \p alg is not a supported hash algorithm.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p alg is not a hash algorithm.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1023,14 +1015,13 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it muct be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1044,7 +1035,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
  * This function calculates the hash of the message formed by concatenating
  * the inputs passed to preceding calls to psa_hash_update().
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_hash_abort().
  *
@@ -1066,8 +1057,6 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p hash buffer is too small. You can determine a
  *         sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
@@ -1077,7 +1066,8 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1095,7 +1085,7 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
  * compares the calculated hash with the expected hash passed as a
  * parameter to this function.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_hash_abort().
  *
@@ -1112,14 +1102,13 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The hash of the message was calculated successfully, but it
  *         differs from the expected hash.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1170,16 +1159,14 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation);
  *                                  It must be initialized but not active.
  *
  * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- *         The \p source_operation state is not valid (it must be active).
- * \retval #PSA_ERROR_BAD_STATE
- *         The \p target_operation state is not valid (it must be inactive).
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The \p source_operation state is not valid (it must be active), or
+ *         the \p target_operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1381,9 +1368,8 @@ static psa_mac_operation_t psa_mac_operation_init(void);
  * \retval #PSA_ERROR_STORAGE_FAILURE
  *         The key could not be retrieved from storage.
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1442,11 +1428,10 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
- *         The key could not be retrieved from storage
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
+ *         The key could not be retrieved from storage.
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1469,15 +1454,14 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1491,7 +1475,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
  * This function calculates the MAC of the message formed by concatenating
  * the inputs passed to preceding calls to psa_mac_update().
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_mac_abort().
  *
@@ -1515,9 +1499,6 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active mac sign
- *         operation).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p mac buffer is too small. You can determine a
  *         sufficient buffer size by calling PSA_MAC_LENGTH().
@@ -1527,7 +1508,9 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active mac sign
+ *         operation), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1545,7 +1528,7 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
  * compares the calculated MAC with the expected MAC passed as a
  * parameter to this function.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_mac_abort().
  *
@@ -1562,16 +1545,15 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The MAC of the message was calculated successfully, but it
  *         differs from the expected MAC.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active mac verify
- *         operation).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active mac verify
+ *         operation), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1806,9 +1788,8 @@ static psa_cipher_operation_t psa_cipher_operation_init(void);
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1870,9 +1851,8 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1900,8 +1880,6 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with no IV set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p iv buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1910,7 +1888,9 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with no IV set),
+ *         or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1940,9 +1920,6 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active cipher
- *         encrypt operation, with no IV set).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The size of \p iv is not acceptable for the chosen algorithm,
  *         or the chosen algorithm does not use an IV.
@@ -1952,7 +1929,9 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active cipher
+ *         encrypt operation, with no IV set), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1983,9 +1962,6 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with an IV set
- *         if required for the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1994,7 +1970,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with an IV set
+ *         if required for the algorithm), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2016,7 +1994,7 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  * formed by concatenating the inputs passed to preceding calls to
  * psa_cipher_update().
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_cipher_abort().
  *
@@ -2036,9 +2014,6 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_PADDING
  *         This is a decryption operation for an algorithm that includes
  *         padding, and the ciphertext does not contain valid padding.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with an IV set
- *         if required for the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2047,7 +2022,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with an IV set
+ *         if required for the algorithm), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2330,7 +2307,8 @@ static psa_aead_operation_t psa_aead_operation_init(void);
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2342,7 +2320,6 @@ static psa_aead_operation_t psa_aead_operation_init(void);
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
@@ -2396,8 +2373,6 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2410,7 +2385,8 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or the
+ *         library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2439,9 +2415,6 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active aead encrypt
- *         operation, with no nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p nonce buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2450,7 +2423,9 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active aead encrypt
+ *         operation, with no nonce set), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2480,9 +2455,6 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with no nonce
- *         set).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The size of \p nonce is not acceptable for the chosen algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2491,7 +2463,9 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with no nonce
+ *         set), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2525,10 +2499,6 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, and
- *         psa_aead_update_ad() and psa_aead_update() must not have been
- *         called yet).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         At least one of the lengths is not acceptable for the chosen
  *         algorithm.
@@ -2537,7 +2507,10 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, and
+ *         psa_aead_update_ad() and psa_aead_update() must not have been
+ *         called yet), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2573,10 +2546,6 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, have a nonce
- *         set, have lengths set if required by the algorithm, and
- *         psa_aead_update() must not have been called yet).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total input length overflows the additional data length that
  *         was previously specified with psa_aead_set_lengths().
@@ -2586,7 +2555,10 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, have a nonce
+ *         set, have lengths set if required by the algorithm, and
+ *         psa_aead_update() must not have been called yet), or the library
+ *         has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2651,9 +2623,6 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, have a nonce
- *         set, and have lengths set if required by the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
@@ -2662,9 +2631,8 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total input length overflows the plaintext length that
+ *         specified with psa_aead_set_lengths(), or
+ *         the total input length overflows the plaintext length that
  *         was previously specified with psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -2672,7 +2640,9 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, have a nonce
+ *         set, and have lengths set if required by the algorithm), or the
+ *         library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2697,7 +2667,7 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  *   preceding calls to psa_aead_update().
  * - \p tag contains the authentication tag.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_aead_abort().
  *
@@ -2736,9 +2706,6 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active encryption
- *         operation with a nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p ciphertext or \p tag buffer is too small.
  *         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2749,9 +2716,8 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to psa_aead_update() so far is
+ *         specified with psa_aead_set_lengths(), or
+ *         the total length of input to psa_aead_update() so far is
  *         less than the plaintext length that was previously
  *         specified with psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2760,7 +2726,9 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active encryption
+ *         operation with a nonce set), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2789,7 +2757,7 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * plaintext and reports success. If the authentication tag is not correct,
  * this function returns #PSA_ERROR_INVALID_SIGNATURE.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_aead_abort().
  *
@@ -2823,9 +2791,6 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The calculations were successful, but the authentication tag is
  *         not correct.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active decryption
- *         operation with a nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p plaintext buffer is too small.
  *         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2834,9 +2799,8 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to psa_aead_update() so far is
+ *         specified with psa_aead_set_lengths(), or
+ *         the total length of input to psa_aead_update() so far is
  *         less than the plaintext length that was previously
  *         specified with psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2845,7 +2809,9 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active decryption
+ *         operation with a nonce set), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3089,7 +3055,7 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The calculation was perfomed successfully, but the passed
+ *         The calculation was performed successfully, but the passed
  *         signature is not a valid signature.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -3113,7 +3079,7 @@ psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
 /**
  * \brief Encrypt a short message with a public key.
  *
- * \param key                   Identifer of the key to use for the operation.
+ * \param key                   Identifier of the key to use for the operation.
  *                              It must be a public key or an asymmetric key
  *                              pair. It must allow the usage
  *                              #PSA_KEY_USAGE_ENCRYPT.
@@ -3338,9 +3304,8 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3359,12 +3324,11 @@ psa_status_t psa_key_derivation_setup(
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3387,13 +3351,12 @@ psa_status_t psa_key_derivation_get_capacity(
  *         \p capacity is larger than the operation's current capacity.
  *         In this case, the operation object remains valid and its capacity
  *         remains unchanged.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or the
+ *         library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3437,8 +3400,7 @@ psa_status_t psa_key_derivation_set_capacity(
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \c step is not compatible with the operation's algorithm, or
  *         \c step does not allow direct inputs.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3446,9 +3408,8 @@ psa_status_t psa_key_derivation_set_capacity(
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid for this input \p step, or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3489,8 +3450,7 @@ psa_status_t psa_key_derivation_input_bytes(
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \c step is not compatible with the operation's algorithm, or
  *         \c step does not allow key inputs of the given type
  *         or does not allow key inputs at all.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -3499,9 +3459,8 @@ psa_status_t psa_key_derivation_input_bytes(
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid for this input \p step, or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3553,25 +3512,23 @@ psa_status_t psa_key_derivation_input_key(
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this key agreement \p step.
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \c private_key is not compatible with \c alg,
  *         or \p peer_key is not valid for \c alg or not compatible with
- *         \c private_key.
+ *         \c private_key, or \c step does not allow an input resulting
+ *         from a key agreement.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \c alg is not supported or is not a key derivation algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step does not allow an input resulting from a key agreement.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid for this key agreement \p step,
+ *         or the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3607,16 +3564,15 @@ psa_status_t psa_key_derivation_key_agreement(
  *                          The operation's capacity is set to 0, thus
  *                          subsequent calls to this function will not
  *                          succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active and completed
- *         all required input steps).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active and completed
+ *         all required input steps), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3749,9 +3705,6 @@ psa_status_t psa_key_derivation_output_bytes(
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The #PSA_KEY_DERIVATION_INPUT_SECRET input was not provided through
  *         a key.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active and completed
- *         all required input steps).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3761,7 +3714,9 @@ psa_status_t psa_key_derivation_output_bytes(
  * \retval #PSA_ERROR_DATA_CORRUPT
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active and completed
+ *         all required input steps), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3828,8 +3783,7 @@ psa_status_t psa_key_derivation_abort(
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p alg is not a key agreement algorithm
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p alg is not a key agreement algorithm, or
  *         \p private_key is not compatible with \p alg,
  *         or \p peer_key is not valid for \p alg or not compatible with
  *         \p private_key.
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h
index 62a0e6f3704..96c45290bdb 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h
@@ -103,7 +103,6 @@ typedef struct
     defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_XTS) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_config.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_config.h
index e2446cb26c4..f261e013e07 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_config.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_config.h
@@ -60,7 +60,6 @@
 #define PSA_WANT_ALG_CMAC                       1
 #define PSA_WANT_ALG_CFB                        1
 #define PSA_WANT_ALG_CHACHA20_POLY1305          1
-#define PSA_WANT_ALG_CMAC                       1
 #define PSA_WANT_ALG_CTR                        1
 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA        1
 #define PSA_WANT_ALG_ECB_NO_PADDING             1
@@ -86,7 +85,9 @@
 #define PSA_WANT_ALG_STREAM_CIPHER              1
 #define PSA_WANT_ALG_TLS12_PRF                  1
 #define PSA_WANT_ALG_TLS12_PSK_TO_MS            1
-#define PSA_WANT_ALG_XTS                        1
+/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
+ * Note: when adding support, also adjust include/mbedtls/config_psa.h */
+//#define PSA_WANT_ALG_XTS                        1
 
 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256         1
 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384         1
@@ -94,14 +95,14 @@
 #define PSA_WANT_ECC_MONTGOMERY_255             1
 /*
  * Curve448 is not yet supported via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/4249). Thus, do not enable it by
+ * (https://github.com/Mbed-TLS/mbedtls/issues/4249). Thus, do not enable it by
  * default.
  */
 //#define PSA_WANT_ECC_MONTGOMERY_448             1
 #define PSA_WANT_ECC_SECP_K1_192                1
 /*
  * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541). Thus, do not enable it by
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
  * default.
  */
 //#define PSA_WANT_ECC_SECP_K1_224                1
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_extra.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_extra.h
index 3ee0482cbda..a48a4bb5eb9 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_extra.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_extra.h
@@ -181,12 +181,9 @@ static inline void psa_clear_key_slot_number(
  *         support registering a key.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The identifier in \p attributes is invalid, namely the identifier is
- *         not in the user range.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         not in the user range, or
  *         \p attributes specifies a lifetime which is not located
- *         in a secure element.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         No slot number is specified in \p attributes,
+ *         in a secure element, or no slot number is specified in \p attributes,
  *         or the specified slot number is not valid.
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The caller is not authorized to register the specified key slot.
@@ -348,7 +345,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
  * length of the byte string is the private key size in bytes (leading zeroes
  * are not stripped).
  *
- * Determinstic DSA key derivation with psa_generate_derived_key follows
+ * Deterministic DSA key derivation with psa_generate_derived_key follows
  * FIPS 186-4 &sect;B.1.2: interpret the byte string as integer
  * in big-endian order. Discard it if it is not in the range
  * [0, *N* - 2] where *N* is the boundary of the private key domain
@@ -448,9 +445,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
  *   As an exception, the public exponent 65537 is represented by an empty
  *   byte string.
  * - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
- *   the `Dss-Parms` format as defined by RFC 3279 &sect;2.3.2.
+ *   the `Dss-Params` format as defined by RFC 3279 &sect;2.3.2.
  *   ```
- *   Dss-Parms ::= SEQUENCE  {
+ *   Dss-Params ::= SEQUENCE  {
  *      p       INTEGER,
  *      q       INTEGER,
  *      g       INTEGER
@@ -466,9 +463,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
  *      g               INTEGER,                    -- generator, g
  *      q               INTEGER,                    -- factor of p-1
  *      j               INTEGER OPTIONAL,           -- subgroup factor
- *      validationParms ValidationParms OPTIONAL
+ *      validationParams ValidationParams OPTIONAL
  *   }
- *   ValidationParms ::= SEQUENCE {
+ *   ValidationParams ::= SEQUENCE {
  *      seed            BIT STRING,
  *      pgenCounter     INTEGER
  *   }
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_sizes.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_sizes.h
index e2ae5965d4f..0d4532200e7 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_sizes.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_sizes.h
@@ -747,7 +747,7 @@
  *      subjectPublicKey     BIT STRING  } -- contains DSAPublicKey
  * AlgorithmIdentifier  ::=  SEQUENCE  {
  *      algorithm               OBJECT IDENTIFIER,
- *      parameters              Dss-Parms  } -- SEQUENCE of 3 INTEGERs
+ *      parameters              Dss-Params  } -- SEQUENCE of 3 INTEGERs
  * DSAPublicKey  ::=  INTEGER -- public key, Y
  *
  * - 3 * 4 bytes of SEQUENCE overhead;
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_struct.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_struct.h
index 23a02a5d8ef..511b3973b86 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_struct.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_struct.h
@@ -442,7 +442,7 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes,
     }
     else
     {
-        /* Call the bigger function to free the old domain paramteres.
+        /* Call the bigger function to free the old domain parameters.
          * Ignore any errors which may arise due to type requiring
          * non-default domain parameters, since this function can't
          * report errors. */
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_types.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_types.h
index 386c7d794b4..8f23021a45a 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_types.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_types.h
@@ -69,10 +69,21 @@ typedef int32_t psa_status_t;
  */
 
 /** \brief Encoding of a key type.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_TYPE_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint16_t psa_key_type_t;
 
 /** The type of PSA elliptic curve family identifiers.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_ECC_FAMILY_xxx`.
  *
  * The curve identifier is required to create an ECC key using the
  * PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
@@ -80,10 +91,18 @@ typedef uint16_t psa_key_type_t;
  *
  * Values defined by this standard will never be in the range 0x80-0xff.
  * Vendors who define additional families must use an encoding in this range.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint8_t psa_ecc_family_t;
 
 /** The type of PSA Diffie-Hellman group family identifiers.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_DH_FAMILY_xxx`.
  *
  * The group identifier is required to create an Diffie-Hellman key using the
  * PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
@@ -91,16 +110,29 @@ typedef uint8_t psa_ecc_family_t;
  *
  * Values defined by this standard will never be in the range 0x80-0xff.
  * Vendors who define additional families must use an encoding in this range.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint8_t psa_dh_family_t;
 
 /** \brief Encoding of a cryptographic algorithm.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_ALG_xxx`.
  *
  * For algorithms that can be applied to multiple key types, this type
  * does not encode the key type. For example, for symmetric ciphers
  * based on a block cipher, #psa_algorithm_t encodes the block cipher
  * mode and the padding mode while the block cipher itself is encoded
  * via #psa_key_type_t.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint32_t psa_algorithm_t;
 
@@ -142,6 +174,14 @@ typedef uint32_t psa_algorithm_t;
  * #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is
  * available. Other lifetime values may be supported depending on the
  * library configuration.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_LIFETIME_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint32_t psa_key_lifetime_t;
 
@@ -173,6 +213,11 @@ typedef uint32_t psa_key_lifetime_t;
  * \note Key persistence levels are 8-bit values. Key management
  *       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
  *       encode the persistence as the lower 8 bits of a 32-bit value.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint8_t psa_key_persistence_t;
 
@@ -209,6 +254,11 @@ typedef uint8_t psa_key_persistence_t;
  * \note Key location indicators are 24-bit values. Key management
  *       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
  *       encode the location as the upper 24 bits of a 32-bit value.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint32_t psa_key_location_t;
 
@@ -220,9 +270,27 @@ typedef uint32_t psa_key_location_t;
  *   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
  * - 0 is reserved as an invalid key identifier.
  * - Key identifiers outside these ranges are reserved for future use.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to how values are allocated must require careful
+ *       consideration to allow backward compatibility.
  */
 typedef uint32_t psa_key_id_t;
 
+/** Encoding of key identifiers as seen inside the PSA Crypto implementation.
+ *
+ * When PSA Crypto is built as a library inside an application, this type
+ * is identical to #psa_key_id_t. When PSA Crypto is built as a service
+ * that can store keys on behalf of multiple clients, this type
+ * encodes the #psa_key_id_t value seen by each client application as
+ * well as extra information that identifies the client that owns
+ * the key.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
+*/
 #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
 typedef psa_key_id_t mbedtls_svc_key_id_t;
 
@@ -246,7 +314,16 @@ typedef struct
  * @{
  */
 
-/** \brief Encoding of permitted usage on a key. */
+/** \brief Encoding of permitted usage on a key.
+ *
+ * Values of this type are generally constructed as bitwise-ors of macros
+ * called `PSA_KEY_USAGE_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
+ */
 typedef uint32_t psa_key_usage_t;
 
 /**@}*/
@@ -375,7 +452,11 @@ typedef uint64_t psa_key_slot_number_t;
  * @{
  */
 
-/** \brief Encoding of the step of a key derivation. */
+/** \brief Encoding of the step of a key derivation.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_DERIVATION_INPUT_xxx`.
+ */
 typedef uint16_t psa_key_derivation_step_t;
 
 /**@}*/
diff --git a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_values.h b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_values.h
index fafe93cf9ba..8b3a815ac19 100644
--- a/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_values.h
+++ b/tools/sdk/esp32c3/include/mbedtls/mbedtls/include/psa/crypto_values.h
@@ -12,6 +12,11 @@
  * designations of cryptographic algorithms, and error codes returned by
  * the library.
  *
+ * Note that many of the constants defined in this file are embedded in
+ * the persistent key store, as part of key metadata (including usage
+ * policies). As a consequence, they must not be changed (unless the storage
+ * format version changes).
+ *
  * This header file only defines preprocessor macros.
  */
 /*
@@ -40,6 +45,18 @@
 
 /* PSA error codes */
 
+/* Error codes are standardized across PSA domains (framework, crypto, storage,
+ * etc.). Do not change the values in this section or even the expansions
+ * of each macro: it must be possible to `#include` both this header
+ * and some other PSA component's headers in the same C source,
+ * which will lead to duplicate definitions of the `PSA_SUCCESS` and
+ * `PSA_ERROR_xxx` macros, which is ok if and only if the macros expand
+ * to the same sequence of tokens.
+ *
+ * If you must add a new
+ * value, check with the Arm PSA framework group to pick one that other
+ * domains aren't already using. */
+
 /** The action was completed successfully. */
 #define PSA_SUCCESS ((psa_status_t)0)
 
@@ -316,6 +333,12 @@
  * @{
  */
 
+/* Note that key type values, including ECC family and DH group values, are
+ * embedded in the persistent key store, as part of key metadata. As a
+ * consequence, they must not be changed (unless the storage format version
+ * changes).
+ */
+
 /** An invalid key type value.
  *
  * Zero is not the encoding of any key type.
@@ -440,9 +463,9 @@
  * Camellia block cipher. */
 #define PSA_KEY_TYPE_CAMELLIA                       ((psa_key_type_t)0x2403)
 
-/** Key for the RC4 stream cipher.
+/** Key for the ARC4 stream cipher (also known as RC4 or ARCFOUR).
  *
- * Note that RC4 is weak and deprecated and should only be used in
+ * Note that ARC4 is weak and deprecated and should only be used in
  * legacy protocols. */
 #define PSA_KEY_TYPE_ARC4                           ((psa_key_type_t)0x2002)
 
@@ -673,6 +696,11 @@
      1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) :                         \
      0u)
 
+/* Note that algorithm values are embedded in the persistent key store,
+ * as part of key metadata. As a consequence, they must not be changed
+ * (unless the storage format version changes).
+ */
+
 /** Vendor-defined algorithm flag.
  *
  * Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG
@@ -1390,7 +1418,7 @@
  * with a random per-message secret number (*k*).
  *
  * The representation of the signature as a byte string consists of
- * the concatentation of the signature values *r* and *s*. Each of
+ * the concatenation of the signature values *r* and *s*. Each of
  * *r* and *s* is encoded as an *N*-octet string, where *N* is the length
  * of the base point of the curve in octets. Each value is represented
  * in big-endian order (most significant octet first).
@@ -1928,6 +1956,11 @@
  * @{
  */
 
+/* Note that location and persistence level values are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
 /** The default lifetime for volatile keys.
  *
  * A volatile key only exists as long as the identifier to it is not destroyed.
@@ -2043,6 +2076,11 @@
 
 #define PSA_KEY_LOCATION_VENDOR_FLAG            ((psa_key_location_t)0x800000)
 
+/* Note that key identifier values are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
 /** The null key identifier.
  */
 #define PSA_KEY_ID_NULL                         ((psa_key_id_t)0)
@@ -2154,6 +2192,11 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
  * @{
  */
 
+/* Note that key usage flags are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
 /** Whether the key may be exported.
  *
  * A public key or the public part of a key pair may always be exported
@@ -2255,6 +2298,9 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
  * @{
  */
 
+/* Key input steps are not embedded in the persistent storage, so you can
+ * change them if needed: it's only an ABI change. */
+
 /** A secret input for key derivation.
  *
  * This should be a key of type #PSA_KEY_TYPE_DERIVE
diff --git a/tools/sdk/esp32c3/include/protocomm/include/transports/protocomm_ble.h b/tools/sdk/esp32c3/include/protocomm/include/transports/protocomm_ble.h
index 2447c1c5d25..d684e7e921a 100644
--- a/tools/sdk/esp32c3/include/protocomm/include/transports/protocomm_ble.h
+++ b/tools/sdk/esp32c3/include/protocomm/include/transports/protocomm_ble.h
@@ -79,10 +79,14 @@ typedef struct protocomm_ble_config {
      */
     protocomm_ble_name_uuid_t *nu_lookup;
 
-    /* BLE bonding */
+    /**
+     * BLE bonding
+     */
     unsigned ble_bonding:1;
 
-    /* BLE security flag */
+    /**
+     * BLE security flag
+     */
     unsigned ble_sm_sc:1;
 
 } protocomm_ble_config_t;
diff --git a/tools/sdk/esp32c3/include/soc/esp32c3/include/soc/syscon_reg.h b/tools/sdk/esp32c3/include/soc/esp32c3/include/soc/syscon_reg.h
index cc5a3c68cbb..c8719754d81 100644
--- a/tools/sdk/esp32c3/include/soc/esp32c3/include/soc/syscon_reg.h
+++ b/tools/sdk/esp32c3/include/soc/esp32c3/include/soc/syscon_reg.h
@@ -1,16 +1,8 @@
-// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/**
+ * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ */
 #ifndef _SOC_SYSCON_REG_H_
 #define _SOC_SYSCON_REG_H_
 
@@ -178,7 +170,7 @@ extern "C" {
 #define SYSTEM_WIFI_CLK_WIFI_EN_M  ((SYSTEM_WIFI_CLK_WIFI_EN_V)<<(SYSTEM_WIFI_CLK_WIFI_EN_S))
 #define SYSTEM_WIFI_CLK_WIFI_EN_V  0x0
 #define SYSTEM_WIFI_CLK_WIFI_EN_S  0
-/* Mask for all Bluetooth clock bits, 11, 12, 16, 17 */
+/* Mask for all Bluetooth clock bits, 11, 16, 17 */
 #define SYSTEM_WIFI_CLK_BT_EN  0x0
 #define SYSTEM_WIFI_CLK_BT_EN_M  ((SYSTEM_WIFI_CLK_BT_EN_V)<<(SYSTEM_WIFI_CLK_BT_EN_S))
 #define SYSTEM_WIFI_CLK_BT_EN_V  0x0
@@ -194,7 +186,7 @@ extern "C" {
 
 /* Remaining single bit clock masks */
 #define SYSTEM_WIFI_CLK_SDIOSLAVE_EN  BIT(4)
-#define SYSTEM_WIFI_CLK_UNUSED_BIT5  BIT(5)
+#define SYSTEM_WIFI_CLK_I2C_CLK_EN  BIT(5)
 #define SYSTEM_WIFI_CLK_UNUSED_BIT12  BIT(12)
 #define SYSTEM_WIFI_CLK_EMAC_EN  BIT(14)
 #define SYSTEM_WIFI_CLK_RNG_EN  BIT(15)
@@ -203,19 +195,19 @@ extern "C" {
 #define SYSTEM_WIFI_RST_EN_REG        SYSCON_WIFI_RST_EN_REG
 /* SYSTEM_WIFI_RST_EN : R/W ;bitpos:[31:0] ;default: 32'h0 ; */
 /*description: */
-#define SYSTEM_BB_RST           BIT(0)
-#define SYSTEM_FE_RST           BIT(1)
-#define SYSTEM_MAC_RST          BIT(2)
-#define SYSTEM_BT_RST           BIT(3)
-#define SYSTEM_BTMAC_RST        BIT(4)
-#define SYSTEM_SDIO_RST         BIT(5)
-#define SYSTEM_EMAC_RST         BIT(7)
-#define SYSTEM_MACPWR_RST       BIT(8)
-#define SYSTEM_RW_BTMAC_RST     BIT(9)
-#define SYSTEM_RW_BTLP_RST      BIT(10)
-#define BLE_REG_REST_BIT        BIT(11)
-#define BLE_PWR_REG_REST_BIT    BIT(12)
-#define BLE_BB_REG_REST_BIT     BIT(13)
+#define SYSTEM_WIFIBB_RST           BIT(0)
+#define SYSTEM_FE_RST               BIT(1)
+#define SYSTEM_WIFIMAC_RST          BIT(2)
+#define SYSTEM_BTBB_RST             BIT(3)    /* Bluetooth Baseband */
+#define SYSTEM_BTMAC_RST            BIT(4)    /* deprecated */
+#define SYSTEM_SDIO_RST             BIT(5)
+#define SYSTEM_EMAC_RST             BIT(7)
+#define SYSTEM_MACPWR_RST           BIT(8)
+#define SYSTEM_RW_BTMAC_RST         BIT(9)    /* Bluetooth MAC */
+#define SYSTEM_RW_BTLP_RST          BIT(10)   /* Bluetooth Low Power Module */
+#define SYSTEM_RW_BTMAC_REG_RST     BIT(11)   /* Bluetooth MAC Regsiters */
+#define SYSTEM_RW_BTLP_REG_RST      BIT(12)   /* Bluetooth Low Power Registers */
+#define SYSTEM_BTBB_REG_RST         BIT(13)   /* Bluetooth Baseband Registers */
 
 #define SYSCON_HOST_INF_SEL_REG          (DR_REG_SYSCON_BASE + 0x01C)
 /* SYSCON_PERI_IO_SWAP : R/W ;bitpos:[7:0] ;default: 8'h0 ; */
diff --git a/tools/sdk/esp32c3/ld/esp32c3.rom.eco3.ld b/tools/sdk/esp32c3/ld/esp32c3.rom.eco3.ld
index 461f70694d9..390cf6a06c9 100644
--- a/tools/sdk/esp32c3/ld/esp32c3.rom.eco3.ld
+++ b/tools/sdk/esp32c3/ld/esp32c3.rom.eco3.ld
@@ -10,7 +10,7 @@ ppMapTxQueue = 0x400016d8;
 rcGetSched = 0x40001764;
 wDevCheckBlockError = 0x400017b4;
 ppProcTxDone = 0x40001804;
-sta_input = rom_sta_input;
+/*sta_input = rom_sta_input;*/
 
 /***************************************
  Group rom_phy
diff --git a/tools/sdk/esp32c3/ld/esp32c3.rom.ld b/tools/sdk/esp32c3/ld/esp32c3.rom.ld
index 061b5bbe074..dfae6c9270b 100644
--- a/tools/sdk/esp32c3/ld/esp32c3.rom.ld
+++ b/tools/sdk/esp32c3/ld/esp32c3.rom.ld
@@ -1550,7 +1550,7 @@ pm_on_data_rx = 0x40001680;
 pm_on_tbtt = 0x40001684;
 pm_parse_beacon = 0x40001688;
 pm_process_tim = 0x4000168c;
-pm_rx_beacon_process = 0x40001690;
+/*pm_rx_beacon_process = 0x40001690;*/
 pm_rx_data_process = 0x40001694;
 /*pm_sleep = 0x40001698;*/
 pm_sleep_for = 0x4000169c;
diff --git a/tools/sdk/esp32c3/ld/libbtdm_app.a b/tools/sdk/esp32c3/ld/libbtdm_app.a
index abd15a005ef..e5be73f4c62 100644
Binary files a/tools/sdk/esp32c3/ld/libbtdm_app.a and b/tools/sdk/esp32c3/ld/libbtdm_app.a differ
diff --git a/tools/sdk/esp32c3/ld/sections.ld b/tools/sdk/esp32c3/ld/sections.ld
index e2107897fd2..9b24b137ce1 100644
--- a/tools/sdk/esp32c3/ld/sections.ld
+++ b/tools/sdk/esp32c3/ld/sections.ld
@@ -222,8 +222,6 @@ SECTIONS
     *(.sdata)
     *(.sdata.*)
     *(.gnu.linkonce.s.*)
-    *(.sdata2)
-    *(.sdata2.*)
     *(.gnu.linkonce.s2.*)
     *(.jcr)
 
@@ -236,8 +234,8 @@ SECTIONS
     _coredump_dram_start = ABSOLUTE(.);
     *(.dram2.coredump .dram2.coredump.*)
     _coredump_dram_end = ABSOLUTE(.);
-    *libapp_trace.a:app_trace.*(.rodata .rodata.*)
-    *libapp_trace.a:app_trace_util.*(.rodata .rodata.*)
+    *libapp_trace.a:app_trace.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libapp_trace.a:app_trace_util.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _bt_data_start = ABSOLUTE(.);
     *libbt.a:(.data .data.*)
     . = ALIGN(4);
@@ -246,45 +244,45 @@ SECTIONS
     *libbtdm_app.a:(.data .data.*)
     . = ALIGN(4);
     _btdm_data_end = ABSOLUTE(.);
-    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.*)
-    *libesp_system.a:esp_err.*(.rodata .rodata.*)
-    *libesp_system.a:ubsan.*(.rodata .rodata.*)
-    *libgcc.a:_divsf3.*(.rodata .rodata.*)
-    *libgcc.a:save-restore.*(.rodata .rodata.*)
-    *libgcov.a:(.rodata .rodata.*)
-    *libhal.a:cpu_hal.*(.rodata .rodata.*)
-    *libhal.a:i2c_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:ledc_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:soc_hal.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:systimer_hal.*(.rodata .rodata.*)
-    *libhal.a:wdt_hal_iram.*(.rodata .rodata.*)
-    *libheap.a:heap_tlsf.*(.rodata .rodata.*)
-    *libheap.a:multi_heap.*(.rodata .rodata.*)
-    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.*)
-    *libnewlib.a:abort.*(.rodata .rodata.*)
-    *libnewlib.a:assert.*(.rodata .rodata.*)
-    *libnewlib.a:heap.*(.rodata .rodata.*)
-    *libnewlib.a:stdatomic.*(.rodata .rodata.*)
+    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:esp_err.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:ubsan.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcc.a:_divsf3.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcc.a:save-restore.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcov.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:cpu_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:i2c_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:ledc_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:soc_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:systimer_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:wdt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:heap_tlsf.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:abort.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:assert.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:stdatomic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _nimble_data_start = ABSOLUTE(.);
     *libnimble.a:(.data .data.*)
     . = ALIGN(4);
     _nimble_data_end = ABSOLUTE(.);
-    *libphy.a:(.rodata .rodata.*)
-    *libsoc.a:lldesc.*(.rodata .rodata.*)
-    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.*)
+    *libphy.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libsoc.a:lldesc.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
 
     _data_end = ABSOLUTE(.);
     . = ALIGN(4);
@@ -426,8 +424,8 @@ SECTIONS
   {
     _flash_rodata_start = ABSOLUTE(.);
 
-    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libgcc.a:save-restore.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libgcc.a:save-restore.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .rodata.*)
     *(.rodata_wlog_error .rodata_wlog_error.*)
+    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libgcc.a:save-restore.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libgcc.a:save-restore.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .rodata.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libgcc.a:save-restore.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .sdata2 EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libgcc.a:save-restore.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .sdata2.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libgcc.a:save-restore.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .srodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libgcc.a:save-restore.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .srodata.*)
 
     *(.irom1.text) /* catch stray ICACHE_RODATA_ATTR */
     *(.gnu.linkonce.r.*)
@@ -483,8 +481,6 @@ SECTIONS
     *(.tdata.*)
     *(.tbss)
     *(.tbss.*)
-    *(.srodata)
-    *(.srodata.*)
     _thread_local_end = ABSOLUTE(.);
     _rodata_reserved_end = ABSOLUTE(.);
     . = ALIGN(ALIGNOF(.eh_frame));
diff --git a/tools/sdk/esp32c3/lib/libapp_update.a b/tools/sdk/esp32c3/lib/libapp_update.a
index 7e5b172bd6e..8d4860e8466 100644
Binary files a/tools/sdk/esp32c3/lib/libapp_update.a and b/tools/sdk/esp32c3/lib/libapp_update.a differ
diff --git a/tools/sdk/esp32c3/lib/libbt.a b/tools/sdk/esp32c3/lib/libbt.a
index 638e5daea3c..85dbd49eacf 100644
Binary files a/tools/sdk/esp32c3/lib/libbt.a and b/tools/sdk/esp32c3/lib/libbt.a differ
diff --git a/tools/sdk/esp32c3/lib/libbutton.a b/tools/sdk/esp32c3/lib/libbutton.a
index 0e8e164d0bd..bb8806e789f 100644
Binary files a/tools/sdk/esp32c3/lib/libbutton.a and b/tools/sdk/esp32c3/lib/libbutton.a differ
diff --git a/tools/sdk/esp32c3/lib/libcoap.a b/tools/sdk/esp32c3/lib/libcoap.a
index a1bc41c69cd..6515e5f0be4 100644
Binary files a/tools/sdk/esp32c3/lib/libcoap.a and b/tools/sdk/esp32c3/lib/libcoap.a differ
diff --git a/tools/sdk/esp32c3/lib/libcoexist.a b/tools/sdk/esp32c3/lib/libcoexist.a
index 151d39f1181..e3675d684d1 100644
Binary files a/tools/sdk/esp32c3/lib/libcoexist.a and b/tools/sdk/esp32c3/lib/libcoexist.a differ
diff --git a/tools/sdk/esp32c3/lib/libconsole.a b/tools/sdk/esp32c3/lib/libconsole.a
index d062eaf9aea..6f84bc4cd4c 100644
Binary files a/tools/sdk/esp32c3/lib/libconsole.a and b/tools/sdk/esp32c3/lib/libconsole.a differ
diff --git a/tools/sdk/esp32c3/lib/libcore.a b/tools/sdk/esp32c3/lib/libcore.a
index e04711e9a5c..906377e3140 100644
Binary files a/tools/sdk/esp32c3/lib/libcore.a and b/tools/sdk/esp32c3/lib/libcore.a differ
diff --git a/tools/sdk/esp32c3/lib/libcxx.a b/tools/sdk/esp32c3/lib/libcxx.a
index 1909a5a0dc1..632eef82b92 100644
Binary files a/tools/sdk/esp32c3/lib/libcxx.a and b/tools/sdk/esp32c3/lib/libcxx.a differ
diff --git a/tools/sdk/esp32c3/lib/libdriver.a b/tools/sdk/esp32c3/lib/libdriver.a
index 9965b44f2d4..1c9fa984cc4 100644
Binary files a/tools/sdk/esp32c3/lib/libdriver.a and b/tools/sdk/esp32c3/lib/libdriver.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp-tls.a b/tools/sdk/esp32c3/lib/libesp-tls.a
index 266bea6e189..b42bd4a6a6b 100644
Binary files a/tools/sdk/esp32c3/lib/libesp-tls.a and b/tools/sdk/esp32c3/lib/libesp-tls.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp32-camera.a b/tools/sdk/esp32c3/lib/libesp32-camera.a
index 38508049f88..9ce21fa220c 100644
Binary files a/tools/sdk/esp32c3/lib/libesp32-camera.a and b/tools/sdk/esp32c3/lib/libesp32-camera.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_common.a b/tools/sdk/esp32c3/lib/libesp_common.a
index 99dcc61437a..7c29bd6b8f3 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_common.a and b/tools/sdk/esp32c3/lib/libesp_common.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_eth.a b/tools/sdk/esp32c3/lib/libesp_eth.a
index ea67fb03a6d..7292c582dd3 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_eth.a and b/tools/sdk/esp32c3/lib/libesp_eth.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_event.a b/tools/sdk/esp32c3/lib/libesp_event.a
index 1b98e7a6d3b..ae1ae34e39d 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_event.a and b/tools/sdk/esp32c3/lib/libesp_event.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_hid.a b/tools/sdk/esp32c3/lib/libesp_hid.a
index 3669216cfdc..04ec9bcfa59 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_hid.a and b/tools/sdk/esp32c3/lib/libesp_hid.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_http_client.a b/tools/sdk/esp32c3/lib/libesp_http_client.a
index d39a2824db7..176b6a898d3 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_http_client.a and b/tools/sdk/esp32c3/lib/libesp_http_client.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_http_server.a b/tools/sdk/esp32c3/lib/libesp_http_server.a
index 4df24fd3d21..20119d65724 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_http_server.a and b/tools/sdk/esp32c3/lib/libesp_http_server.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_https_server.a b/tools/sdk/esp32c3/lib/libesp_https_server.a
index 4b9a3155cc5..cfa67d53545 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_https_server.a and b/tools/sdk/esp32c3/lib/libesp_https_server.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_hw_support.a b/tools/sdk/esp32c3/lib/libesp_hw_support.a
index 312aa43c416..17360fdb1b8 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_hw_support.a and b/tools/sdk/esp32c3/lib/libesp_hw_support.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_lcd.a b/tools/sdk/esp32c3/lib/libesp_lcd.a
index 0dd472e63cd..f228736f91c 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_lcd.a and b/tools/sdk/esp32c3/lib/libesp_lcd.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_littlefs.a b/tools/sdk/esp32c3/lib/libesp_littlefs.a
index af56f29ea37..bf9dd459d85 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_littlefs.a and b/tools/sdk/esp32c3/lib/libesp_littlefs.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_local_ctrl.a b/tools/sdk/esp32c3/lib/libesp_local_ctrl.a
index 3412bd87801..dd956332a64 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_local_ctrl.a and b/tools/sdk/esp32c3/lib/libesp_local_ctrl.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_netif.a b/tools/sdk/esp32c3/lib/libesp_netif.a
index 27b3cbaaef5..05ee91018cc 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_netif.a and b/tools/sdk/esp32c3/lib/libesp_netif.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_phy.a b/tools/sdk/esp32c3/lib/libesp_phy.a
index cef8b141851..aeaf9852ac0 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_phy.a and b/tools/sdk/esp32c3/lib/libesp_phy.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_rainmaker.a b/tools/sdk/esp32c3/lib/libesp_rainmaker.a
index fbe313e37e7..0c9b728fd8a 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_rainmaker.a and b/tools/sdk/esp32c3/lib/libesp_rainmaker.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_ringbuf.a b/tools/sdk/esp32c3/lib/libesp_ringbuf.a
index 3e77252d25f..cbb21343a17 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_ringbuf.a and b/tools/sdk/esp32c3/lib/libesp_ringbuf.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_system.a b/tools/sdk/esp32c3/lib/libesp_system.a
index 4e9157afdf2..71ef5e599b1 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_system.a and b/tools/sdk/esp32c3/lib/libesp_system.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_timer.a b/tools/sdk/esp32c3/lib/libesp_timer.a
index 1052ed6e68d..e49b1bf49c1 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_timer.a and b/tools/sdk/esp32c3/lib/libesp_timer.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_websocket_client.a b/tools/sdk/esp32c3/lib/libesp_websocket_client.a
index 2ae33d61de1..d549614c720 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_websocket_client.a and b/tools/sdk/esp32c3/lib/libesp_websocket_client.a differ
diff --git a/tools/sdk/esp32c3/lib/libesp_wifi.a b/tools/sdk/esp32c3/lib/libesp_wifi.a
index ffb538be99e..c3d10097213 100644
Binary files a/tools/sdk/esp32c3/lib/libesp_wifi.a and b/tools/sdk/esp32c3/lib/libesp_wifi.a differ
diff --git a/tools/sdk/esp32c3/lib/libespnow.a b/tools/sdk/esp32c3/lib/libespnow.a
index c838e620823..25003ebd565 100644
Binary files a/tools/sdk/esp32c3/lib/libespnow.a and b/tools/sdk/esp32c3/lib/libespnow.a differ
diff --git a/tools/sdk/esp32c3/lib/libfatfs.a b/tools/sdk/esp32c3/lib/libfatfs.a
index ceb76b2599a..61e38ded214 100644
Binary files a/tools/sdk/esp32c3/lib/libfatfs.a and b/tools/sdk/esp32c3/lib/libfatfs.a differ
diff --git a/tools/sdk/esp32c3/lib/libfreemodbus.a b/tools/sdk/esp32c3/lib/libfreemodbus.a
index 01f5f6d168b..f7bb645a3f0 100644
Binary files a/tools/sdk/esp32c3/lib/libfreemodbus.a and b/tools/sdk/esp32c3/lib/libfreemodbus.a differ
diff --git a/tools/sdk/esp32c3/lib/libfreertos.a b/tools/sdk/esp32c3/lib/libfreertos.a
index 4f40f1bd781..3b92c397381 100644
Binary files a/tools/sdk/esp32c3/lib/libfreertos.a and b/tools/sdk/esp32c3/lib/libfreertos.a differ
diff --git a/tools/sdk/esp32c3/lib/libhal.a b/tools/sdk/esp32c3/lib/libhal.a
index c3eb77e6dff..7bf9e7898a8 100644
Binary files a/tools/sdk/esp32c3/lib/libhal.a and b/tools/sdk/esp32c3/lib/libhal.a differ
diff --git a/tools/sdk/esp32c3/lib/liblog.a b/tools/sdk/esp32c3/lib/liblog.a
index 0aa3978cf1a..a9c0fc8b652 100644
Binary files a/tools/sdk/esp32c3/lib/liblog.a and b/tools/sdk/esp32c3/lib/liblog.a differ
diff --git a/tools/sdk/esp32c3/lib/liblwip.a b/tools/sdk/esp32c3/lib/liblwip.a
index 4574e774dd2..b9adc29dcdb 100644
Binary files a/tools/sdk/esp32c3/lib/liblwip.a and b/tools/sdk/esp32c3/lib/liblwip.a differ
diff --git a/tools/sdk/esp32c3/lib/libmbedcrypto.a b/tools/sdk/esp32c3/lib/libmbedcrypto.a
index a9bf9ce3342..94d058ab9c0 100644
Binary files a/tools/sdk/esp32c3/lib/libmbedcrypto.a and b/tools/sdk/esp32c3/lib/libmbedcrypto.a differ
diff --git a/tools/sdk/esp32c3/lib/libmbedtls.a b/tools/sdk/esp32c3/lib/libmbedtls.a
index d9756059a16..8ee8bc3b44a 100644
Binary files a/tools/sdk/esp32c3/lib/libmbedtls.a and b/tools/sdk/esp32c3/lib/libmbedtls.a differ
diff --git a/tools/sdk/esp32c3/lib/libmbedtls_2.a b/tools/sdk/esp32c3/lib/libmbedtls_2.a
index 58fe49256b3..4bd67487838 100644
Binary files a/tools/sdk/esp32c3/lib/libmbedtls_2.a and b/tools/sdk/esp32c3/lib/libmbedtls_2.a differ
diff --git a/tools/sdk/esp32c3/lib/libmbedx509.a b/tools/sdk/esp32c3/lib/libmbedx509.a
index 99daf4a9f1c..07d76ff1132 100644
Binary files a/tools/sdk/esp32c3/lib/libmbedx509.a and b/tools/sdk/esp32c3/lib/libmbedx509.a differ
diff --git a/tools/sdk/esp32c3/lib/libmdns.a b/tools/sdk/esp32c3/lib/libmdns.a
index cc619407cc3..21e74569dd8 100644
Binary files a/tools/sdk/esp32c3/lib/libmdns.a and b/tools/sdk/esp32c3/lib/libmdns.a differ
diff --git a/tools/sdk/esp32c3/lib/libmesh.a b/tools/sdk/esp32c3/lib/libmesh.a
index e2e142378a3..ef4fecb3908 100644
Binary files a/tools/sdk/esp32c3/lib/libmesh.a and b/tools/sdk/esp32c3/lib/libmesh.a differ
diff --git a/tools/sdk/esp32c3/lib/libmqtt.a b/tools/sdk/esp32c3/lib/libmqtt.a
index f9d149b26cc..68b97f6d251 100644
Binary files a/tools/sdk/esp32c3/lib/libmqtt.a and b/tools/sdk/esp32c3/lib/libmqtt.a differ
diff --git a/tools/sdk/esp32c3/lib/libnet80211.a b/tools/sdk/esp32c3/lib/libnet80211.a
index d68f13b025e..cc46bbcc23b 100644
Binary files a/tools/sdk/esp32c3/lib/libnet80211.a and b/tools/sdk/esp32c3/lib/libnet80211.a differ
diff --git a/tools/sdk/esp32c3/lib/libnewlib.a b/tools/sdk/esp32c3/lib/libnewlib.a
index cc6f41b4196..30af7c741e9 100644
Binary files a/tools/sdk/esp32c3/lib/libnewlib.a and b/tools/sdk/esp32c3/lib/libnewlib.a differ
diff --git a/tools/sdk/esp32c3/lib/libnvs_flash.a b/tools/sdk/esp32c3/lib/libnvs_flash.a
index 11bca602515..b3d6edb0650 100644
Binary files a/tools/sdk/esp32c3/lib/libnvs_flash.a and b/tools/sdk/esp32c3/lib/libnvs_flash.a differ
diff --git a/tools/sdk/esp32c3/lib/libopenssl.a b/tools/sdk/esp32c3/lib/libopenssl.a
index b77d1733eaa..c6cd0ddc939 100644
Binary files a/tools/sdk/esp32c3/lib/libopenssl.a and b/tools/sdk/esp32c3/lib/libopenssl.a differ
diff --git a/tools/sdk/esp32c3/lib/libpp.a b/tools/sdk/esp32c3/lib/libpp.a
index 4676805a2e1..e14db866472 100644
Binary files a/tools/sdk/esp32c3/lib/libpp.a and b/tools/sdk/esp32c3/lib/libpp.a differ
diff --git a/tools/sdk/esp32c3/lib/libprotocomm.a b/tools/sdk/esp32c3/lib/libprotocomm.a
index 69b9b889cb7..7ee8cdddf65 100644
Binary files a/tools/sdk/esp32c3/lib/libprotocomm.a and b/tools/sdk/esp32c3/lib/libprotocomm.a differ
diff --git a/tools/sdk/esp32c3/lib/libpthread.a b/tools/sdk/esp32c3/lib/libpthread.a
index 1a85b9ccc6d..e7225dfd7a1 100644
Binary files a/tools/sdk/esp32c3/lib/libpthread.a and b/tools/sdk/esp32c3/lib/libpthread.a differ
diff --git a/tools/sdk/esp32c3/lib/librmaker_common.a b/tools/sdk/esp32c3/lib/librmaker_common.a
index 8e992ab391c..570bb63ed41 100644
Binary files a/tools/sdk/esp32c3/lib/librmaker_common.a and b/tools/sdk/esp32c3/lib/librmaker_common.a differ
diff --git a/tools/sdk/esp32c3/lib/libsmartconfig.a b/tools/sdk/esp32c3/lib/libsmartconfig.a
index f606721bedf..93c07d8781b 100644
Binary files a/tools/sdk/esp32c3/lib/libsmartconfig.a and b/tools/sdk/esp32c3/lib/libsmartconfig.a differ
diff --git a/tools/sdk/esp32c3/lib/libspiffs.a b/tools/sdk/esp32c3/lib/libspiffs.a
index 22c9274150a..85084a78bbe 100644
Binary files a/tools/sdk/esp32c3/lib/libspiffs.a and b/tools/sdk/esp32c3/lib/libspiffs.a differ
diff --git a/tools/sdk/esp32c3/lib/libtcp_transport.a b/tools/sdk/esp32c3/lib/libtcp_transport.a
index b839848d1a5..f8db463453c 100644
Binary files a/tools/sdk/esp32c3/lib/libtcp_transport.a and b/tools/sdk/esp32c3/lib/libtcp_transport.a differ
diff --git a/tools/sdk/esp32c3/lib/libtcpip_adapter.a b/tools/sdk/esp32c3/lib/libtcpip_adapter.a
index 7dd68335fae..fb30295d4ab 100644
Binary files a/tools/sdk/esp32c3/lib/libtcpip_adapter.a and b/tools/sdk/esp32c3/lib/libtcpip_adapter.a differ
diff --git a/tools/sdk/esp32c3/lib/libvfs.a b/tools/sdk/esp32c3/lib/libvfs.a
index ece350b1b9a..81f303c4b14 100644
Binary files a/tools/sdk/esp32c3/lib/libvfs.a and b/tools/sdk/esp32c3/lib/libvfs.a differ
diff --git a/tools/sdk/esp32c3/lib/libwapi.a b/tools/sdk/esp32c3/lib/libwapi.a
index ff8911922fe..00dd037f49a 100644
Binary files a/tools/sdk/esp32c3/lib/libwapi.a and b/tools/sdk/esp32c3/lib/libwapi.a differ
diff --git a/tools/sdk/esp32c3/lib/libwifi_provisioning.a b/tools/sdk/esp32c3/lib/libwifi_provisioning.a
index a45203b98ba..c098a2d5342 100644
Binary files a/tools/sdk/esp32c3/lib/libwifi_provisioning.a and b/tools/sdk/esp32c3/lib/libwifi_provisioning.a differ
diff --git a/tools/sdk/esp32c3/lib/libwpa_supplicant.a b/tools/sdk/esp32c3/lib/libwpa_supplicant.a
index 51ff4670ccb..a30b1e24423 100644
Binary files a/tools/sdk/esp32c3/lib/libwpa_supplicant.a and b/tools/sdk/esp32c3/lib/libwpa_supplicant.a differ
diff --git a/tools/sdk/esp32c3/qio_qspi/include/sdkconfig.h b/tools/sdk/esp32c3/qio_qspi/include/sdkconfig.h
index fea8bdb644c..c5849793d34 100644
--- a/tools/sdk/esp32c3/qio_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32c3/qio_qspi/include/sdkconfig.h
@@ -64,6 +64,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -741,5 +742,5 @@
 #define CONFIG_TOOLPREFIX CONFIG_SDK_TOOLPREFIX
 #define CONFIG_UDP_RECVMBOX_SIZE CONFIG_LWIP_UDP_RECVMBOX_SIZE
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32c3/qio_qspi/libspi_flash.a b/tools/sdk/esp32c3/qio_qspi/libspi_flash.a
index 09379b12d75..ce99ae2fce8 100644
Binary files a/tools/sdk/esp32c3/qio_qspi/libspi_flash.a and b/tools/sdk/esp32c3/qio_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32c3/qout_qspi/include/sdkconfig.h b/tools/sdk/esp32c3/qout_qspi/include/sdkconfig.h
index dd1e897142f..cb79ff5d1d8 100644
--- a/tools/sdk/esp32c3/qout_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32c3/qout_qspi/include/sdkconfig.h
@@ -64,6 +64,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -741,5 +742,5 @@
 #define CONFIG_TOOLPREFIX CONFIG_SDK_TOOLPREFIX
 #define CONFIG_UDP_RECVMBOX_SIZE CONFIG_LWIP_UDP_RECVMBOX_SIZE
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32c3/qout_qspi/libspi_flash.a b/tools/sdk/esp32c3/qout_qspi/libspi_flash.a
index 2ee17cd3d1b..061be7138ae 100644
Binary files a/tools/sdk/esp32c3/qout_qspi/libspi_flash.a and b/tools/sdk/esp32c3/qout_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32c3/sdkconfig b/tools/sdk/esp32c3/sdkconfig
index a1edf0bb3f8..5c2d7ad95c0 100644
--- a/tools/sdk/esp32c3/sdkconfig
+++ b/tools/sdk/esp32c3/sdkconfig
@@ -174,6 +174,7 @@ CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD=0
 # CONFIG_ESP_RMAKER_SKIP_VERSION_CHECK is not set
 # CONFIG_ESP_RMAKER_SKIP_PROJECT_NAME_CHECK is not set
 CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE=1024
+CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD=90
 # end of ESP RainMaker OTA Config
 
 #
diff --git a/tools/sdk/esp32s2/dio_qspi/include/sdkconfig.h b/tools/sdk/esp32s2/dio_qspi/include/sdkconfig.h
index 3d4b2b3ec42..5b421fcc3e7 100644
--- a/tools/sdk/esp32s2/dio_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32s2/dio_qspi/include/sdkconfig.h
@@ -64,6 +64,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -628,5 +629,5 @@
 #define CONFIG_USB_MSC_BUFSIZE CONFIG_TINYUSB_MSC_BUFSIZE
 #define CONFIG_USB_MSC_ENABLED CONFIG_TINYUSB_MSC_ENABLED
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32s2/dio_qspi/libspi_flash.a b/tools/sdk/esp32s2/dio_qspi/libspi_flash.a
index 7f24cfe3a11..f100953f607 100644
Binary files a/tools/sdk/esp32s2/dio_qspi/libspi_flash.a and b/tools/sdk/esp32s2/dio_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32s2/dout_qspi/include/sdkconfig.h b/tools/sdk/esp32s2/dout_qspi/include/sdkconfig.h
index 18c48787ea5..f2493567d2f 100644
--- a/tools/sdk/esp32s2/dout_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32s2/dout_qspi/include/sdkconfig.h
@@ -64,6 +64,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -628,5 +629,5 @@
 #define CONFIG_USB_MSC_BUFSIZE CONFIG_TINYUSB_MSC_BUFSIZE
 #define CONFIG_USB_MSC_ENABLED CONFIG_TINYUSB_MSC_ENABLED
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32s2/dout_qspi/libspi_flash.a b/tools/sdk/esp32s2/dout_qspi/libspi_flash.a
index c7e0c137a7e..7f963bfb642 100644
Binary files a/tools/sdk/esp32s2/dout_qspi/libspi_flash.a and b/tools/sdk/esp32s2/dout_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32s2/include/app_update/include/esp_ota_ops.h b/tools/sdk/esp32s2/include/app_update/include/esp_ota_ops.h
index ba07c013d90..ece5275db3b 100644
--- a/tools/sdk/esp32s2/include/app_update/include/esp_ota_ops.h
+++ b/tools/sdk/esp32s2/include/app_update/include/esp_ota_ops.h
@@ -327,9 +327,9 @@ typedef enum {
 /**
  * @brief Revokes the old signature digest. To be called in the application after the rollback logic.
  *
- * Relevant for Secure boot v2 on ESP32-S2 where upto 3 key digests can be stored (Key #N-1, Key #N, Key #N+1).
- * When key #N-1 used to sign an app is invalidated, an OTA update is to be sent with an app signed with key #N-1 & Key #N.
- * After successfully booting the OTA app should call this function to revoke Key #N-1.
+ * Relevant for Secure boot v2 on ESP32-S2, ESP32-S3, ESP32-C3 where upto 3 key digests can be stored (Key \#N-1, Key \#N, Key \#N+1).
+ * When key \#N-1 used to sign an app is invalidated, an OTA update is to be sent with an app signed with key \#N-1 & Key \#N.
+ * After successfully booting the OTA app should call this function to revoke Key \#N-1.
  *
  * @param index - The index of the signature block to be revoked
  *
diff --git a/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/common/tusb_compiler.h b/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/common/tusb_compiler.h
index ae00f4e7516..2c30daf6fc7 100644
--- a/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/common/tusb_compiler.h
+++ b/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/common/tusb_compiler.h
@@ -131,6 +131,12 @@
   #define TU_ATTR_BIT_FIELD_ORDER_BEGIN
   #define TU_ATTR_BIT_FIELD_ORDER_END
 
+  #if __has_attribute(__fallthrough__)
+    #define TU_ATTR_FALLTHROUGH         __attribute__((fallthrough))
+  #else
+    #define TU_ATTR_FALLTHROUGH         do {} while (0)  /* fallthrough */
+  #endif
+
   // Endian conversion use well-known host to network (big endian) naming
   #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
     #define TU_BYTE_ORDER TU_LITTLE_ENDIAN
@@ -156,6 +162,7 @@
   #define TU_ATTR_DEPRECATED(mess)      __attribute__ ((deprecated(mess))) // warn if function with this attribute is used
   #define TU_ATTR_UNUSED                __attribute__ ((unused))           // Function/Variable is meant to be possibly unused
   #define TU_ATTR_USED                  __attribute__ ((used))
+  #define TU_ATTR_FALLTHROUGH           __attribute__((fallthrough))
 
   #define TU_ATTR_PACKED_BEGIN
   #define TU_ATTR_PACKED_END
@@ -182,6 +189,7 @@
   #define TU_ATTR_DEPRECATED(mess)      __attribute__ ((deprecated(mess))) // warn if function with this attribute is used
   #define TU_ATTR_UNUSED                __attribute__ ((unused))           // Function/Variable is meant to be possibly unused
   #define TU_ATTR_USED                  __attribute__ ((used))             // Function/Variable is meant to be used
+  #define TU_ATTR_FALLTHROUGH           __attribute__((fallthrough))
 
   #define TU_ATTR_PACKED_BEGIN
   #define TU_ATTR_PACKED_END
@@ -207,6 +215,7 @@
   #define TU_ATTR_DEPRECATED(mess)
   #define TU_ATTR_UNUSED
   #define TU_ATTR_USED
+  #define TU_ATTR_FALLTHROUGH           do {} while (0)  /* fallthrough */
 
   #define TU_ATTR_PACKED_BEGIN          _Pragma("pack")
   #define TU_ATTR_PACKED_END            _Pragma("packoption")
@@ -227,6 +236,7 @@
   #error "Compiler attribute porting is required"
 #endif
 
+
 #if (TU_BYTE_ORDER == TU_LITTLE_ENDIAN)
 
   #define tu_htons(u16)  (TU_BSWAP16(u16))
diff --git a/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/common/tusb_mcu.h b/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/common/tusb_mcu.h
index 383a8d68603..baa82fc14dc 100644
--- a/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/common/tusb_mcu.h
+++ b/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/common/tusb_mcu.h
@@ -75,7 +75,7 @@
   // TODO USB0 has 5, USB1 has 6
   #define TUP_DCD_ENDPOINT_MAX    6
 
-#elif TU_CHECK_MCU(OPT_MCU_MIMXRT10XX)
+#elif TU_CHECK_MCU(OPT_MCU_MIMXRT)
   #define TUP_USBIP_CHIPIDEA_HS
   #define TUP_USBIP_EHCI
 
diff --git a/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/portable/chipidea/ci_hs/ci_hs_imxrt.h b/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/portable/chipidea/ci_hs/ci_hs_imxrt.h
index 78ca5a5a236..2de0d9cb48f 100644
--- a/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/portable/chipidea/ci_hs/ci_hs_imxrt.h
+++ b/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/portable/chipidea/ci_hs/ci_hs_imxrt.h
@@ -29,6 +29,14 @@
 
 #include "fsl_device_registers.h"
 
+#if !defined(USB1_BASE) && defined(USB_OTG1_BASE)
+#define USB1_BASE USB_OTG1_BASE
+#endif
+
+#if !defined(USB2_BASE) && defined(USB_OTG2_BASE)
+#define USB2_BASE USB_OTG2_BASE
+#endif
+
 static const ci_hs_controller_t _ci_controller[] =
 {
   // RT1010 and RT1020 only has 1 USB controller
diff --git a/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/tusb_option.h b/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/tusb_option.h
index 206d23e72cc..70ef1c399f8 100644
--- a/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/tusb_option.h
+++ b/tools/sdk/esp32s2/include/arduino_tinyusb/tinyusb/src/tusb_option.h
@@ -98,7 +98,9 @@ typedef int make_iso_compilers_happy;
 #define OPT_MCU_VALENTYUSB_EPTRI  600 ///< Fomu eptri config
 
 // NXP iMX RT
-#define OPT_MCU_MIMXRT10XX        700 ///< NXP iMX RT10xx
+#define OPT_MCU_MIMXRT            700             ///< NXP iMX RT Series
+#define OPT_MCU_MIMXRT10XX        OPT_MCU_MIMXRT  ///< RT10xx
+#define OPT_MCU_MIMXRT11XX        OPT_MCU_MIMXRT  ///< RT11xx
 
 // Nuvoton
 #define OPT_MCU_NUC121            800
diff --git a/tools/sdk/esp32s2/include/driver/include/driver/gpio.h b/tools/sdk/esp32s2/include/driver/include/driver/gpio.h
index 77bb2dd78c0..b904def347b 100644
--- a/tools/sdk/esp32s2/include/driver/include/driver/gpio.h
+++ b/tools/sdk/esp32s2/include/driver/include/driver/gpio.h
@@ -97,9 +97,9 @@ esp_err_t gpio_set_intr_type(gpio_num_t gpio_num, gpio_int_type_t intr_type);
 /**
  * @brief  Enable GPIO module interrupt signal
  *
- * @note Please do not use the interrupt of GPIO36 and GPIO39 when using ADC or Wi-Fi and Bluetooth with sleep mode enabled.
+ * @note ESP32: Please do not use the interrupt of GPIO36 and GPIO39 when using ADC or Wi-Fi and Bluetooth with sleep mode enabled.
  *       Please refer to the comments of `adc1_get_raw`.
- *       Please refer to section 3.11 of 'ECO_and_Workarounds_for_Bugs_in_ESP32' for the description of this issue.
+ *       Please refer to Section 3.11 of <a href="https://espressif.com/documentation/eco_and_workarounds_for_bugs_in_esp32_en.pdf">ESP32 ECO and Workarounds for Bugs</a> for the description of this issue.
  *       As a workaround, call adc_power_acquire() in the app. This will result in higher power consumption (by ~1mA),
  *       but will remove the glitches on GPIO36 and GPIO39.
  *
@@ -169,7 +169,7 @@ esp_err_t gpio_set_direction(gpio_num_t gpio_num, gpio_mode_t mode);
 /**
  * @brief  Configure GPIO pull-up/pull-down resistors
  *
- * Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
+ * @note ESP32: Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
  *
  * @param  gpio_num GPIO number. If you want to set pull up or down mode for e.g. GPIO16, gpio_num should be GPIO_NUM_16 (16);
  * @param  pull GPIO pull up/down mode.
@@ -484,7 +484,7 @@ esp_err_t gpio_sleep_set_direction(gpio_num_t gpio_num, gpio_mode_t mode);
 /**
  * @brief  Configure GPIO pull-up/pull-down resistors at sleep
  *
- * Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
+ * @note ESP32: Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
  *
  * @param  gpio_num GPIO number. If you want to set pull up or down mode for e.g. GPIO16, gpio_num should be GPIO_NUM_16 (16);
  * @param  pull GPIO pull up/down mode.
diff --git a/tools/sdk/esp32s2/include/driver/include/driver/uart.h b/tools/sdk/esp32s2/include/driver/include/driver/uart.h
index 4524516338b..f0c2ae10132 100644
--- a/tools/sdk/esp32s2/include/driver/include/driver/uart.h
+++ b/tools/sdk/esp32s2/include/driver/include/driver/uart.h
@@ -594,6 +594,18 @@ esp_err_t uart_flush_input(uart_port_t uart_num);
  */
 esp_err_t uart_get_buffered_data_len(uart_port_t uart_num, size_t* size);
 
+/**
+ * @brief   UART get TX ring buffer free space size
+ *
+ * @param   uart_num UART port number, the max port number is (UART_NUM_MAX -1).
+ * @param   size Pointer of size_t to accept the free space size
+ *
+ * @return
+ *     - ESP_OK Success
+ *     - ESP_ERR_INVALID_ARG Parameter error
+ */
+esp_err_t uart_get_tx_buffer_free_size(uart_port_t uart_num, size_t *size);
+
 /**
  * @brief   UART disable pattern detect function.
  *          Designed for applications like 'AT commands'.
diff --git a/tools/sdk/esp32s2/include/esp32-camera/driver/include/esp_camera.h b/tools/sdk/esp32s2/include/esp32-camera/driver/include/esp_camera.h
index b6047d312ae..2025bb403a9 100755
--- a/tools/sdk/esp32s2/include/esp32-camera/driver/include/esp_camera.h
+++ b/tools/sdk/esp32s2/include/esp32-camera/driver/include/esp_camera.h
@@ -70,6 +70,7 @@
 #include "driver/ledc.h"
 #include "sensor.h"
 #include "sys/time.h"
+#include "sdkconfig.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -91,6 +92,19 @@ typedef enum {
     CAMERA_FB_IN_DRAM           /*!< Frame buffer is placed in internal DRAM */
 } camera_fb_location_t;
 
+#if CONFIG_CAMERA_CONVERTER_ENABLED
+/**
+ * @brief Camera RGB\YUV conversion mode
+ */
+typedef enum {
+    CONV_DISABLE,
+    RGB565_TO_YUV422,
+        
+    YUV422_TO_RGB565,
+    YUV422_TO_YUV420
+} camera_conv_mode_t;
+#endif
+
 /**
  * @brief Configuration structure for camera initialization
  */
@@ -124,6 +138,9 @@ typedef struct {
     size_t fb_count;                /*!< Number of frame buffers to be allocated. If more than one, then each frame will be acquired (double speed)  */
     camera_fb_location_t fb_location; /*!< The location where the frame buffer will be allocated */
     camera_grab_mode_t grab_mode;   /*!< When buffers should be filled */
+#if CONFIG_CAMERA_CONVERTER_ENABLED
+    camera_conv_mode_t conv_mode;   /*!< RGB<->YUV Conversion mode */
+#endif
 } camera_config_t;
 
 /**
diff --git a/tools/sdk/esp32s2/include/esp32-camera/driver/include/sensor.h b/tools/sdk/esp32s2/include/esp32-camera/driver/include/sensor.h
index c1b882acd21..d5ec7463fd3 100755
--- a/tools/sdk/esp32s2/include/esp32-camera/driver/include/sensor.h
+++ b/tools/sdk/esp32s2/include/esp32-camera/driver/include/sensor.h
@@ -69,6 +69,7 @@ typedef enum {
 typedef enum {
     PIXFORMAT_RGB565,    // 2BPP/RGB565
     PIXFORMAT_YUV422,    // 2BPP/YUV422
+    PIXFORMAT_YUV420,    // 1.5BPP/YUV420
     PIXFORMAT_GRAYSCALE, // 1BPP/GRAYSCALE
     PIXFORMAT_JPEG,      // JPEG/COMPRESSED
     PIXFORMAT_RGB888,    // 3BPP/RGB888
diff --git a/tools/sdk/esp32s2/include/esp_eth/include/esp_eth_mac.h b/tools/sdk/esp32s2/include/esp_eth/include/esp_eth_mac.h
index db462728a18..be23792d2d8 100644
--- a/tools/sdk/esp32s2/include/esp_eth/include/esp_eth_mac.h
+++ b/tools/sdk/esp32s2/include/esp_eth/include/esp_eth_mac.h
@@ -411,7 +411,7 @@ typedef struct {
 /**
 * @brief Create ESP32 Ethernet MAC instance
 *
-* @param config: Ethernet MAC configuration
+* @param config:       Ethernet MAC configuration
 *
 * @return
 *      - instance: create MAC instance successfully
diff --git a/tools/sdk/esp32s2/include/esp_https_server/include/esp_https_server.h b/tools/sdk/esp32s2/include/esp_https_server/include/esp_https_server.h
index efe726e9e70..75720bd1ce7 100644
--- a/tools/sdk/esp32s2/include/esp_https_server/include/esp_https_server.h
+++ b/tools/sdk/esp32s2/include/esp_https_server/include/esp_https_server.h
@@ -25,7 +25,7 @@ typedef enum {
  * @brief Callback data struct, contains the ESP-TLS connection handle
  */
 typedef struct esp_https_server_user_cb_arg {
-    const esp_tls_t *tls;
+    const esp_tls_t *tls;        /*!< ESP-TLS connection handle */
 } esp_https_server_user_cb_arg_t;
 
 /**
diff --git a/tools/sdk/esp32s2/include/esp_hw_support/include/esp_mac.h b/tools/sdk/esp32s2/include/esp_hw_support/include/esp_mac.h
index f0efddfc2f7..e700b72ffe0 100644
--- a/tools/sdk/esp32s2/include/esp_hw_support/include/esp_mac.h
+++ b/tools/sdk/esp32s2/include/esp_hw_support/include/esp_mac.h
@@ -139,7 +139,7 @@ esp_err_t esp_read_mac(uint8_t *mac, esp_mac_type_t type);
   * address, then the first octet is XORed with 0x4 in order to create a different
   * locally administered MAC address.
   *
-  * @param  mac base MAC address, length: 6 bytes/8 bytes.
+  * @param  local_mac base MAC address, length: 6 bytes/8 bytes.
   *         length: 6 bytes for MAC-48
   *                 8 bytes for EUI-64(used for IEEE 802.15.4)
   * @param  universal_mac  Source universal MAC address, length: 6 bytes.
diff --git a/tools/sdk/esp32s2/include/esp_lcd/include/esp_lcd_panel_io.h b/tools/sdk/esp32s2/include/esp_lcd/include/esp_lcd_panel_io.h
index 7b99bde3f17..57f27ac96aa 100644
--- a/tools/sdk/esp32s2/include/esp_lcd/include/esp_lcd_panel_io.h
+++ b/tools/sdk/esp32s2/include/esp_lcd/include/esp_lcd_panel_io.h
@@ -134,6 +134,10 @@ typedef struct {
  */
 esp_err_t esp_lcd_new_panel_io_spi(esp_lcd_spi_bus_handle_t bus, const esp_lcd_panel_io_spi_config_t *io_config, esp_lcd_panel_io_handle_t *ret_io);
 
+/**
+ * @brief Panel IO configuration structure, for I2C interface
+ *
+ */
 typedef struct {
     uint32_t dev_addr; /*!< I2C device address */
     esp_lcd_panel_io_color_trans_done_cb_t on_color_trans_done; /*!< Callback invoked when color data transfer has finished */
@@ -145,7 +149,7 @@ typedef struct {
     struct {
         unsigned int dc_low_on_data: 1;  /*!< If this flag is enabled, DC line = 0 means transfer data, DC line = 1 means transfer command; vice versa */
         unsigned int disable_control_phase: 1; /*!< If this flag is enabled, the control phase isn't used */
-    } flags;
+    } flags; /*!< Extra flags to fine-tune the I2C device */
 } esp_lcd_panel_io_i2c_config_t;
 
 /**
@@ -223,7 +227,7 @@ typedef struct {
         unsigned int swap_color_bytes: 1;   /*!< Swap adjacent two color bytes */
         unsigned int pclk_active_neg: 1;    /*!< The display will write data lines when there's a falling edge on WR signal (a.k.a the PCLK) */
         unsigned int pclk_idle_low: 1;      /*!< The WR signal (a.k.a the PCLK) stays at low level in IDLE phase */
-    } flags;
+    } flags;                                /*!< Panel IO config flags */
 } esp_lcd_panel_io_i80_config_t;
 
 /**
diff --git a/tools/sdk/esp32s2/include/esp_lcd/include/esp_lcd_panel_rgb.h b/tools/sdk/esp32s2/include/esp_lcd/include/esp_lcd_panel_rgb.h
index 95dfb6ba4fc..f821a758839 100644
--- a/tools/sdk/esp32s2/include/esp_lcd/include/esp_lcd_panel_rgb.h
+++ b/tools/sdk/esp32s2/include/esp_lcd/include/esp_lcd_panel_rgb.h
@@ -66,7 +66,7 @@ typedef struct {
         unsigned int de_idle_high: 1;    /*!< The de signal is high in IDLE state */
         unsigned int pclk_active_neg: 1; /*!< Whether the display data is clocked out at the falling edge of PCLK */
         unsigned int pclk_idle_high: 1;  /*!< The PCLK stays at high level in IDLE phase */
-    } flags;
+    } flags;                             /*!< LCD RGB timing flags */
 } esp_lcd_rgb_timing_t;
 
 /**
@@ -106,7 +106,7 @@ typedef struct {
         unsigned int disp_active_low: 1; /*!< If this flag is enabled, a low level of display control signal can turn the screen on; vice versa */
         unsigned int relax_on_idle: 1;   /*!< If this flag is enabled, the host won't refresh the LCD if nothing changed in host's frame buffer (this is usefull for LCD with built-in GRAM) */
         unsigned int fb_in_psram: 1;     /*!< If this flag is enabled, the frame buffer will be allocated from PSRAM preferentially */
-    } flags;
+    } flags;                             /*!< LCD RGB panel configuration flags */
 } esp_lcd_rgb_panel_config_t;
 
 /**
diff --git a/tools/sdk/esp32s2/include/esp_lcd/include/esp_lcd_panel_vendor.h b/tools/sdk/esp32s2/include/esp_lcd/include/esp_lcd_panel_vendor.h
index dde8be68d3b..2503adeb7ea 100644
--- a/tools/sdk/esp32s2/include/esp_lcd/include/esp_lcd_panel_vendor.h
+++ b/tools/sdk/esp32s2/include/esp_lcd/include/esp_lcd_panel_vendor.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -22,8 +22,8 @@ typedef struct {
     unsigned int bits_per_pixel;       /*!< Color depth, in bpp */
     struct {
         unsigned int reset_active_high: 1; /*!< Setting this if the panel reset is high level active */
-    } flags;
-    void *vendor_config; /* vendor specific configuration, optional, left as NULL if not used */
+    } flags;                               /*!< LCD panel config flags */
+    void *vendor_config; /*!< vendor specific configuration, optional, left as NULL if not used */
 } esp_lcd_panel_dev_config_t;
 
 /**
diff --git a/tools/sdk/esp32s2/include/esp_netif/include/esp_netif.h b/tools/sdk/esp32s2/include/esp_netif/include/esp_netif.h
index 92c937c1294..e248db0cb41 100644
--- a/tools/sdk/esp32s2/include/esp_netif/include/esp_netif.h
+++ b/tools/sdk/esp32s2/include/esp_netif/include/esp_netif.h
@@ -619,9 +619,10 @@ esp_err_t esp_netif_dhcps_stop(esp_netif_t *esp_netif);
  *
  *   If DHCP server is enabled, the Main DNS Server setting is used by the DHCP server to provide a DNS Server option
  *   to DHCP clients (Wi-Fi stations).
- *   - The default Main DNS server is typically the IP of the Wi-Fi AP interface itself.
+ *   - The default Main DNS server is typically the IP of the DHCP server itself.
  *   - This function can override it by setting server type ESP_NETIF_DNS_MAIN.
- *   - Other DNS Server types are not supported for the Wi-Fi AP interface.
+ *   - Other DNS Server types are not supported for the DHCP server.
+ *   - To propagate the DNS info to client, please stop the DHCP server before using this API.
  *
  * @param[in]  esp_netif Handle to esp-netif instance
  * @param[in]  type Type of DNS Server to set: ESP_NETIF_DNS_MAIN, ESP_NETIF_DNS_BACKUP, ESP_NETIF_DNS_FALLBACK
diff --git a/tools/sdk/esp32s2/include/esp_netif/include/esp_netif_ip_addr.h b/tools/sdk/esp32s2/include/esp_netif/include/esp_netif_ip_addr.h
index 25b877d359d..57f10999b31 100644
--- a/tools/sdk/esp32s2/include/esp_netif/include/esp_netif_ip_addr.h
+++ b/tools/sdk/esp32s2/include/esp_netif/include/esp_netif_ip_addr.h
@@ -81,25 +81,37 @@ extern "C" {
 #define ESP_IP4ADDR_INIT(a, b, c, d)  { .type = ESP_IPADDR_TYPE_V4, .u_addr = { .ip4 = { .addr = ESP_IP4TOADDR(a, b, c, d) }}};
 #define ESP_IP6ADDR_INIT(a, b, c, d)  { .type = ESP_IPADDR_TYPE_V6, .u_addr = { .ip6 = { .addr = { a, b, c, d }, .zone = 0 }}};
 
+/**
+ * @brief IPv6 address
+ *
+ */
 struct esp_ip6_addr {
-    uint32_t addr[4];
-    uint8_t zone;
+    uint32_t addr[4]; /*!< IPv6 address */
+    uint8_t zone;     /*!< zone ID */
 };
 
+/**
+ * @brief IPv4 address
+ *
+ */
 struct esp_ip4_addr {
-    uint32_t addr;
+    uint32_t addr;  /*!< IPv4 address */
 };
 
 typedef struct esp_ip4_addr esp_ip4_addr_t;
 
 typedef struct esp_ip6_addr esp_ip6_addr_t;
 
+/**
+ * @brief IP address
+ *
+ */
 typedef struct _ip_addr {
     union {
-        esp_ip6_addr_t ip6;
-        esp_ip4_addr_t ip4;
-    } u_addr;
-    uint8_t type;
+        esp_ip6_addr_t ip6; /*!< IPv6 address type */
+        esp_ip4_addr_t ip4; /*!< IPv4 address type */
+    } u_addr;               /*!< IP address union */
+    uint8_t type;           /*!< ipaddress type */
 } esp_ip_addr_t;
 
 typedef enum {
diff --git a/tools/sdk/esp32s2/include/esp_netif/include/esp_netif_types.h b/tools/sdk/esp32s2/include/esp_netif/include/esp_netif_types.h
index cc7a37b9c49..ee6b92a3b24 100644
--- a/tools/sdk/esp32s2/include/esp_netif/include/esp_netif_types.h
+++ b/tools/sdk/esp32s2/include/esp_netif/include/esp_netif_types.h
@@ -112,6 +112,11 @@ typedef struct {
     esp_ip6_addr_t ip; /**< Interface IPV6 address */
 } esp_netif_ip6_info_t;
 
+
+/**
+ * @brief Event structure for IP_EVENT_GOT_IP event
+ *
+ */
 typedef struct {
     int if_index;                    /*!< Interface index for which the event is received (left for legacy compilation) */
     esp_netif_t *esp_netif;          /*!< Pointer to corresponding esp-netif object */
@@ -164,6 +169,10 @@ typedef enum esp_netif_ip_event_type {
 //      3) network stack specific config (esp_netif_net_stack_ifconfig_t) -- no publicly available
 //
 
+/**
+ * @brief ESP-netif inherent config parameters
+ *
+ */
 typedef struct esp_netif_inherent_config {
     esp_netif_flags_t flags;         /*!< flags that define esp-netif behavior */
     uint8_t mac[6];                  /*!< initial mac address for this interface */
@@ -185,19 +194,23 @@ typedef struct esp_netif_config esp_netif_config_t;
  */
 typedef void * esp_netif_iodriver_handle;
 
+/**
+ * @brief ESP-netif driver base handle
+ *
+ */
 typedef struct esp_netif_driver_base_s {
-    esp_err_t (*post_attach)(esp_netif_t *netif, esp_netif_iodriver_handle h);
-    esp_netif_t *netif;
+    esp_err_t (*post_attach)(esp_netif_t *netif, esp_netif_iodriver_handle h); /*!< post attach function pointer */
+    esp_netif_t *netif; /*!< netif handle */
 } esp_netif_driver_base_t;
 
 /**
  * @brief  Specific IO driver configuration
  */
 struct esp_netif_driver_ifconfig {
-    esp_netif_iodriver_handle handle;
-    esp_err_t (*transmit)(void *h, void *buffer, size_t len);
-    esp_err_t (*transmit_wrap)(void *h, void *buffer, size_t len, void *netstack_buffer);
-    void (*driver_free_rx_buffer)(void *h, void* buffer);
+    esp_netif_iodriver_handle handle; /*!< io-driver handle */
+    esp_err_t (*transmit)(void *h, void *buffer, size_t len); /*!< transmit function pointer */
+    esp_err_t (*transmit_wrap)(void *h, void *buffer, size_t len, void *netstack_buffer); /*!< transmit wrap function pointer */
+    void (*driver_free_rx_buffer)(void *h, void* buffer); /*!< free rx buffer function pointer */
 };
 
 typedef struct esp_netif_driver_ifconfig esp_netif_driver_ifconfig_t;
@@ -212,9 +225,9 @@ typedef struct esp_netif_netstack_config esp_netif_netstack_config_t;
  * @brief  Generic esp_netif configuration
  */
 struct esp_netif_config {
-    const esp_netif_inherent_config_t *base;
-    const esp_netif_driver_ifconfig_t *driver;
-    const esp_netif_netstack_config_t *stack;
+    const esp_netif_inherent_config_t *base; /*!< base config */
+    const esp_netif_driver_ifconfig_t *driver; /*!< driver config */
+    const esp_netif_netstack_config_t *stack; /*!< stack config */
 };
 
 /**
diff --git a/tools/sdk/esp32s2/include/esp_phy/include/esp_phy_init.h b/tools/sdk/esp32s2/include/esp_phy/include/esp_phy_init.h
index ec682139506..efefd114d4f 100644
--- a/tools/sdk/esp32s2/include/esp_phy/include/esp_phy_init.h
+++ b/tools/sdk/esp32s2/include/esp_phy/include/esp_phy_init.h
@@ -14,7 +14,8 @@ extern "C" {
 #endif
 
 /**
- * @file PHY init parameters and API
+ * @file
+ *          init parameters and API
  */
 
 
@@ -34,6 +35,10 @@ typedef struct {
     uint8_t opaque[1894];                   /*!< calibration data */
 } esp_phy_calibration_data_t;
 
+/**
+ * @brief PHY calibration mode
+ *
+ */
 typedef enum {
     PHY_RF_CAL_PARTIAL = 0x00000000,        /*!< Do part of RF calibration. This should be used after power-on reset. */
     PHY_RF_CAL_NONE    = 0x00000001,        /*!< Don't do any RF calibration. This mode is only suggested to be used after deep sleep reset. */
@@ -223,6 +228,10 @@ int64_t esp_phy_rf_get_on_ts(void);
 
 /**
  * @brief Update the corresponding PHY init type according to the country code of Wi-Fi.
+ *
+ * @param country country code
+ * @return ESP_OK on success.
+ * @return esp_err_t code describing the error on fail
  */
 esp_err_t esp_phy_update_country_info(const char *country);
 
diff --git a/tools/sdk/esp32s2/include/esp_wifi/include/esp_now.h b/tools/sdk/esp32s2/include/esp_wifi/include/esp_now.h
index de41a879363..191d1d1ccec 100644
--- a/tools/sdk/esp32s2/include/esp_wifi/include/esp_now.h
+++ b/tools/sdk/esp32s2/include/esp_wifi/include/esp_now.h
@@ -1,16 +1,8 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #ifndef __ESP_NOW_H__
 #define __ESP_NOW_H__
@@ -190,7 +182,7 @@ esp_err_t esp_now_unregister_send_cb(void);
   *          - ESP_ERR_ESPNOW_NOT_INIT : ESPNOW is not initialized
   *          - ESP_ERR_ESPNOW_ARG : invalid argument
   *          - ESP_ERR_ESPNOW_INTERNAL : internal error
-  *          - ESP_ERR_ESPNOW_NO_MEM : out of memory
+  *          - ESP_ERR_ESPNOW_NO_MEM : out of memory, when this happens, you can delay a while before sending the next data
   *          - ESP_ERR_ESPNOW_NOT_FOUND : peer is not found
   *          - ESP_ERR_ESPNOW_IF : current WiFi interface doesn't match that of peer
   */
@@ -237,6 +229,20 @@ esp_err_t esp_now_del_peer(const uint8_t *peer_addr);
   */
 esp_err_t esp_now_mod_peer(const esp_now_peer_info_t *peer);
 
+/**
+  * @brief      Config ESPNOW rate of specified interface
+  *
+  * @attention  1. This API should be called after esp_wifi_start().
+  *
+  * @param      ifx  Interface to be configured.
+  * @param      rate Phy rate to be configured.
+  *
+  * @return
+  *    - ESP_OK: succeed
+  *    - others: failed
+  */
+esp_err_t esp_wifi_config_espnow_rate(wifi_interface_t ifx, wifi_phy_rate_t rate);
+
 /**
   * @brief     Get a peer whose MAC address matches peer_addr from peer list
   *
diff --git a/tools/sdk/esp32s2/include/esp_wifi/include/esp_private/wifi.h b/tools/sdk/esp32s2/include/esp_wifi/include/esp_private/wifi.h
index 957f68791bd..a2c763260e5 100644
--- a/tools/sdk/esp32s2/include/esp_wifi/include/esp_private/wifi.h
+++ b/tools/sdk/esp32s2/include/esp_wifi/include/esp_private/wifi.h
@@ -251,6 +251,7 @@ esp_err_t esp_wifi_internal_set_sta_ip(void);
   *
   * @attention 1. If fixed rate is enabled, both management and data frame are transmitted with fixed rate
   * @attention 2. Make sure that the receiver is able to receive the frame with the fixed rate if you want the frame to be received
+  * @attention 3. Not support to set fix rate for espnow and 80211_tx
   *
   * @param  ifx : wifi interface
   * @param  en : false - disable, true - enable
diff --git a/tools/sdk/esp32s2/include/esp_wifi/include/esp_wifi.h b/tools/sdk/esp32s2/include/esp_wifi/include/esp_wifi.h
index 3d62c5c297c..e06569dfc15 100644
--- a/tools/sdk/esp32s2/include/esp_wifi/include/esp_wifi.h
+++ b/tools/sdk/esp32s2/include/esp_wifi/include/esp_wifi.h
@@ -498,7 +498,7 @@ esp_err_t esp_wifi_get_ps(wifi_ps_type_t *type);
   * @brief     Set protocol type of specified interface
   *            The default protocol is (WIFI_PROTOCOL_11B|WIFI_PROTOCOL_11G|WIFI_PROTOCOL_11N)
   *
-  * @attention Currently we only support 802.11b or 802.11bg or 802.11bgn mode
+  * @attention Support 802.11b or 802.11bg or 802.11bgn or LR mode
   *
   * @param     ifx  interfaces
   * @param     protocol_bitmap  WiFi protocol bitmap
@@ -1210,20 +1210,6 @@ esp_err_t esp_wifi_ftm_resp_set_offset(int16_t offset_cm);
   */
 esp_err_t esp_wifi_config_11b_rate(wifi_interface_t ifx, bool disable);
 
-/**
-  * @brief      Config ESPNOW rate of specified interface
-  *
-  * @attention  1. This API should be called after esp_wifi_init() and before esp_wifi_start().
-  *
-  * @param      ifx  Interface to be configured.
-  * @param      rate Phy rate to be configured.
-  *
-  * @return
-  *    - ESP_OK: succeed
-  *    - others: failed
-  */
-esp_err_t esp_wifi_config_espnow_rate(wifi_interface_t ifx, wifi_phy_rate_t rate);
-
 /**
   * @brief      Set interval for station to wake up periodically at disconnected.
   *
diff --git a/tools/sdk/esp32s2/include/esp_wifi/include/esp_wifi_types.h b/tools/sdk/esp32s2/include/esp_wifi/include/esp_wifi_types.h
index 47f5c79281b..89020d4abbf 100644
--- a/tools/sdk/esp32s2/include/esp_wifi/include/esp_wifi_types.h
+++ b/tools/sdk/esp32s2/include/esp_wifi/include/esp_wifi_types.h
@@ -343,7 +343,7 @@ typedef struct {
     unsigned fec_coding:1;        /**< Flag is set for 11n packets which are LDPC */
     unsigned sgi:1;               /**< Short Guide Interval(SGI). 0: Long GI; 1: Short GI */
 #if CONFIG_IDF_TARGET_ESP32
-    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: 0.25dBm*/
+    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: dBm*/
 #elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C3
     unsigned :8;                  /**< reserved */
 #endif
@@ -356,14 +356,14 @@ typedef struct {
 #if CONFIG_IDF_TARGET_ESP32S2
     unsigned :32;                 /**< reserved */
 #elif CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C3
-    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: 0.25dBm*/
+    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: dBm*/
     unsigned :24;                 /**< reserved */
     unsigned :32;                 /**< reserved */
 #endif
     unsigned :31;                 /**< reserved */
     unsigned ant:1;               /**< antenna number from which this packet is received. 0: WiFi antenna 0; 1: WiFi antenna 1 */
 #if CONFIG_IDF_TARGET_ESP32S2
-    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: 0.25dBm*/
+    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: dBm*/
     unsigned :24;                 /**< reserved */
 #elif CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C3
     unsigned :32;                 /**< reserved */
diff --git a/tools/sdk/esp32s2/include/freertos/include/freertos/queue.h b/tools/sdk/esp32s2/include/freertos/include/freertos/queue.h
index 05ca7de4546..5070b76e79c 100644
--- a/tools/sdk/esp32s2/include/freertos/include/freertos/queue.h
+++ b/tools/sdk/esp32s2/include/freertos/include/freertos/queue.h
@@ -1398,9 +1398,6 @@ BaseType_t xQueueGenericSendFromISR( QueueHandle_t xQueue,
                                      const BaseType_t xCopyPosition ) PRIVILEGED_FUNCTION;
 BaseType_t xQueueGiveFromISR( QueueHandle_t xQueue,
                               BaseType_t * const pxHigherPriorityTaskWoken ) PRIVILEGED_FUNCTION;
-/**@}*/
-/** @endcond */
-
 /**
  * @cond !DOC_EXCLUDE_HEADER_SECTION
  * queue. h
diff --git a/tools/sdk/esp32s2/include/freertos/include/freertos/task.h b/tools/sdk/esp32s2/include/freertos/include/freertos/task.h
index 125a924d061..88b2730933d 100644
--- a/tools/sdk/esp32s2/include/freertos/include/freertos/task.h
+++ b/tools/sdk/esp32s2/include/freertos/include/freertos/task.h
@@ -392,7 +392,7 @@ typedef enum
  * example, to create a privileged task at priority 2 the uxPriority parameter
  * should be set to ( 2 | portPRIVILEGE_BIT ).
  *
- * @param pvCreatedTask Used to pass back a handle by which the created task
+ * @param pxCreatedTask Used to pass back a handle by which the created task
  * can be referenced.
  *
  * @return pdPASS if the task was successfully created and added to a ready
@@ -538,7 +538,7 @@ typedef enum
  *
  * @param uxPriority The priority at which the task will run.
  *
- * @param pxStackBuffer Must point to a StackType_t array that has at least
+ * @param puxStackBuffer Must point to a StackType_t array that has at least
  * ulStackDepth indexes - the array will then be used as the task's stack,
  * removing the need for the stack to be allocated dynamically.
  *
@@ -2368,7 +2368,7 @@ uint32_t ulTaskGetIdleRunTimeCounter( void ) PRIVILEGED_FUNCTION;
  * notification value at that index being updated.  ulValue is not used and
  * xTaskNotifyIndexed() always returns pdPASS in this case.
  *
- * pulPreviousNotificationValue -
+ * @param pulPreviousNotificationValue -
  * Can be used to pass out the subject task's notification value before any
  * bits are modified by the notify function.
  *
@@ -2532,6 +2532,10 @@ BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify,
  * requested from an ISR is dependent on the port - see the documentation page
  * for the port in use.
  *
+ * @param pulPreviousNotificationValue -
+ * Can be used to pass out the subject task's notification value before any
+ * bits are modified by the notify function.
+ *
  * @return Dependent on the value of eAction.  See the description of the
  * eAction parameter.
  *
@@ -2778,11 +2782,10 @@ BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWaitOn,
  * @endcond
  * \ingroup TaskNotifications
  */
-#define xTaskNotifyGive( xTaskToNotify ) \
-    xTaskGenericNotify( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( 0 ), eIncrement, NULL )
 #define xTaskNotifyGiveIndexed( xTaskToNotify, uxIndexToNotify ) \
     xTaskGenericNotify( ( xTaskToNotify ), ( uxIndexToNotify ), ( 0 ), eIncrement, NULL )
-
+#define xTaskNotifyGive( xTaskToNotify ) \
+    xTaskGenericNotify( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( 0 ), eIncrement, NULL )
 /**
  * @cond !DOC_EXCLUDE_HEADER_SECTION
  * task. h
diff --git a/tools/sdk/esp32s2/include/hal/include/hal/adc_types.h b/tools/sdk/esp32s2/include/hal/include/hal/adc_types.h
index f5efb1d4273..dc07531e0b9 100644
--- a/tools/sdk/esp32s2/include/hal/include/hal/adc_types.h
+++ b/tools/sdk/esp32s2/include/hal/include/hal/adc_types.h
@@ -121,7 +121,7 @@ typedef struct {
         struct {
             uint16_t data:     12;  /*!<ADC real output data info. Resolution: 12 bit. */
             uint16_t channel:   4;  /*!<ADC channel index info. */
-        } type1;
+        } type1;                    /*!<ADC type1 */
         struct {
             uint16_t data:     11;  /*!<ADC real output data info. Resolution: 11 bit. */
             uint16_t channel:   4;  /*!<ADC channel index info. For ESP32-S2:
diff --git a/tools/sdk/esp32s2/include/lwip/include/apps/ping/ping_sock.h b/tools/sdk/esp32s2/include/lwip/include/apps/ping/ping_sock.h
index 57938480d54..fb946f7e162 100644
--- a/tools/sdk/esp32s2/include/lwip/include/apps/ping/ping_sock.h
+++ b/tools/sdk/esp32s2/include/lwip/include/apps/ping/ping_sock.h
@@ -67,7 +67,8 @@ typedef struct {
     uint32_t interval_ms;     /*!< Milliseconds between each ping procedure */
     uint32_t timeout_ms;      /*!< Timeout value (in milliseconds) of each ping procedure */
     uint32_t data_size;       /*!< Size of the data next to ICMP packet header */
-    uint8_t tos;              /*!< Type of Service, a field specified in the IP header */
+    int tos;                  /*!< Type of Service, a field specified in the IP header */
+    int ttl;                  /*!< Time to Live,a field specified in the IP header */
     ip_addr_t target_addr;    /*!< Target IP address, either IPv4 or IPv6 */
     uint32_t task_stack_size; /*!< Stack size of internal ping task */
     uint32_t task_prio;       /*!< Priority of internal ping task */
@@ -85,6 +86,7 @@ typedef struct {
         .timeout_ms = 1000,              \
         .data_size = 64,                 \
         .tos = 0,                        \
+        .ttl = IP_DEFAULT_TTL,           \
         .target_addr = *(IP_ANY_TYPE),   \
         .task_stack_size = 2048,         \
         .task_prio = 2,                  \
@@ -99,6 +101,7 @@ typedef struct {
 */
 typedef enum {
     ESP_PING_PROF_SEQNO,   /*!< Sequence number of a ping procedure */
+    ESP_PING_PROF_TOS,     /*!< Type of service of a ping procedure */
     ESP_PING_PROF_TTL,     /*!< Time to live of a ping procedure */
     ESP_PING_PROF_REQUEST, /*!< Number of request packets sent out */
     ESP_PING_PROF_REPLY,   /*!< Number of reply packets received */
diff --git a/tools/sdk/esp32s2/include/lwip/port/esp32/include/arch/cc.h b/tools/sdk/esp32s2/include/lwip/port/esp32/include/arch/cc.h
index f17c49783a5..8f0ffa60e33 100644
--- a/tools/sdk/esp32s2/include/lwip/port/esp32/include/arch/cc.h
+++ b/tools/sdk/esp32s2/include/lwip/port/esp32/include/arch/cc.h
@@ -79,7 +79,15 @@ typedef int sys_prot_t;
 
 #include <stdio.h>
 
+#ifdef CONFIG_LWIP_DEBUG_ESP_LOG
+// lwip debugs routed to ESP_LOGD
+#include "esp_log.h"
+#define LWIP_ESP_LOG_FUNC(format, ...) ESP_LOG_LEVEL(ESP_LOG_DEBUG, "lwip", format, ##__VA_ARGS__)
+#define LWIP_PLATFORM_DIAG(x) LWIP_ESP_LOG_FUNC x
+#else
+// lwip debugs routed to printf
 #define LWIP_PLATFORM_DIAG(x)   do {printf x;} while(0)
+#endif
 
 #ifdef NDEBUG
 
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/aes.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/aes.h
index e280dbb1c66..401ac39de87 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/aes.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/aes.h
@@ -564,7 +564,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
  *             for example, with 96-bit random nonces, you should not encrypt
  *             more than 2**32 messages with the same key.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that an AES block is 16 bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/aria.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/aria.h
index 226e2dbf3c8..d294c47f2d9 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/aria.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/aria.h
@@ -44,7 +44,7 @@
 #define MBEDTLS_ARIA_DECRYPT     0 /**< ARIA decryption. */
 
 #define MBEDTLS_ARIA_BLOCKSIZE   16 /**< ARIA block size in bytes. */
-#define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maxiumum number of rounds in ARIA. */
+#define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maximum number of rounds in ARIA. */
 #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -321,7 +321,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
  *             for example, with 96-bit random nonces, you should not encrypt
  *             more than 2**32 messages with the same key.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that an ARIA block is 16 bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/asn1.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/asn1.h
index 10f7905b7e6..5117fc7a418 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/asn1.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/asn1.h
@@ -61,7 +61,7 @@
 /** Buffer too small when writing ASN.1 data structure. */
 #define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C
 
-/* \} name */
+/** \} name ASN1 Error codes */
 
 /**
  * \name DER constants
@@ -121,8 +121,7 @@
 #define MBEDTLS_ASN1_TAG_PC_MASK             0x20
 #define MBEDTLS_ASN1_TAG_VALUE_MASK          0x1F
 
-/* \} name */
-/* \} addtogroup asn1_module */
+/** \} name DER constants */
 
 /** Returns the size of the binary string, without the trailing \\0 */
 #define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
@@ -210,7 +209,7 @@ mbedtls_asn1_named_data;
  * \return      0 if successful.
  * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
  *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
  */
 int mbedtls_asn1_get_len( unsigned char **p,
                           const unsigned char *end,
@@ -235,7 +234,7 @@ int mbedtls_asn1_get_len( unsigned char **p,
  *              with the requested tag.
  * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
  *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
  */
 int mbedtls_asn1_get_tag( unsigned char **p,
                           const unsigned char *end,
@@ -607,6 +606,9 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
  */
 void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
 
+/** \} name Functions to parse ASN.1 data structures */
+/** \} addtogroup asn1_module */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/bignum.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/bignum.h
index 4de452980b8..c71a1d40227 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/bignum.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/bignum.h
@@ -991,7 +991,7 @@ MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
  *                 generate yourself and that are supposed to be prime, then
  *                 \p rounds should be at least the half of the security
  *                 strength of the cryptographic algorithm. On the other hand,
- *                 if \p X is chosen uniformly or non-adversially (as is the
+ *                 if \p X is chosen uniformly or non-adversarially (as is the
  *                 case when mbedtls_mpi_gen_prime calls this function), then
  *                 \p rounds can be much lower.
  *
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/blowfish.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/blowfish.h
index 77dca70d314..d5f809921fa 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/blowfish.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/blowfish.h
@@ -185,7 +185,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
  *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
  *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
  * \param length   The length of the input data in Bytes.
- * \param iv_off   The offset in the initialiation vector.
+ * \param iv_off   The offset in the initialization vector.
  *                 The value pointed to must be smaller than \c 8 Bytes.
  *                 It is updated by this function to support the aforementioned
  *                 streaming usage.
@@ -246,7 +246,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
  *             The recommended way to ensure uniqueness is to use a message
  *             counter.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that a Blowfish block is 8 bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/camellia.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/camellia.h
index 925a623e47e..d39d932fa2c 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/camellia.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/camellia.h
@@ -273,7 +273,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
  *             encrypted: for example, with 96-bit random nonces, you should
  *             not encrypt more than 2**32 messages with the same key.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that a CAMELLIA block is \c 16 Bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h
index c4ec7b5f2a9..ed568bc98b7 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h
@@ -161,7 +161,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
  * \param ctx       The ChaCha20-Poly1305 context. This must be initialized
  *                  and bound to a key.
  * \param nonce     The nonce/IV to use for the message.
- *                  This must be a redable buffer of length \c 12 Bytes.
+ *                  This must be a readable buffer of length \c 12 Bytes.
  * \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
  *                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
  *
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/check_config.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/check_config.h
index 396fe7dfc2b..be5c548e561 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/check_config.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/check_config.h
@@ -173,7 +173,11 @@
 #endif
 
 #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
@@ -214,11 +218,32 @@
 #error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
 #endif
 
+#if defined(MBEDTLS_CCM_C) && (                                        \
+    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+#error "MBEDTLS_CCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CCM_C) && !defined(MBEDTLS_CIPHER_C)
+#error "MBEDTLS_CCM_C defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_GCM_C) && (                                        \
-        !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+#error "MBEDTLS_GCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CIPHER_C)
 #error "MBEDTLS_GCM_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C)
+#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_POLY1305_C)
+#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
 #error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
 #endif
@@ -338,11 +363,11 @@
 #endif
 
 #if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
@@ -619,6 +644,18 @@
 #error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
 #endif
 
+#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) && \
+    !defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_ECDSA_C)
+#error "MBEDTLS_PK_C in configuration with MBEDTLS_USE_PSA_CRYPTO and \
+        MBEDTLS_ECDSA_C requires MBEDTLS_PK_WRITE_C to be defined."
+#endif
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) && \
+    !defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PSA_CRYPTO_C)
+#error "MBEDTLS_PSA_CRYPTO_C, MBEDTLS_RSA_C and  MBEDTLS_PKCS1_V15 defined, \
+        but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
     !defined(MBEDTLS_OID_C) )
 #error "MBEDTLS_RSA_C defined, but not all prerequisites"
@@ -761,14 +798,14 @@
     !defined(MBEDTLS_SSL_PROTO_TLS1)   &&      \
     !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
     !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
     !defined(MBEDTLS_SSL_PROTO_TLS1)   &&          \
     !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&          \
     !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/config.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/config.h
index 87b4e9192e7..1cd6eb66348 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/config.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/config.h
@@ -128,7 +128,12 @@
  * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
  * MBEDTLS_PLATFORM_STD_TIME.
  *
- * Comment if your system does not support time functions
+ * Comment if your system does not support time functions.
+ *
+ * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
+ *       interface - timing.c will include time.h on suitable platforms
+ *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
  */
 #define MBEDTLS_HAVE_TIME
 
@@ -321,7 +326,7 @@
  */
 //#define MBEDTLS_CHECK_PARAMS_ASSERT
 
-/* \} name SECTION: System support */
+/** \} name SECTION: System support */
 
 /**
  * \name SECTION: mbed TLS feature support
@@ -395,7 +400,7 @@
 //#define MBEDTLS_XTEA_ALT
 
 /*
- * When replacing the elliptic curve module, pleace consider, that it is
+ * When replacing the elliptic curve module, please consider, that it is
  * implemented with two .c files:
  *      - ecp.c
  *      - ecp_curves.c
@@ -1493,7 +1498,7 @@
  * Enable an implementation of SHA-256 that has lower ROM footprint but also
  * lower performance.
  *
- * The default implementation is meant to be a reasonnable compromise between
+ * The default implementation is meant to be a reasonable compromise between
  * performance and size. This version optimizes more aggressively for size at
  * the expense of performance. Eg on Cortex-M4 it reduces the size of
  * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
@@ -1658,7 +1663,7 @@
  * Enable support for RFC 7627: Session Hash and Extended Master Secret
  * Extension.
  *
- * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * This was introduced as "the proper fix" to the Triple Handshake family of
  * attacks, but it is recommended to always use it (even if you disable
  * renegotiation), since it actually fixes a more fundamental issue in the
  * original SSL/TLS design, and has implications beyond Triple Handshake.
@@ -1704,7 +1709,7 @@
  * \note This option has no influence on the protection against the
  *       triple handshake attack. Even if it is disabled, Mbed TLS will
  *       still ensure that certificates do not change during renegotiation,
- *       for exaple by keeping a hash of the peer's certificate.
+ *       for example by keeping a hash of the peer's certificate.
  *
  * Comment this macro to disable storing the peer's certificate
  * after the handshake.
@@ -1909,7 +1914,7 @@
  * unless you know for sure amplification cannot be a problem in the
  * environment in which your server operates.
  *
- * \warning Disabling this can ba a security risk! (see above)
+ * \warning Disabling this can be a security risk! (see above)
  *
  * Requires: MBEDTLS_SSL_PROTO_DTLS
  *
@@ -2162,8 +2167,19 @@
  * This setting allows support for cryptographic mechanisms through the PSA
  * API to be configured separately from support through the mbedtls API.
  *
- * Uncomment this to enable use of PSA Crypto configuration settings which
- * can be found in include/psa/crypto_config.h.
+ * When this option is disabled, the PSA API exposes the cryptographic
+ * mechanisms that can be implemented on top of the `mbedtls_xxx` API
+ * configured with `MBEDTLS_XXX` symbols.
+ *
+ * When this option is enabled, the PSA API exposes the cryptographic
+ * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
+ * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
+ * automatically enabled if required (i.e. if no PSA driver provides the
+ * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
+ * in config.h.
+ *
+ * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
+ * an alternative header to include instead of include/psa/crypto_config.h.
  *
  * If you enable this option and write your own configuration file, you must
  * include mbedtls/config_psa.h in your configuration file. The default
@@ -2289,7 +2305,7 @@
  * Uncomment to enable use of ZLIB
  */
 //#define MBEDTLS_ZLIB_SUPPORT
-/* \} name SECTION: mbed TLS feature support */
+/** \} name SECTION: mbed TLS feature support */
 
 /**
  * \name SECTION: mbed TLS modules
@@ -2902,7 +2918,7 @@
  *
  * Requires: MBEDTLS_MD_C
  *
- * Uncomment to enable the HMAC_DRBG random number geerator.
+ * Uncomment to enable the HMAC_DRBG random number generator.
  */
 #define MBEDTLS_HMAC_DRBG_C
 
@@ -3096,7 +3112,7 @@
 /**
  * \def MBEDTLS_PK_C
  *
- * Enable the generic public (asymetric) key layer.
+ * Enable the generic public (asymmetric) key layer.
  *
  * Module:  library/pk.c
  * Caller:  library/ssl_tls.c
@@ -3112,7 +3128,7 @@
 /**
  * \def MBEDTLS_PK_PARSE_C
  *
- * Enable the generic public (asymetric) key parser.
+ * Enable the generic public (asymmetric) key parser.
  *
  * Module:  library/pkparse.c
  * Caller:  library/x509_crt.c
@@ -3127,7 +3143,7 @@
 /**
  * \def MBEDTLS_PK_WRITE_C
  *
- * Enable the generic public (asymetric) key writer.
+ * Enable the generic public (asymmetric) key writer.
  *
  * Module:  library/pkwrite.c
  * Caller:  library/x509write.c
@@ -3466,6 +3482,10 @@
  * your own implementation of the whole module by setting
  * \c MBEDTLS_TIMING_ALT in the current file.
  *
+ * \note The timing module will include time.h on suitable platforms
+ *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
+ *
  * \note See also our Knowledge Base article about porting to a new
  * environment:
  * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
@@ -3598,7 +3618,88 @@
  */
 #define MBEDTLS_XTEA_C
 
-/* \} name SECTION: mbed TLS modules */
+/** \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: General configuration options
+ *
+ * This section contains Mbed TLS build settings that are not associated
+ * with a particular module.
+ *
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"mbedtls/config.h"`.
+ * This header file specifies the compile-time configuration of Mbed TLS.
+ * Unlike other configuration options, this one must be defined on the
+ * compiler command line: a definition in `config.h` would have no effect.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_CONFIG_FILE "mbedtls/config.h"
+
+/**
+ * \def MBEDTLS_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"mbedtls/config.h"` or #MBEDTLS_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_config.h"`.
+ * This header file specifies which cryptographic mechanisms are available
+ * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
+ * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
+
+/** \} name SECTION: General configuration options */
 
 /**
  * \name SECTION: Module configuration options
@@ -3609,11 +3710,15 @@
  *
  * Our advice is to enable options and change their values here
  * only if you have a good reason and know the consequences.
- *
- * Please check the respective header file for documentation on these
- * parameters (to prevent duplicate documentation).
  * \{
  */
+/* The Doxygen documentation here is used when a user comments out a
+ * setting and runs doxygen themselves. On the other hand, when we typeset
+ * the full documentation including disabled settings, the documentation
+ * in specific modules' header files is used if present. When editing this
+ * file, make sure that each option is documented in exactly one place,
+ * plus optionally a same-line Doxygen comment here if there is a Doxygen
+ * comment in the specific module. */
 
 /* MPI / BIGNUM options */
 //#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum window size used. */
@@ -4002,7 +4107,7 @@
  */
 //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
 
-/* \} name SECTION: Customisation configuration options */
+/** \} name SECTION: Module configuration options */
 
 /* Target and application specific configurations
  *
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/config_psa.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/config_psa.h
index 189f6c21734..1bf750ad5ee 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/config_psa.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/config_psa.h
@@ -31,9 +31,17 @@
 #define MBEDTLS_CONFIG_PSA_H
 
 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+#else
 #include "psa/crypto_config.h"
+#endif
 #endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
 
+#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -264,7 +272,6 @@ extern "C" {
 #if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
     (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
     (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
-    (defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \
     defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
     (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
      !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
@@ -393,15 +400,8 @@ extern "C" {
 #endif
 #endif /* PSA_WANT_ALG_OFB */
 
-#if defined(PSA_WANT_ALG_XTS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define MBEDTLS_CIPHER_MODE_XTS
-#endif
-#endif /* PSA_WANT_ALG_XTS */
-
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING) &&     \
+    !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
 #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
 #endif
 
@@ -483,7 +483,7 @@ extern "C" {
 #if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
 /*
  * Curve448 is not yet supported via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/4249).
+ * (https://github.com/Mbed-TLS/mbedtls/issues/4249).
  */
 #error "Curve448 is not yet supported via the PSA API in Mbed TLS."
 #define MBEDTLS_ECP_DP_CURVE448_ENABLED
@@ -537,7 +537,7 @@ extern "C" {
 #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
 /*
  * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541).
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541).
  */
 #error "SECP224K1 is buggy via the PSA API in Mbed TLS."
 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
@@ -751,11 +751,6 @@ extern "C" {
 #define PSA_WANT_ALG_OFB 1
 #endif
 
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define PSA_WANT_ALG_XTS 1
-#endif
-
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256
@@ -776,7 +771,7 @@ extern "C" {
 #define PSA_WANT_ECC_MONTGOMERY_255
 #endif
 
-/* Curve448 is not yet supported via the PSA API (https://github.com/ARMmbed/mbedtls/issues/4249) */
+/* Curve448 is not yet supported via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/4249) */
 #if 0 && defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
 #define PSA_WANT_ECC_MONTGOMERY_448
@@ -812,7 +807,7 @@ extern "C" {
 #define PSA_WANT_ECC_SECP_K1_192
 #endif
 
-/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
+/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
 #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
 #define PSA_WANT_ECC_SECP_K1_224
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
index dc4adc896d4..e68237a439a 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
@@ -138,7 +138,7 @@
 /**< The maximum size of seed or reseed buffer in bytes. */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #define MBEDTLS_CTR_DRBG_PR_OFF             0
 /**< Prediction resistance is disabled. */
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/debug.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/debug.h
index 3c08244f3da..4fc4662d9ab 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/debug.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/debug.h
@@ -139,7 +139,7 @@ extern "C" {
  *          discarded.
  *          (Default value: 0 = No debug )
  *
- * \param threshold     theshold level of messages to filter on. Messages at a
+ * \param threshold     threshold level of messages to filter on. Messages at a
  *                      higher level will be discarded.
  *                          - Debug levels
  *                              - 0 No debug
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h
index 891705d8c4f..3564ff8dd3e 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h
@@ -68,7 +68,7 @@ typedef enum {
  * (KeyExchange) as defined by the Thread spec.
  *
  * In order to benefit from this symmetry, we choose a different naming
- * convetion from the Thread v1.0 spec. Correspondance is indicated in the
+ * convention from the Thread v1.0 spec. Correspondence is indicated in the
  * description as a pair C: client name, S: server name
  */
 typedef struct mbedtls_ecjpake_context
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ecp.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ecp.h
index 0924341e002..64a0bccda05 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ecp.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ecp.h
@@ -315,7 +315,7 @@ mbedtls_ecp_group;
 #if !defined(MBEDTLS_ECP_WINDOW_SIZE)
 /*
  * Maximum "window" size used for point multiplication.
- * Default: a point where higher memory usage yields disminishing performance
+ * Default: a point where higher memory usage yields diminishing performance
  *          returns.
  * Minimum value: 2. Maximum value: 7.
  *
@@ -351,7 +351,7 @@ mbedtls_ecp_group;
 #define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up. */
 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #else  /* MBEDTLS_ECP_ALT */
 #include "ecp_alt.h"
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/entropy.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/entropy.h
index deb3c50300b..40259ebc8a1 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/entropy.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/entropy.h
@@ -75,7 +75,7 @@
 #define MBEDTLS_ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
 #define MBEDTLS_ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/hkdf.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/hkdf.h
index 223004b8ede..111d960e568 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/hkdf.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/hkdf.h
@@ -39,7 +39,7 @@
  */
 /** Bad input parameters to function. */
 #define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA  -0x5F80
-/* \} name */
+/** \} name */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
index 79132d4d910..6d372b9788e 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
@@ -74,7 +74,7 @@
 #define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT    384     /**< Maximum size of (re)seed buffer */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #define MBEDTLS_HMAC_DRBG_PR_OFF   0   /**< No prediction resistance       */
 #define MBEDTLS_HMAC_DRBG_PR_ON    1   /**< Prediction resistance enabled  */
@@ -207,7 +207,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
                     size_t len );
 
 /**
- * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
+ * \brief               Initialisation of simplified HMAC_DRBG (never reseeds).
  *
  * This function is meant for use in algorithms that need a pseudorandom
  * input such as deterministic ECDSA.
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
index 233977252a3..3954b36ab56 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
@@ -42,7 +42,7 @@
 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE       4 /**< Align on multiples of this value */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #define MBEDTLS_MEMORY_VERIFY_NONE         0
 #define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/oid.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/oid.h
index 1c39186a491..01862178044 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/oid.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/oid.h
@@ -143,7 +143,7 @@
 #define MBEDTLS_OID_AT_GIVEN_NAME               MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
 #define MBEDTLS_OID_AT_INITIALS                 MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
 #define MBEDTLS_OID_AT_GENERATION_QUALIFIER     MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
+#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */
 #define MBEDTLS_OID_AT_DN_QUALIFIER             MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
 #define MBEDTLS_OID_AT_PSEUDONYM                MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
 
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/pem.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/pem.h
index dfb4ff218e6..daa71c886ba 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/pem.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/pem.h
@@ -54,7 +54,7 @@
 #define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400
 /** Bad input parameters to function. */
 #define MBEDTLS_ERR_PEM_BAD_INPUT_DATA                    -0x1480
-/* \} name */
+/** \} name PEM Error codes */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/pk.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/pk.h
index 8f2abf2a608..c9a13f484ed 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/pk.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/pk.h
@@ -217,32 +217,6 @@ typedef struct
 typedef void mbedtls_pk_restart_ctx;
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 
-#if defined(MBEDTLS_RSA_C)
-/**
- * Quick access to an RSA context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an RSA context
- * before using this function!
- */
-static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
-{
-    return( (mbedtls_rsa_context *) (pk).pk_ctx );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * Quick access to an EC context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an EC context
- * before using this function!
- */
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
-{
-    return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
-}
-#endif /* MBEDTLS_ECP_C */
-
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /**
  * \brief           Types for RSA-alt abstraction
@@ -656,6 +630,55 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
  */
 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
 
+#if defined(MBEDTLS_RSA_C)
+/**
+ * Quick access to an RSA context inside a PK context.
+ *
+ * \warning This function can only be used when the type of the context, as
+ * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_RSA.
+ * Ensuring that is the caller's responsibility.
+ * Alternatively, you can check whether this function returns NULL.
+ *
+ * \return The internal RSA context held by the PK context, or NULL.
+ */
+static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
+{
+    switch( mbedtls_pk_get_type( &pk ) )
+    {
+        case MBEDTLS_PK_RSA:
+            return( (mbedtls_rsa_context *) (pk).pk_ctx );
+        default:
+            return( NULL );
+    }
+}
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * Quick access to an EC context inside a PK context.
+ *
+ * \warning This function can only be used when the type of the context, as
+ * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_ECKEY,
+ * #MBEDTLS_PK_ECKEY_DH, or #MBEDTLS_PK_ECDSA.
+ * Ensuring that is the caller's responsibility.
+ * Alternatively, you can check whether this function returns NULL.
+ *
+ * \return The internal EC context held by the PK context, or NULL.
+ */
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
+{
+    switch( mbedtls_pk_get_type( &pk ) )
+    {
+        case MBEDTLS_PK_ECKEY:
+        case MBEDTLS_PK_ECKEY_DH:
+        case MBEDTLS_PK_ECDSA:
+            return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
+        default:
+            return( NULL );
+    }
+}
+#endif /* MBEDTLS_ECP_C */
+
 #if defined(MBEDTLS_PK_PARSE_C)
 /** \ingroup pk_module */
 /**
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/platform.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/platform.h
index bdef07498d7..06dd192eab9 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/platform.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/platform.h
@@ -70,7 +70,9 @@ extern "C" {
 #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
 #include <stdio.h>
 #include <stdlib.h>
+#if defined(MBEDTLS_HAVE_TIME)
 #include <time.h>
+#endif
 #if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
 #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
 #define MBEDTLS_PLATFORM_STD_SNPRINTF   mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use.  */
@@ -127,7 +129,7 @@ extern "C" {
 #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
 
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 /*
  * The function pointers for calloc and free.
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/platform_time.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/platform_time.h
index 7e7daab6920..94055711b2e 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/platform_time.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/platform_time.h
@@ -32,14 +32,6 @@
 extern "C" {
 #endif
 
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
 /*
  * The time_t datatype
  */
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/platform_util.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/platform_util.h
index f982db8c01c..cd112ab58e2 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/platform_util.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/platform_util.h
@@ -67,7 +67,7 @@ extern "C" {
  * \brief       User supplied callback function for parameter validation failure.
  *              See #MBEDTLS_CHECK_PARAMS for context.
  *
- *              This function will be called unless an alternative treatement
+ *              This function will be called unless an alternative treatment
  *              is defined through the #MBEDTLS_PARAM_FAILED macro.
  *
  *              This function can return, and the operation will be aborted, or
@@ -198,7 +198,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
  *
  * This macro has an empty expansion. It exists for documentation purposes:
  * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
- * has been analyzed for return-check usefuless, whereas the lack of
+ * has been analyzed for return-check usefulness, whereas the lack of
  * an annotation indicates that the function has not been analyzed and its
  * return-check usefulness is unknown.
  */
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/rsa.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/rsa.h
index 3c481e12a17..062df73aa06 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/rsa.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/rsa.h
@@ -88,7 +88,7 @@
 
 /*
  * The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
+ * eg for alternative (PKCS#11) RSA implementations in the PK layers.
  */
 
 #ifdef __cplusplus
@@ -552,7 +552,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
  *
  * \note           Blinding is used if and only if a PRNG is provided.
  *
- * \note           If blinding is used, both the base of exponentation
+ * \note           If blinding is used, both the base of exponentiation
  *                 and the exponent are blinded, providing protection
  *                 against some side-channel attacks.
  *
@@ -687,7 +687,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
  *                   mode being set to #MBEDTLS_RSA_PRIVATE and might instead
  *                   return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx        The initnialized RSA context to use.
+ * \param ctx        The initialized RSA context to use.
  * \param f_rng      The RNG function to use. This is needed for padding
  *                   generation and must be provided.
  * \param p_rng      The RNG context to be passed to \p f_rng. This may
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl.h
index 209dbf6053c..5064ec56891 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl.h
@@ -349,7 +349,7 @@
 #define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 /*
  * Length of the verify data for secure renegotiation
@@ -1152,7 +1152,7 @@ struct mbedtls_ssl_config
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    /** Callback to create & write a cookie for ClientHello veirifcation    */
+    /** Callback to create & write a cookie for ClientHello verification    */
     int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
                            const unsigned char *, size_t );
     /** Callback to verify validity of a ClientHello cookie                 */
@@ -1405,7 +1405,7 @@ struct mbedtls_ssl_context
     unsigned char *compress_buf;        /*!<  zlib data buffer        */
 #endif /* MBEDTLS_ZLIB_SUPPORT */
 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-    signed char split_done;     /*!< current record already splitted? */
+    signed char split_done;     /*!< current record already split? */
 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
 
     /*
@@ -1688,7 +1688,7 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
  *
  * \note           The two most common use cases are:
  *                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
- *                 - blocking I/O, f_recv == NULL, f_recv_timout != NULL
+ *                 - blocking I/O, f_recv == NULL, f_recv_timeout != NULL
  *
  * \note           For DTLS, you need to provide either a non-NULL
  *                 f_recv_timeout callback, or a f_recv that doesn't block.
@@ -1846,7 +1846,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 /**
- * \brief          Set the Maximum Tranport Unit (MTU).
+ * \brief          Set the Maximum Transport Unit (MTU).
  *                 Special value: 0 means unset (no limit).
  *                 This represents the maximum size of a datagram payload
  *                 handled by the transport layer (usually UDP) as determined
@@ -2387,7 +2387,7 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
  *                 ones going through the authentication-decryption phase.
  *
  * \note           This is a security trade-off related to the fact that it's
- *                 often relatively easy for an active attacker ot inject UDP
+ *                 often relatively easy for an active attacker to inject UDP
  *                 datagrams. On one hand, setting a low limit here makes it
  *                 easier for such an attacker to forcibly terminated a
  *                 connection. On the other hand, a high limit or no limit
@@ -2498,7 +2498,7 @@ void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min,
  *                 successfully cached, return 1 otherwise.
  *
  * \param conf           SSL configuration
- * \param p_cache        parmater (context) for both callbacks
+ * \param p_cache        parameter (context) for both callbacks
  * \param f_get_cache    session get callback
  * \param f_set_cache    session set callback
  */
@@ -2529,7 +2529,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
 /**
  * \brief          Load serialized session data into a session structure.
  *                 On client, this can be used for loading saved sessions
- *                 before resuming them with mbedstls_ssl_set_session().
+ *                 before resuming them with mbedtls_ssl_set_session().
  *                 On server, this can be used for alternative implementations
  *                 of session cache or session tickets.
  *
@@ -2793,7 +2793,7 @@ void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
  *
  * \note           On client, only the first call has any effect. That is,
  *                 only one client certificate can be provisioned. The
- *                 server's preferences in its CertficateRequest message will
+ *                 server's preferences in its CertificateRequest message will
  *                 be ignored and our only cert will be sent regardless of
  *                 whether it matches those preferences - the server can then
  *                 decide what it wants to do with it.
@@ -3241,7 +3241,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
  * \param protos   Pointer to a NULL-terminated list of supported protocols,
  *                 in decreasing preference order. The pointer to the list is
  *                 recorded by the library for later reference as required, so
- *                 the lifetime of the table must be atleast as long as the
+ *                 the lifetime of the table must be at least as long as the
  *                 lifetime of the SSL configuration structure.
  *
  * \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
@@ -3255,7 +3255,7 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot
  *
  * \param ssl      SSL context
  *
- * \return         Protcol name, or NULL if no protocol was negotiated.
+ * \return         Protocol name, or NULL if no protocol was negotiated.
  */
 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_ALPN */
@@ -3338,7 +3338,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
                                          unsigned char *mki_value,
                                          uint16_t mki_len );
 /**
- * \brief                  Get the negotiated DTLS-SRTP informations:
+ * \brief                  Get the negotiated DTLS-SRTP information:
  *                         Protection profile and MKI value.
  *
  * \warning                This function must be called after the handshake is
@@ -3346,7 +3346,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
  *                         not be trusted or acted upon before the handshake completes.
  *
  * \param ssl              The SSL context to query.
- * \param dtls_srtp_info   The negotiated DTLS-SRTP informations:
+ * \param dtls_srtp_info   The negotiated DTLS-SRTP information:
  *                         - Protection profile in use.
  *                         A direct mapping of the iana defined value for protection
  *                         profile on an uint16_t.
@@ -3508,7 +3508,7 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
  *                 \c mbedtls_ssl_get_record_expansion().
  *
  * \note           For DTLS, it is also possible to set a limit for the total
- *                 size of daragrams passed to the transport layer, including
+ *                 size of datagrams passed to the transport layer, including
  *                 record overhead, see \c mbedtls_ssl_set_mtu().
  *
  * \param conf     SSL configuration
@@ -3568,7 +3568,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
  *                 initiated by peer
  *                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
  *
- * \warning        It is recommended to always disable renegotation unless you
+ * \warning        It is recommended to always disable renegotiation unless you
  *                 know you need it and you know what you're doing. In the
  *                 past, there have been several issues associated with
  *                 renegotiation or a poor understanding of its properties.
@@ -3631,7 +3631,7 @@ void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_
  *                 scenario.
  *
  * \note           With DTLS and server-initiated renegotiation, the
- *                 HelloRequest is retransmited every time mbedtls_ssl_read() times
+ *                 HelloRequest is retransmitted every time mbedtls_ssl_read() times
  *                 out or receives Application Data, until:
  *                 - max_records records have beens seen, if it is >= 0, or
  *                 - the number of retransmits that would happen during an
@@ -4263,7 +4263,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
  * \return         \c 0 if successful.
  * \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
  * \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
- *                 while reseting the context.
+ *                 while resetting the context.
  * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
  *                 progress, or there is pending data for reading or sending,
  *                 or the connection does not use DTLS 1.2 with an AEAD
@@ -4357,7 +4357,7 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
 void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
 
 /**
- * \brief          Load reasonnable default SSL configuration values.
+ * \brief          Load reasonable default SSL configuration values.
  *                 (You need to call mbedtls_ssl_config_init() first.)
  *
  * \param conf     SSL configuration context
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
index c6ef2960f4d..02eab96d452 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
@@ -50,7 +50,7 @@
 #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
index 0a238708e59..2aa373177b8 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
@@ -45,7 +45,7 @@
 #define MBEDTLS_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #ifdef __cplusplus
 extern "C" {
@@ -84,7 +84,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
  * \brief          Set expiration delay for cookies
  *                 (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
  *
- * \param ctx      Cookie contex
+ * \param ctx      Cookie context
  * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
  *                 issued in the meantime.
  *                 0 to disable expiration (NOT recommended)
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
index 6913dc0f668..46ade67b9c4 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
@@ -934,16 +934,22 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
  */
 void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
 
@@ -1023,27 +1029,39 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
  *              following the above definition.
  *
  */
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
                              unsigned update_hs_digest );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
                             const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
 
 /**
@@ -1108,13 +1126,18 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
 
 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
 
 #if defined(MBEDTLS_ECP_C)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
                                 mbedtls_md_type_t md );
 #endif
@@ -1170,6 +1193,7 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
  *
  * Return 0 if everything is OK, -1 if not.
  */
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
                           const mbedtls_ssl_ciphersuite_t *ciphersuite,
                           int cert_endpoint,
@@ -1218,21 +1242,26 @@ static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
 #endif
 
 /* Visible for testing purposes only */
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl );
 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
 #endif
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
                               const mbedtls_ssl_session *src );
 
 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_1)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
                                         unsigned char *output,
                                         unsigned char *data, size_t data_len );
@@ -1242,6 +1271,7 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_2)
 /* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
                                             unsigned char *hash, size_t *hashlen,
                                             unsigned char *data, size_t data_len,
@@ -1254,11 +1284,13 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
 #endif
 
 void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
                              mbedtls_ssl_transform *transform,
                              mbedtls_record *rec,
                              int (*f_rng)(void *, unsigned char *, size_t),
                              void *p_rng );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
                              mbedtls_ssl_transform *transform,
                              mbedtls_record *rec );
@@ -1276,10 +1308,12 @@ static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl )
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
@@ -1287,6 +1321,7 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
                               mbedtls_ssl_transform *transform );
 void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@@ -1296,6 +1331,7 @@ void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
@@ -1305,4 +1341,12 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
+#if defined(MBEDTLS_TEST_HOOKS)
+int mbedtls_ssl_check_dtls_clihlo_cookie(
+                          mbedtls_ssl_context *ssl,
+                          const unsigned char *cli_id, size_t cli_id_len,
+                          const unsigned char *in, size_t in_len,
+                          unsigned char *obuf, size_t buf_len, size_t *olen );
+#endif
+
 #endif /* ssl_internal.h */
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
index a882eed23b9..8221051b247 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
@@ -101,7 +101,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
  *                  supported. Usually that means a 256-bit key.
  *
  * \note            The lifetime of the keys is twice the lifetime of tickets.
- *                  It is recommended to pick a reasonnable lifetime so as not
+ *                  It is recommended to pick a reasonable lifetime so as not
  *                  to negate the benefits of forward secrecy.
  *
  * \return          0 if successful,
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/version.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/version.h
index b1a92b2bcf3..44adcbfe037 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/version.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/version.h
@@ -38,16 +38,16 @@
  */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  28
-#define MBEDTLS_VERSION_PATCH  0
+#define MBEDTLS_VERSION_PATCH  1
 
 /**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x021C0000
-#define MBEDTLS_VERSION_STRING         "2.28.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.28.0"
+#define MBEDTLS_VERSION_NUMBER         0x021C0100
+#define MBEDTLS_VERSION_STRING         "2.28.1"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.28.1"
 
 #if defined(MBEDTLS_VERSION_C)
 
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509.h
index c1775014300..31b78df32f5 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509.h
@@ -96,7 +96,7 @@
 #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980
 /** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
 #define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000
-/* \} name */
+/** \} name X509 Error codes */
 
 /**
  * \name X509 Verify codes
@@ -124,8 +124,8 @@
 #define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
 #define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name X509 Verify codes */
+/** \} addtogroup x509_module */
 
 /*
  * X.509 v3 Subject Alternative Name types.
@@ -255,7 +255,6 @@ typedef struct mbedtls_x509_time
 mbedtls_x509_time;
 
 /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
-/** \} addtogroup x509_module */
 
 /**
  * \brief          Store the certificate DN in printable form into buf;
@@ -311,6 +310,8 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
  */
 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
 
+/** \} addtogroup x509_module */
+
 #if defined(MBEDTLS_SELF_TEST)
 
 /**
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h
index 7e9e8885f41..92220090197 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h
@@ -162,8 +162,8 @@ void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
  */
 void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for parsing CRLs */
+/** \} addtogroup x509_module */
 
 #ifdef __cplusplus
 }
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h
index 64ccb433ba8..0f2885a7ee4 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h
@@ -107,7 +107,7 @@ mbedtls_x509_crt;
 typedef struct mbedtls_x509_san_other_name
 {
     /**
-     * The type_id is an OID as deifned in RFC 5280.
+     * The type_id is an OID as defined in RFC 5280.
      * To check the value of the type id, you should use
      * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
      */
@@ -159,7 +159,9 @@ mbedtls_x509_subject_alternative_name;
 typedef struct mbedtls_x509_crt_profile
 {
     uint32_t allowed_mds;       /**< MDs for signatures         */
-    uint32_t allowed_pks;       /**< PK algs for signatures     */
+    uint32_t allowed_pks;       /**< PK algs for public keys;
+                                 *   this applies to all certificates
+                                 *   in the provided chain.     */
     uint32_t allowed_curves;    /**< Elliptic curves for ECDSA  */
     uint32_t rsa_min_bitlen;    /**< Minimum size for RSA keys  */
 }
@@ -850,8 +852,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for parsing and writing X.509 certificates */
 
 #if defined(MBEDTLS_X509_CRT_WRITE_C)
 /**
@@ -862,7 +863,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
 
 /**
- * \brief           Set the verion for a Certificate
+ * \brief           Set the version for a Certificate
  *                  Default: MBEDTLS_X509_CRT_VERSION_3
  *
  * \param ctx       CRT context to use
@@ -978,7 +979,7 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
  * \param is_ca     is this a CA certificate
  * \param max_pathlen   maximum length of certificate chains below this
  *                      certificate (only for CA certificates, -1 is
- *                      inlimited)
+ *                      unlimited)
  *
  * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
  */
@@ -1087,6 +1088,8 @@ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf,
 #endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_X509_CRT_WRITE_C */
 
+/** \} addtogroup x509_module */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h
index b1dfc21f1fb..2a1c0461315 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h
@@ -151,8 +151,7 @@ void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
 void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
 #endif /* MBEDTLS_X509_CSR_PARSE_C */
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for X.509 Certificate Signing Requests (CSR) */
 
 #if defined(MBEDTLS_X509_CSR_WRITE_C)
 /**
@@ -182,7 +181,7 @@ int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
  *                  private key used to sign the CSR when writing it)
  *
  * \param ctx       CSR context to use
- * \param key       Asymetric key to include
+ * \param key       Asymmetric key to include
  */
 void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
 
@@ -298,6 +297,8 @@ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, s
 #endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_X509_CSR_WRITE_C */
 
+/** \} addtogroup x509_module */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto.h
index b0b57c3a6ba..d6d3e4f559f 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto.h
@@ -499,17 +499,14 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
  *         This is an attempt to create a persistent key, and there is
  *         already a persistent key with the given identifier.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The lifetime or identifier in \p attributes are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The policy constraints on the source and specified in
- *         \p attributes are incompatible.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The lifetime or identifier in \p attributes are invalid, or
+ *         the policy constraints on the source and specified in
+ *         \p attributes are incompatible, or
  *         \p attributes specifies a key type or key size
  *         which does not match the attributes of the source key.
  * \retval #PSA_ERROR_NOT_PERMITTED
- *         The source key does not have the #PSA_KEY_USAGE_COPY usage flag.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The source key is not exportable and its lifetime does not
+ *         The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
+ *         the source key is not exportable and its lifetime does not
  *         allow copying it to the target's lifetime.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -636,11 +633,9 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);
  *         The key type or key size is not supported, either by the
  *         implementation in general or in this particular persistent location.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key attributes, as a whole, are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key data is not correctly formatted.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The size in \p attributes is nonzero and does not match the size
+ *         The key attributes, as a whole, are invalid, or
+ *         the key data is not correctly formatted, or
+ *         the size in \p attributes is nonzero and does not match the size
  *         of the key data.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -864,7 +859,6 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -900,7 +894,6 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -996,14 +989,13 @@ static psa_hash_operation_t psa_hash_operation_init(void);
  *         \p alg is not a supported hash algorithm.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p alg is not a hash algorithm.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1023,14 +1015,13 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it muct be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1044,7 +1035,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
  * This function calculates the hash of the message formed by concatenating
  * the inputs passed to preceding calls to psa_hash_update().
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_hash_abort().
  *
@@ -1066,8 +1057,6 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p hash buffer is too small. You can determine a
  *         sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
@@ -1077,7 +1066,8 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1095,7 +1085,7 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
  * compares the calculated hash with the expected hash passed as a
  * parameter to this function.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_hash_abort().
  *
@@ -1112,14 +1102,13 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The hash of the message was calculated successfully, but it
  *         differs from the expected hash.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1170,16 +1159,14 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation);
  *                                  It must be initialized but not active.
  *
  * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- *         The \p source_operation state is not valid (it must be active).
- * \retval #PSA_ERROR_BAD_STATE
- *         The \p target_operation state is not valid (it must be inactive).
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The \p source_operation state is not valid (it must be active), or
+ *         the \p target_operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1381,9 +1368,8 @@ static psa_mac_operation_t psa_mac_operation_init(void);
  * \retval #PSA_ERROR_STORAGE_FAILURE
  *         The key could not be retrieved from storage.
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1442,11 +1428,10 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
- *         The key could not be retrieved from storage
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
+ *         The key could not be retrieved from storage.
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1469,15 +1454,14 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1491,7 +1475,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
  * This function calculates the MAC of the message formed by concatenating
  * the inputs passed to preceding calls to psa_mac_update().
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_mac_abort().
  *
@@ -1515,9 +1499,6 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active mac sign
- *         operation).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p mac buffer is too small. You can determine a
  *         sufficient buffer size by calling PSA_MAC_LENGTH().
@@ -1527,7 +1508,9 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active mac sign
+ *         operation), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1545,7 +1528,7 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
  * compares the calculated MAC with the expected MAC passed as a
  * parameter to this function.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_mac_abort().
  *
@@ -1562,16 +1545,15 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The MAC of the message was calculated successfully, but it
  *         differs from the expected MAC.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active mac verify
- *         operation).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active mac verify
+ *         operation), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1806,9 +1788,8 @@ static psa_cipher_operation_t psa_cipher_operation_init(void);
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1870,9 +1851,8 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1900,8 +1880,6 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with no IV set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p iv buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1910,7 +1888,9 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with no IV set),
+ *         or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1940,9 +1920,6 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active cipher
- *         encrypt operation, with no IV set).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The size of \p iv is not acceptable for the chosen algorithm,
  *         or the chosen algorithm does not use an IV.
@@ -1952,7 +1929,9 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active cipher
+ *         encrypt operation, with no IV set), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1983,9 +1962,6 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with an IV set
- *         if required for the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1994,7 +1970,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with an IV set
+ *         if required for the algorithm), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2016,7 +1994,7 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  * formed by concatenating the inputs passed to preceding calls to
  * psa_cipher_update().
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_cipher_abort().
  *
@@ -2036,9 +2014,6 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_PADDING
  *         This is a decryption operation for an algorithm that includes
  *         padding, and the ciphertext does not contain valid padding.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with an IV set
- *         if required for the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2047,7 +2022,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with an IV set
+ *         if required for the algorithm), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2330,7 +2307,8 @@ static psa_aead_operation_t psa_aead_operation_init(void);
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2342,7 +2320,6 @@ static psa_aead_operation_t psa_aead_operation_init(void);
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
@@ -2396,8 +2373,6 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2410,7 +2385,8 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or the
+ *         library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2439,9 +2415,6 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active aead encrypt
- *         operation, with no nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p nonce buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2450,7 +2423,9 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active aead encrypt
+ *         operation, with no nonce set), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2480,9 +2455,6 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with no nonce
- *         set).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The size of \p nonce is not acceptable for the chosen algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2491,7 +2463,9 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with no nonce
+ *         set), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2525,10 +2499,6 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, and
- *         psa_aead_update_ad() and psa_aead_update() must not have been
- *         called yet).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         At least one of the lengths is not acceptable for the chosen
  *         algorithm.
@@ -2537,7 +2507,10 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, and
+ *         psa_aead_update_ad() and psa_aead_update() must not have been
+ *         called yet), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2573,10 +2546,6 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, have a nonce
- *         set, have lengths set if required by the algorithm, and
- *         psa_aead_update() must not have been called yet).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total input length overflows the additional data length that
  *         was previously specified with psa_aead_set_lengths().
@@ -2586,7 +2555,10 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, have a nonce
+ *         set, have lengths set if required by the algorithm, and
+ *         psa_aead_update() must not have been called yet), or the library
+ *         has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2651,9 +2623,6 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, have a nonce
- *         set, and have lengths set if required by the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
@@ -2662,9 +2631,8 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total input length overflows the plaintext length that
+ *         specified with psa_aead_set_lengths(), or
+ *         the total input length overflows the plaintext length that
  *         was previously specified with psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -2672,7 +2640,9 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, have a nonce
+ *         set, and have lengths set if required by the algorithm), or the
+ *         library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2697,7 +2667,7 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  *   preceding calls to psa_aead_update().
  * - \p tag contains the authentication tag.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_aead_abort().
  *
@@ -2736,9 +2706,6 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active encryption
- *         operation with a nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p ciphertext or \p tag buffer is too small.
  *         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2749,9 +2716,8 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to psa_aead_update() so far is
+ *         specified with psa_aead_set_lengths(), or
+ *         the total length of input to psa_aead_update() so far is
  *         less than the plaintext length that was previously
  *         specified with psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2760,7 +2726,9 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active encryption
+ *         operation with a nonce set), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2789,7 +2757,7 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * plaintext and reports success. If the authentication tag is not correct,
  * this function returns #PSA_ERROR_INVALID_SIGNATURE.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_aead_abort().
  *
@@ -2823,9 +2791,6 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The calculations were successful, but the authentication tag is
  *         not correct.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active decryption
- *         operation with a nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p plaintext buffer is too small.
  *         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2834,9 +2799,8 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to psa_aead_update() so far is
+ *         specified with psa_aead_set_lengths(), or
+ *         the total length of input to psa_aead_update() so far is
  *         less than the plaintext length that was previously
  *         specified with psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2845,7 +2809,9 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active decryption
+ *         operation with a nonce set), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3089,7 +3055,7 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The calculation was perfomed successfully, but the passed
+ *         The calculation was performed successfully, but the passed
  *         signature is not a valid signature.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -3113,7 +3079,7 @@ psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
 /**
  * \brief Encrypt a short message with a public key.
  *
- * \param key                   Identifer of the key to use for the operation.
+ * \param key                   Identifier of the key to use for the operation.
  *                              It must be a public key or an asymmetric key
  *                              pair. It must allow the usage
  *                              #PSA_KEY_USAGE_ENCRYPT.
@@ -3338,9 +3304,8 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3359,12 +3324,11 @@ psa_status_t psa_key_derivation_setup(
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3387,13 +3351,12 @@ psa_status_t psa_key_derivation_get_capacity(
  *         \p capacity is larger than the operation's current capacity.
  *         In this case, the operation object remains valid and its capacity
  *         remains unchanged.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or the
+ *         library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3437,8 +3400,7 @@ psa_status_t psa_key_derivation_set_capacity(
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \c step is not compatible with the operation's algorithm, or
  *         \c step does not allow direct inputs.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3446,9 +3408,8 @@ psa_status_t psa_key_derivation_set_capacity(
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid for this input \p step, or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3489,8 +3450,7 @@ psa_status_t psa_key_derivation_input_bytes(
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \c step is not compatible with the operation's algorithm, or
  *         \c step does not allow key inputs of the given type
  *         or does not allow key inputs at all.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -3499,9 +3459,8 @@ psa_status_t psa_key_derivation_input_bytes(
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid for this input \p step, or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3553,25 +3512,23 @@ psa_status_t psa_key_derivation_input_key(
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this key agreement \p step.
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \c private_key is not compatible with \c alg,
  *         or \p peer_key is not valid for \c alg or not compatible with
- *         \c private_key.
+ *         \c private_key, or \c step does not allow an input resulting
+ *         from a key agreement.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \c alg is not supported or is not a key derivation algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step does not allow an input resulting from a key agreement.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid for this key agreement \p step,
+ *         or the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3607,16 +3564,15 @@ psa_status_t psa_key_derivation_key_agreement(
  *                          The operation's capacity is set to 0, thus
  *                          subsequent calls to this function will not
  *                          succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active and completed
- *         all required input steps).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active and completed
+ *         all required input steps), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3749,9 +3705,6 @@ psa_status_t psa_key_derivation_output_bytes(
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The #PSA_KEY_DERIVATION_INPUT_SECRET input was not provided through
  *         a key.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active and completed
- *         all required input steps).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3761,7 +3714,9 @@ psa_status_t psa_key_derivation_output_bytes(
  * \retval #PSA_ERROR_DATA_CORRUPT
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active and completed
+ *         all required input steps), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3828,8 +3783,7 @@ psa_status_t psa_key_derivation_abort(
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p alg is not a key agreement algorithm
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p alg is not a key agreement algorithm, or
  *         \p private_key is not compatible with \p alg,
  *         or \p peer_key is not valid for \p alg or not compatible with
  *         \p private_key.
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h
index 62a0e6f3704..96c45290bdb 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h
@@ -103,7 +103,6 @@ typedef struct
     defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_XTS) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_config.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_config.h
index e2446cb26c4..f261e013e07 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_config.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_config.h
@@ -60,7 +60,6 @@
 #define PSA_WANT_ALG_CMAC                       1
 #define PSA_WANT_ALG_CFB                        1
 #define PSA_WANT_ALG_CHACHA20_POLY1305          1
-#define PSA_WANT_ALG_CMAC                       1
 #define PSA_WANT_ALG_CTR                        1
 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA        1
 #define PSA_WANT_ALG_ECB_NO_PADDING             1
@@ -86,7 +85,9 @@
 #define PSA_WANT_ALG_STREAM_CIPHER              1
 #define PSA_WANT_ALG_TLS12_PRF                  1
 #define PSA_WANT_ALG_TLS12_PSK_TO_MS            1
-#define PSA_WANT_ALG_XTS                        1
+/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
+ * Note: when adding support, also adjust include/mbedtls/config_psa.h */
+//#define PSA_WANT_ALG_XTS                        1
 
 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256         1
 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384         1
@@ -94,14 +95,14 @@
 #define PSA_WANT_ECC_MONTGOMERY_255             1
 /*
  * Curve448 is not yet supported via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/4249). Thus, do not enable it by
+ * (https://github.com/Mbed-TLS/mbedtls/issues/4249). Thus, do not enable it by
  * default.
  */
 //#define PSA_WANT_ECC_MONTGOMERY_448             1
 #define PSA_WANT_ECC_SECP_K1_192                1
 /*
  * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541). Thus, do not enable it by
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
  * default.
  */
 //#define PSA_WANT_ECC_SECP_K1_224                1
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_extra.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_extra.h
index 3ee0482cbda..a48a4bb5eb9 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_extra.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_extra.h
@@ -181,12 +181,9 @@ static inline void psa_clear_key_slot_number(
  *         support registering a key.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The identifier in \p attributes is invalid, namely the identifier is
- *         not in the user range.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         not in the user range, or
  *         \p attributes specifies a lifetime which is not located
- *         in a secure element.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         No slot number is specified in \p attributes,
+ *         in a secure element, or no slot number is specified in \p attributes,
  *         or the specified slot number is not valid.
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The caller is not authorized to register the specified key slot.
@@ -348,7 +345,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
  * length of the byte string is the private key size in bytes (leading zeroes
  * are not stripped).
  *
- * Determinstic DSA key derivation with psa_generate_derived_key follows
+ * Deterministic DSA key derivation with psa_generate_derived_key follows
  * FIPS 186-4 &sect;B.1.2: interpret the byte string as integer
  * in big-endian order. Discard it if it is not in the range
  * [0, *N* - 2] where *N* is the boundary of the private key domain
@@ -448,9 +445,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
  *   As an exception, the public exponent 65537 is represented by an empty
  *   byte string.
  * - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
- *   the `Dss-Parms` format as defined by RFC 3279 &sect;2.3.2.
+ *   the `Dss-Params` format as defined by RFC 3279 &sect;2.3.2.
  *   ```
- *   Dss-Parms ::= SEQUENCE  {
+ *   Dss-Params ::= SEQUENCE  {
  *      p       INTEGER,
  *      q       INTEGER,
  *      g       INTEGER
@@ -466,9 +463,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
  *      g               INTEGER,                    -- generator, g
  *      q               INTEGER,                    -- factor of p-1
  *      j               INTEGER OPTIONAL,           -- subgroup factor
- *      validationParms ValidationParms OPTIONAL
+ *      validationParams ValidationParams OPTIONAL
  *   }
- *   ValidationParms ::= SEQUENCE {
+ *   ValidationParams ::= SEQUENCE {
  *      seed            BIT STRING,
  *      pgenCounter     INTEGER
  *   }
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_sizes.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_sizes.h
index e2ae5965d4f..0d4532200e7 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_sizes.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_sizes.h
@@ -747,7 +747,7 @@
  *      subjectPublicKey     BIT STRING  } -- contains DSAPublicKey
  * AlgorithmIdentifier  ::=  SEQUENCE  {
  *      algorithm               OBJECT IDENTIFIER,
- *      parameters              Dss-Parms  } -- SEQUENCE of 3 INTEGERs
+ *      parameters              Dss-Params  } -- SEQUENCE of 3 INTEGERs
  * DSAPublicKey  ::=  INTEGER -- public key, Y
  *
  * - 3 * 4 bytes of SEQUENCE overhead;
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_struct.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_struct.h
index 23a02a5d8ef..511b3973b86 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_struct.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_struct.h
@@ -442,7 +442,7 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes,
     }
     else
     {
-        /* Call the bigger function to free the old domain paramteres.
+        /* Call the bigger function to free the old domain parameters.
          * Ignore any errors which may arise due to type requiring
          * non-default domain parameters, since this function can't
          * report errors. */
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_types.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_types.h
index 386c7d794b4..8f23021a45a 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_types.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_types.h
@@ -69,10 +69,21 @@ typedef int32_t psa_status_t;
  */
 
 /** \brief Encoding of a key type.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_TYPE_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint16_t psa_key_type_t;
 
 /** The type of PSA elliptic curve family identifiers.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_ECC_FAMILY_xxx`.
  *
  * The curve identifier is required to create an ECC key using the
  * PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
@@ -80,10 +91,18 @@ typedef uint16_t psa_key_type_t;
  *
  * Values defined by this standard will never be in the range 0x80-0xff.
  * Vendors who define additional families must use an encoding in this range.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint8_t psa_ecc_family_t;
 
 /** The type of PSA Diffie-Hellman group family identifiers.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_DH_FAMILY_xxx`.
  *
  * The group identifier is required to create an Diffie-Hellman key using the
  * PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
@@ -91,16 +110,29 @@ typedef uint8_t psa_ecc_family_t;
  *
  * Values defined by this standard will never be in the range 0x80-0xff.
  * Vendors who define additional families must use an encoding in this range.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint8_t psa_dh_family_t;
 
 /** \brief Encoding of a cryptographic algorithm.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_ALG_xxx`.
  *
  * For algorithms that can be applied to multiple key types, this type
  * does not encode the key type. For example, for symmetric ciphers
  * based on a block cipher, #psa_algorithm_t encodes the block cipher
  * mode and the padding mode while the block cipher itself is encoded
  * via #psa_key_type_t.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint32_t psa_algorithm_t;
 
@@ -142,6 +174,14 @@ typedef uint32_t psa_algorithm_t;
  * #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is
  * available. Other lifetime values may be supported depending on the
  * library configuration.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_LIFETIME_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint32_t psa_key_lifetime_t;
 
@@ -173,6 +213,11 @@ typedef uint32_t psa_key_lifetime_t;
  * \note Key persistence levels are 8-bit values. Key management
  *       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
  *       encode the persistence as the lower 8 bits of a 32-bit value.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint8_t psa_key_persistence_t;
 
@@ -209,6 +254,11 @@ typedef uint8_t psa_key_persistence_t;
  * \note Key location indicators are 24-bit values. Key management
  *       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
  *       encode the location as the upper 24 bits of a 32-bit value.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint32_t psa_key_location_t;
 
@@ -220,9 +270,27 @@ typedef uint32_t psa_key_location_t;
  *   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
  * - 0 is reserved as an invalid key identifier.
  * - Key identifiers outside these ranges are reserved for future use.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to how values are allocated must require careful
+ *       consideration to allow backward compatibility.
  */
 typedef uint32_t psa_key_id_t;
 
+/** Encoding of key identifiers as seen inside the PSA Crypto implementation.
+ *
+ * When PSA Crypto is built as a library inside an application, this type
+ * is identical to #psa_key_id_t. When PSA Crypto is built as a service
+ * that can store keys on behalf of multiple clients, this type
+ * encodes the #psa_key_id_t value seen by each client application as
+ * well as extra information that identifies the client that owns
+ * the key.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
+*/
 #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
 typedef psa_key_id_t mbedtls_svc_key_id_t;
 
@@ -246,7 +314,16 @@ typedef struct
  * @{
  */
 
-/** \brief Encoding of permitted usage on a key. */
+/** \brief Encoding of permitted usage on a key.
+ *
+ * Values of this type are generally constructed as bitwise-ors of macros
+ * called `PSA_KEY_USAGE_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
+ */
 typedef uint32_t psa_key_usage_t;
 
 /**@}*/
@@ -375,7 +452,11 @@ typedef uint64_t psa_key_slot_number_t;
  * @{
  */
 
-/** \brief Encoding of the step of a key derivation. */
+/** \brief Encoding of the step of a key derivation.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_DERIVATION_INPUT_xxx`.
+ */
 typedef uint16_t psa_key_derivation_step_t;
 
 /**@}*/
diff --git a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_values.h b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_values.h
index fafe93cf9ba..8b3a815ac19 100644
--- a/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_values.h
+++ b/tools/sdk/esp32s2/include/mbedtls/mbedtls/include/psa/crypto_values.h
@@ -12,6 +12,11 @@
  * designations of cryptographic algorithms, and error codes returned by
  * the library.
  *
+ * Note that many of the constants defined in this file are embedded in
+ * the persistent key store, as part of key metadata (including usage
+ * policies). As a consequence, they must not be changed (unless the storage
+ * format version changes).
+ *
  * This header file only defines preprocessor macros.
  */
 /*
@@ -40,6 +45,18 @@
 
 /* PSA error codes */
 
+/* Error codes are standardized across PSA domains (framework, crypto, storage,
+ * etc.). Do not change the values in this section or even the expansions
+ * of each macro: it must be possible to `#include` both this header
+ * and some other PSA component's headers in the same C source,
+ * which will lead to duplicate definitions of the `PSA_SUCCESS` and
+ * `PSA_ERROR_xxx` macros, which is ok if and only if the macros expand
+ * to the same sequence of tokens.
+ *
+ * If you must add a new
+ * value, check with the Arm PSA framework group to pick one that other
+ * domains aren't already using. */
+
 /** The action was completed successfully. */
 #define PSA_SUCCESS ((psa_status_t)0)
 
@@ -316,6 +333,12 @@
  * @{
  */
 
+/* Note that key type values, including ECC family and DH group values, are
+ * embedded in the persistent key store, as part of key metadata. As a
+ * consequence, they must not be changed (unless the storage format version
+ * changes).
+ */
+
 /** An invalid key type value.
  *
  * Zero is not the encoding of any key type.
@@ -440,9 +463,9 @@
  * Camellia block cipher. */
 #define PSA_KEY_TYPE_CAMELLIA                       ((psa_key_type_t)0x2403)
 
-/** Key for the RC4 stream cipher.
+/** Key for the ARC4 stream cipher (also known as RC4 or ARCFOUR).
  *
- * Note that RC4 is weak and deprecated and should only be used in
+ * Note that ARC4 is weak and deprecated and should only be used in
  * legacy protocols. */
 #define PSA_KEY_TYPE_ARC4                           ((psa_key_type_t)0x2002)
 
@@ -673,6 +696,11 @@
      1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) :                         \
      0u)
 
+/* Note that algorithm values are embedded in the persistent key store,
+ * as part of key metadata. As a consequence, they must not be changed
+ * (unless the storage format version changes).
+ */
+
 /** Vendor-defined algorithm flag.
  *
  * Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG
@@ -1390,7 +1418,7 @@
  * with a random per-message secret number (*k*).
  *
  * The representation of the signature as a byte string consists of
- * the concatentation of the signature values *r* and *s*. Each of
+ * the concatenation of the signature values *r* and *s*. Each of
  * *r* and *s* is encoded as an *N*-octet string, where *N* is the length
  * of the base point of the curve in octets. Each value is represented
  * in big-endian order (most significant octet first).
@@ -1928,6 +1956,11 @@
  * @{
  */
 
+/* Note that location and persistence level values are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
 /** The default lifetime for volatile keys.
  *
  * A volatile key only exists as long as the identifier to it is not destroyed.
@@ -2043,6 +2076,11 @@
 
 #define PSA_KEY_LOCATION_VENDOR_FLAG            ((psa_key_location_t)0x800000)
 
+/* Note that key identifier values are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
 /** The null key identifier.
  */
 #define PSA_KEY_ID_NULL                         ((psa_key_id_t)0)
@@ -2154,6 +2192,11 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
  * @{
  */
 
+/* Note that key usage flags are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
 /** Whether the key may be exported.
  *
  * A public key or the public part of a key pair may always be exported
@@ -2255,6 +2298,9 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
  * @{
  */
 
+/* Key input steps are not embedded in the persistent storage, so you can
+ * change them if needed: it's only an ABI change. */
+
 /** A secret input for key derivation.
  *
  * This should be a key of type #PSA_KEY_TYPE_DERIVE
diff --git a/tools/sdk/esp32s2/include/protocomm/include/transports/protocomm_ble.h b/tools/sdk/esp32s2/include/protocomm/include/transports/protocomm_ble.h
index 2447c1c5d25..d684e7e921a 100644
--- a/tools/sdk/esp32s2/include/protocomm/include/transports/protocomm_ble.h
+++ b/tools/sdk/esp32s2/include/protocomm/include/transports/protocomm_ble.h
@@ -79,10 +79,14 @@ typedef struct protocomm_ble_config {
      */
     protocomm_ble_name_uuid_t *nu_lookup;
 
-    /* BLE bonding */
+    /**
+     * BLE bonding
+     */
     unsigned ble_bonding:1;
 
-    /* BLE security flag */
+    /**
+     * BLE security flag
+     */
     unsigned ble_sm_sc:1;
 
 } protocomm_ble_config_t;
diff --git a/tools/sdk/esp32s2/include/touch_element/include/touch_element/touch_element.h b/tools/sdk/esp32s2/include/touch_element/include/touch_element/touch_element.h
index a403bdf2865..429fc2503ff 100644
--- a/tools/sdk/esp32s2/include/touch_element/include/touch_element/touch_element.h
+++ b/tools/sdk/esp32s2/include/touch_element/include/touch_element/touch_element.h
@@ -1,16 +1,8 @@
-// Copyright 2016-2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2016-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #pragma once
 
@@ -180,10 +172,6 @@ esp_err_t touch_element_stop(void);
 /**
  * @brief   Release resources allocated using touch_element_install
  *
- * @return
- *      - ESP_OK: Successfully released touch element object
- *      - ESP_ERR_INVALID_STATE: Touch element object is not initialized
- *      - Others: Unknown touch driver layer or lower layer error
  */
 void touch_element_uninstall(void);
 
diff --git a/tools/sdk/esp32s2/include/touch_element/include/touch_element/touch_matrix.h b/tools/sdk/esp32s2/include/touch_element/include/touch_element/touch_matrix.h
index 9c4359a8daa..bb2e1773929 100644
--- a/tools/sdk/esp32s2/include/touch_element/include/touch_element/touch_matrix.h
+++ b/tools/sdk/esp32s2/include/touch_element/include/touch_element/touch_matrix.h
@@ -1,16 +1,8 @@
-// Copyright 2016-2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2016-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #pragma once
 
@@ -96,8 +88,6 @@ esp_err_t touch_matrix_install(const touch_matrix_global_config_t *global_config
 /**
  * @brief   Release resources allocated using touch_matrix_install()
  *
- * @return
- *      - ESP_OK: Successfully released resources
  */
 void touch_matrix_uninstall(void);
 
diff --git a/tools/sdk/esp32s2/include/touch_element/include/touch_element/touch_slider.h b/tools/sdk/esp32s2/include/touch_element/include/touch_element/touch_slider.h
index 8cf6f79daa0..f491981bda6 100644
--- a/tools/sdk/esp32s2/include/touch_element/include/touch_element/touch_slider.h
+++ b/tools/sdk/esp32s2/include/touch_element/include/touch_element/touch_slider.h
@@ -1,16 +1,8 @@
-// Copyright 2016-2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2016-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #pragma once
 
@@ -98,8 +90,6 @@ esp_err_t touch_slider_install(const touch_slider_global_config_t *global_config
 /**
  * @brief   Release resources allocated using touch_slider_install()
  *
- * @return
- *      - ESP_OK: Successfully released resources
  */
 void touch_slider_uninstall(void);
 
diff --git a/tools/sdk/esp32s2/include/usb/include/usb/usb_host.h b/tools/sdk/esp32s2/include/usb/include/usb/usb_host.h
index 8c6f6f42b1b..c9b9ce6f615 100644
--- a/tools/sdk/esp32s2/include/usb/include/usb/usb_host.h
+++ b/tools/sdk/esp32s2/include/usb/include/usb/usb_host.h
@@ -65,10 +65,10 @@ typedef struct {
     union {
         struct {
             uint8_t address;                    /**< New device's address */
-        } new_dev;
+        } new_dev;                              /**< New device info */
         struct {
             usb_device_handle_t dev_hdl;        /**< The handle of the device that was gone */
-        } dev_gone;
+        } dev_gone;                             /**< Gone device info */
     };
 } usb_host_client_event_msg_t;
 
@@ -120,7 +120,7 @@ typedef struct {
         struct {
             usb_host_client_event_cb_t client_event_callback;   /**< Client's event callback function */
             void *callback_arg;                                 /**< Event callback function argument */
-        } async;
+        } async;                                                /**< Async callback config */
     };
 } usb_host_client_config_t;
 
diff --git a/tools/sdk/esp32s2/include/usb/include/usb/usb_types_ch9.h b/tools/sdk/esp32s2/include/usb/include/usb/usb_types_ch9.h
index b11305900f0..177fc15bf90 100644
--- a/tools/sdk/esp32s2/include/usb/include/usb/usb_types_ch9.h
+++ b/tools/sdk/esp32s2/include/usb/include/usb/usb_types_ch9.h
@@ -96,7 +96,7 @@ typedef union {
         uint16_t wIndex;                    /**< Word-sized field that varies according to request; typically used to pass an index or offset */
         uint16_t wLength;                   /**< Number of bytes to transfer if there is a data stage */
     } __attribute__((packed));
-    uint8_t val[USB_SETUP_PACKET_SIZE];
+    uint8_t val[USB_SETUP_PACKET_SIZE];     /**< Descriptor value */
 } usb_setup_packet_t;
 _Static_assert(sizeof(usb_setup_packet_t) == USB_SETUP_PACKET_SIZE, "Size of usb_setup_packet_t incorrect");
 
@@ -241,8 +241,8 @@ typedef union {
     struct {
         uint8_t bLength;                    /**< Size of the descriptor in bytes */
         uint8_t bDescriptorType;            /**< Descriptor Type */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_STANDARD_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_STANDARD_DESC_SIZE];    /**< Descriptor value */
 } usb_standard_desc_t;
 _Static_assert(sizeof(usb_standard_desc_t) == USB_STANDARD_DESC_SIZE, "Size of usb_standard_desc_t incorrect");
 
@@ -274,8 +274,8 @@ typedef union {
         uint8_t iProduct;                   /**< Index of string descriptor describing product */
         uint8_t iSerialNumber;              /**< Index of string descriptor describing the device’s serial number */
         uint8_t bNumConfigurations;         /**< Number of possible configurations */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_DEVICE_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_DEVICE_DESC_SIZE];      /**< Descriptor value */
 } usb_device_desc_t;
 _Static_assert(sizeof(usb_device_desc_t) == USB_DEVICE_DESC_SIZE, "Size of usb_device_desc_t incorrect");
 
@@ -337,8 +337,8 @@ typedef union {
         uint8_t iConfiguration;             /**< Index of string descriptor describing this configuration */
         uint8_t bmAttributes;               /**< Configuration characteristics */
         uint8_t bMaxPower;                  /**< Maximum power consumption of the USB device from the bus in this specific configuration when the device is fully operational. */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_CONFIG_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_CONFIG_DESC_SIZE];      /**< Descriptor value */
 } usb_config_desc_t;
 _Static_assert(sizeof(usb_config_desc_t) == USB_CONFIG_DESC_SIZE, "Size of usb_config_desc_t incorrect");
 
@@ -370,8 +370,8 @@ typedef union {
         uint8_t bFunctionSubClass;          /**< Subclass code (assigned by USB-IF) */
         uint8_t bFunctionProtocol;          /**< Protocol code (assigned by USB-IF) */
         uint8_t iFunction;                  /**< Index of string descriptor describing this function */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_IAD_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_IAD_DESC_SIZE];         /**< Descriptor value */
 } usb_iad_desc_t;
 _Static_assert(sizeof(usb_iad_desc_t) == USB_IAD_DESC_SIZE, "Size of usb_iad_desc_t incorrect");
 
@@ -398,8 +398,8 @@ typedef union {
         uint8_t bInterfaceSubClass;         /**< Subclass code (assigned by the USB-IF) */
         uint8_t bInterfaceProtocol;         /**< Protocol code (assigned by the USB) */
         uint8_t iInterface;                 /**< Index of string descriptor describing this interface */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_INTF_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_INTF_DESC_SIZE];        /**< Descriptor value */
 } usb_intf_desc_t;
 _Static_assert(sizeof(usb_intf_desc_t) == USB_INTF_DESC_SIZE, "Size of usb_intf_desc_t incorrect");
 
@@ -423,8 +423,8 @@ typedef union {
         uint8_t bmAttributes;               /**< This field describes the endpoint’s attributes when it is configured using the bConfigurationValue. */
         uint16_t wMaxPacketSize;            /**< Maximum packet size this endpoint is capable of sending or receiving when this configuration is selected. */
         uint8_t bInterval;                  /**< Interval for polling Isochronous and Interrupt endpoints. Expressed in frames or microframes depending on the device operating speed (1 ms for Low-Speed and Full-Speed or 125 us for USB High-Speed and above). */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_EP_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_EP_DESC_SIZE];          /**< Descriptor value */
 } usb_ep_desc_t;
 _Static_assert(sizeof(usb_ep_desc_t) == USB_EP_DESC_SIZE, "Size of usb_ep_desc_t incorrect");
 
@@ -475,8 +475,8 @@ typedef union {
         uint8_t bLength;                    /**< Size of the descriptor in bytes */
         uint8_t bDescriptorType;            /**< STRING Descriptor Type */
         uint16_t wData[];                   /**< UTF-16LE encoded */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_STR_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_STR_DESC_SIZE];         /**< Descriptor value */
 } usb_str_desc_t;
 _Static_assert(sizeof(usb_str_desc_t) == USB_STR_DESC_SIZE, "Size of usb_str_desc_t incorrect");
 
diff --git a/tools/sdk/esp32s2/include/usb/include/usb/usb_types_stack.h b/tools/sdk/esp32s2/include/usb/include/usb/usb_types_stack.h
index c438c54a7f8..4d71753a0a7 100644
--- a/tools/sdk/esp32s2/include/usb/include/usb/usb_types_stack.h
+++ b/tools/sdk/esp32s2/include/usb/include/usb/usb_types_stack.h
@@ -122,6 +122,10 @@ typedef struct usb_transfer_s usb_transfer_t;
  */
 typedef void (*usb_transfer_cb_t)(usb_transfer_t *transfer);
 
+/**
+ * @brief USB transfer structure
+ *
+ */
 struct usb_transfer_s{
     uint8_t *const data_buffer;                     /**< Pointer to data buffer */
     const size_t data_buffer_size;                  /**< Size of the data buffer in bytes */
diff --git a/tools/sdk/esp32s2/include/xtensa/include/xtensa/xtensa_context.h b/tools/sdk/esp32s2/include/xtensa/include/xtensa/xtensa_context.h
index e655904423f..8c25b186701 100644
--- a/tools/sdk/esp32s2/include/xtensa/include/xtensa/xtensa_context.h
+++ b/tools/sdk/esp32s2/include/xtensa/include/xtensa/xtensa_context.h
@@ -188,6 +188,14 @@ STRUCT_END(XtExcFrame)
   by the callee according to the compiler's ABI conventions, some space to save
   the return address for returning to the caller, and the caller's PS register.
 
+  Note: Although the xtensa ABI considers the threadptr as "global" across
+  functions (meaning it is neither caller or callee saved), it is treated as a
+  callee-saved register in a solicited stack frame. This omits the need for the
+  OS to include extra logic to save "global" registers on each context switch.
+  Only the threadptr register is treated as callee-saved, as all other NCP
+  (non-coprocessor extra) registers are caller-saved. See "tie.h" for more
+  details.
+
   For Windowed ABI, this stack frame includes the caller's base save area.
 
   Note on XT_SOL_EXIT field:
@@ -204,7 +212,11 @@ STRUCT_BEGIN
 STRUCT_FIELD (long, 4, XT_SOL_EXIT, exit)
 STRUCT_FIELD (long, 4, XT_SOL_PC,   pc)
 STRUCT_FIELD (long, 4, XT_SOL_PS,   ps)
-STRUCT_FIELD (long, 4, XT_SOL_NEXT, next)
+#if XCHAL_HAVE_THREADPTR
+STRUCT_FIELD (long, 4, XT_SOL_THREADPTR, threadptr)
+#else
+STRUCT_FIELD (long, 4, XT_SOL_NEXT, next)   /* Dummy register for 16-byte alignment */
+#endif
 STRUCT_FIELD (long, 4, XT_SOL_A12,  a12)    /* should be on 16-byte alignment */
 STRUCT_FIELD (long, 4, XT_SOL_A13,  a13)
 STRUCT_FIELD (long, 4, XT_SOL_A14,  a14)
@@ -213,7 +225,11 @@ STRUCT_FIELD (long, 4, XT_SOL_A15,  a15)
 STRUCT_FIELD (long, 4, XT_SOL_EXIT, exit)
 STRUCT_FIELD (long, 4, XT_SOL_PC,   pc)
 STRUCT_FIELD (long, 4, XT_SOL_PS,   ps)
-STRUCT_FIELD (long, 4, XT_SOL_NEXT, next)
+#if XCHAL_HAVE_THREADPTR
+STRUCT_FIELD (long, 4, XT_SOL_THREADPTR, threadptr)
+#else
+STRUCT_FIELD (long, 4, XT_SOL_NEXT, next)   /* Dummy register for 16-byte alignment */
+#endif
 STRUCT_FIELD (long, 4, XT_SOL_A0,   a0)    /* should be on 16-byte alignment */
 STRUCT_FIELD (long, 4, XT_SOL_A1,   a1)
 STRUCT_FIELD (long, 4, XT_SOL_A2,   a2)
diff --git a/tools/sdk/esp32s2/ld/sections.ld b/tools/sdk/esp32s2/ld/sections.ld
index 6ea6bfac5dc..4de774cb57a 100644
--- a/tools/sdk/esp32s2/ld/sections.ld
+++ b/tools/sdk/esp32s2/ld/sections.ld
@@ -274,8 +274,6 @@ SECTIONS
     *(.sdata)
     *(.sdata.*)
     *(.gnu.linkonce.s.*)
-    *(.sdata2)
-    *(.sdata2.*)
     *(.gnu.linkonce.s2.*)
     *(.jcr)
 
@@ -288,8 +286,8 @@ SECTIONS
     _coredump_dram_start = ABSOLUTE(.);
     *(.dram2.coredump .dram2.coredump.*)
     _coredump_dram_end = ABSOLUTE(.);
-    *libapp_trace.a:app_trace.*(.rodata .rodata.*)
-    *libapp_trace.a:app_trace_util.*(.rodata .rodata.*)
+    *libapp_trace.a:app_trace.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libapp_trace.a:app_trace_util.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _bt_data_start = ABSOLUTE(.);
     *libbt.a:(.data .data.*)
     . = ALIGN(4);
@@ -298,45 +296,45 @@ SECTIONS
     *libbtdm_app.a:(.data .data.*)
     . = ALIGN(4);
     _btdm_data_end = ABSOLUTE(.);
-    *libesp_hw_support.a:regi2c_ctrl.*(.rodata .rodata.*)
-    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.*)
-    *libesp_system.a:esp_err.*(.rodata .rodata.*)
-    *libesp_system.a:ubsan.*(.rodata .rodata.*)
-    *libgcc.a:_divsf3.*(.rodata .rodata.*)
-    *libgcov.a:(.rodata .rodata.*)
-    *libhal.a:cpu_hal.*(.rodata .rodata.*)
-    *libhal.a:i2c_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:ledc_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:soc_hal.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:systimer_hal.*(.rodata .rodata.*)
-    *libhal.a:wdt_hal_iram.*(.rodata .rodata.*)
-    *libheap.a:heap_tlsf.*(.rodata .rodata.*)
-    *libheap.a:multi_heap.*(.rodata .rodata.*)
-    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.*)
-    *libnewlib.a:abort.*(.rodata .rodata.*)
-    *libnewlib.a:assert.*(.rodata .rodata.*)
-    *libnewlib.a:heap.*(.rodata .rodata.*)
-    *libnewlib.a:stdatomic.*(.rodata .rodata.*)
+    *libesp_hw_support.a:regi2c_ctrl.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:esp_err.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:ubsan.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcc.a:_divsf3.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcov.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:cpu_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:i2c_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:ledc_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:soc_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:systimer_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:wdt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:heap_tlsf.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:abort.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:assert.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:stdatomic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _nimble_data_start = ABSOLUTE(.);
     *libnimble.a:(.data .data.*)
     . = ALIGN(4);
     _nimble_data_end = ABSOLUTE(.);
-    *libphy.a:(.rodata .rodata.*)
-    *libsoc.a:lldesc.*(.rodata .rodata.*)
-    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.*)
+    *libphy.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libsoc.a:lldesc.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
 
     _data_end = ABSOLUTE(.);
     . = ALIGN(4);
@@ -374,8 +372,8 @@ SECTIONS
     *(.ext_ram.bss*)
 
     *(.bss .bss.*)
-    *(.dynbss .dynsbss .gnu.linkonce.b .gnu.linkonce.b.* .gnu.linkonce.sb .gnu.linkonce.sb.* .gnu.linkonce.sb2 .gnu.linkonce.sb2.* .sbss .sbss.* .sbss2 .sbss2.* .scommon .share.mem)
     *(.ext_ram.bss .ext_ram.bss.*)
+    *(.dynbss .dynsbss .gnu.linkonce.b .gnu.linkonce.b.* .gnu.linkonce.sb .gnu.linkonce.sb.* .gnu.linkonce.sb2 .gnu.linkonce.sb2.* .sbss .sbss.* .sbss2 .sbss2.* .scommon .share.mem)
     *(COMMON)
     _bt_bss_start = ABSOLUTE(.);
     *libbt.a:(.bss .bss.* COMMON)
@@ -424,8 +422,8 @@ SECTIONS
   {
     _flash_rodata_start = ABSOLUTE(.);
 
-    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:regi2c_ctrl.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:regi2c_ctrl.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .rodata.*)
     *(.rodata_wlog_error .rodata_wlog_error.*)
+    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:regi2c_ctrl.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:regi2c_ctrl.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .rodata.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:regi2c_ctrl.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .sdata2 EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:regi2c_ctrl.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .sdata2.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:regi2c_ctrl.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .srodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:regi2c_ctrl.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.*) .srodata.*)
 
     *(.irom1.text) /* catch stray ICACHE_RODATA_ATTR */
     *(.gnu.linkonce.r.*)
diff --git a/tools/sdk/esp32s2/lib/libapp_update.a b/tools/sdk/esp32s2/lib/libapp_update.a
index bc3ea4d6bc4..d392fd60aad 100644
Binary files a/tools/sdk/esp32s2/lib/libapp_update.a and b/tools/sdk/esp32s2/lib/libapp_update.a differ
diff --git a/tools/sdk/esp32s2/lib/libarduino_tinyusb.a b/tools/sdk/esp32s2/lib/libarduino_tinyusb.a
index 7bf2f4ab08d..996812dcf28 100644
Binary files a/tools/sdk/esp32s2/lib/libarduino_tinyusb.a and b/tools/sdk/esp32s2/lib/libarduino_tinyusb.a differ
diff --git a/tools/sdk/esp32s2/lib/libbutton.a b/tools/sdk/esp32s2/lib/libbutton.a
index 3469f5087d9..c637beec0f5 100644
Binary files a/tools/sdk/esp32s2/lib/libbutton.a and b/tools/sdk/esp32s2/lib/libbutton.a differ
diff --git a/tools/sdk/esp32s2/lib/libcoap.a b/tools/sdk/esp32s2/lib/libcoap.a
index 8c6095c7513..67e6c62f1a9 100644
Binary files a/tools/sdk/esp32s2/lib/libcoap.a and b/tools/sdk/esp32s2/lib/libcoap.a differ
diff --git a/tools/sdk/esp32s2/lib/libcoexist.a b/tools/sdk/esp32s2/lib/libcoexist.a
index fd79ff5a8dc..720c943bb46 100644
Binary files a/tools/sdk/esp32s2/lib/libcoexist.a and b/tools/sdk/esp32s2/lib/libcoexist.a differ
diff --git a/tools/sdk/esp32s2/lib/libconsole.a b/tools/sdk/esp32s2/lib/libconsole.a
index 6f69d8faf00..b0c34afd7f7 100644
Binary files a/tools/sdk/esp32s2/lib/libconsole.a and b/tools/sdk/esp32s2/lib/libconsole.a differ
diff --git a/tools/sdk/esp32s2/lib/libcore.a b/tools/sdk/esp32s2/lib/libcore.a
index b65c27f53ad..08046f680a0 100644
Binary files a/tools/sdk/esp32s2/lib/libcore.a and b/tools/sdk/esp32s2/lib/libcore.a differ
diff --git a/tools/sdk/esp32s2/lib/libcxx.a b/tools/sdk/esp32s2/lib/libcxx.a
index 245ce239142..604919126a7 100644
Binary files a/tools/sdk/esp32s2/lib/libcxx.a and b/tools/sdk/esp32s2/lib/libcxx.a differ
diff --git a/tools/sdk/esp32s2/lib/libdriver.a b/tools/sdk/esp32s2/lib/libdriver.a
index 7ec98181b81..afd36315ad8 100644
Binary files a/tools/sdk/esp32s2/lib/libdriver.a and b/tools/sdk/esp32s2/lib/libdriver.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp-tls.a b/tools/sdk/esp32s2/lib/libesp-tls.a
index b45e983cc99..9361fbf2fff 100644
Binary files a/tools/sdk/esp32s2/lib/libesp-tls.a and b/tools/sdk/esp32s2/lib/libesp-tls.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp32-camera.a b/tools/sdk/esp32s2/lib/libesp32-camera.a
index 6daa23d2795..e71d3f3e0a4 100644
Binary files a/tools/sdk/esp32s2/lib/libesp32-camera.a and b/tools/sdk/esp32s2/lib/libesp32-camera.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_common.a b/tools/sdk/esp32s2/lib/libesp_common.a
index ca5ba7c2323..fa784fc628f 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_common.a and b/tools/sdk/esp32s2/lib/libesp_common.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_eth.a b/tools/sdk/esp32s2/lib/libesp_eth.a
index 76b2ea7b2dd..31c7d3d6d91 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_eth.a and b/tools/sdk/esp32s2/lib/libesp_eth.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_event.a b/tools/sdk/esp32s2/lib/libesp_event.a
index f9395c45b7a..a931cc14215 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_event.a and b/tools/sdk/esp32s2/lib/libesp_event.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_gdbstub.a b/tools/sdk/esp32s2/lib/libesp_gdbstub.a
index 446e55e0ec2..9176b39b006 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_gdbstub.a and b/tools/sdk/esp32s2/lib/libesp_gdbstub.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_hid.a b/tools/sdk/esp32s2/lib/libesp_hid.a
index 0597288f1a5..e8b0d1d6610 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_hid.a and b/tools/sdk/esp32s2/lib/libesp_hid.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_http_client.a b/tools/sdk/esp32s2/lib/libesp_http_client.a
index 46c4f616e62..6c59ce503f8 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_http_client.a and b/tools/sdk/esp32s2/lib/libesp_http_client.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_http_server.a b/tools/sdk/esp32s2/lib/libesp_http_server.a
index acd3c7583a5..dba324250b2 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_http_server.a and b/tools/sdk/esp32s2/lib/libesp_http_server.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_https_server.a b/tools/sdk/esp32s2/lib/libesp_https_server.a
index 3dd50394336..abc475bd9d9 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_https_server.a and b/tools/sdk/esp32s2/lib/libesp_https_server.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_hw_support.a b/tools/sdk/esp32s2/lib/libesp_hw_support.a
index d8f1807874f..55c8a98d7c1 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_hw_support.a and b/tools/sdk/esp32s2/lib/libesp_hw_support.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_lcd.a b/tools/sdk/esp32s2/lib/libesp_lcd.a
index 479dfe7f632..8ed977b3a79 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_lcd.a and b/tools/sdk/esp32s2/lib/libesp_lcd.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_littlefs.a b/tools/sdk/esp32s2/lib/libesp_littlefs.a
index 559812caf2b..b14346df212 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_littlefs.a and b/tools/sdk/esp32s2/lib/libesp_littlefs.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_local_ctrl.a b/tools/sdk/esp32s2/lib/libesp_local_ctrl.a
index c02f15f670b..72cca641ddf 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_local_ctrl.a and b/tools/sdk/esp32s2/lib/libesp_local_ctrl.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_netif.a b/tools/sdk/esp32s2/lib/libesp_netif.a
index db5cb90510e..6e8172d6915 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_netif.a and b/tools/sdk/esp32s2/lib/libesp_netif.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_phy.a b/tools/sdk/esp32s2/lib/libesp_phy.a
index 00134645a6f..c6447cf7482 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_phy.a and b/tools/sdk/esp32s2/lib/libesp_phy.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_rainmaker.a b/tools/sdk/esp32s2/lib/libesp_rainmaker.a
index 9073eeb3263..3f045de1c06 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_rainmaker.a and b/tools/sdk/esp32s2/lib/libesp_rainmaker.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_ringbuf.a b/tools/sdk/esp32s2/lib/libesp_ringbuf.a
index b172cb1b6c6..541b3639291 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_ringbuf.a and b/tools/sdk/esp32s2/lib/libesp_ringbuf.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_system.a b/tools/sdk/esp32s2/lib/libesp_system.a
index 96aa49a879e..37f0a0c1a38 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_system.a and b/tools/sdk/esp32s2/lib/libesp_system.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_timer.a b/tools/sdk/esp32s2/lib/libesp_timer.a
index cfc3db043fc..a1a756b1da3 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_timer.a and b/tools/sdk/esp32s2/lib/libesp_timer.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_websocket_client.a b/tools/sdk/esp32s2/lib/libesp_websocket_client.a
index 1d14c2f1ef3..43f85000e2c 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_websocket_client.a and b/tools/sdk/esp32s2/lib/libesp_websocket_client.a differ
diff --git a/tools/sdk/esp32s2/lib/libesp_wifi.a b/tools/sdk/esp32s2/lib/libesp_wifi.a
index b43db22015a..51eefa9b177 100644
Binary files a/tools/sdk/esp32s2/lib/libesp_wifi.a and b/tools/sdk/esp32s2/lib/libesp_wifi.a differ
diff --git a/tools/sdk/esp32s2/lib/libespnow.a b/tools/sdk/esp32s2/lib/libespnow.a
index 409d7dc0159..3f9b21eb9a4 100644
Binary files a/tools/sdk/esp32s2/lib/libespnow.a and b/tools/sdk/esp32s2/lib/libespnow.a differ
diff --git a/tools/sdk/esp32s2/lib/libfatfs.a b/tools/sdk/esp32s2/lib/libfatfs.a
index 1edfb0339a5..119a218b632 100644
Binary files a/tools/sdk/esp32s2/lib/libfatfs.a and b/tools/sdk/esp32s2/lib/libfatfs.a differ
diff --git a/tools/sdk/esp32s2/lib/libfreemodbus.a b/tools/sdk/esp32s2/lib/libfreemodbus.a
index 63f0c64302e..b63c2c063c8 100644
Binary files a/tools/sdk/esp32s2/lib/libfreemodbus.a and b/tools/sdk/esp32s2/lib/libfreemodbus.a differ
diff --git a/tools/sdk/esp32s2/lib/libfreertos.a b/tools/sdk/esp32s2/lib/libfreertos.a
index 8689634bae6..c27a9acd834 100644
Binary files a/tools/sdk/esp32s2/lib/libfreertos.a and b/tools/sdk/esp32s2/lib/libfreertos.a differ
diff --git a/tools/sdk/esp32s2/lib/liblog.a b/tools/sdk/esp32s2/lib/liblog.a
index 446b1eeee41..88a3f103966 100644
Binary files a/tools/sdk/esp32s2/lib/liblog.a and b/tools/sdk/esp32s2/lib/liblog.a differ
diff --git a/tools/sdk/esp32s2/lib/liblwip.a b/tools/sdk/esp32s2/lib/liblwip.a
index 3f5cac8408e..4c775412f24 100644
Binary files a/tools/sdk/esp32s2/lib/liblwip.a and b/tools/sdk/esp32s2/lib/liblwip.a differ
diff --git a/tools/sdk/esp32s2/lib/libmbedcrypto.a b/tools/sdk/esp32s2/lib/libmbedcrypto.a
index 13eca29cc80..86a21339d78 100644
Binary files a/tools/sdk/esp32s2/lib/libmbedcrypto.a and b/tools/sdk/esp32s2/lib/libmbedcrypto.a differ
diff --git a/tools/sdk/esp32s2/lib/libmbedtls.a b/tools/sdk/esp32s2/lib/libmbedtls.a
index 754c9d7b243..781a1545572 100644
Binary files a/tools/sdk/esp32s2/lib/libmbedtls.a and b/tools/sdk/esp32s2/lib/libmbedtls.a differ
diff --git a/tools/sdk/esp32s2/lib/libmbedtls_2.a b/tools/sdk/esp32s2/lib/libmbedtls_2.a
index ddf5ae8f9cf..c0b882a73ae 100644
Binary files a/tools/sdk/esp32s2/lib/libmbedtls_2.a and b/tools/sdk/esp32s2/lib/libmbedtls_2.a differ
diff --git a/tools/sdk/esp32s2/lib/libmbedx509.a b/tools/sdk/esp32s2/lib/libmbedx509.a
index 5e52bf9b70c..effdb87e736 100644
Binary files a/tools/sdk/esp32s2/lib/libmbedx509.a and b/tools/sdk/esp32s2/lib/libmbedx509.a differ
diff --git a/tools/sdk/esp32s2/lib/libmdns.a b/tools/sdk/esp32s2/lib/libmdns.a
index c2d04f00945..c327c99ee55 100644
Binary files a/tools/sdk/esp32s2/lib/libmdns.a and b/tools/sdk/esp32s2/lib/libmdns.a differ
diff --git a/tools/sdk/esp32s2/lib/libmesh.a b/tools/sdk/esp32s2/lib/libmesh.a
index 91424611eea..3cdf7f9c532 100644
Binary files a/tools/sdk/esp32s2/lib/libmesh.a and b/tools/sdk/esp32s2/lib/libmesh.a differ
diff --git a/tools/sdk/esp32s2/lib/libmqtt.a b/tools/sdk/esp32s2/lib/libmqtt.a
index 8ead75de65f..f425d38c3ac 100644
Binary files a/tools/sdk/esp32s2/lib/libmqtt.a and b/tools/sdk/esp32s2/lib/libmqtt.a differ
diff --git a/tools/sdk/esp32s2/lib/libnet80211.a b/tools/sdk/esp32s2/lib/libnet80211.a
index 5a3d6d6f387..dea1d2764ac 100644
Binary files a/tools/sdk/esp32s2/lib/libnet80211.a and b/tools/sdk/esp32s2/lib/libnet80211.a differ
diff --git a/tools/sdk/esp32s2/lib/libnewlib.a b/tools/sdk/esp32s2/lib/libnewlib.a
index 95ef3bf5c96..34c96ef84c7 100644
Binary files a/tools/sdk/esp32s2/lib/libnewlib.a and b/tools/sdk/esp32s2/lib/libnewlib.a differ
diff --git a/tools/sdk/esp32s2/lib/libnvs_flash.a b/tools/sdk/esp32s2/lib/libnvs_flash.a
index 1a0153210e2..5629446aafd 100644
Binary files a/tools/sdk/esp32s2/lib/libnvs_flash.a and b/tools/sdk/esp32s2/lib/libnvs_flash.a differ
diff --git a/tools/sdk/esp32s2/lib/libopenssl.a b/tools/sdk/esp32s2/lib/libopenssl.a
index 48ac11c7220..5a700852570 100644
Binary files a/tools/sdk/esp32s2/lib/libopenssl.a and b/tools/sdk/esp32s2/lib/libopenssl.a differ
diff --git a/tools/sdk/esp32s2/lib/libpp.a b/tools/sdk/esp32s2/lib/libpp.a
index 6d05e8fe35d..2f2b48d2e20 100644
Binary files a/tools/sdk/esp32s2/lib/libpp.a and b/tools/sdk/esp32s2/lib/libpp.a differ
diff --git a/tools/sdk/esp32s2/lib/libprotocomm.a b/tools/sdk/esp32s2/lib/libprotocomm.a
index ff5e453b199..37b11af0952 100644
Binary files a/tools/sdk/esp32s2/lib/libprotocomm.a and b/tools/sdk/esp32s2/lib/libprotocomm.a differ
diff --git a/tools/sdk/esp32s2/lib/libpthread.a b/tools/sdk/esp32s2/lib/libpthread.a
index b333edf2038..5da559dc96e 100644
Binary files a/tools/sdk/esp32s2/lib/libpthread.a and b/tools/sdk/esp32s2/lib/libpthread.a differ
diff --git a/tools/sdk/esp32s2/lib/librmaker_common.a b/tools/sdk/esp32s2/lib/librmaker_common.a
index 224c94a75cb..6ea6892baf5 100644
Binary files a/tools/sdk/esp32s2/lib/librmaker_common.a and b/tools/sdk/esp32s2/lib/librmaker_common.a differ
diff --git a/tools/sdk/esp32s2/lib/libsmartconfig.a b/tools/sdk/esp32s2/lib/libsmartconfig.a
index 12e57020d41..085339d5733 100644
Binary files a/tools/sdk/esp32s2/lib/libsmartconfig.a and b/tools/sdk/esp32s2/lib/libsmartconfig.a differ
diff --git a/tools/sdk/esp32s2/lib/libspiffs.a b/tools/sdk/esp32s2/lib/libspiffs.a
index 2bea0f402df..90c5953db83 100644
Binary files a/tools/sdk/esp32s2/lib/libspiffs.a and b/tools/sdk/esp32s2/lib/libspiffs.a differ
diff --git a/tools/sdk/esp32s2/lib/libtcp_transport.a b/tools/sdk/esp32s2/lib/libtcp_transport.a
index 25d6d9bb500..21d13d082fc 100644
Binary files a/tools/sdk/esp32s2/lib/libtcp_transport.a and b/tools/sdk/esp32s2/lib/libtcp_transport.a differ
diff --git a/tools/sdk/esp32s2/lib/libtcpip_adapter.a b/tools/sdk/esp32s2/lib/libtcpip_adapter.a
index 01cdc7e28db..5e63b4ae696 100644
Binary files a/tools/sdk/esp32s2/lib/libtcpip_adapter.a and b/tools/sdk/esp32s2/lib/libtcpip_adapter.a differ
diff --git a/tools/sdk/esp32s2/lib/libtouch_element.a b/tools/sdk/esp32s2/lib/libtouch_element.a
index 9afca7144ef..0e571505277 100644
Binary files a/tools/sdk/esp32s2/lib/libtouch_element.a and b/tools/sdk/esp32s2/lib/libtouch_element.a differ
diff --git a/tools/sdk/esp32s2/lib/libusb.a b/tools/sdk/esp32s2/lib/libusb.a
index f5df9c1f80c..4ad4aff6f5f 100644
Binary files a/tools/sdk/esp32s2/lib/libusb.a and b/tools/sdk/esp32s2/lib/libusb.a differ
diff --git a/tools/sdk/esp32s2/lib/libvfs.a b/tools/sdk/esp32s2/lib/libvfs.a
index 70a902d7133..f0b7a99532d 100644
Binary files a/tools/sdk/esp32s2/lib/libvfs.a and b/tools/sdk/esp32s2/lib/libvfs.a differ
diff --git a/tools/sdk/esp32s2/lib/libwapi.a b/tools/sdk/esp32s2/lib/libwapi.a
index a5ce039b209..4d473aa4a8a 100644
Binary files a/tools/sdk/esp32s2/lib/libwapi.a and b/tools/sdk/esp32s2/lib/libwapi.a differ
diff --git a/tools/sdk/esp32s2/lib/libwifi_provisioning.a b/tools/sdk/esp32s2/lib/libwifi_provisioning.a
index 09366d38eae..b54dbd06275 100644
Binary files a/tools/sdk/esp32s2/lib/libwifi_provisioning.a and b/tools/sdk/esp32s2/lib/libwifi_provisioning.a differ
diff --git a/tools/sdk/esp32s2/lib/libwpa_supplicant.a b/tools/sdk/esp32s2/lib/libwpa_supplicant.a
index 4c5c0f4ba4e..1b244c549f6 100644
Binary files a/tools/sdk/esp32s2/lib/libwpa_supplicant.a and b/tools/sdk/esp32s2/lib/libwpa_supplicant.a differ
diff --git a/tools/sdk/esp32s2/lib/libxtensa.a b/tools/sdk/esp32s2/lib/libxtensa.a
index c1f02ec3045..733c7fc65a9 100644
Binary files a/tools/sdk/esp32s2/lib/libxtensa.a and b/tools/sdk/esp32s2/lib/libxtensa.a differ
diff --git a/tools/sdk/esp32s2/qio_qspi/include/sdkconfig.h b/tools/sdk/esp32s2/qio_qspi/include/sdkconfig.h
index 810bfa3e270..f83de806b9b 100644
--- a/tools/sdk/esp32s2/qio_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32s2/qio_qspi/include/sdkconfig.h
@@ -64,6 +64,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -628,5 +629,5 @@
 #define CONFIG_USB_MSC_BUFSIZE CONFIG_TINYUSB_MSC_BUFSIZE
 #define CONFIG_USB_MSC_ENABLED CONFIG_TINYUSB_MSC_ENABLED
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32s2/qio_qspi/libspi_flash.a b/tools/sdk/esp32s2/qio_qspi/libspi_flash.a
index d925cb0ec74..e6714dda30e 100644
Binary files a/tools/sdk/esp32s2/qio_qspi/libspi_flash.a and b/tools/sdk/esp32s2/qio_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32s2/qout_qspi/include/sdkconfig.h b/tools/sdk/esp32s2/qout_qspi/include/sdkconfig.h
index 22bb79b19e5..510aeba1013 100644
--- a/tools/sdk/esp32s2/qout_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32s2/qout_qspi/include/sdkconfig.h
@@ -64,6 +64,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -628,5 +629,5 @@
 #define CONFIG_USB_MSC_BUFSIZE CONFIG_TINYUSB_MSC_BUFSIZE
 #define CONFIG_USB_MSC_ENABLED CONFIG_TINYUSB_MSC_ENABLED
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32s2/qout_qspi/libspi_flash.a b/tools/sdk/esp32s2/qout_qspi/libspi_flash.a
index 9add2cde686..bb58b208da8 100644
Binary files a/tools/sdk/esp32s2/qout_qspi/libspi_flash.a and b/tools/sdk/esp32s2/qout_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32s2/sdkconfig b/tools/sdk/esp32s2/sdkconfig
index 675d59583aa..f1bd087045e 100644
--- a/tools/sdk/esp32s2/sdkconfig
+++ b/tools/sdk/esp32s2/sdkconfig
@@ -173,6 +173,7 @@ CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD=0
 # CONFIG_ESP_RMAKER_SKIP_VERSION_CHECK is not set
 # CONFIG_ESP_RMAKER_SKIP_PROJECT_NAME_CHECK is not set
 CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE=1024
+CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD=90
 # end of ESP RainMaker OTA Config
 
 #
diff --git a/tools/sdk/esp32s3/dio_opi/include/sdkconfig.h b/tools/sdk/esp32s3/dio_opi/include/sdkconfig.h
index c23a2fbc299..0eb8180c364 100644
--- a/tools/sdk/esp32s3/dio_opi/include/sdkconfig.h
+++ b/tools/sdk/esp32s3/dio_opi/include/sdkconfig.h
@@ -64,6 +64,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -1009,5 +1010,5 @@
 #define CONFIG_USB_MSC_BUFSIZE CONFIG_TINYUSB_MSC_BUFSIZE
 #define CONFIG_USB_MSC_ENABLED CONFIG_TINYUSB_MSC_ENABLED
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32s3/dio_opi/libesp_hw_support.a b/tools/sdk/esp32s3/dio_opi/libesp_hw_support.a
index 36e754ceb1d..f0dabaa25e4 100644
Binary files a/tools/sdk/esp32s3/dio_opi/libesp_hw_support.a and b/tools/sdk/esp32s3/dio_opi/libesp_hw_support.a differ
diff --git a/tools/sdk/esp32s3/dio_opi/libesp_system.a b/tools/sdk/esp32s3/dio_opi/libesp_system.a
index c7d4081d05d..319eb518508 100644
Binary files a/tools/sdk/esp32s3/dio_opi/libesp_system.a and b/tools/sdk/esp32s3/dio_opi/libesp_system.a differ
diff --git a/tools/sdk/esp32s3/dio_opi/libfreertos.a b/tools/sdk/esp32s3/dio_opi/libfreertos.a
index 588f88dd65c..7fd9af5d45f 100644
Binary files a/tools/sdk/esp32s3/dio_opi/libfreertos.a and b/tools/sdk/esp32s3/dio_opi/libfreertos.a differ
diff --git a/tools/sdk/esp32s3/dio_opi/libspi_flash.a b/tools/sdk/esp32s3/dio_opi/libspi_flash.a
index 879171e47f6..670194c01b8 100644
Binary files a/tools/sdk/esp32s3/dio_opi/libspi_flash.a and b/tools/sdk/esp32s3/dio_opi/libspi_flash.a differ
diff --git a/tools/sdk/esp32s3/dio_opi/sections.ld b/tools/sdk/esp32s3/dio_opi/sections.ld
index e7ba3f008d9..0da52a9bfbe 100644
--- a/tools/sdk/esp32s3/dio_opi/sections.ld
+++ b/tools/sdk/esp32s3/dio_opi/sections.ld
@@ -204,7 +204,7 @@ SECTIONS
     *libesp_system.a:ubsan.*(.literal .literal.* .text .text.*)
     *libfreertos.a:(EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal.* EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text.*)
     *libfreertos.a:port.*(.literal.pxPortInitialiseStack .literal.unlikely.vPortEndScheduler .literal.vApplicationStackOverflowHook .literal.vPortAssertIfInISR .literal.vPortExitCritical .literal.vPortExitCriticalCompliance .literal.vPortReleaseTaskMPUSettings .literal.vPortSetStackWatchpoint .literal.vPortYieldOtherCore .literal.xPortEnterCriticalTimeout .literal.xPortEnterCriticalTimeoutCompliance .literal.xPortInIsrContext .literal.xPortStartScheduler .text .text.pxPortInitialiseStack .text.unlikely.vPortEndScheduler .text.vApplicationStackOverflowHook .text.vPortAssertIfInISR .text.vPortExitCritical .text.vPortExitCriticalCompliance .text.vPortReleaseTaskMPUSettings .text.vPortSetStackWatchpoint .text.vPortStoreTaskMPUSettings .text.vPortYieldOtherCore .text.xPortEnterCriticalTimeout .text.xPortEnterCriticalTimeoutCompliance .text.xPortGetTickRateHz .text.xPortInIsrContext .text.xPortStartScheduler)
-    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.s_app_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.s_app_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
+    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.other_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.other_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
     *libgcc.a:_divsf3.*(.literal .literal.* .text .text.*)
     *libgcc.a:lib2funcs.*(.literal .literal.* .text .text.*)
     *libgcov.a:(.literal .literal.* .text .text.*)
@@ -269,8 +269,6 @@ SECTIONS
     *(.sdata)
     *(.sdata.*)
     *(.gnu.linkonce.s.*)
-    *(.sdata2)
-    *(.sdata2.*)
     *(.gnu.linkonce.s2.*)
     *(.jcr)
 
@@ -283,8 +281,8 @@ SECTIONS
     _coredump_dram_start = ABSOLUTE(.);
     *(.dram2.coredump .dram2.coredump.*)
     _coredump_dram_end = ABSOLUTE(.);
-    *libapp_trace.a:app_trace.*(.rodata .rodata.*)
-    *libapp_trace.a:app_trace_util.*(.rodata .rodata.*)
+    *libapp_trace.a:app_trace.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libapp_trace.a:app_trace_util.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _bt_data_start = ABSOLUTE(.);
     *libbt.a:(.data .data.*)
     . = ALIGN(4);
@@ -293,48 +291,48 @@ SECTIONS
     *libbtdm_app.a:(.data .data.*)
     . = ALIGN(4);
     _btdm_data_end = ABSOLUTE(.);
-    *libesp_hw_support.a:opiram_psram.*(.rodata .rodata.*)
-    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.*)
-    *libesp_system.a:esp_err.*(.rodata .rodata.*)
-    *libesp_system.a:ubsan.*(.rodata .rodata.*)
-    *libgcc.a:_divsf3.*(.rodata .rodata.*)
-    *libgcov.a:(.rodata .rodata.*)
-    *libhal.a:cpu_hal.*(.rodata .rodata.*)
-    *libhal.a:i2c_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:ledc_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:soc_hal.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:systimer_hal.*(.rodata .rodata.*)
-    *libhal.a:wdt_hal_iram.*(.rodata .rodata.*)
-    *libheap.a:heap_tlsf.*(.rodata .rodata.*)
-    *libheap.a:multi_heap.*(.rodata .rodata.*)
-    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.*)
-    *libnewlib.a:abort.*(.rodata .rodata.*)
-    *libnewlib.a:assert.*(.rodata .rodata.*)
-    *libnewlib.a:heap.*(.rodata .rodata.*)
-    *libnewlib.a:stdatomic.*(.rodata .rodata.*)
+    *libesp_hw_support.a:opiram_psram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:esp_err.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:ubsan.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcc.a:_divsf3.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcov.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:cpu_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:i2c_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:ledc_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:soc_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:systimer_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:wdt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:heap_tlsf.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:abort.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:assert.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:stdatomic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _nimble_data_start = ABSOLUTE(.);
     *libnimble.a:(.data .data.*)
     . = ALIGN(4);
     _nimble_data_end = ABSOLUTE(.);
-    *libphy.a:(.rodata .rodata.*)
-    *libsoc.a:lldesc.*(.rodata .rodata.*)
-    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic_opi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_timing_tuning.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_timing_config.*(.rodata .rodata.*)
+    *libphy.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libsoc.a:lldesc.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic_opi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_timing_tuning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_timing_config.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
 
     _data_end = ABSOLUTE(.);
     . = ALIGN(4);
@@ -363,8 +361,8 @@ SECTIONS
     *(.ext_ram.bss*)
 
     *(.bss .bss.*)
-    *(.dynbss .dynsbss .gnu.linkonce.b .gnu.linkonce.b.* .gnu.linkonce.sb .gnu.linkonce.sb.* .gnu.linkonce.sb2 .gnu.linkonce.sb2.* .sbss .sbss.* .sbss2 .sbss2.* .scommon .share.mem)
     *(.ext_ram.bss .ext_ram.bss.*)
+    *(.dynbss .dynsbss .gnu.linkonce.b .gnu.linkonce.b.* .gnu.linkonce.sb .gnu.linkonce.sb.* .gnu.linkonce.sb2 .gnu.linkonce.sb2.* .sbss .sbss.* .sbss2 .sbss2.* .scommon .share.mem)
     *(COMMON)
     _bt_bss_start = ABSOLUTE(.);
     *libbt.a:(.bss .bss.* COMMON)
@@ -478,8 +476,8 @@ SECTIONS
   {
     _flash_rodata_start = ABSOLUTE(.);
 
-    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata.*)
     *(.rodata_wlog_error .rodata_wlog_error.*)
+    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .sdata2 EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .sdata2.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .srodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .srodata.*)
 
     *(.irom1.text) /* catch stray ICACHE_RODATA_ATTR */
     *(.gnu.linkonce.r.*)
diff --git a/tools/sdk/esp32s3/dio_qspi/include/sdkconfig.h b/tools/sdk/esp32s3/dio_qspi/include/sdkconfig.h
index 05eab9679cd..63c022163b2 100644
--- a/tools/sdk/esp32s3/dio_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32s3/dio_qspi/include/sdkconfig.h
@@ -64,6 +64,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -1007,5 +1008,5 @@
 #define CONFIG_USB_MSC_BUFSIZE CONFIG_TINYUSB_MSC_BUFSIZE
 #define CONFIG_USB_MSC_ENABLED CONFIG_TINYUSB_MSC_ENABLED
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32s3/dio_qspi/libesp_hw_support.a b/tools/sdk/esp32s3/dio_qspi/libesp_hw_support.a
index b1a44ba3657..b9c64b525af 100644
Binary files a/tools/sdk/esp32s3/dio_qspi/libesp_hw_support.a and b/tools/sdk/esp32s3/dio_qspi/libesp_hw_support.a differ
diff --git a/tools/sdk/esp32s3/dio_qspi/libesp_system.a b/tools/sdk/esp32s3/dio_qspi/libesp_system.a
index 1fadd4f6004..70d12b74f6a 100644
Binary files a/tools/sdk/esp32s3/dio_qspi/libesp_system.a and b/tools/sdk/esp32s3/dio_qspi/libesp_system.a differ
diff --git a/tools/sdk/esp32s3/dio_qspi/libfreertos.a b/tools/sdk/esp32s3/dio_qspi/libfreertos.a
index 588f88dd65c..7fd9af5d45f 100644
Binary files a/tools/sdk/esp32s3/dio_qspi/libfreertos.a and b/tools/sdk/esp32s3/dio_qspi/libfreertos.a differ
diff --git a/tools/sdk/esp32s3/dio_qspi/libspi_flash.a b/tools/sdk/esp32s3/dio_qspi/libspi_flash.a
index bddbd14061c..67f95358e67 100644
Binary files a/tools/sdk/esp32s3/dio_qspi/libspi_flash.a and b/tools/sdk/esp32s3/dio_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32s3/dio_qspi/sections.ld b/tools/sdk/esp32s3/dio_qspi/sections.ld
index 14464a2ec3f..fda5831163a 100644
--- a/tools/sdk/esp32s3/dio_qspi/sections.ld
+++ b/tools/sdk/esp32s3/dio_qspi/sections.ld
@@ -204,7 +204,7 @@ SECTIONS
     *libesp_system.a:ubsan.*(.literal .literal.* .text .text.*)
     *libfreertos.a:(EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal.* EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text.*)
     *libfreertos.a:port.*(.literal.pxPortInitialiseStack .literal.unlikely.vPortEndScheduler .literal.vApplicationStackOverflowHook .literal.vPortAssertIfInISR .literal.vPortExitCritical .literal.vPortExitCriticalCompliance .literal.vPortReleaseTaskMPUSettings .literal.vPortSetStackWatchpoint .literal.vPortYieldOtherCore .literal.xPortEnterCriticalTimeout .literal.xPortEnterCriticalTimeoutCompliance .literal.xPortInIsrContext .literal.xPortStartScheduler .text .text.pxPortInitialiseStack .text.unlikely.vPortEndScheduler .text.vApplicationStackOverflowHook .text.vPortAssertIfInISR .text.vPortExitCritical .text.vPortExitCriticalCompliance .text.vPortReleaseTaskMPUSettings .text.vPortSetStackWatchpoint .text.vPortStoreTaskMPUSettings .text.vPortYieldOtherCore .text.xPortEnterCriticalTimeout .text.xPortEnterCriticalTimeoutCompliance .text.xPortGetTickRateHz .text.xPortInIsrContext .text.xPortStartScheduler)
-    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.s_app_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.s_app_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
+    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.other_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.other_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
     *libgcc.a:_divsf3.*(.literal .literal.* .text .text.*)
     *libgcc.a:lib2funcs.*(.literal .literal.* .text .text.*)
     *libgcov.a:(.literal .literal.* .text .text.*)
@@ -269,8 +269,6 @@ SECTIONS
     *(.sdata)
     *(.sdata.*)
     *(.gnu.linkonce.s.*)
-    *(.sdata2)
-    *(.sdata2.*)
     *(.gnu.linkonce.s2.*)
     *(.jcr)
 
@@ -283,8 +281,8 @@ SECTIONS
     _coredump_dram_start = ABSOLUTE(.);
     *(.dram2.coredump .dram2.coredump.*)
     _coredump_dram_end = ABSOLUTE(.);
-    *libapp_trace.a:app_trace.*(.rodata .rodata.*)
-    *libapp_trace.a:app_trace_util.*(.rodata .rodata.*)
+    *libapp_trace.a:app_trace.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libapp_trace.a:app_trace_util.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _bt_data_start = ABSOLUTE(.);
     *libbt.a:(.data .data.*)
     . = ALIGN(4);
@@ -293,48 +291,48 @@ SECTIONS
     *libbtdm_app.a:(.data .data.*)
     . = ALIGN(4);
     _btdm_data_end = ABSOLUTE(.);
-    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.*)
-    *libesp_hw_support.a:spiram_psram.*(.rodata .rodata.*)
-    *libesp_system.a:esp_err.*(.rodata .rodata.*)
-    *libesp_system.a:ubsan.*(.rodata .rodata.*)
-    *libgcc.a:_divsf3.*(.rodata .rodata.*)
-    *libgcov.a:(.rodata .rodata.*)
-    *libhal.a:cpu_hal.*(.rodata .rodata.*)
-    *libhal.a:i2c_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:ledc_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:soc_hal.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:systimer_hal.*(.rodata .rodata.*)
-    *libhal.a:wdt_hal_iram.*(.rodata .rodata.*)
-    *libheap.a:heap_tlsf.*(.rodata .rodata.*)
-    *libheap.a:multi_heap.*(.rodata .rodata.*)
-    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.*)
-    *libnewlib.a:abort.*(.rodata .rodata.*)
-    *libnewlib.a:assert.*(.rodata .rodata.*)
-    *libnewlib.a:heap.*(.rodata .rodata.*)
-    *libnewlib.a:stdatomic.*(.rodata .rodata.*)
+    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_hw_support.a:spiram_psram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:esp_err.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:ubsan.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcc.a:_divsf3.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcov.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:cpu_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:i2c_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:ledc_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:soc_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:systimer_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:wdt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:heap_tlsf.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:abort.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:assert.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:stdatomic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _nimble_data_start = ABSOLUTE(.);
     *libnimble.a:(.data .data.*)
     . = ALIGN(4);
     _nimble_data_end = ABSOLUTE(.);
-    *libphy.a:(.rodata .rodata.*)
-    *libsoc.a:lldesc.*(.rodata .rodata.*)
-    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic_opi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_timing_tuning.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_timing_config.*(.rodata .rodata.*)
+    *libphy.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libsoc.a:lldesc.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic_opi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_timing_tuning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_timing_config.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
 
     _data_end = ABSOLUTE(.);
     . = ALIGN(4);
@@ -478,7 +476,7 @@ SECTIONS
   {
     _flash_rodata_start = ABSOLUTE(.);
 
-    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata.*)
+    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .sdata2 EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .sdata2.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .srodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .srodata.*)
     *(.rodata_wlog_error .rodata_wlog_error.*)
 
     *(.irom1.text) /* catch stray ICACHE_RODATA_ATTR */
diff --git a/tools/sdk/esp32s3/include/app_update/include/esp_ota_ops.h b/tools/sdk/esp32s3/include/app_update/include/esp_ota_ops.h
index ba07c013d90..ece5275db3b 100644
--- a/tools/sdk/esp32s3/include/app_update/include/esp_ota_ops.h
+++ b/tools/sdk/esp32s3/include/app_update/include/esp_ota_ops.h
@@ -327,9 +327,9 @@ typedef enum {
 /**
  * @brief Revokes the old signature digest. To be called in the application after the rollback logic.
  *
- * Relevant for Secure boot v2 on ESP32-S2 where upto 3 key digests can be stored (Key #N-1, Key #N, Key #N+1).
- * When key #N-1 used to sign an app is invalidated, an OTA update is to be sent with an app signed with key #N-1 & Key #N.
- * After successfully booting the OTA app should call this function to revoke Key #N-1.
+ * Relevant for Secure boot v2 on ESP32-S2, ESP32-S3, ESP32-C3 where upto 3 key digests can be stored (Key \#N-1, Key \#N, Key \#N+1).
+ * When key \#N-1 used to sign an app is invalidated, an OTA update is to be sent with an app signed with key \#N-1 & Key \#N.
+ * After successfully booting the OTA app should call this function to revoke Key \#N-1.
  *
  * @param index - The index of the signature block to be revoked
  *
diff --git a/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/common/tusb_compiler.h b/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/common/tusb_compiler.h
index ae00f4e7516..2c30daf6fc7 100644
--- a/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/common/tusb_compiler.h
+++ b/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/common/tusb_compiler.h
@@ -131,6 +131,12 @@
   #define TU_ATTR_BIT_FIELD_ORDER_BEGIN
   #define TU_ATTR_BIT_FIELD_ORDER_END
 
+  #if __has_attribute(__fallthrough__)
+    #define TU_ATTR_FALLTHROUGH         __attribute__((fallthrough))
+  #else
+    #define TU_ATTR_FALLTHROUGH         do {} while (0)  /* fallthrough */
+  #endif
+
   // Endian conversion use well-known host to network (big endian) naming
   #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
     #define TU_BYTE_ORDER TU_LITTLE_ENDIAN
@@ -156,6 +162,7 @@
   #define TU_ATTR_DEPRECATED(mess)      __attribute__ ((deprecated(mess))) // warn if function with this attribute is used
   #define TU_ATTR_UNUSED                __attribute__ ((unused))           // Function/Variable is meant to be possibly unused
   #define TU_ATTR_USED                  __attribute__ ((used))
+  #define TU_ATTR_FALLTHROUGH           __attribute__((fallthrough))
 
   #define TU_ATTR_PACKED_BEGIN
   #define TU_ATTR_PACKED_END
@@ -182,6 +189,7 @@
   #define TU_ATTR_DEPRECATED(mess)      __attribute__ ((deprecated(mess))) // warn if function with this attribute is used
   #define TU_ATTR_UNUSED                __attribute__ ((unused))           // Function/Variable is meant to be possibly unused
   #define TU_ATTR_USED                  __attribute__ ((used))             // Function/Variable is meant to be used
+  #define TU_ATTR_FALLTHROUGH           __attribute__((fallthrough))
 
   #define TU_ATTR_PACKED_BEGIN
   #define TU_ATTR_PACKED_END
@@ -207,6 +215,7 @@
   #define TU_ATTR_DEPRECATED(mess)
   #define TU_ATTR_UNUSED
   #define TU_ATTR_USED
+  #define TU_ATTR_FALLTHROUGH           do {} while (0)  /* fallthrough */
 
   #define TU_ATTR_PACKED_BEGIN          _Pragma("pack")
   #define TU_ATTR_PACKED_END            _Pragma("packoption")
@@ -227,6 +236,7 @@
   #error "Compiler attribute porting is required"
 #endif
 
+
 #if (TU_BYTE_ORDER == TU_LITTLE_ENDIAN)
 
   #define tu_htons(u16)  (TU_BSWAP16(u16))
diff --git a/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/common/tusb_mcu.h b/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/common/tusb_mcu.h
index 383a8d68603..baa82fc14dc 100644
--- a/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/common/tusb_mcu.h
+++ b/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/common/tusb_mcu.h
@@ -75,7 +75,7 @@
   // TODO USB0 has 5, USB1 has 6
   #define TUP_DCD_ENDPOINT_MAX    6
 
-#elif TU_CHECK_MCU(OPT_MCU_MIMXRT10XX)
+#elif TU_CHECK_MCU(OPT_MCU_MIMXRT)
   #define TUP_USBIP_CHIPIDEA_HS
   #define TUP_USBIP_EHCI
 
diff --git a/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/portable/chipidea/ci_hs/ci_hs_imxrt.h b/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/portable/chipidea/ci_hs/ci_hs_imxrt.h
index 78ca5a5a236..2de0d9cb48f 100644
--- a/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/portable/chipidea/ci_hs/ci_hs_imxrt.h
+++ b/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/portable/chipidea/ci_hs/ci_hs_imxrt.h
@@ -29,6 +29,14 @@
 
 #include "fsl_device_registers.h"
 
+#if !defined(USB1_BASE) && defined(USB_OTG1_BASE)
+#define USB1_BASE USB_OTG1_BASE
+#endif
+
+#if !defined(USB2_BASE) && defined(USB_OTG2_BASE)
+#define USB2_BASE USB_OTG2_BASE
+#endif
+
 static const ci_hs_controller_t _ci_controller[] =
 {
   // RT1010 and RT1020 only has 1 USB controller
diff --git a/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/tusb_option.h b/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/tusb_option.h
index 206d23e72cc..70ef1c399f8 100644
--- a/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/tusb_option.h
+++ b/tools/sdk/esp32s3/include/arduino_tinyusb/tinyusb/src/tusb_option.h
@@ -98,7 +98,9 @@ typedef int make_iso_compilers_happy;
 #define OPT_MCU_VALENTYUSB_EPTRI  600 ///< Fomu eptri config
 
 // NXP iMX RT
-#define OPT_MCU_MIMXRT10XX        700 ///< NXP iMX RT10xx
+#define OPT_MCU_MIMXRT            700             ///< NXP iMX RT Series
+#define OPT_MCU_MIMXRT10XX        OPT_MCU_MIMXRT  ///< RT10xx
+#define OPT_MCU_MIMXRT11XX        OPT_MCU_MIMXRT  ///< RT11xx
 
 // Nuvoton
 #define OPT_MCU_NUC121            800
diff --git a/tools/sdk/esp32s3/include/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h b/tools/sdk/esp32s3/include/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
index dd48ab982dd..f81ad21800e 100644
--- a/tools/sdk/esp32s3/include/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
+++ b/tools/sdk/esp32s3/include/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
@@ -1455,7 +1455,7 @@ esp_err_t esp_ble_gap_config_local_privacy (bool privacy_enable);
  *
  *
  * @param[in]       icon   - External appearance value, these values are defined by the Bluetooth SIG, please refer to
- *                  https://www.bluetooth.com/specifications/gatt/viewer?attributeXmlFile=org.bluetooth.characteristic.gap.appearance.xml
+ *                  https://specificationrefs.bluetooth.com/assigned-values/Appearance%20Values.pdf
  *
  * @return
  *                  - ESP_OK : success
diff --git a/tools/sdk/esp32s3/include/bt/include/esp32s3/include/esp_bt.h b/tools/sdk/esp32s3/include/bt/include/esp32s3/include/esp_bt.h
index 2172796eb5b..7bc1f0b6e2a 100644
--- a/tools/sdk/esp32s3/include/bt/include/esp32s3/include/esp_bt.h
+++ b/tools/sdk/esp32s3/include/bt/include/esp32s3/include/esp_bt.h
@@ -336,6 +336,8 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg);
 
 /**
  * @brief  De-initialize BT controller to free resource and delete task.
+ *         You should stop advertising and scanning, as well as
+ *         disconnect all existing connections before de-initializing BT controller.
  *
  * This function should be called only once, after any other BT functions are called.
  * This function is not whole completed, esp_bt_controller_init cannot called after this function.
diff --git a/tools/sdk/esp32s3/include/driver/include/driver/gpio.h b/tools/sdk/esp32s3/include/driver/include/driver/gpio.h
index 77bb2dd78c0..b904def347b 100644
--- a/tools/sdk/esp32s3/include/driver/include/driver/gpio.h
+++ b/tools/sdk/esp32s3/include/driver/include/driver/gpio.h
@@ -97,9 +97,9 @@ esp_err_t gpio_set_intr_type(gpio_num_t gpio_num, gpio_int_type_t intr_type);
 /**
  * @brief  Enable GPIO module interrupt signal
  *
- * @note Please do not use the interrupt of GPIO36 and GPIO39 when using ADC or Wi-Fi and Bluetooth with sleep mode enabled.
+ * @note ESP32: Please do not use the interrupt of GPIO36 and GPIO39 when using ADC or Wi-Fi and Bluetooth with sleep mode enabled.
  *       Please refer to the comments of `adc1_get_raw`.
- *       Please refer to section 3.11 of 'ECO_and_Workarounds_for_Bugs_in_ESP32' for the description of this issue.
+ *       Please refer to Section 3.11 of <a href="https://espressif.com/documentation/eco_and_workarounds_for_bugs_in_esp32_en.pdf">ESP32 ECO and Workarounds for Bugs</a> for the description of this issue.
  *       As a workaround, call adc_power_acquire() in the app. This will result in higher power consumption (by ~1mA),
  *       but will remove the glitches on GPIO36 and GPIO39.
  *
@@ -169,7 +169,7 @@ esp_err_t gpio_set_direction(gpio_num_t gpio_num, gpio_mode_t mode);
 /**
  * @brief  Configure GPIO pull-up/pull-down resistors
  *
- * Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
+ * @note ESP32: Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
  *
  * @param  gpio_num GPIO number. If you want to set pull up or down mode for e.g. GPIO16, gpio_num should be GPIO_NUM_16 (16);
  * @param  pull GPIO pull up/down mode.
@@ -484,7 +484,7 @@ esp_err_t gpio_sleep_set_direction(gpio_num_t gpio_num, gpio_mode_t mode);
 /**
  * @brief  Configure GPIO pull-up/pull-down resistors at sleep
  *
- * Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
+ * @note ESP32: Only pins that support both input & output have integrated pull-up and pull-down resistors. Input-only GPIOs 34-39 do not.
  *
  * @param  gpio_num GPIO number. If you want to set pull up or down mode for e.g. GPIO16, gpio_num should be GPIO_NUM_16 (16);
  * @param  pull GPIO pull up/down mode.
diff --git a/tools/sdk/esp32s3/include/driver/include/driver/uart.h b/tools/sdk/esp32s3/include/driver/include/driver/uart.h
index 4524516338b..f0c2ae10132 100644
--- a/tools/sdk/esp32s3/include/driver/include/driver/uart.h
+++ b/tools/sdk/esp32s3/include/driver/include/driver/uart.h
@@ -594,6 +594,18 @@ esp_err_t uart_flush_input(uart_port_t uart_num);
  */
 esp_err_t uart_get_buffered_data_len(uart_port_t uart_num, size_t* size);
 
+/**
+ * @brief   UART get TX ring buffer free space size
+ *
+ * @param   uart_num UART port number, the max port number is (UART_NUM_MAX -1).
+ * @param   size Pointer of size_t to accept the free space size
+ *
+ * @return
+ *     - ESP_OK Success
+ *     - ESP_ERR_INVALID_ARG Parameter error
+ */
+esp_err_t uart_get_tx_buffer_free_size(uart_port_t uart_num, size_t *size);
+
 /**
  * @brief   UART disable pattern detect function.
  *          Designed for applications like 'AT commands'.
diff --git a/tools/sdk/esp32s3/include/esp32-camera/driver/include/esp_camera.h b/tools/sdk/esp32s3/include/esp32-camera/driver/include/esp_camera.h
index b6047d312ae..2025bb403a9 100755
--- a/tools/sdk/esp32s3/include/esp32-camera/driver/include/esp_camera.h
+++ b/tools/sdk/esp32s3/include/esp32-camera/driver/include/esp_camera.h
@@ -70,6 +70,7 @@
 #include "driver/ledc.h"
 #include "sensor.h"
 #include "sys/time.h"
+#include "sdkconfig.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -91,6 +92,19 @@ typedef enum {
     CAMERA_FB_IN_DRAM           /*!< Frame buffer is placed in internal DRAM */
 } camera_fb_location_t;
 
+#if CONFIG_CAMERA_CONVERTER_ENABLED
+/**
+ * @brief Camera RGB\YUV conversion mode
+ */
+typedef enum {
+    CONV_DISABLE,
+    RGB565_TO_YUV422,
+        
+    YUV422_TO_RGB565,
+    YUV422_TO_YUV420
+} camera_conv_mode_t;
+#endif
+
 /**
  * @brief Configuration structure for camera initialization
  */
@@ -124,6 +138,9 @@ typedef struct {
     size_t fb_count;                /*!< Number of frame buffers to be allocated. If more than one, then each frame will be acquired (double speed)  */
     camera_fb_location_t fb_location; /*!< The location where the frame buffer will be allocated */
     camera_grab_mode_t grab_mode;   /*!< When buffers should be filled */
+#if CONFIG_CAMERA_CONVERTER_ENABLED
+    camera_conv_mode_t conv_mode;   /*!< RGB<->YUV Conversion mode */
+#endif
 } camera_config_t;
 
 /**
diff --git a/tools/sdk/esp32s3/include/esp32-camera/driver/include/sensor.h b/tools/sdk/esp32s3/include/esp32-camera/driver/include/sensor.h
index c1b882acd21..d5ec7463fd3 100755
--- a/tools/sdk/esp32s3/include/esp32-camera/driver/include/sensor.h
+++ b/tools/sdk/esp32s3/include/esp32-camera/driver/include/sensor.h
@@ -69,6 +69,7 @@ typedef enum {
 typedef enum {
     PIXFORMAT_RGB565,    // 2BPP/RGB565
     PIXFORMAT_YUV422,    // 2BPP/YUV422
+    PIXFORMAT_YUV420,    // 1.5BPP/YUV420
     PIXFORMAT_GRAYSCALE, // 1BPP/GRAYSCALE
     PIXFORMAT_JPEG,      // JPEG/COMPRESSED
     PIXFORMAT_RGB888,    // 3BPP/RGB888
diff --git a/tools/sdk/esp32s3/include/esp_eth/include/esp_eth_mac.h b/tools/sdk/esp32s3/include/esp_eth/include/esp_eth_mac.h
index db462728a18..be23792d2d8 100644
--- a/tools/sdk/esp32s3/include/esp_eth/include/esp_eth_mac.h
+++ b/tools/sdk/esp32s3/include/esp_eth/include/esp_eth_mac.h
@@ -411,7 +411,7 @@ typedef struct {
 /**
 * @brief Create ESP32 Ethernet MAC instance
 *
-* @param config: Ethernet MAC configuration
+* @param config:       Ethernet MAC configuration
 *
 * @return
 *      - instance: create MAC instance successfully
diff --git a/tools/sdk/esp32s3/include/esp_https_server/include/esp_https_server.h b/tools/sdk/esp32s3/include/esp_https_server/include/esp_https_server.h
index efe726e9e70..75720bd1ce7 100644
--- a/tools/sdk/esp32s3/include/esp_https_server/include/esp_https_server.h
+++ b/tools/sdk/esp32s3/include/esp_https_server/include/esp_https_server.h
@@ -25,7 +25,7 @@ typedef enum {
  * @brief Callback data struct, contains the ESP-TLS connection handle
  */
 typedef struct esp_https_server_user_cb_arg {
-    const esp_tls_t *tls;
+    const esp_tls_t *tls;        /*!< ESP-TLS connection handle */
 } esp_https_server_user_cb_arg_t;
 
 /**
diff --git a/tools/sdk/esp32s3/include/esp_hw_support/include/esp_mac.h b/tools/sdk/esp32s3/include/esp_hw_support/include/esp_mac.h
index f0efddfc2f7..e700b72ffe0 100644
--- a/tools/sdk/esp32s3/include/esp_hw_support/include/esp_mac.h
+++ b/tools/sdk/esp32s3/include/esp_hw_support/include/esp_mac.h
@@ -139,7 +139,7 @@ esp_err_t esp_read_mac(uint8_t *mac, esp_mac_type_t type);
   * address, then the first octet is XORed with 0x4 in order to create a different
   * locally administered MAC address.
   *
-  * @param  mac base MAC address, length: 6 bytes/8 bytes.
+  * @param  local_mac base MAC address, length: 6 bytes/8 bytes.
   *         length: 6 bytes for MAC-48
   *                 8 bytes for EUI-64(used for IEEE 802.15.4)
   * @param  universal_mac  Source universal MAC address, length: 6 bytes.
diff --git a/tools/sdk/esp32s3/include/esp_lcd/include/esp_lcd_panel_io.h b/tools/sdk/esp32s3/include/esp_lcd/include/esp_lcd_panel_io.h
index 7b99bde3f17..57f27ac96aa 100644
--- a/tools/sdk/esp32s3/include/esp_lcd/include/esp_lcd_panel_io.h
+++ b/tools/sdk/esp32s3/include/esp_lcd/include/esp_lcd_panel_io.h
@@ -134,6 +134,10 @@ typedef struct {
  */
 esp_err_t esp_lcd_new_panel_io_spi(esp_lcd_spi_bus_handle_t bus, const esp_lcd_panel_io_spi_config_t *io_config, esp_lcd_panel_io_handle_t *ret_io);
 
+/**
+ * @brief Panel IO configuration structure, for I2C interface
+ *
+ */
 typedef struct {
     uint32_t dev_addr; /*!< I2C device address */
     esp_lcd_panel_io_color_trans_done_cb_t on_color_trans_done; /*!< Callback invoked when color data transfer has finished */
@@ -145,7 +149,7 @@ typedef struct {
     struct {
         unsigned int dc_low_on_data: 1;  /*!< If this flag is enabled, DC line = 0 means transfer data, DC line = 1 means transfer command; vice versa */
         unsigned int disable_control_phase: 1; /*!< If this flag is enabled, the control phase isn't used */
-    } flags;
+    } flags; /*!< Extra flags to fine-tune the I2C device */
 } esp_lcd_panel_io_i2c_config_t;
 
 /**
@@ -223,7 +227,7 @@ typedef struct {
         unsigned int swap_color_bytes: 1;   /*!< Swap adjacent two color bytes */
         unsigned int pclk_active_neg: 1;    /*!< The display will write data lines when there's a falling edge on WR signal (a.k.a the PCLK) */
         unsigned int pclk_idle_low: 1;      /*!< The WR signal (a.k.a the PCLK) stays at low level in IDLE phase */
-    } flags;
+    } flags;                                /*!< Panel IO config flags */
 } esp_lcd_panel_io_i80_config_t;
 
 /**
diff --git a/tools/sdk/esp32s3/include/esp_lcd/include/esp_lcd_panel_rgb.h b/tools/sdk/esp32s3/include/esp_lcd/include/esp_lcd_panel_rgb.h
index 95dfb6ba4fc..f821a758839 100644
--- a/tools/sdk/esp32s3/include/esp_lcd/include/esp_lcd_panel_rgb.h
+++ b/tools/sdk/esp32s3/include/esp_lcd/include/esp_lcd_panel_rgb.h
@@ -66,7 +66,7 @@ typedef struct {
         unsigned int de_idle_high: 1;    /*!< The de signal is high in IDLE state */
         unsigned int pclk_active_neg: 1; /*!< Whether the display data is clocked out at the falling edge of PCLK */
         unsigned int pclk_idle_high: 1;  /*!< The PCLK stays at high level in IDLE phase */
-    } flags;
+    } flags;                             /*!< LCD RGB timing flags */
 } esp_lcd_rgb_timing_t;
 
 /**
@@ -106,7 +106,7 @@ typedef struct {
         unsigned int disp_active_low: 1; /*!< If this flag is enabled, a low level of display control signal can turn the screen on; vice versa */
         unsigned int relax_on_idle: 1;   /*!< If this flag is enabled, the host won't refresh the LCD if nothing changed in host's frame buffer (this is usefull for LCD with built-in GRAM) */
         unsigned int fb_in_psram: 1;     /*!< If this flag is enabled, the frame buffer will be allocated from PSRAM preferentially */
-    } flags;
+    } flags;                             /*!< LCD RGB panel configuration flags */
 } esp_lcd_rgb_panel_config_t;
 
 /**
diff --git a/tools/sdk/esp32s3/include/esp_lcd/include/esp_lcd_panel_vendor.h b/tools/sdk/esp32s3/include/esp_lcd/include/esp_lcd_panel_vendor.h
index dde8be68d3b..2503adeb7ea 100644
--- a/tools/sdk/esp32s3/include/esp_lcd/include/esp_lcd_panel_vendor.h
+++ b/tools/sdk/esp32s3/include/esp_lcd/include/esp_lcd_panel_vendor.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -22,8 +22,8 @@ typedef struct {
     unsigned int bits_per_pixel;       /*!< Color depth, in bpp */
     struct {
         unsigned int reset_active_high: 1; /*!< Setting this if the panel reset is high level active */
-    } flags;
-    void *vendor_config; /* vendor specific configuration, optional, left as NULL if not used */
+    } flags;                               /*!< LCD panel config flags */
+    void *vendor_config; /*!< vendor specific configuration, optional, left as NULL if not used */
 } esp_lcd_panel_dev_config_t;
 
 /**
diff --git a/tools/sdk/esp32s3/include/esp_netif/include/esp_netif.h b/tools/sdk/esp32s3/include/esp_netif/include/esp_netif.h
index 92c937c1294..e248db0cb41 100644
--- a/tools/sdk/esp32s3/include/esp_netif/include/esp_netif.h
+++ b/tools/sdk/esp32s3/include/esp_netif/include/esp_netif.h
@@ -619,9 +619,10 @@ esp_err_t esp_netif_dhcps_stop(esp_netif_t *esp_netif);
  *
  *   If DHCP server is enabled, the Main DNS Server setting is used by the DHCP server to provide a DNS Server option
  *   to DHCP clients (Wi-Fi stations).
- *   - The default Main DNS server is typically the IP of the Wi-Fi AP interface itself.
+ *   - The default Main DNS server is typically the IP of the DHCP server itself.
  *   - This function can override it by setting server type ESP_NETIF_DNS_MAIN.
- *   - Other DNS Server types are not supported for the Wi-Fi AP interface.
+ *   - Other DNS Server types are not supported for the DHCP server.
+ *   - To propagate the DNS info to client, please stop the DHCP server before using this API.
  *
  * @param[in]  esp_netif Handle to esp-netif instance
  * @param[in]  type Type of DNS Server to set: ESP_NETIF_DNS_MAIN, ESP_NETIF_DNS_BACKUP, ESP_NETIF_DNS_FALLBACK
diff --git a/tools/sdk/esp32s3/include/esp_netif/include/esp_netif_ip_addr.h b/tools/sdk/esp32s3/include/esp_netif/include/esp_netif_ip_addr.h
index 25b877d359d..57f10999b31 100644
--- a/tools/sdk/esp32s3/include/esp_netif/include/esp_netif_ip_addr.h
+++ b/tools/sdk/esp32s3/include/esp_netif/include/esp_netif_ip_addr.h
@@ -81,25 +81,37 @@ extern "C" {
 #define ESP_IP4ADDR_INIT(a, b, c, d)  { .type = ESP_IPADDR_TYPE_V4, .u_addr = { .ip4 = { .addr = ESP_IP4TOADDR(a, b, c, d) }}};
 #define ESP_IP6ADDR_INIT(a, b, c, d)  { .type = ESP_IPADDR_TYPE_V6, .u_addr = { .ip6 = { .addr = { a, b, c, d }, .zone = 0 }}};
 
+/**
+ * @brief IPv6 address
+ *
+ */
 struct esp_ip6_addr {
-    uint32_t addr[4];
-    uint8_t zone;
+    uint32_t addr[4]; /*!< IPv6 address */
+    uint8_t zone;     /*!< zone ID */
 };
 
+/**
+ * @brief IPv4 address
+ *
+ */
 struct esp_ip4_addr {
-    uint32_t addr;
+    uint32_t addr;  /*!< IPv4 address */
 };
 
 typedef struct esp_ip4_addr esp_ip4_addr_t;
 
 typedef struct esp_ip6_addr esp_ip6_addr_t;
 
+/**
+ * @brief IP address
+ *
+ */
 typedef struct _ip_addr {
     union {
-        esp_ip6_addr_t ip6;
-        esp_ip4_addr_t ip4;
-    } u_addr;
-    uint8_t type;
+        esp_ip6_addr_t ip6; /*!< IPv6 address type */
+        esp_ip4_addr_t ip4; /*!< IPv4 address type */
+    } u_addr;               /*!< IP address union */
+    uint8_t type;           /*!< ipaddress type */
 } esp_ip_addr_t;
 
 typedef enum {
diff --git a/tools/sdk/esp32s3/include/esp_netif/include/esp_netif_types.h b/tools/sdk/esp32s3/include/esp_netif/include/esp_netif_types.h
index cc7a37b9c49..ee6b92a3b24 100644
--- a/tools/sdk/esp32s3/include/esp_netif/include/esp_netif_types.h
+++ b/tools/sdk/esp32s3/include/esp_netif/include/esp_netif_types.h
@@ -112,6 +112,11 @@ typedef struct {
     esp_ip6_addr_t ip; /**< Interface IPV6 address */
 } esp_netif_ip6_info_t;
 
+
+/**
+ * @brief Event structure for IP_EVENT_GOT_IP event
+ *
+ */
 typedef struct {
     int if_index;                    /*!< Interface index for which the event is received (left for legacy compilation) */
     esp_netif_t *esp_netif;          /*!< Pointer to corresponding esp-netif object */
@@ -164,6 +169,10 @@ typedef enum esp_netif_ip_event_type {
 //      3) network stack specific config (esp_netif_net_stack_ifconfig_t) -- no publicly available
 //
 
+/**
+ * @brief ESP-netif inherent config parameters
+ *
+ */
 typedef struct esp_netif_inherent_config {
     esp_netif_flags_t flags;         /*!< flags that define esp-netif behavior */
     uint8_t mac[6];                  /*!< initial mac address for this interface */
@@ -185,19 +194,23 @@ typedef struct esp_netif_config esp_netif_config_t;
  */
 typedef void * esp_netif_iodriver_handle;
 
+/**
+ * @brief ESP-netif driver base handle
+ *
+ */
 typedef struct esp_netif_driver_base_s {
-    esp_err_t (*post_attach)(esp_netif_t *netif, esp_netif_iodriver_handle h);
-    esp_netif_t *netif;
+    esp_err_t (*post_attach)(esp_netif_t *netif, esp_netif_iodriver_handle h); /*!< post attach function pointer */
+    esp_netif_t *netif; /*!< netif handle */
 } esp_netif_driver_base_t;
 
 /**
  * @brief  Specific IO driver configuration
  */
 struct esp_netif_driver_ifconfig {
-    esp_netif_iodriver_handle handle;
-    esp_err_t (*transmit)(void *h, void *buffer, size_t len);
-    esp_err_t (*transmit_wrap)(void *h, void *buffer, size_t len, void *netstack_buffer);
-    void (*driver_free_rx_buffer)(void *h, void* buffer);
+    esp_netif_iodriver_handle handle; /*!< io-driver handle */
+    esp_err_t (*transmit)(void *h, void *buffer, size_t len); /*!< transmit function pointer */
+    esp_err_t (*transmit_wrap)(void *h, void *buffer, size_t len, void *netstack_buffer); /*!< transmit wrap function pointer */
+    void (*driver_free_rx_buffer)(void *h, void* buffer); /*!< free rx buffer function pointer */
 };
 
 typedef struct esp_netif_driver_ifconfig esp_netif_driver_ifconfig_t;
@@ -212,9 +225,9 @@ typedef struct esp_netif_netstack_config esp_netif_netstack_config_t;
  * @brief  Generic esp_netif configuration
  */
 struct esp_netif_config {
-    const esp_netif_inherent_config_t *base;
-    const esp_netif_driver_ifconfig_t *driver;
-    const esp_netif_netstack_config_t *stack;
+    const esp_netif_inherent_config_t *base; /*!< base config */
+    const esp_netif_driver_ifconfig_t *driver; /*!< driver config */
+    const esp_netif_netstack_config_t *stack; /*!< stack config */
 };
 
 /**
diff --git a/tools/sdk/esp32s3/include/esp_phy/include/esp_phy_init.h b/tools/sdk/esp32s3/include/esp_phy/include/esp_phy_init.h
index ec682139506..efefd114d4f 100644
--- a/tools/sdk/esp32s3/include/esp_phy/include/esp_phy_init.h
+++ b/tools/sdk/esp32s3/include/esp_phy/include/esp_phy_init.h
@@ -14,7 +14,8 @@ extern "C" {
 #endif
 
 /**
- * @file PHY init parameters and API
+ * @file
+ *          init parameters and API
  */
 
 
@@ -34,6 +35,10 @@ typedef struct {
     uint8_t opaque[1894];                   /*!< calibration data */
 } esp_phy_calibration_data_t;
 
+/**
+ * @brief PHY calibration mode
+ *
+ */
 typedef enum {
     PHY_RF_CAL_PARTIAL = 0x00000000,        /*!< Do part of RF calibration. This should be used after power-on reset. */
     PHY_RF_CAL_NONE    = 0x00000001,        /*!< Don't do any RF calibration. This mode is only suggested to be used after deep sleep reset. */
@@ -223,6 +228,10 @@ int64_t esp_phy_rf_get_on_ts(void);
 
 /**
  * @brief Update the corresponding PHY init type according to the country code of Wi-Fi.
+ *
+ * @param country country code
+ * @return ESP_OK on success.
+ * @return esp_err_t code describing the error on fail
  */
 esp_err_t esp_phy_update_country_info(const char *country);
 
diff --git a/tools/sdk/esp32s3/include/esp_wifi/include/esp_now.h b/tools/sdk/esp32s3/include/esp_wifi/include/esp_now.h
index de41a879363..191d1d1ccec 100644
--- a/tools/sdk/esp32s3/include/esp_wifi/include/esp_now.h
+++ b/tools/sdk/esp32s3/include/esp_wifi/include/esp_now.h
@@ -1,16 +1,8 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #ifndef __ESP_NOW_H__
 #define __ESP_NOW_H__
@@ -190,7 +182,7 @@ esp_err_t esp_now_unregister_send_cb(void);
   *          - ESP_ERR_ESPNOW_NOT_INIT : ESPNOW is not initialized
   *          - ESP_ERR_ESPNOW_ARG : invalid argument
   *          - ESP_ERR_ESPNOW_INTERNAL : internal error
-  *          - ESP_ERR_ESPNOW_NO_MEM : out of memory
+  *          - ESP_ERR_ESPNOW_NO_MEM : out of memory, when this happens, you can delay a while before sending the next data
   *          - ESP_ERR_ESPNOW_NOT_FOUND : peer is not found
   *          - ESP_ERR_ESPNOW_IF : current WiFi interface doesn't match that of peer
   */
@@ -237,6 +229,20 @@ esp_err_t esp_now_del_peer(const uint8_t *peer_addr);
   */
 esp_err_t esp_now_mod_peer(const esp_now_peer_info_t *peer);
 
+/**
+  * @brief      Config ESPNOW rate of specified interface
+  *
+  * @attention  1. This API should be called after esp_wifi_start().
+  *
+  * @param      ifx  Interface to be configured.
+  * @param      rate Phy rate to be configured.
+  *
+  * @return
+  *    - ESP_OK: succeed
+  *    - others: failed
+  */
+esp_err_t esp_wifi_config_espnow_rate(wifi_interface_t ifx, wifi_phy_rate_t rate);
+
 /**
   * @brief     Get a peer whose MAC address matches peer_addr from peer list
   *
diff --git a/tools/sdk/esp32s3/include/esp_wifi/include/esp_private/wifi.h b/tools/sdk/esp32s3/include/esp_wifi/include/esp_private/wifi.h
index 957f68791bd..a2c763260e5 100644
--- a/tools/sdk/esp32s3/include/esp_wifi/include/esp_private/wifi.h
+++ b/tools/sdk/esp32s3/include/esp_wifi/include/esp_private/wifi.h
@@ -251,6 +251,7 @@ esp_err_t esp_wifi_internal_set_sta_ip(void);
   *
   * @attention 1. If fixed rate is enabled, both management and data frame are transmitted with fixed rate
   * @attention 2. Make sure that the receiver is able to receive the frame with the fixed rate if you want the frame to be received
+  * @attention 3. Not support to set fix rate for espnow and 80211_tx
   *
   * @param  ifx : wifi interface
   * @param  en : false - disable, true - enable
diff --git a/tools/sdk/esp32s3/include/esp_wifi/include/esp_wifi.h b/tools/sdk/esp32s3/include/esp_wifi/include/esp_wifi.h
index 3d62c5c297c..e06569dfc15 100644
--- a/tools/sdk/esp32s3/include/esp_wifi/include/esp_wifi.h
+++ b/tools/sdk/esp32s3/include/esp_wifi/include/esp_wifi.h
@@ -498,7 +498,7 @@ esp_err_t esp_wifi_get_ps(wifi_ps_type_t *type);
   * @brief     Set protocol type of specified interface
   *            The default protocol is (WIFI_PROTOCOL_11B|WIFI_PROTOCOL_11G|WIFI_PROTOCOL_11N)
   *
-  * @attention Currently we only support 802.11b or 802.11bg or 802.11bgn mode
+  * @attention Support 802.11b or 802.11bg or 802.11bgn or LR mode
   *
   * @param     ifx  interfaces
   * @param     protocol_bitmap  WiFi protocol bitmap
@@ -1210,20 +1210,6 @@ esp_err_t esp_wifi_ftm_resp_set_offset(int16_t offset_cm);
   */
 esp_err_t esp_wifi_config_11b_rate(wifi_interface_t ifx, bool disable);
 
-/**
-  * @brief      Config ESPNOW rate of specified interface
-  *
-  * @attention  1. This API should be called after esp_wifi_init() and before esp_wifi_start().
-  *
-  * @param      ifx  Interface to be configured.
-  * @param      rate Phy rate to be configured.
-  *
-  * @return
-  *    - ESP_OK: succeed
-  *    - others: failed
-  */
-esp_err_t esp_wifi_config_espnow_rate(wifi_interface_t ifx, wifi_phy_rate_t rate);
-
 /**
   * @brief      Set interval for station to wake up periodically at disconnected.
   *
diff --git a/tools/sdk/esp32s3/include/esp_wifi/include/esp_wifi_types.h b/tools/sdk/esp32s3/include/esp_wifi/include/esp_wifi_types.h
index 47f5c79281b..89020d4abbf 100644
--- a/tools/sdk/esp32s3/include/esp_wifi/include/esp_wifi_types.h
+++ b/tools/sdk/esp32s3/include/esp_wifi/include/esp_wifi_types.h
@@ -343,7 +343,7 @@ typedef struct {
     unsigned fec_coding:1;        /**< Flag is set for 11n packets which are LDPC */
     unsigned sgi:1;               /**< Short Guide Interval(SGI). 0: Long GI; 1: Short GI */
 #if CONFIG_IDF_TARGET_ESP32
-    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: 0.25dBm*/
+    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: dBm*/
 #elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C3
     unsigned :8;                  /**< reserved */
 #endif
@@ -356,14 +356,14 @@ typedef struct {
 #if CONFIG_IDF_TARGET_ESP32S2
     unsigned :32;                 /**< reserved */
 #elif CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C3
-    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: 0.25dBm*/
+    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: dBm*/
     unsigned :24;                 /**< reserved */
     unsigned :32;                 /**< reserved */
 #endif
     unsigned :31;                 /**< reserved */
     unsigned ant:1;               /**< antenna number from which this packet is received. 0: WiFi antenna 0; 1: WiFi antenna 1 */
 #if CONFIG_IDF_TARGET_ESP32S2
-    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: 0.25dBm*/
+    signed noise_floor:8;         /**< noise floor of Radio Frequency Module(RF). unit: dBm*/
     unsigned :24;                 /**< reserved */
 #elif CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C3
     unsigned :32;                 /**< reserved */
diff --git a/tools/sdk/esp32s3/include/freertos/include/freertos/queue.h b/tools/sdk/esp32s3/include/freertos/include/freertos/queue.h
index 05ca7de4546..5070b76e79c 100644
--- a/tools/sdk/esp32s3/include/freertos/include/freertos/queue.h
+++ b/tools/sdk/esp32s3/include/freertos/include/freertos/queue.h
@@ -1398,9 +1398,6 @@ BaseType_t xQueueGenericSendFromISR( QueueHandle_t xQueue,
                                      const BaseType_t xCopyPosition ) PRIVILEGED_FUNCTION;
 BaseType_t xQueueGiveFromISR( QueueHandle_t xQueue,
                               BaseType_t * const pxHigherPriorityTaskWoken ) PRIVILEGED_FUNCTION;
-/**@}*/
-/** @endcond */
-
 /**
  * @cond !DOC_EXCLUDE_HEADER_SECTION
  * queue. h
diff --git a/tools/sdk/esp32s3/include/freertos/include/freertos/task.h b/tools/sdk/esp32s3/include/freertos/include/freertos/task.h
index 125a924d061..88b2730933d 100644
--- a/tools/sdk/esp32s3/include/freertos/include/freertos/task.h
+++ b/tools/sdk/esp32s3/include/freertos/include/freertos/task.h
@@ -392,7 +392,7 @@ typedef enum
  * example, to create a privileged task at priority 2 the uxPriority parameter
  * should be set to ( 2 | portPRIVILEGE_BIT ).
  *
- * @param pvCreatedTask Used to pass back a handle by which the created task
+ * @param pxCreatedTask Used to pass back a handle by which the created task
  * can be referenced.
  *
  * @return pdPASS if the task was successfully created and added to a ready
@@ -538,7 +538,7 @@ typedef enum
  *
  * @param uxPriority The priority at which the task will run.
  *
- * @param pxStackBuffer Must point to a StackType_t array that has at least
+ * @param puxStackBuffer Must point to a StackType_t array that has at least
  * ulStackDepth indexes - the array will then be used as the task's stack,
  * removing the need for the stack to be allocated dynamically.
  *
@@ -2368,7 +2368,7 @@ uint32_t ulTaskGetIdleRunTimeCounter( void ) PRIVILEGED_FUNCTION;
  * notification value at that index being updated.  ulValue is not used and
  * xTaskNotifyIndexed() always returns pdPASS in this case.
  *
- * pulPreviousNotificationValue -
+ * @param pulPreviousNotificationValue -
  * Can be used to pass out the subject task's notification value before any
  * bits are modified by the notify function.
  *
@@ -2532,6 +2532,10 @@ BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify,
  * requested from an ISR is dependent on the port - see the documentation page
  * for the port in use.
  *
+ * @param pulPreviousNotificationValue -
+ * Can be used to pass out the subject task's notification value before any
+ * bits are modified by the notify function.
+ *
  * @return Dependent on the value of eAction.  See the description of the
  * eAction parameter.
  *
@@ -2778,11 +2782,10 @@ BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWaitOn,
  * @endcond
  * \ingroup TaskNotifications
  */
-#define xTaskNotifyGive( xTaskToNotify ) \
-    xTaskGenericNotify( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( 0 ), eIncrement, NULL )
 #define xTaskNotifyGiveIndexed( xTaskToNotify, uxIndexToNotify ) \
     xTaskGenericNotify( ( xTaskToNotify ), ( uxIndexToNotify ), ( 0 ), eIncrement, NULL )
-
+#define xTaskNotifyGive( xTaskToNotify ) \
+    xTaskGenericNotify( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( 0 ), eIncrement, NULL )
 /**
  * @cond !DOC_EXCLUDE_HEADER_SECTION
  * task. h
diff --git a/tools/sdk/esp32s3/include/hal/esp32s3/include/hal/clk_gate_ll.h b/tools/sdk/esp32s3/include/hal/esp32s3/include/hal/clk_gate_ll.h
index a3b5afbe00b..29f7508ff1f 100644
--- a/tools/sdk/esp32s3/include/hal/esp32s3/include/hal/clk_gate_ll.h
+++ b/tools/sdk/esp32s3/include/hal/esp32s3/include/hal/clk_gate_ll.h
@@ -111,6 +111,8 @@ static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool en
         return SYSTEM_RMT_RST;
     case PERIPH_LEDC_MODULE:
         return SYSTEM_LEDC_RST;
+    case PERIPH_BT_MODULE:
+        return  (SYSTEM_BTBB_RST | SYSTEM_BTBB_REG_RST | SYSTEM_RW_BTMAC_RST | SYSTEM_RW_BTLP_RST | SYSTEM_RW_BTMAC_REG_RST | SYSTEM_RW_BTLP_REG_RST);
     case PERIPH_UART0_MODULE:
         return SYSTEM_UART_RST;
     case PERIPH_UART1_MODULE:
diff --git a/tools/sdk/esp32s3/include/hal/esp32s3/include/hal/spimem_flash_ll.h b/tools/sdk/esp32s3/include/hal/esp32s3/include/hal/spimem_flash_ll.h
index ea394d2f47e..e7a05ebf427 100644
--- a/tools/sdk/esp32s3/include/hal/esp32s3/include/hal/spimem_flash_ll.h
+++ b/tools/sdk/esp32s3/include/hal/esp32s3/include/hal/spimem_flash_ll.h
@@ -495,6 +495,8 @@ static inline int spimem_flash_ll_get_addr_bitlen(spi_mem_dev_t *dev)
  */
 static inline void spimem_flash_ll_set_addr_bitlen(spi_mem_dev_t *dev, uint32_t bitlen)
 {
+    // set the correct address length here (24-length or 32-length address),
+    dev->cache_fctrl.usr_cmd_4byte = (bitlen == 32) ? 1 : 0 ;
     dev->user1.usr_addr_bitlen = (bitlen - 1);
     dev->user.usr_addr = bitlen ? 1 : 0;
 }
diff --git a/tools/sdk/esp32s3/include/hal/include/hal/adc_types.h b/tools/sdk/esp32s3/include/hal/include/hal/adc_types.h
index f5efb1d4273..dc07531e0b9 100644
--- a/tools/sdk/esp32s3/include/hal/include/hal/adc_types.h
+++ b/tools/sdk/esp32s3/include/hal/include/hal/adc_types.h
@@ -121,7 +121,7 @@ typedef struct {
         struct {
             uint16_t data:     12;  /*!<ADC real output data info. Resolution: 12 bit. */
             uint16_t channel:   4;  /*!<ADC channel index info. */
-        } type1;
+        } type1;                    /*!<ADC type1 */
         struct {
             uint16_t data:     11;  /*!<ADC real output data info. Resolution: 11 bit. */
             uint16_t channel:   4;  /*!<ADC channel index info. For ESP32-S2:
diff --git a/tools/sdk/esp32s3/include/lwip/include/apps/ping/ping_sock.h b/tools/sdk/esp32s3/include/lwip/include/apps/ping/ping_sock.h
index 57938480d54..fb946f7e162 100644
--- a/tools/sdk/esp32s3/include/lwip/include/apps/ping/ping_sock.h
+++ b/tools/sdk/esp32s3/include/lwip/include/apps/ping/ping_sock.h
@@ -67,7 +67,8 @@ typedef struct {
     uint32_t interval_ms;     /*!< Milliseconds between each ping procedure */
     uint32_t timeout_ms;      /*!< Timeout value (in milliseconds) of each ping procedure */
     uint32_t data_size;       /*!< Size of the data next to ICMP packet header */
-    uint8_t tos;              /*!< Type of Service, a field specified in the IP header */
+    int tos;                  /*!< Type of Service, a field specified in the IP header */
+    int ttl;                  /*!< Time to Live,a field specified in the IP header */
     ip_addr_t target_addr;    /*!< Target IP address, either IPv4 or IPv6 */
     uint32_t task_stack_size; /*!< Stack size of internal ping task */
     uint32_t task_prio;       /*!< Priority of internal ping task */
@@ -85,6 +86,7 @@ typedef struct {
         .timeout_ms = 1000,              \
         .data_size = 64,                 \
         .tos = 0,                        \
+        .ttl = IP_DEFAULT_TTL,           \
         .target_addr = *(IP_ANY_TYPE),   \
         .task_stack_size = 2048,         \
         .task_prio = 2,                  \
@@ -99,6 +101,7 @@ typedef struct {
 */
 typedef enum {
     ESP_PING_PROF_SEQNO,   /*!< Sequence number of a ping procedure */
+    ESP_PING_PROF_TOS,     /*!< Type of service of a ping procedure */
     ESP_PING_PROF_TTL,     /*!< Time to live of a ping procedure */
     ESP_PING_PROF_REQUEST, /*!< Number of request packets sent out */
     ESP_PING_PROF_REPLY,   /*!< Number of reply packets received */
diff --git a/tools/sdk/esp32s3/include/lwip/port/esp32/include/arch/cc.h b/tools/sdk/esp32s3/include/lwip/port/esp32/include/arch/cc.h
index f17c49783a5..8f0ffa60e33 100644
--- a/tools/sdk/esp32s3/include/lwip/port/esp32/include/arch/cc.h
+++ b/tools/sdk/esp32s3/include/lwip/port/esp32/include/arch/cc.h
@@ -79,7 +79,15 @@ typedef int sys_prot_t;
 
 #include <stdio.h>
 
+#ifdef CONFIG_LWIP_DEBUG_ESP_LOG
+// lwip debugs routed to ESP_LOGD
+#include "esp_log.h"
+#define LWIP_ESP_LOG_FUNC(format, ...) ESP_LOG_LEVEL(ESP_LOG_DEBUG, "lwip", format, ##__VA_ARGS__)
+#define LWIP_PLATFORM_DIAG(x) LWIP_ESP_LOG_FUNC x
+#else
+// lwip debugs routed to printf
 #define LWIP_PLATFORM_DIAG(x)   do {printf x;} while(0)
+#endif
 
 #ifdef NDEBUG
 
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/aes.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/aes.h
index e280dbb1c66..401ac39de87 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/aes.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/aes.h
@@ -564,7 +564,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
  *             for example, with 96-bit random nonces, you should not encrypt
  *             more than 2**32 messages with the same key.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that an AES block is 16 bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/aria.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/aria.h
index 226e2dbf3c8..d294c47f2d9 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/aria.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/aria.h
@@ -44,7 +44,7 @@
 #define MBEDTLS_ARIA_DECRYPT     0 /**< ARIA decryption. */
 
 #define MBEDTLS_ARIA_BLOCKSIZE   16 /**< ARIA block size in bytes. */
-#define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maxiumum number of rounds in ARIA. */
+#define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maximum number of rounds in ARIA. */
 #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -321,7 +321,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
  *             for example, with 96-bit random nonces, you should not encrypt
  *             more than 2**32 messages with the same key.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that an ARIA block is 16 bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/asn1.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/asn1.h
index 10f7905b7e6..5117fc7a418 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/asn1.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/asn1.h
@@ -61,7 +61,7 @@
 /** Buffer too small when writing ASN.1 data structure. */
 #define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C
 
-/* \} name */
+/** \} name ASN1 Error codes */
 
 /**
  * \name DER constants
@@ -121,8 +121,7 @@
 #define MBEDTLS_ASN1_TAG_PC_MASK             0x20
 #define MBEDTLS_ASN1_TAG_VALUE_MASK          0x1F
 
-/* \} name */
-/* \} addtogroup asn1_module */
+/** \} name DER constants */
 
 /** Returns the size of the binary string, without the trailing \\0 */
 #define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
@@ -210,7 +209,7 @@ mbedtls_asn1_named_data;
  * \return      0 if successful.
  * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
  *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
  */
 int mbedtls_asn1_get_len( unsigned char **p,
                           const unsigned char *end,
@@ -235,7 +234,7 @@ int mbedtls_asn1_get_len( unsigned char **p,
  *              with the requested tag.
  * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
  *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
  */
 int mbedtls_asn1_get_tag( unsigned char **p,
                           const unsigned char *end,
@@ -607,6 +606,9 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
  */
 void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
 
+/** \} name Functions to parse ASN.1 data structures */
+/** \} addtogroup asn1_module */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/bignum.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/bignum.h
index 4de452980b8..c71a1d40227 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/bignum.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/bignum.h
@@ -991,7 +991,7 @@ MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
  *                 generate yourself and that are supposed to be prime, then
  *                 \p rounds should be at least the half of the security
  *                 strength of the cryptographic algorithm. On the other hand,
- *                 if \p X is chosen uniformly or non-adversially (as is the
+ *                 if \p X is chosen uniformly or non-adversarially (as is the
  *                 case when mbedtls_mpi_gen_prime calls this function), then
  *                 \p rounds can be much lower.
  *
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/blowfish.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/blowfish.h
index 77dca70d314..d5f809921fa 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/blowfish.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/blowfish.h
@@ -185,7 +185,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
  *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
  *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
  * \param length   The length of the input data in Bytes.
- * \param iv_off   The offset in the initialiation vector.
+ * \param iv_off   The offset in the initialization vector.
  *                 The value pointed to must be smaller than \c 8 Bytes.
  *                 It is updated by this function to support the aforementioned
  *                 streaming usage.
@@ -246,7 +246,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
  *             The recommended way to ensure uniqueness is to use a message
  *             counter.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that a Blowfish block is 8 bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/camellia.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/camellia.h
index 925a623e47e..d39d932fa2c 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/camellia.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/camellia.h
@@ -273,7 +273,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
  *             encrypted: for example, with 96-bit random nonces, you should
  *             not encrypt more than 2**32 messages with the same key.
  *
- *             Note that for both stategies, sizes are measured in blocks and
+ *             Note that for both strategies, sizes are measured in blocks and
  *             that a CAMELLIA block is \c 16 Bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h
index c4ec7b5f2a9..ed568bc98b7 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/chachapoly.h
@@ -161,7 +161,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
  * \param ctx       The ChaCha20-Poly1305 context. This must be initialized
  *                  and bound to a key.
  * \param nonce     The nonce/IV to use for the message.
- *                  This must be a redable buffer of length \c 12 Bytes.
+ *                  This must be a readable buffer of length \c 12 Bytes.
  * \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
  *                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
  *
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/check_config.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/check_config.h
index 396fe7dfc2b..be5c548e561 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/check_config.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/check_config.h
@@ -173,7 +173,11 @@
 #endif
 
 #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
@@ -214,11 +218,32 @@
 #error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
 #endif
 
+#if defined(MBEDTLS_CCM_C) && (                                        \
+    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+#error "MBEDTLS_CCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CCM_C) && !defined(MBEDTLS_CIPHER_C)
+#error "MBEDTLS_CCM_C defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_GCM_C) && (                                        \
-        !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+#error "MBEDTLS_GCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CIPHER_C)
 #error "MBEDTLS_GCM_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C)
+#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_POLY1305_C)
+#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
 #error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
 #endif
@@ -338,11 +363,11 @@
 #endif
 
 #if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
@@ -619,6 +644,18 @@
 #error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
 #endif
 
+#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) && \
+    !defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_ECDSA_C)
+#error "MBEDTLS_PK_C in configuration with MBEDTLS_USE_PSA_CRYPTO and \
+        MBEDTLS_ECDSA_C requires MBEDTLS_PK_WRITE_C to be defined."
+#endif
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) && \
+    !defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PSA_CRYPTO_C)
+#error "MBEDTLS_PSA_CRYPTO_C, MBEDTLS_RSA_C and  MBEDTLS_PKCS1_V15 defined, \
+        but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
     !defined(MBEDTLS_OID_C) )
 #error "MBEDTLS_RSA_C defined, but not all prerequisites"
@@ -761,14 +798,14 @@
     !defined(MBEDTLS_SSL_PROTO_TLS1)   &&      \
     !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
     !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
     !defined(MBEDTLS_SSL_PROTO_TLS1)   &&          \
     !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&          \
     !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/config.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/config.h
index 87b4e9192e7..1cd6eb66348 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/config.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/config.h
@@ -128,7 +128,12 @@
  * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
  * MBEDTLS_PLATFORM_STD_TIME.
  *
- * Comment if your system does not support time functions
+ * Comment if your system does not support time functions.
+ *
+ * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
+ *       interface - timing.c will include time.h on suitable platforms
+ *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
  */
 #define MBEDTLS_HAVE_TIME
 
@@ -321,7 +326,7 @@
  */
 //#define MBEDTLS_CHECK_PARAMS_ASSERT
 
-/* \} name SECTION: System support */
+/** \} name SECTION: System support */
 
 /**
  * \name SECTION: mbed TLS feature support
@@ -395,7 +400,7 @@
 //#define MBEDTLS_XTEA_ALT
 
 /*
- * When replacing the elliptic curve module, pleace consider, that it is
+ * When replacing the elliptic curve module, please consider, that it is
  * implemented with two .c files:
  *      - ecp.c
  *      - ecp_curves.c
@@ -1493,7 +1498,7 @@
  * Enable an implementation of SHA-256 that has lower ROM footprint but also
  * lower performance.
  *
- * The default implementation is meant to be a reasonnable compromise between
+ * The default implementation is meant to be a reasonable compromise between
  * performance and size. This version optimizes more aggressively for size at
  * the expense of performance. Eg on Cortex-M4 it reduces the size of
  * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
@@ -1658,7 +1663,7 @@
  * Enable support for RFC 7627: Session Hash and Extended Master Secret
  * Extension.
  *
- * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * This was introduced as "the proper fix" to the Triple Handshake family of
  * attacks, but it is recommended to always use it (even if you disable
  * renegotiation), since it actually fixes a more fundamental issue in the
  * original SSL/TLS design, and has implications beyond Triple Handshake.
@@ -1704,7 +1709,7 @@
  * \note This option has no influence on the protection against the
  *       triple handshake attack. Even if it is disabled, Mbed TLS will
  *       still ensure that certificates do not change during renegotiation,
- *       for exaple by keeping a hash of the peer's certificate.
+ *       for example by keeping a hash of the peer's certificate.
  *
  * Comment this macro to disable storing the peer's certificate
  * after the handshake.
@@ -1909,7 +1914,7 @@
  * unless you know for sure amplification cannot be a problem in the
  * environment in which your server operates.
  *
- * \warning Disabling this can ba a security risk! (see above)
+ * \warning Disabling this can be a security risk! (see above)
  *
  * Requires: MBEDTLS_SSL_PROTO_DTLS
  *
@@ -2162,8 +2167,19 @@
  * This setting allows support for cryptographic mechanisms through the PSA
  * API to be configured separately from support through the mbedtls API.
  *
- * Uncomment this to enable use of PSA Crypto configuration settings which
- * can be found in include/psa/crypto_config.h.
+ * When this option is disabled, the PSA API exposes the cryptographic
+ * mechanisms that can be implemented on top of the `mbedtls_xxx` API
+ * configured with `MBEDTLS_XXX` symbols.
+ *
+ * When this option is enabled, the PSA API exposes the cryptographic
+ * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
+ * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
+ * automatically enabled if required (i.e. if no PSA driver provides the
+ * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
+ * in config.h.
+ *
+ * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
+ * an alternative header to include instead of include/psa/crypto_config.h.
  *
  * If you enable this option and write your own configuration file, you must
  * include mbedtls/config_psa.h in your configuration file. The default
@@ -2289,7 +2305,7 @@
  * Uncomment to enable use of ZLIB
  */
 //#define MBEDTLS_ZLIB_SUPPORT
-/* \} name SECTION: mbed TLS feature support */
+/** \} name SECTION: mbed TLS feature support */
 
 /**
  * \name SECTION: mbed TLS modules
@@ -2902,7 +2918,7 @@
  *
  * Requires: MBEDTLS_MD_C
  *
- * Uncomment to enable the HMAC_DRBG random number geerator.
+ * Uncomment to enable the HMAC_DRBG random number generator.
  */
 #define MBEDTLS_HMAC_DRBG_C
 
@@ -3096,7 +3112,7 @@
 /**
  * \def MBEDTLS_PK_C
  *
- * Enable the generic public (asymetric) key layer.
+ * Enable the generic public (asymmetric) key layer.
  *
  * Module:  library/pk.c
  * Caller:  library/ssl_tls.c
@@ -3112,7 +3128,7 @@
 /**
  * \def MBEDTLS_PK_PARSE_C
  *
- * Enable the generic public (asymetric) key parser.
+ * Enable the generic public (asymmetric) key parser.
  *
  * Module:  library/pkparse.c
  * Caller:  library/x509_crt.c
@@ -3127,7 +3143,7 @@
 /**
  * \def MBEDTLS_PK_WRITE_C
  *
- * Enable the generic public (asymetric) key writer.
+ * Enable the generic public (asymmetric) key writer.
  *
  * Module:  library/pkwrite.c
  * Caller:  library/x509write.c
@@ -3466,6 +3482,10 @@
  * your own implementation of the whole module by setting
  * \c MBEDTLS_TIMING_ALT in the current file.
  *
+ * \note The timing module will include time.h on suitable platforms
+ *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
+ *
  * \note See also our Knowledge Base article about porting to a new
  * environment:
  * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
@@ -3598,7 +3618,88 @@
  */
 #define MBEDTLS_XTEA_C
 
-/* \} name SECTION: mbed TLS modules */
+/** \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: General configuration options
+ *
+ * This section contains Mbed TLS build settings that are not associated
+ * with a particular module.
+ *
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"mbedtls/config.h"`.
+ * This header file specifies the compile-time configuration of Mbed TLS.
+ * Unlike other configuration options, this one must be defined on the
+ * compiler command line: a definition in `config.h` would have no effect.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_CONFIG_FILE "mbedtls/config.h"
+
+/**
+ * \def MBEDTLS_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"mbedtls/config.h"` or #MBEDTLS_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_config.h"`.
+ * This header file specifies which cryptographic mechanisms are available
+ * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
+ * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
+
+/** \} name SECTION: General configuration options */
 
 /**
  * \name SECTION: Module configuration options
@@ -3609,11 +3710,15 @@
  *
  * Our advice is to enable options and change their values here
  * only if you have a good reason and know the consequences.
- *
- * Please check the respective header file for documentation on these
- * parameters (to prevent duplicate documentation).
  * \{
  */
+/* The Doxygen documentation here is used when a user comments out a
+ * setting and runs doxygen themselves. On the other hand, when we typeset
+ * the full documentation including disabled settings, the documentation
+ * in specific modules' header files is used if present. When editing this
+ * file, make sure that each option is documented in exactly one place,
+ * plus optionally a same-line Doxygen comment here if there is a Doxygen
+ * comment in the specific module. */
 
 /* MPI / BIGNUM options */
 //#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum window size used. */
@@ -4002,7 +4107,7 @@
  */
 //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
 
-/* \} name SECTION: Customisation configuration options */
+/** \} name SECTION: Module configuration options */
 
 /* Target and application specific configurations
  *
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/config_psa.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/config_psa.h
index 189f6c21734..1bf750ad5ee 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/config_psa.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/config_psa.h
@@ -31,9 +31,17 @@
 #define MBEDTLS_CONFIG_PSA_H
 
 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+#else
 #include "psa/crypto_config.h"
+#endif
 #endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
 
+#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -264,7 +272,6 @@ extern "C" {
 #if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
     (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
     (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
-    (defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \
     defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
     (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
      !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
@@ -393,15 +400,8 @@ extern "C" {
 #endif
 #endif /* PSA_WANT_ALG_OFB */
 
-#if defined(PSA_WANT_ALG_XTS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define MBEDTLS_CIPHER_MODE_XTS
-#endif
-#endif /* PSA_WANT_ALG_XTS */
-
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING) &&     \
+    !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
 #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
 #endif
 
@@ -483,7 +483,7 @@ extern "C" {
 #if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
 /*
  * Curve448 is not yet supported via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/4249).
+ * (https://github.com/Mbed-TLS/mbedtls/issues/4249).
  */
 #error "Curve448 is not yet supported via the PSA API in Mbed TLS."
 #define MBEDTLS_ECP_DP_CURVE448_ENABLED
@@ -537,7 +537,7 @@ extern "C" {
 #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
 /*
  * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541).
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541).
  */
 #error "SECP224K1 is buggy via the PSA API in Mbed TLS."
 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
@@ -751,11 +751,6 @@ extern "C" {
 #define PSA_WANT_ALG_OFB 1
 #endif
 
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define PSA_WANT_ALG_XTS 1
-#endif
-
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256
@@ -776,7 +771,7 @@ extern "C" {
 #define PSA_WANT_ECC_MONTGOMERY_255
 #endif
 
-/* Curve448 is not yet supported via the PSA API (https://github.com/ARMmbed/mbedtls/issues/4249) */
+/* Curve448 is not yet supported via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/4249) */
 #if 0 && defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
 #define PSA_WANT_ECC_MONTGOMERY_448
@@ -812,7 +807,7 @@ extern "C" {
 #define PSA_WANT_ECC_SECP_K1_192
 #endif
 
-/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
+/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
 #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
 #define PSA_WANT_ECC_SECP_K1_224
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
index dc4adc896d4..e68237a439a 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
@@ -138,7 +138,7 @@
 /**< The maximum size of seed or reseed buffer in bytes. */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #define MBEDTLS_CTR_DRBG_PR_OFF             0
 /**< Prediction resistance is disabled. */
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/debug.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/debug.h
index 3c08244f3da..4fc4662d9ab 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/debug.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/debug.h
@@ -139,7 +139,7 @@ extern "C" {
  *          discarded.
  *          (Default value: 0 = No debug )
  *
- * \param threshold     theshold level of messages to filter on. Messages at a
+ * \param threshold     threshold level of messages to filter on. Messages at a
  *                      higher level will be discarded.
  *                          - Debug levels
  *                              - 0 No debug
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h
index 891705d8c4f..3564ff8dd3e 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ecjpake.h
@@ -68,7 +68,7 @@ typedef enum {
  * (KeyExchange) as defined by the Thread spec.
  *
  * In order to benefit from this symmetry, we choose a different naming
- * convetion from the Thread v1.0 spec. Correspondance is indicated in the
+ * convention from the Thread v1.0 spec. Correspondence is indicated in the
  * description as a pair C: client name, S: server name
  */
 typedef struct mbedtls_ecjpake_context
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ecp.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ecp.h
index 0924341e002..64a0bccda05 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ecp.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ecp.h
@@ -315,7 +315,7 @@ mbedtls_ecp_group;
 #if !defined(MBEDTLS_ECP_WINDOW_SIZE)
 /*
  * Maximum "window" size used for point multiplication.
- * Default: a point where higher memory usage yields disminishing performance
+ * Default: a point where higher memory usage yields diminishing performance
  *          returns.
  * Minimum value: 2. Maximum value: 7.
  *
@@ -351,7 +351,7 @@ mbedtls_ecp_group;
 #define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up. */
 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #else  /* MBEDTLS_ECP_ALT */
 #include "ecp_alt.h"
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/entropy.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/entropy.h
index deb3c50300b..40259ebc8a1 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/entropy.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/entropy.h
@@ -75,7 +75,7 @@
 #define MBEDTLS_ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
 #define MBEDTLS_ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/hkdf.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/hkdf.h
index 223004b8ede..111d960e568 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/hkdf.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/hkdf.h
@@ -39,7 +39,7 @@
  */
 /** Bad input parameters to function. */
 #define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA  -0x5F80
-/* \} name */
+/** \} name */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
index 79132d4d910..6d372b9788e 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
@@ -74,7 +74,7 @@
 #define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT    384     /**< Maximum size of (re)seed buffer */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #define MBEDTLS_HMAC_DRBG_PR_OFF   0   /**< No prediction resistance       */
 #define MBEDTLS_HMAC_DRBG_PR_ON    1   /**< Prediction resistance enabled  */
@@ -207,7 +207,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
                     size_t len );
 
 /**
- * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
+ * \brief               Initialisation of simplified HMAC_DRBG (never reseeds).
  *
  * This function is meant for use in algorithms that need a pseudorandom
  * input such as deterministic ECDSA.
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
index 233977252a3..3954b36ab56 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
@@ -42,7 +42,7 @@
 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE       4 /**< Align on multiples of this value */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #define MBEDTLS_MEMORY_VERIFY_NONE         0
 #define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/oid.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/oid.h
index 1c39186a491..01862178044 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/oid.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/oid.h
@@ -143,7 +143,7 @@
 #define MBEDTLS_OID_AT_GIVEN_NAME               MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
 #define MBEDTLS_OID_AT_INITIALS                 MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
 #define MBEDTLS_OID_AT_GENERATION_QUALIFIER     MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
+#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */
 #define MBEDTLS_OID_AT_DN_QUALIFIER             MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
 #define MBEDTLS_OID_AT_PSEUDONYM                MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
 
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/pem.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/pem.h
index dfb4ff218e6..daa71c886ba 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/pem.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/pem.h
@@ -54,7 +54,7 @@
 #define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400
 /** Bad input parameters to function. */
 #define MBEDTLS_ERR_PEM_BAD_INPUT_DATA                    -0x1480
-/* \} name */
+/** \} name PEM Error codes */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/pk.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/pk.h
index 8f2abf2a608..c9a13f484ed 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/pk.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/pk.h
@@ -217,32 +217,6 @@ typedef struct
 typedef void mbedtls_pk_restart_ctx;
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 
-#if defined(MBEDTLS_RSA_C)
-/**
- * Quick access to an RSA context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an RSA context
- * before using this function!
- */
-static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
-{
-    return( (mbedtls_rsa_context *) (pk).pk_ctx );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * Quick access to an EC context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an EC context
- * before using this function!
- */
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
-{
-    return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
-}
-#endif /* MBEDTLS_ECP_C */
-
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /**
  * \brief           Types for RSA-alt abstraction
@@ -656,6 +630,55 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
  */
 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
 
+#if defined(MBEDTLS_RSA_C)
+/**
+ * Quick access to an RSA context inside a PK context.
+ *
+ * \warning This function can only be used when the type of the context, as
+ * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_RSA.
+ * Ensuring that is the caller's responsibility.
+ * Alternatively, you can check whether this function returns NULL.
+ *
+ * \return The internal RSA context held by the PK context, or NULL.
+ */
+static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
+{
+    switch( mbedtls_pk_get_type( &pk ) )
+    {
+        case MBEDTLS_PK_RSA:
+            return( (mbedtls_rsa_context *) (pk).pk_ctx );
+        default:
+            return( NULL );
+    }
+}
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * Quick access to an EC context inside a PK context.
+ *
+ * \warning This function can only be used when the type of the context, as
+ * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_ECKEY,
+ * #MBEDTLS_PK_ECKEY_DH, or #MBEDTLS_PK_ECDSA.
+ * Ensuring that is the caller's responsibility.
+ * Alternatively, you can check whether this function returns NULL.
+ *
+ * \return The internal EC context held by the PK context, or NULL.
+ */
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
+{
+    switch( mbedtls_pk_get_type( &pk ) )
+    {
+        case MBEDTLS_PK_ECKEY:
+        case MBEDTLS_PK_ECKEY_DH:
+        case MBEDTLS_PK_ECDSA:
+            return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
+        default:
+            return( NULL );
+    }
+}
+#endif /* MBEDTLS_ECP_C */
+
 #if defined(MBEDTLS_PK_PARSE_C)
 /** \ingroup pk_module */
 /**
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/platform.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/platform.h
index bdef07498d7..06dd192eab9 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/platform.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/platform.h
@@ -70,7 +70,9 @@ extern "C" {
 #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
 #include <stdio.h>
 #include <stdlib.h>
+#if defined(MBEDTLS_HAVE_TIME)
 #include <time.h>
+#endif
 #if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
 #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
 #define MBEDTLS_PLATFORM_STD_SNPRINTF   mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use.  */
@@ -127,7 +129,7 @@ extern "C" {
 #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
 
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 /*
  * The function pointers for calloc and free.
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/platform_time.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/platform_time.h
index 7e7daab6920..94055711b2e 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/platform_time.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/platform_time.h
@@ -32,14 +32,6 @@
 extern "C" {
 #endif
 
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
 /*
  * The time_t datatype
  */
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/platform_util.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/platform_util.h
index f982db8c01c..cd112ab58e2 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/platform_util.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/platform_util.h
@@ -67,7 +67,7 @@ extern "C" {
  * \brief       User supplied callback function for parameter validation failure.
  *              See #MBEDTLS_CHECK_PARAMS for context.
  *
- *              This function will be called unless an alternative treatement
+ *              This function will be called unless an alternative treatment
  *              is defined through the #MBEDTLS_PARAM_FAILED macro.
  *
  *              This function can return, and the operation will be aborted, or
@@ -198,7 +198,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
  *
  * This macro has an empty expansion. It exists for documentation purposes:
  * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
- * has been analyzed for return-check usefuless, whereas the lack of
+ * has been analyzed for return-check usefulness, whereas the lack of
  * an annotation indicates that the function has not been analyzed and its
  * return-check usefulness is unknown.
  */
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/rsa.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/rsa.h
index 3c481e12a17..062df73aa06 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/rsa.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/rsa.h
@@ -88,7 +88,7 @@
 
 /*
  * The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
+ * eg for alternative (PKCS#11) RSA implementations in the PK layers.
  */
 
 #ifdef __cplusplus
@@ -552,7 +552,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
  *
  * \note           Blinding is used if and only if a PRNG is provided.
  *
- * \note           If blinding is used, both the base of exponentation
+ * \note           If blinding is used, both the base of exponentiation
  *                 and the exponent are blinded, providing protection
  *                 against some side-channel attacks.
  *
@@ -687,7 +687,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
  *                   mode being set to #MBEDTLS_RSA_PRIVATE and might instead
  *                   return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx        The initnialized RSA context to use.
+ * \param ctx        The initialized RSA context to use.
  * \param f_rng      The RNG function to use. This is needed for padding
  *                   generation and must be provided.
  * \param p_rng      The RNG context to be passed to \p f_rng. This may
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl.h
index 209dbf6053c..5064ec56891 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl.h
@@ -349,7 +349,7 @@
 #define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 /*
  * Length of the verify data for secure renegotiation
@@ -1152,7 +1152,7 @@ struct mbedtls_ssl_config
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    /** Callback to create & write a cookie for ClientHello veirifcation    */
+    /** Callback to create & write a cookie for ClientHello verification    */
     int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
                            const unsigned char *, size_t );
     /** Callback to verify validity of a ClientHello cookie                 */
@@ -1405,7 +1405,7 @@ struct mbedtls_ssl_context
     unsigned char *compress_buf;        /*!<  zlib data buffer        */
 #endif /* MBEDTLS_ZLIB_SUPPORT */
 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-    signed char split_done;     /*!< current record already splitted? */
+    signed char split_done;     /*!< current record already split? */
 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
 
     /*
@@ -1688,7 +1688,7 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
  *
  * \note           The two most common use cases are:
  *                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
- *                 - blocking I/O, f_recv == NULL, f_recv_timout != NULL
+ *                 - blocking I/O, f_recv == NULL, f_recv_timeout != NULL
  *
  * \note           For DTLS, you need to provide either a non-NULL
  *                 f_recv_timeout callback, or a f_recv that doesn't block.
@@ -1846,7 +1846,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 /**
- * \brief          Set the Maximum Tranport Unit (MTU).
+ * \brief          Set the Maximum Transport Unit (MTU).
  *                 Special value: 0 means unset (no limit).
  *                 This represents the maximum size of a datagram payload
  *                 handled by the transport layer (usually UDP) as determined
@@ -2387,7 +2387,7 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
  *                 ones going through the authentication-decryption phase.
  *
  * \note           This is a security trade-off related to the fact that it's
- *                 often relatively easy for an active attacker ot inject UDP
+ *                 often relatively easy for an active attacker to inject UDP
  *                 datagrams. On one hand, setting a low limit here makes it
  *                 easier for such an attacker to forcibly terminated a
  *                 connection. On the other hand, a high limit or no limit
@@ -2498,7 +2498,7 @@ void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min,
  *                 successfully cached, return 1 otherwise.
  *
  * \param conf           SSL configuration
- * \param p_cache        parmater (context) for both callbacks
+ * \param p_cache        parameter (context) for both callbacks
  * \param f_get_cache    session get callback
  * \param f_set_cache    session set callback
  */
@@ -2529,7 +2529,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
 /**
  * \brief          Load serialized session data into a session structure.
  *                 On client, this can be used for loading saved sessions
- *                 before resuming them with mbedstls_ssl_set_session().
+ *                 before resuming them with mbedtls_ssl_set_session().
  *                 On server, this can be used for alternative implementations
  *                 of session cache or session tickets.
  *
@@ -2793,7 +2793,7 @@ void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
  *
  * \note           On client, only the first call has any effect. That is,
  *                 only one client certificate can be provisioned. The
- *                 server's preferences in its CertficateRequest message will
+ *                 server's preferences in its CertificateRequest message will
  *                 be ignored and our only cert will be sent regardless of
  *                 whether it matches those preferences - the server can then
  *                 decide what it wants to do with it.
@@ -3241,7 +3241,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
  * \param protos   Pointer to a NULL-terminated list of supported protocols,
  *                 in decreasing preference order. The pointer to the list is
  *                 recorded by the library for later reference as required, so
- *                 the lifetime of the table must be atleast as long as the
+ *                 the lifetime of the table must be at least as long as the
  *                 lifetime of the SSL configuration structure.
  *
  * \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
@@ -3255,7 +3255,7 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot
  *
  * \param ssl      SSL context
  *
- * \return         Protcol name, or NULL if no protocol was negotiated.
+ * \return         Protocol name, or NULL if no protocol was negotiated.
  */
 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_ALPN */
@@ -3338,7 +3338,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
                                          unsigned char *mki_value,
                                          uint16_t mki_len );
 /**
- * \brief                  Get the negotiated DTLS-SRTP informations:
+ * \brief                  Get the negotiated DTLS-SRTP information:
  *                         Protection profile and MKI value.
  *
  * \warning                This function must be called after the handshake is
@@ -3346,7 +3346,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
  *                         not be trusted or acted upon before the handshake completes.
  *
  * \param ssl              The SSL context to query.
- * \param dtls_srtp_info   The negotiated DTLS-SRTP informations:
+ * \param dtls_srtp_info   The negotiated DTLS-SRTP information:
  *                         - Protection profile in use.
  *                         A direct mapping of the iana defined value for protection
  *                         profile on an uint16_t.
@@ -3508,7 +3508,7 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
  *                 \c mbedtls_ssl_get_record_expansion().
  *
  * \note           For DTLS, it is also possible to set a limit for the total
- *                 size of daragrams passed to the transport layer, including
+ *                 size of datagrams passed to the transport layer, including
  *                 record overhead, see \c mbedtls_ssl_set_mtu().
  *
  * \param conf     SSL configuration
@@ -3568,7 +3568,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
  *                 initiated by peer
  *                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
  *
- * \warning        It is recommended to always disable renegotation unless you
+ * \warning        It is recommended to always disable renegotiation unless you
  *                 know you need it and you know what you're doing. In the
  *                 past, there have been several issues associated with
  *                 renegotiation or a poor understanding of its properties.
@@ -3631,7 +3631,7 @@ void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_
  *                 scenario.
  *
  * \note           With DTLS and server-initiated renegotiation, the
- *                 HelloRequest is retransmited every time mbedtls_ssl_read() times
+ *                 HelloRequest is retransmitted every time mbedtls_ssl_read() times
  *                 out or receives Application Data, until:
  *                 - max_records records have beens seen, if it is >= 0, or
  *                 - the number of retransmits that would happen during an
@@ -4263,7 +4263,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
  * \return         \c 0 if successful.
  * \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
  * \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
- *                 while reseting the context.
+ *                 while resetting the context.
  * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
  *                 progress, or there is pending data for reading or sending,
  *                 or the connection does not use DTLS 1.2 with an AEAD
@@ -4357,7 +4357,7 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
 void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
 
 /**
- * \brief          Load reasonnable default SSL configuration values.
+ * \brief          Load reasonable default SSL configuration values.
  *                 (You need to call mbedtls_ssl_config_init() first.)
  *
  * \param conf     SSL configuration context
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
index c6ef2960f4d..02eab96d452 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
@@ -50,7 +50,7 @@
 #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
index 0a238708e59..2aa373177b8 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
@@ -45,7 +45,7 @@
 #define MBEDTLS_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
 #endif
 
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
 
 #ifdef __cplusplus
 extern "C" {
@@ -84,7 +84,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
  * \brief          Set expiration delay for cookies
  *                 (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
  *
- * \param ctx      Cookie contex
+ * \param ctx      Cookie context
  * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
  *                 issued in the meantime.
  *                 0 to disable expiration (NOT recommended)
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
index 6913dc0f668..46ade67b9c4 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
@@ -934,16 +934,22 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
  */
 void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
 
@@ -1023,27 +1029,39 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
  *              following the above definition.
  *
  */
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
                              unsigned update_hs_digest );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
                             const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
 
 /**
@@ -1108,13 +1126,18 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
 
 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
 
 #if defined(MBEDTLS_ECP_C)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
                                 mbedtls_md_type_t md );
 #endif
@@ -1170,6 +1193,7 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
  *
  * Return 0 if everything is OK, -1 if not.
  */
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
                           const mbedtls_ssl_ciphersuite_t *ciphersuite,
                           int cert_endpoint,
@@ -1218,21 +1242,26 @@ static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
 #endif
 
 /* Visible for testing purposes only */
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl );
 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
 #endif
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
                               const mbedtls_ssl_session *src );
 
 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_1)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
                                         unsigned char *output,
                                         unsigned char *data, size_t data_len );
@@ -1242,6 +1271,7 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_2)
 /* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
                                             unsigned char *hash, size_t *hashlen,
                                             unsigned char *data, size_t data_len,
@@ -1254,11 +1284,13 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
 #endif
 
 void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
                              mbedtls_ssl_transform *transform,
                              mbedtls_record *rec,
                              int (*f_rng)(void *, unsigned char *, size_t),
                              void *p_rng );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
                              mbedtls_ssl_transform *transform,
                              mbedtls_record *rec );
@@ -1276,10 +1308,12 @@ static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl )
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs );
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
@@ -1287,6 +1321,7 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
                               mbedtls_ssl_transform *transform );
 void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
 
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@@ -1296,6 +1331,7 @@ void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
+MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
@@ -1305,4 +1341,12 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
+#if defined(MBEDTLS_TEST_HOOKS)
+int mbedtls_ssl_check_dtls_clihlo_cookie(
+                          mbedtls_ssl_context *ssl,
+                          const unsigned char *cli_id, size_t cli_id_len,
+                          const unsigned char *in, size_t in_len,
+                          unsigned char *obuf, size_t buf_len, size_t *olen );
+#endif
+
 #endif /* ssl_internal.h */
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
index a882eed23b9..8221051b247 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
@@ -101,7 +101,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
  *                  supported. Usually that means a 256-bit key.
  *
  * \note            The lifetime of the keys is twice the lifetime of tickets.
- *                  It is recommended to pick a reasonnable lifetime so as not
+ *                  It is recommended to pick a reasonable lifetime so as not
  *                  to negate the benefits of forward secrecy.
  *
  * \return          0 if successful,
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/version.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/version.h
index b1a92b2bcf3..44adcbfe037 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/version.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/version.h
@@ -38,16 +38,16 @@
  */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  28
-#define MBEDTLS_VERSION_PATCH  0
+#define MBEDTLS_VERSION_PATCH  1
 
 /**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x021C0000
-#define MBEDTLS_VERSION_STRING         "2.28.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.28.0"
+#define MBEDTLS_VERSION_NUMBER         0x021C0100
+#define MBEDTLS_VERSION_STRING         "2.28.1"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.28.1"
 
 #if defined(MBEDTLS_VERSION_C)
 
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509.h
index c1775014300..31b78df32f5 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509.h
@@ -96,7 +96,7 @@
 #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980
 /** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
 #define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000
-/* \} name */
+/** \} name X509 Error codes */
 
 /**
  * \name X509 Verify codes
@@ -124,8 +124,8 @@
 #define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
 #define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name X509 Verify codes */
+/** \} addtogroup x509_module */
 
 /*
  * X.509 v3 Subject Alternative Name types.
@@ -255,7 +255,6 @@ typedef struct mbedtls_x509_time
 mbedtls_x509_time;
 
 /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
-/** \} addtogroup x509_module */
 
 /**
  * \brief          Store the certificate DN in printable form into buf;
@@ -311,6 +310,8 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
  */
 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
 
+/** \} addtogroup x509_module */
+
 #if defined(MBEDTLS_SELF_TEST)
 
 /**
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h
index 7e9e8885f41..92220090197 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509_crl.h
@@ -162,8 +162,8 @@ void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
  */
 void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for parsing CRLs */
+/** \} addtogroup x509_module */
 
 #ifdef __cplusplus
 }
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h
index 64ccb433ba8..0f2885a7ee4 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509_crt.h
@@ -107,7 +107,7 @@ mbedtls_x509_crt;
 typedef struct mbedtls_x509_san_other_name
 {
     /**
-     * The type_id is an OID as deifned in RFC 5280.
+     * The type_id is an OID as defined in RFC 5280.
      * To check the value of the type id, you should use
      * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
      */
@@ -159,7 +159,9 @@ mbedtls_x509_subject_alternative_name;
 typedef struct mbedtls_x509_crt_profile
 {
     uint32_t allowed_mds;       /**< MDs for signatures         */
-    uint32_t allowed_pks;       /**< PK algs for signatures     */
+    uint32_t allowed_pks;       /**< PK algs for public keys;
+                                 *   this applies to all certificates
+                                 *   in the provided chain.     */
     uint32_t allowed_curves;    /**< Elliptic curves for ECDSA  */
     uint32_t rsa_min_bitlen;    /**< Minimum size for RSA keys  */
 }
@@ -850,8 +852,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for parsing and writing X.509 certificates */
 
 #if defined(MBEDTLS_X509_CRT_WRITE_C)
 /**
@@ -862,7 +863,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
 
 /**
- * \brief           Set the verion for a Certificate
+ * \brief           Set the version for a Certificate
  *                  Default: MBEDTLS_X509_CRT_VERSION_3
  *
  * \param ctx       CRT context to use
@@ -978,7 +979,7 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
  * \param is_ca     is this a CA certificate
  * \param max_pathlen   maximum length of certificate chains below this
  *                      certificate (only for CA certificates, -1 is
- *                      inlimited)
+ *                      unlimited)
  *
  * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
  */
@@ -1087,6 +1088,8 @@ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf,
 #endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_X509_CRT_WRITE_C */
 
+/** \} addtogroup x509_module */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h
index b1dfc21f1fb..2a1c0461315 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/x509_csr.h
@@ -151,8 +151,7 @@ void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
 void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
 #endif /* MBEDTLS_X509_CSR_PARSE_C */
 
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for X.509 Certificate Signing Requests (CSR) */
 
 #if defined(MBEDTLS_X509_CSR_WRITE_C)
 /**
@@ -182,7 +181,7 @@ int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
  *                  private key used to sign the CSR when writing it)
  *
  * \param ctx       CSR context to use
- * \param key       Asymetric key to include
+ * \param key       Asymmetric key to include
  */
 void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
 
@@ -298,6 +297,8 @@ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, s
 #endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_X509_CSR_WRITE_C */
 
+/** \} addtogroup x509_module */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto.h
index b0b57c3a6ba..d6d3e4f559f 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto.h
@@ -499,17 +499,14 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
  *         This is an attempt to create a persistent key, and there is
  *         already a persistent key with the given identifier.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The lifetime or identifier in \p attributes are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The policy constraints on the source and specified in
- *         \p attributes are incompatible.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The lifetime or identifier in \p attributes are invalid, or
+ *         the policy constraints on the source and specified in
+ *         \p attributes are incompatible, or
  *         \p attributes specifies a key type or key size
  *         which does not match the attributes of the source key.
  * \retval #PSA_ERROR_NOT_PERMITTED
- *         The source key does not have the #PSA_KEY_USAGE_COPY usage flag.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The source key is not exportable and its lifetime does not
+ *         The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
+ *         the source key is not exportable and its lifetime does not
  *         allow copying it to the target's lifetime.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -636,11 +633,9 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);
  *         The key type or key size is not supported, either by the
  *         implementation in general or in this particular persistent location.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key attributes, as a whole, are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key data is not correctly formatted.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The size in \p attributes is nonzero and does not match the size
+ *         The key attributes, as a whole, are invalid, or
+ *         the key data is not correctly formatted, or
+ *         the size in \p attributes is nonzero and does not match the size
  *         of the key data.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -864,7 +859,6 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -900,7 +894,6 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -996,14 +989,13 @@ static psa_hash_operation_t psa_hash_operation_init(void);
  *         \p alg is not a supported hash algorithm.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p alg is not a hash algorithm.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1023,14 +1015,13 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it muct be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1044,7 +1035,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
  * This function calculates the hash of the message formed by concatenating
  * the inputs passed to preceding calls to psa_hash_update().
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_hash_abort().
  *
@@ -1066,8 +1057,6 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p hash buffer is too small. You can determine a
  *         sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
@@ -1077,7 +1066,8 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1095,7 +1085,7 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
  * compares the calculated hash with the expected hash passed as a
  * parameter to this function.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_hash_abort().
  *
@@ -1112,14 +1102,13 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The hash of the message was calculated successfully, but it
  *         differs from the expected hash.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1170,16 +1159,14 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation);
  *                                  It must be initialized but not active.
  *
  * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- *         The \p source_operation state is not valid (it must be active).
- * \retval #PSA_ERROR_BAD_STATE
- *         The \p target_operation state is not valid (it must be inactive).
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The \p source_operation state is not valid (it must be active), or
+ *         the \p target_operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1381,9 +1368,8 @@ static psa_mac_operation_t psa_mac_operation_init(void);
  * \retval #PSA_ERROR_STORAGE_FAILURE
  *         The key could not be retrieved from storage.
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1442,11 +1428,10 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
- *         The key could not be retrieved from storage
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
+ *         The key could not be retrieved from storage.
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1469,15 +1454,14 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1491,7 +1475,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
  * This function calculates the MAC of the message formed by concatenating
  * the inputs passed to preceding calls to psa_mac_update().
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_mac_abort().
  *
@@ -1515,9 +1499,6 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active mac sign
- *         operation).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p mac buffer is too small. You can determine a
  *         sufficient buffer size by calling PSA_MAC_LENGTH().
@@ -1527,7 +1508,9 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active mac sign
+ *         operation), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1545,7 +1528,7 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
  * compares the calculated MAC with the expected MAC passed as a
  * parameter to this function.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_mac_abort().
  *
@@ -1562,16 +1545,15 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The MAC of the message was calculated successfully, but it
  *         differs from the expected MAC.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active mac verify
- *         operation).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active mac verify
+ *         operation), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1806,9 +1788,8 @@ static psa_cipher_operation_t psa_cipher_operation_init(void);
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1870,9 +1851,8 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1900,8 +1880,6 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with no IV set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p iv buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1910,7 +1888,9 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with no IV set),
+ *         or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1940,9 +1920,6 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active cipher
- *         encrypt operation, with no IV set).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The size of \p iv is not acceptable for the chosen algorithm,
  *         or the chosen algorithm does not use an IV.
@@ -1952,7 +1929,9 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active cipher
+ *         encrypt operation, with no IV set), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -1983,9 +1962,6 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with an IV set
- *         if required for the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1994,7 +1970,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with an IV set
+ *         if required for the algorithm), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2016,7 +1994,7 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  * formed by concatenating the inputs passed to preceding calls to
  * psa_cipher_update().
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_cipher_abort().
  *
@@ -2036,9 +2014,6 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_PADDING
  *         This is a decryption operation for an algorithm that includes
  *         padding, and the ciphertext does not contain valid padding.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with an IV set
- *         if required for the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2047,7 +2022,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with an IV set
+ *         if required for the algorithm), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2330,7 +2307,8 @@ static psa_aead_operation_t psa_aead_operation_init(void);
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2342,7 +2320,6 @@ static psa_aead_operation_t psa_aead_operation_init(void);
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
@@ -2396,8 +2373,6 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2410,7 +2385,8 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or the
+ *         library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2439,9 +2415,6 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active aead encrypt
- *         operation, with no nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p nonce buffer is too small.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2450,7 +2423,9 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active aead encrypt
+ *         operation, with no nonce set), or the library has not been
+ *         previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2480,9 +2455,6 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with no nonce
- *         set).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The size of \p nonce is not acceptable for the chosen algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2491,7 +2463,9 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, with no nonce
+ *         set), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2525,10 +2499,6 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, and
- *         psa_aead_update_ad() and psa_aead_update() must not have been
- *         called yet).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         At least one of the lengths is not acceptable for the chosen
  *         algorithm.
@@ -2537,7 +2507,10 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, and
+ *         psa_aead_update_ad() and psa_aead_update() must not have been
+ *         called yet), or the library has not been previously initialized
+ *         by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2573,10 +2546,6 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, have a nonce
- *         set, have lengths set if required by the algorithm, and
- *         psa_aead_update() must not have been called yet).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total input length overflows the additional data length that
  *         was previously specified with psa_aead_set_lengths().
@@ -2586,7 +2555,10 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, have a nonce
+ *         set, have lengths set if required by the algorithm, and
+ *         psa_aead_update() must not have been called yet), or the library
+ *         has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2651,9 +2623,6 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, have a nonce
- *         set, and have lengths set if required by the algorithm).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
  *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
@@ -2662,9 +2631,8 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total input length overflows the plaintext length that
+ *         specified with psa_aead_set_lengths(), or
+ *         the total input length overflows the plaintext length that
  *         was previously specified with psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -2672,7 +2640,9 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active, have a nonce
+ *         set, and have lengths set if required by the algorithm), or the
+ *         library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2697,7 +2667,7 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  *   preceding calls to psa_aead_update().
  * - \p tag contains the authentication tag.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_aead_abort().
  *
@@ -2736,9 +2706,6 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active encryption
- *         operation with a nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p ciphertext or \p tag buffer is too small.
  *         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2749,9 +2716,8 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to psa_aead_update() so far is
+ *         specified with psa_aead_set_lengths(), or
+ *         the total length of input to psa_aead_update() so far is
  *         less than the plaintext length that was previously
  *         specified with psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2760,7 +2726,9 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active encryption
+ *         operation with a nonce set), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -2789,7 +2757,7 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * plaintext and reports success. If the authentication tag is not correct,
  * this function returns #PSA_ERROR_INVALID_SIGNATURE.
  *
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling psa_aead_abort().
  *
@@ -2823,9 +2791,6 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The calculations were successful, but the authentication tag is
  *         not correct.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active decryption
- *         operation with a nonce set).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p plaintext buffer is too small.
  *         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2834,9 +2799,8 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to psa_aead_update() so far is
+ *         specified with psa_aead_set_lengths(), or
+ *         the total length of input to psa_aead_update() so far is
  *         less than the plaintext length that was previously
  *         specified with psa_aead_set_lengths().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2845,7 +2809,9 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be an active decryption
+ *         operation with a nonce set), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3089,7 +3055,7 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The calculation was perfomed successfully, but the passed
+ *         The calculation was performed successfully, but the passed
  *         signature is not a valid signature.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -3113,7 +3079,7 @@ psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
 /**
  * \brief Encrypt a short message with a public key.
  *
- * \param key                   Identifer of the key to use for the operation.
+ * \param key                   Identifier of the key to use for the operation.
  *                              It must be a public key or an asymmetric key
  *                              pair. It must allow the usage
  *                              #PSA_KEY_USAGE_ENCRYPT.
@@ -3338,9 +3304,8 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be inactive), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3359,12 +3324,11 @@ psa_status_t psa_key_derivation_setup(
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3387,13 +3351,12 @@ psa_status_t psa_key_derivation_get_capacity(
  *         \p capacity is larger than the operation's current capacity.
  *         In this case, the operation object remains valid and its capacity
  *         remains unchanged.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active), or the
+ *         library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3437,8 +3400,7 @@ psa_status_t psa_key_derivation_set_capacity(
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \c step is not compatible with the operation's algorithm, or
  *         \c step does not allow direct inputs.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3446,9 +3408,8 @@ psa_status_t psa_key_derivation_set_capacity(
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid for this input \p step, or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3489,8 +3450,7 @@ psa_status_t psa_key_derivation_input_bytes(
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \c step is not compatible with the operation's algorithm, or
  *         \c step does not allow key inputs of the given type
  *         or does not allow key inputs at all.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -3499,9 +3459,8 @@ psa_status_t psa_key_derivation_input_bytes(
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid for this input \p step, or
+ *         the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3553,25 +3512,23 @@ psa_status_t psa_key_derivation_input_key(
  *
  * \retval #PSA_SUCCESS
  *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this key agreement \p step.
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \c private_key is not compatible with \c alg,
  *         or \p peer_key is not valid for \c alg or not compatible with
- *         \c private_key.
+ *         \c private_key, or \c step does not allow an input resulting
+ *         from a key agreement.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \c alg is not supported or is not a key derivation algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step does not allow an input resulting from a key agreement.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid for this key agreement \p step,
+ *         or the library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3607,16 +3564,15 @@ psa_status_t psa_key_derivation_key_agreement(
  *                          The operation's capacity is set to 0, thus
  *                          subsequent calls to this function will not
  *                          succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active and completed
- *         all required input steps).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active and completed
+ *         all required input steps), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3749,9 +3705,6 @@ psa_status_t psa_key_derivation_output_bytes(
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The #PSA_KEY_DERIVATION_INPUT_SECRET input was not provided through
  *         a key.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active and completed
- *         all required input steps).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3761,7 +3714,9 @@ psa_status_t psa_key_derivation_output_bytes(
  * \retval #PSA_ERROR_DATA_CORRUPT
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
+ *         The operation state is not valid (it must be active and completed
+ *         all required input steps), or the library has not been previously
+ *         initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
@@ -3828,8 +3783,7 @@ psa_status_t psa_key_derivation_abort(
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p alg is not a key agreement algorithm
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p alg is not a key agreement algorithm, or
  *         \p private_key is not compatible with \p alg,
  *         or \p peer_key is not valid for \p alg or not compatible with
  *         \p private_key.
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h
index 62a0e6f3704..96c45290bdb 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_builtin_primitives.h
@@ -103,7 +103,6 @@ typedef struct
     defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_XTS) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_config.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_config.h
index e2446cb26c4..f261e013e07 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_config.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_config.h
@@ -60,7 +60,6 @@
 #define PSA_WANT_ALG_CMAC                       1
 #define PSA_WANT_ALG_CFB                        1
 #define PSA_WANT_ALG_CHACHA20_POLY1305          1
-#define PSA_WANT_ALG_CMAC                       1
 #define PSA_WANT_ALG_CTR                        1
 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA        1
 #define PSA_WANT_ALG_ECB_NO_PADDING             1
@@ -86,7 +85,9 @@
 #define PSA_WANT_ALG_STREAM_CIPHER              1
 #define PSA_WANT_ALG_TLS12_PRF                  1
 #define PSA_WANT_ALG_TLS12_PSK_TO_MS            1
-#define PSA_WANT_ALG_XTS                        1
+/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
+ * Note: when adding support, also adjust include/mbedtls/config_psa.h */
+//#define PSA_WANT_ALG_XTS                        1
 
 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256         1
 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384         1
@@ -94,14 +95,14 @@
 #define PSA_WANT_ECC_MONTGOMERY_255             1
 /*
  * Curve448 is not yet supported via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/4249). Thus, do not enable it by
+ * (https://github.com/Mbed-TLS/mbedtls/issues/4249). Thus, do not enable it by
  * default.
  */
 //#define PSA_WANT_ECC_MONTGOMERY_448             1
 #define PSA_WANT_ECC_SECP_K1_192                1
 /*
  * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541). Thus, do not enable it by
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
  * default.
  */
 //#define PSA_WANT_ECC_SECP_K1_224                1
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_extra.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_extra.h
index 3ee0482cbda..a48a4bb5eb9 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_extra.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_extra.h
@@ -181,12 +181,9 @@ static inline void psa_clear_key_slot_number(
  *         support registering a key.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The identifier in \p attributes is invalid, namely the identifier is
- *         not in the user range.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         not in the user range, or
  *         \p attributes specifies a lifetime which is not located
- *         in a secure element.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         No slot number is specified in \p attributes,
+ *         in a secure element, or no slot number is specified in \p attributes,
  *         or the specified slot number is not valid.
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The caller is not authorized to register the specified key slot.
@@ -348,7 +345,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
  * length of the byte string is the private key size in bytes (leading zeroes
  * are not stripped).
  *
- * Determinstic DSA key derivation with psa_generate_derived_key follows
+ * Deterministic DSA key derivation with psa_generate_derived_key follows
  * FIPS 186-4 &sect;B.1.2: interpret the byte string as integer
  * in big-endian order. Discard it if it is not in the range
  * [0, *N* - 2] where *N* is the boundary of the private key domain
@@ -448,9 +445,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
  *   As an exception, the public exponent 65537 is represented by an empty
  *   byte string.
  * - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
- *   the `Dss-Parms` format as defined by RFC 3279 &sect;2.3.2.
+ *   the `Dss-Params` format as defined by RFC 3279 &sect;2.3.2.
  *   ```
- *   Dss-Parms ::= SEQUENCE  {
+ *   Dss-Params ::= SEQUENCE  {
  *      p       INTEGER,
  *      q       INTEGER,
  *      g       INTEGER
@@ -466,9 +463,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
  *      g               INTEGER,                    -- generator, g
  *      q               INTEGER,                    -- factor of p-1
  *      j               INTEGER OPTIONAL,           -- subgroup factor
- *      validationParms ValidationParms OPTIONAL
+ *      validationParams ValidationParams OPTIONAL
  *   }
- *   ValidationParms ::= SEQUENCE {
+ *   ValidationParams ::= SEQUENCE {
  *      seed            BIT STRING,
  *      pgenCounter     INTEGER
  *   }
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_sizes.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_sizes.h
index e2ae5965d4f..0d4532200e7 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_sizes.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_sizes.h
@@ -747,7 +747,7 @@
  *      subjectPublicKey     BIT STRING  } -- contains DSAPublicKey
  * AlgorithmIdentifier  ::=  SEQUENCE  {
  *      algorithm               OBJECT IDENTIFIER,
- *      parameters              Dss-Parms  } -- SEQUENCE of 3 INTEGERs
+ *      parameters              Dss-Params  } -- SEQUENCE of 3 INTEGERs
  * DSAPublicKey  ::=  INTEGER -- public key, Y
  *
  * - 3 * 4 bytes of SEQUENCE overhead;
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_struct.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_struct.h
index 23a02a5d8ef..511b3973b86 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_struct.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_struct.h
@@ -442,7 +442,7 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes,
     }
     else
     {
-        /* Call the bigger function to free the old domain paramteres.
+        /* Call the bigger function to free the old domain parameters.
          * Ignore any errors which may arise due to type requiring
          * non-default domain parameters, since this function can't
          * report errors. */
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_types.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_types.h
index 386c7d794b4..8f23021a45a 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_types.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_types.h
@@ -69,10 +69,21 @@ typedef int32_t psa_status_t;
  */
 
 /** \brief Encoding of a key type.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_TYPE_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint16_t psa_key_type_t;
 
 /** The type of PSA elliptic curve family identifiers.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_ECC_FAMILY_xxx`.
  *
  * The curve identifier is required to create an ECC key using the
  * PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
@@ -80,10 +91,18 @@ typedef uint16_t psa_key_type_t;
  *
  * Values defined by this standard will never be in the range 0x80-0xff.
  * Vendors who define additional families must use an encoding in this range.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint8_t psa_ecc_family_t;
 
 /** The type of PSA Diffie-Hellman group family identifiers.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_DH_FAMILY_xxx`.
  *
  * The group identifier is required to create an Diffie-Hellman key using the
  * PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
@@ -91,16 +110,29 @@ typedef uint8_t psa_ecc_family_t;
  *
  * Values defined by this standard will never be in the range 0x80-0xff.
  * Vendors who define additional families must use an encoding in this range.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint8_t psa_dh_family_t;
 
 /** \brief Encoding of a cryptographic algorithm.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_ALG_xxx`.
  *
  * For algorithms that can be applied to multiple key types, this type
  * does not encode the key type. For example, for symmetric ciphers
  * based on a block cipher, #psa_algorithm_t encodes the block cipher
  * mode and the padding mode while the block cipher itself is encoded
  * via #psa_key_type_t.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint32_t psa_algorithm_t;
 
@@ -142,6 +174,14 @@ typedef uint32_t psa_algorithm_t;
  * #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is
  * available. Other lifetime values may be supported depending on the
  * library configuration.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_LIFETIME_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint32_t psa_key_lifetime_t;
 
@@ -173,6 +213,11 @@ typedef uint32_t psa_key_lifetime_t;
  * \note Key persistence levels are 8-bit values. Key management
  *       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
  *       encode the persistence as the lower 8 bits of a 32-bit value.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint8_t psa_key_persistence_t;
 
@@ -209,6 +254,11 @@ typedef uint8_t psa_key_persistence_t;
  * \note Key location indicators are 24-bit values. Key management
  *       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
  *       encode the location as the upper 24 bits of a 32-bit value.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
  */
 typedef uint32_t psa_key_location_t;
 
@@ -220,9 +270,27 @@ typedef uint32_t psa_key_location_t;
  *   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
  * - 0 is reserved as an invalid key identifier.
  * - Key identifiers outside these ranges are reserved for future use.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to how values are allocated must require careful
+ *       consideration to allow backward compatibility.
  */
 typedef uint32_t psa_key_id_t;
 
+/** Encoding of key identifiers as seen inside the PSA Crypto implementation.
+ *
+ * When PSA Crypto is built as a library inside an application, this type
+ * is identical to #psa_key_id_t. When PSA Crypto is built as a service
+ * that can store keys on behalf of multiple clients, this type
+ * encodes the #psa_key_id_t value seen by each client application as
+ * well as extra information that identifies the client that owns
+ * the key.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
+*/
 #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
 typedef psa_key_id_t mbedtls_svc_key_id_t;
 
@@ -246,7 +314,16 @@ typedef struct
  * @{
  */
 
-/** \brief Encoding of permitted usage on a key. */
+/** \brief Encoding of permitted usage on a key.
+ *
+ * Values of this type are generally constructed as bitwise-ors of macros
+ * called `PSA_KEY_USAGE_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ *       Any changes to existing values will require bumping the storage
+ *       format version and providing a translation when reading the old
+ *       format.
+ */
 typedef uint32_t psa_key_usage_t;
 
 /**@}*/
@@ -375,7 +452,11 @@ typedef uint64_t psa_key_slot_number_t;
  * @{
  */
 
-/** \brief Encoding of the step of a key derivation. */
+/** \brief Encoding of the step of a key derivation.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_DERIVATION_INPUT_xxx`.
+ */
 typedef uint16_t psa_key_derivation_step_t;
 
 /**@}*/
diff --git a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_values.h b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_values.h
index fafe93cf9ba..8b3a815ac19 100644
--- a/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_values.h
+++ b/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/psa/crypto_values.h
@@ -12,6 +12,11 @@
  * designations of cryptographic algorithms, and error codes returned by
  * the library.
  *
+ * Note that many of the constants defined in this file are embedded in
+ * the persistent key store, as part of key metadata (including usage
+ * policies). As a consequence, they must not be changed (unless the storage
+ * format version changes).
+ *
  * This header file only defines preprocessor macros.
  */
 /*
@@ -40,6 +45,18 @@
 
 /* PSA error codes */
 
+/* Error codes are standardized across PSA domains (framework, crypto, storage,
+ * etc.). Do not change the values in this section or even the expansions
+ * of each macro: it must be possible to `#include` both this header
+ * and some other PSA component's headers in the same C source,
+ * which will lead to duplicate definitions of the `PSA_SUCCESS` and
+ * `PSA_ERROR_xxx` macros, which is ok if and only if the macros expand
+ * to the same sequence of tokens.
+ *
+ * If you must add a new
+ * value, check with the Arm PSA framework group to pick one that other
+ * domains aren't already using. */
+
 /** The action was completed successfully. */
 #define PSA_SUCCESS ((psa_status_t)0)
 
@@ -316,6 +333,12 @@
  * @{
  */
 
+/* Note that key type values, including ECC family and DH group values, are
+ * embedded in the persistent key store, as part of key metadata. As a
+ * consequence, they must not be changed (unless the storage format version
+ * changes).
+ */
+
 /** An invalid key type value.
  *
  * Zero is not the encoding of any key type.
@@ -440,9 +463,9 @@
  * Camellia block cipher. */
 #define PSA_KEY_TYPE_CAMELLIA                       ((psa_key_type_t)0x2403)
 
-/** Key for the RC4 stream cipher.
+/** Key for the ARC4 stream cipher (also known as RC4 or ARCFOUR).
  *
- * Note that RC4 is weak and deprecated and should only be used in
+ * Note that ARC4 is weak and deprecated and should only be used in
  * legacy protocols. */
 #define PSA_KEY_TYPE_ARC4                           ((psa_key_type_t)0x2002)
 
@@ -673,6 +696,11 @@
      1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) :                         \
      0u)
 
+/* Note that algorithm values are embedded in the persistent key store,
+ * as part of key metadata. As a consequence, they must not be changed
+ * (unless the storage format version changes).
+ */
+
 /** Vendor-defined algorithm flag.
  *
  * Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG
@@ -1390,7 +1418,7 @@
  * with a random per-message secret number (*k*).
  *
  * The representation of the signature as a byte string consists of
- * the concatentation of the signature values *r* and *s*. Each of
+ * the concatenation of the signature values *r* and *s*. Each of
  * *r* and *s* is encoded as an *N*-octet string, where *N* is the length
  * of the base point of the curve in octets. Each value is represented
  * in big-endian order (most significant octet first).
@@ -1928,6 +1956,11 @@
  * @{
  */
 
+/* Note that location and persistence level values are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
 /** The default lifetime for volatile keys.
  *
  * A volatile key only exists as long as the identifier to it is not destroyed.
@@ -2043,6 +2076,11 @@
 
 #define PSA_KEY_LOCATION_VENDOR_FLAG            ((psa_key_location_t)0x800000)
 
+/* Note that key identifier values are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
 /** The null key identifier.
  */
 #define PSA_KEY_ID_NULL                         ((psa_key_id_t)0)
@@ -2154,6 +2192,11 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
  * @{
  */
 
+/* Note that key usage flags are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
 /** Whether the key may be exported.
  *
  * A public key or the public part of a key pair may always be exported
@@ -2255,6 +2298,9 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
  * @{
  */
 
+/* Key input steps are not embedded in the persistent storage, so you can
+ * change them if needed: it's only an ABI change. */
+
 /** A secret input for key derivation.
  *
  * This should be a key of type #PSA_KEY_TYPE_DERIVE
diff --git a/tools/sdk/esp32s3/include/protocomm/include/transports/protocomm_ble.h b/tools/sdk/esp32s3/include/protocomm/include/transports/protocomm_ble.h
index 2447c1c5d25..d684e7e921a 100644
--- a/tools/sdk/esp32s3/include/protocomm/include/transports/protocomm_ble.h
+++ b/tools/sdk/esp32s3/include/protocomm/include/transports/protocomm_ble.h
@@ -79,10 +79,14 @@ typedef struct protocomm_ble_config {
      */
     protocomm_ble_name_uuid_t *nu_lookup;
 
-    /* BLE bonding */
+    /**
+     * BLE bonding
+     */
     unsigned ble_bonding:1;
 
-    /* BLE security flag */
+    /**
+     * BLE security flag
+     */
     unsigned ble_sm_sc:1;
 
 } protocomm_ble_config_t;
diff --git a/tools/sdk/esp32s3/include/soc/esp32s3/include/soc/soc_caps.h b/tools/sdk/esp32s3/include/soc/esp32s3/include/soc/soc_caps.h
index 1ce8343b129..6234e5c0581 100644
--- a/tools/sdk/esp32s3/include/soc/esp32s3/include/soc/soc_caps.h
+++ b/tools/sdk/esp32s3/include/soc/esp32s3/include/soc/soc_caps.h
@@ -39,6 +39,7 @@
 #define SOC_FLASH_ENCRYPTION_XTS_AES_256 1
 #define SOC_PSRAM_DMA_CAPABLE           1
 #define SOC_XT_WDT_SUPPORTED            1
+#define SOC_TEMP_SENSOR_SUPPORTED       1
 
 /*-------------------------- SOC CAPS ----------------------------------------*/
 #define SOC_APPCPU_HAS_CLOCK_GATING_BUG (1)
diff --git a/tools/sdk/esp32s3/include/soc/esp32s3/include/soc/syscon_reg.h b/tools/sdk/esp32s3/include/soc/esp32s3/include/soc/syscon_reg.h
index d5dae5f1b36..f3f08c1e4fb 100644
--- a/tools/sdk/esp32s3/include/soc/esp32s3/include/soc/syscon_reg.h
+++ b/tools/sdk/esp32s3/include/soc/esp32s3/include/soc/syscon_reg.h
@@ -1,16 +1,8 @@
-// Copyright 2017-2021 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/**
+ * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ */
 #ifndef _SOC_SYSCON_REG_H_
 #define _SOC_SYSCON_REG_H_
 
@@ -179,7 +171,7 @@ extern "C" {
 #define SYSTEM_WIFI_CLK_WIFI_EN_M  ((SYSTEM_WIFI_CLK_WIFI_EN_V)<<(SYSTEM_WIFI_CLK_WIFI_EN_S))
 #define SYSTEM_WIFI_CLK_WIFI_EN_V  0x0
 #define SYSTEM_WIFI_CLK_WIFI_EN_S  0
-/* Mask for all Bluetooth clock bits, 11, 12, 16, 17 */
+/* Mask for all Bluetooth clock bits, 11, 16, 17 */
 #define SYSTEM_WIFI_CLK_BT_EN  0x0
 #define SYSTEM_WIFI_CLK_BT_EN_M  ((SYSTEM_WIFI_CLK_BT_EN_V)<<(SYSTEM_WIFI_CLK_BT_EN_S))
 #define SYSTEM_WIFI_CLK_BT_EN_V  0x0
@@ -187,14 +179,13 @@ extern "C" {
 /* Mask for clock bits used by both WIFI and Bluetooth, 0, 1, 2, 3, 7, 8, 9, 10, 19, 20, 21, 22, 23 */
 #define SYSTEM_WIFI_CLK_WIFI_BT_COMMON_M 0x78078F
 
-/* Digital team to check */
 //bluetooth baseband bit11
 #define SYSTEM_BT_BASEBAND_EN BIT(11)
 //bluetooth LC bit16 and bit17
 #define SYSTEM_BT_LC_EN (BIT(16) | BIT(17))
 
 /* Remaining single bit clock masks */
-#define SYSTEM_WIFI_CLK_UNUSED_BIT5 BIT(5)
+#define SYSTEM_WIFI_CLK_I2C_CLK_EN BIT(5)
 #define SYSTEM_WIFI_CLK_UNUSED_BIT12 BIT(12)
 #define SYSTEM_WIFI_CLK_SDIO_HOST_EN BIT(13)
 #define SYSTEM_WIFI_CLK_EMAC_EN BIT(14)
@@ -208,19 +199,19 @@ extern "C" {
 #define SYSTEM_WIFI_RST_M ((SYSTEM_WIFI_RST_V) << (SYSTEM_WIFI_RST_S))
 #define SYSTEM_WIFI_RST_V 0xFFFFFFFF
 #define SYSTEM_WIFI_RST_S 0
-#define SYSTEM_BB_REG_RST (BIT(13))
-#define SYSTEM_PWR_REG_RST (BIT(12))
-#define SYSTEM_BLE_REG_RST (BIT(11))
-#define SYSTEM_RW_BTLP_RST (BIT(10))
-#define SYSTEM_RW_BTMAC_RST (BIT(9))
-#define SYSTEM_MACPWR_RST (BIT(8))
-#define SYSTEM_EMAC_RST (BIT(7))
-#define SYSTEM_SDIO_RST (BIT(5))
-#define SYSTEM_BTMAC_RST (BIT(4))
-#define SYSTEM_BT_RST (BIT(3))
-#define SYSTEM_MAC_RST (BIT(2))
-#define SYSTEM_FE_RST (BIT(1))
-#define SYSTEM_BB_RST (BIT(0))
+#define SYSTEM_WIFIBB_RST           BIT(0)
+#define SYSTEM_FE_RST               BIT(1)
+#define SYSTEM_WIFIMAC_RST          BIT(2)
+#define SYSTEM_BTBB_RST             BIT(3)    /* Bluetooth Baseband */
+#define SYSTEM_BTMAC_RST            BIT(4)    /* deprecated */
+#define SYSTEM_SDIO_RST             BIT(5)
+#define SYSTEM_EMAC_RST             BIT(7)
+#define SYSTEM_MACPWR_RST           BIT(8)
+#define SYSTEM_RW_BTMAC_RST         BIT(9)    /* Bluetooth MAC */
+#define SYSTEM_RW_BTLP_RST          BIT(10)   /* Bluetooth Low Power Module */
+#define SYSTEM_RW_BTMAC_REG_RST     BIT(11)   /* Bluetooth MAC Regsiters */
+#define SYSTEM_RW_BTLP_REG_RST      BIT(12)   /* Bluetooth Low Power Registers */
+#define SYSTEM_BTBB_REG_RST         BIT(13)   /* Bluetooth Baseband Registers */
 
 #define SYSCON_HOST_INF_SEL_REG          (DR_REG_SYSCON_BASE + 0x1C)
 /* SYSCON_PERI_IO_SWAP : R/W ;bitpos:[7:0] ;default: 8'h0 ; */
diff --git a/tools/sdk/esp32s3/include/soc/esp32s3/include/soc/usb_pins.h b/tools/sdk/esp32s3/include/soc/esp32s3/include/soc/usb_pins.h
index c8ad806e083..fb68c49bc9a 100644
--- a/tools/sdk/esp32s3/include/soc/esp32s3/include/soc/usb_pins.h
+++ b/tools/sdk/esp32s3/include/soc/esp32s3/include/soc/usb_pins.h
@@ -15,11 +15,11 @@
 #pragma once
 
 /* GPIOs used to connect an external USB PHY */
-#define USBPHY_VP_NUM 33
-#define USBPHY_VM_NUM 34
-#define USBPHY_RCV_NUM 35
-#define USBPHY_OEN_NUM 36
-#define USBPHY_VPO_NUM 37
+#define USBPHY_VP_NUM 42
+#define USBPHY_VM_NUM 41
+#define USBPHY_RCV_NUM 21
+#define USBPHY_OEN_NUM 40
+#define USBPHY_VPO_NUM 39
 #define USBPHY_VMO_NUM 38
 
 /* GPIOs corresponding to the pads of the internal USB PHY */
diff --git a/tools/sdk/esp32s3/include/usb/include/usb/usb_host.h b/tools/sdk/esp32s3/include/usb/include/usb/usb_host.h
index 8c6f6f42b1b..c9b9ce6f615 100644
--- a/tools/sdk/esp32s3/include/usb/include/usb/usb_host.h
+++ b/tools/sdk/esp32s3/include/usb/include/usb/usb_host.h
@@ -65,10 +65,10 @@ typedef struct {
     union {
         struct {
             uint8_t address;                    /**< New device's address */
-        } new_dev;
+        } new_dev;                              /**< New device info */
         struct {
             usb_device_handle_t dev_hdl;        /**< The handle of the device that was gone */
-        } dev_gone;
+        } dev_gone;                             /**< Gone device info */
     };
 } usb_host_client_event_msg_t;
 
@@ -120,7 +120,7 @@ typedef struct {
         struct {
             usb_host_client_event_cb_t client_event_callback;   /**< Client's event callback function */
             void *callback_arg;                                 /**< Event callback function argument */
-        } async;
+        } async;                                                /**< Async callback config */
     };
 } usb_host_client_config_t;
 
diff --git a/tools/sdk/esp32s3/include/usb/include/usb/usb_types_ch9.h b/tools/sdk/esp32s3/include/usb/include/usb/usb_types_ch9.h
index b11305900f0..177fc15bf90 100644
--- a/tools/sdk/esp32s3/include/usb/include/usb/usb_types_ch9.h
+++ b/tools/sdk/esp32s3/include/usb/include/usb/usb_types_ch9.h
@@ -96,7 +96,7 @@ typedef union {
         uint16_t wIndex;                    /**< Word-sized field that varies according to request; typically used to pass an index or offset */
         uint16_t wLength;                   /**< Number of bytes to transfer if there is a data stage */
     } __attribute__((packed));
-    uint8_t val[USB_SETUP_PACKET_SIZE];
+    uint8_t val[USB_SETUP_PACKET_SIZE];     /**< Descriptor value */
 } usb_setup_packet_t;
 _Static_assert(sizeof(usb_setup_packet_t) == USB_SETUP_PACKET_SIZE, "Size of usb_setup_packet_t incorrect");
 
@@ -241,8 +241,8 @@ typedef union {
     struct {
         uint8_t bLength;                    /**< Size of the descriptor in bytes */
         uint8_t bDescriptorType;            /**< Descriptor Type */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_STANDARD_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_STANDARD_DESC_SIZE];    /**< Descriptor value */
 } usb_standard_desc_t;
 _Static_assert(sizeof(usb_standard_desc_t) == USB_STANDARD_DESC_SIZE, "Size of usb_standard_desc_t incorrect");
 
@@ -274,8 +274,8 @@ typedef union {
         uint8_t iProduct;                   /**< Index of string descriptor describing product */
         uint8_t iSerialNumber;              /**< Index of string descriptor describing the device’s serial number */
         uint8_t bNumConfigurations;         /**< Number of possible configurations */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_DEVICE_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_DEVICE_DESC_SIZE];      /**< Descriptor value */
 } usb_device_desc_t;
 _Static_assert(sizeof(usb_device_desc_t) == USB_DEVICE_DESC_SIZE, "Size of usb_device_desc_t incorrect");
 
@@ -337,8 +337,8 @@ typedef union {
         uint8_t iConfiguration;             /**< Index of string descriptor describing this configuration */
         uint8_t bmAttributes;               /**< Configuration characteristics */
         uint8_t bMaxPower;                  /**< Maximum power consumption of the USB device from the bus in this specific configuration when the device is fully operational. */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_CONFIG_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_CONFIG_DESC_SIZE];      /**< Descriptor value */
 } usb_config_desc_t;
 _Static_assert(sizeof(usb_config_desc_t) == USB_CONFIG_DESC_SIZE, "Size of usb_config_desc_t incorrect");
 
@@ -370,8 +370,8 @@ typedef union {
         uint8_t bFunctionSubClass;          /**< Subclass code (assigned by USB-IF) */
         uint8_t bFunctionProtocol;          /**< Protocol code (assigned by USB-IF) */
         uint8_t iFunction;                  /**< Index of string descriptor describing this function */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_IAD_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_IAD_DESC_SIZE];         /**< Descriptor value */
 } usb_iad_desc_t;
 _Static_assert(sizeof(usb_iad_desc_t) == USB_IAD_DESC_SIZE, "Size of usb_iad_desc_t incorrect");
 
@@ -398,8 +398,8 @@ typedef union {
         uint8_t bInterfaceSubClass;         /**< Subclass code (assigned by the USB-IF) */
         uint8_t bInterfaceProtocol;         /**< Protocol code (assigned by the USB) */
         uint8_t iInterface;                 /**< Index of string descriptor describing this interface */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_INTF_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_INTF_DESC_SIZE];        /**< Descriptor value */
 } usb_intf_desc_t;
 _Static_assert(sizeof(usb_intf_desc_t) == USB_INTF_DESC_SIZE, "Size of usb_intf_desc_t incorrect");
 
@@ -423,8 +423,8 @@ typedef union {
         uint8_t bmAttributes;               /**< This field describes the endpoint’s attributes when it is configured using the bConfigurationValue. */
         uint16_t wMaxPacketSize;            /**< Maximum packet size this endpoint is capable of sending or receiving when this configuration is selected. */
         uint8_t bInterval;                  /**< Interval for polling Isochronous and Interrupt endpoints. Expressed in frames or microframes depending on the device operating speed (1 ms for Low-Speed and Full-Speed or 125 us for USB High-Speed and above). */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_EP_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_EP_DESC_SIZE];          /**< Descriptor value */
 } usb_ep_desc_t;
 _Static_assert(sizeof(usb_ep_desc_t) == USB_EP_DESC_SIZE, "Size of usb_ep_desc_t incorrect");
 
@@ -475,8 +475,8 @@ typedef union {
         uint8_t bLength;                    /**< Size of the descriptor in bytes */
         uint8_t bDescriptorType;            /**< STRING Descriptor Type */
         uint16_t wData[];                   /**< UTF-16LE encoded */
-    } USB_DESC_ATTR;
-    uint8_t val[USB_STR_DESC_SIZE];
+    } USB_DESC_ATTR;                        /**< USB descriptor attributes */
+    uint8_t val[USB_STR_DESC_SIZE];         /**< Descriptor value */
 } usb_str_desc_t;
 _Static_assert(sizeof(usb_str_desc_t) == USB_STR_DESC_SIZE, "Size of usb_str_desc_t incorrect");
 
diff --git a/tools/sdk/esp32s3/include/usb/include/usb/usb_types_stack.h b/tools/sdk/esp32s3/include/usb/include/usb/usb_types_stack.h
index c438c54a7f8..4d71753a0a7 100644
--- a/tools/sdk/esp32s3/include/usb/include/usb/usb_types_stack.h
+++ b/tools/sdk/esp32s3/include/usb/include/usb/usb_types_stack.h
@@ -122,6 +122,10 @@ typedef struct usb_transfer_s usb_transfer_t;
  */
 typedef void (*usb_transfer_cb_t)(usb_transfer_t *transfer);
 
+/**
+ * @brief USB transfer structure
+ *
+ */
 struct usb_transfer_s{
     uint8_t *const data_buffer;                     /**< Pointer to data buffer */
     const size_t data_buffer_size;                  /**< Size of the data buffer in bytes */
diff --git a/tools/sdk/esp32s3/include/xtensa/include/xtensa/xtensa_context.h b/tools/sdk/esp32s3/include/xtensa/include/xtensa/xtensa_context.h
index e655904423f..8c25b186701 100644
--- a/tools/sdk/esp32s3/include/xtensa/include/xtensa/xtensa_context.h
+++ b/tools/sdk/esp32s3/include/xtensa/include/xtensa/xtensa_context.h
@@ -188,6 +188,14 @@ STRUCT_END(XtExcFrame)
   by the callee according to the compiler's ABI conventions, some space to save
   the return address for returning to the caller, and the caller's PS register.
 
+  Note: Although the xtensa ABI considers the threadptr as "global" across
+  functions (meaning it is neither caller or callee saved), it is treated as a
+  callee-saved register in a solicited stack frame. This omits the need for the
+  OS to include extra logic to save "global" registers on each context switch.
+  Only the threadptr register is treated as callee-saved, as all other NCP
+  (non-coprocessor extra) registers are caller-saved. See "tie.h" for more
+  details.
+
   For Windowed ABI, this stack frame includes the caller's base save area.
 
   Note on XT_SOL_EXIT field:
@@ -204,7 +212,11 @@ STRUCT_BEGIN
 STRUCT_FIELD (long, 4, XT_SOL_EXIT, exit)
 STRUCT_FIELD (long, 4, XT_SOL_PC,   pc)
 STRUCT_FIELD (long, 4, XT_SOL_PS,   ps)
-STRUCT_FIELD (long, 4, XT_SOL_NEXT, next)
+#if XCHAL_HAVE_THREADPTR
+STRUCT_FIELD (long, 4, XT_SOL_THREADPTR, threadptr)
+#else
+STRUCT_FIELD (long, 4, XT_SOL_NEXT, next)   /* Dummy register for 16-byte alignment */
+#endif
 STRUCT_FIELD (long, 4, XT_SOL_A12,  a12)    /* should be on 16-byte alignment */
 STRUCT_FIELD (long, 4, XT_SOL_A13,  a13)
 STRUCT_FIELD (long, 4, XT_SOL_A14,  a14)
@@ -213,7 +225,11 @@ STRUCT_FIELD (long, 4, XT_SOL_A15,  a15)
 STRUCT_FIELD (long, 4, XT_SOL_EXIT, exit)
 STRUCT_FIELD (long, 4, XT_SOL_PC,   pc)
 STRUCT_FIELD (long, 4, XT_SOL_PS,   ps)
-STRUCT_FIELD (long, 4, XT_SOL_NEXT, next)
+#if XCHAL_HAVE_THREADPTR
+STRUCT_FIELD (long, 4, XT_SOL_THREADPTR, threadptr)
+#else
+STRUCT_FIELD (long, 4, XT_SOL_NEXT, next)   /* Dummy register for 16-byte alignment */
+#endif
 STRUCT_FIELD (long, 4, XT_SOL_A0,   a0)    /* should be on 16-byte alignment */
 STRUCT_FIELD (long, 4, XT_SOL_A1,   a1)
 STRUCT_FIELD (long, 4, XT_SOL_A2,   a2)
diff --git a/tools/sdk/esp32s3/ld/esp32s3.rom.ld b/tools/sdk/esp32s3/ld/esp32s3.rom.ld
index 2c7677ab860..e3dc51463ea 100644
--- a/tools/sdk/esp32s3/ld/esp32s3.rom.ld
+++ b/tools/sdk/esp32s3/ld/esp32s3.rom.ld
@@ -1855,7 +1855,7 @@ pm_on_data_rx = 0x400054c0;
 pm_on_tbtt = 0x400054cc;
 pm_parse_beacon = 0x400054d8;
 pm_process_tim = 0x400054e4;
-pm_rx_beacon_process = 0x400054f0;
+/*pm_rx_beacon_process = 0x400054f0;*/
 pm_rx_data_process = 0x400054fc;
 /*pm_sleep = 0x40005508;*/
 pm_sleep_for = 0x40005514;
@@ -2032,7 +2032,7 @@ ieee80211_is_tx_allowed = 0x40005a78;
 ieee80211_output_pending_eb = 0x40005a84;
 ieee80211_output_process = 0x40005a90;
 ieee80211_set_tx_desc = 0x40005a9c;
-sta_input = 0x40005aa8;
+/*sta_input = 0x40005aa8;*/
 wifi_get_macaddr = 0x40005ab4;
 wifi_rf_phy_disable = 0x40005ac0;
 wifi_rf_phy_enable = 0x40005acc;
diff --git a/tools/sdk/esp32s3/ld/libbtdm_app.a b/tools/sdk/esp32s3/ld/libbtdm_app.a
index c8189c4a006..7bcc56d1b25 100644
Binary files a/tools/sdk/esp32s3/ld/libbtdm_app.a and b/tools/sdk/esp32s3/ld/libbtdm_app.a differ
diff --git a/tools/sdk/esp32s3/lib/libapp_update.a b/tools/sdk/esp32s3/lib/libapp_update.a
index e4f3fb3e1c0..6a260054126 100644
Binary files a/tools/sdk/esp32s3/lib/libapp_update.a and b/tools/sdk/esp32s3/lib/libapp_update.a differ
diff --git a/tools/sdk/esp32s3/lib/libarduino_tinyusb.a b/tools/sdk/esp32s3/lib/libarduino_tinyusb.a
index 3c7b89d357b..1608dfa6850 100644
Binary files a/tools/sdk/esp32s3/lib/libarduino_tinyusb.a and b/tools/sdk/esp32s3/lib/libarduino_tinyusb.a differ
diff --git a/tools/sdk/esp32s3/lib/libbt.a b/tools/sdk/esp32s3/lib/libbt.a
index c4995bc1931..cd258ea1af1 100644
Binary files a/tools/sdk/esp32s3/lib/libbt.a and b/tools/sdk/esp32s3/lib/libbt.a differ
diff --git a/tools/sdk/esp32s3/lib/libbutton.a b/tools/sdk/esp32s3/lib/libbutton.a
index 8f8b2e582a7..10757918c0f 100644
Binary files a/tools/sdk/esp32s3/lib/libbutton.a and b/tools/sdk/esp32s3/lib/libbutton.a differ
diff --git a/tools/sdk/esp32s3/lib/libcoap.a b/tools/sdk/esp32s3/lib/libcoap.a
index 77f39b8cbd3..d8ed8d8e9d5 100644
Binary files a/tools/sdk/esp32s3/lib/libcoap.a and b/tools/sdk/esp32s3/lib/libcoap.a differ
diff --git a/tools/sdk/esp32s3/lib/libcoexist.a b/tools/sdk/esp32s3/lib/libcoexist.a
index 700a81ab25e..c8d098d5372 100644
Binary files a/tools/sdk/esp32s3/lib/libcoexist.a and b/tools/sdk/esp32s3/lib/libcoexist.a differ
diff --git a/tools/sdk/esp32s3/lib/libconsole.a b/tools/sdk/esp32s3/lib/libconsole.a
index 7318600bd52..7bfe0b3e708 100644
Binary files a/tools/sdk/esp32s3/lib/libconsole.a and b/tools/sdk/esp32s3/lib/libconsole.a differ
diff --git a/tools/sdk/esp32s3/lib/libcore.a b/tools/sdk/esp32s3/lib/libcore.a
index 7481054029d..21084cdbd3d 100644
Binary files a/tools/sdk/esp32s3/lib/libcore.a and b/tools/sdk/esp32s3/lib/libcore.a differ
diff --git a/tools/sdk/esp32s3/lib/libcxx.a b/tools/sdk/esp32s3/lib/libcxx.a
index b2ab8681fd3..529147f6049 100644
Binary files a/tools/sdk/esp32s3/lib/libcxx.a and b/tools/sdk/esp32s3/lib/libcxx.a differ
diff --git a/tools/sdk/esp32s3/lib/libdriver.a b/tools/sdk/esp32s3/lib/libdriver.a
index 9584ad02150..38cd56d0a0f 100644
Binary files a/tools/sdk/esp32s3/lib/libdriver.a and b/tools/sdk/esp32s3/lib/libdriver.a differ
diff --git a/tools/sdk/esp32s3/lib/libefuse.a b/tools/sdk/esp32s3/lib/libefuse.a
index 3ec8a33566b..34dbdb84918 100644
Binary files a/tools/sdk/esp32s3/lib/libefuse.a and b/tools/sdk/esp32s3/lib/libefuse.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp-tls.a b/tools/sdk/esp32s3/lib/libesp-tls.a
index b85d64e5fd9..0ecfff20a8a 100644
Binary files a/tools/sdk/esp32s3/lib/libesp-tls.a and b/tools/sdk/esp32s3/lib/libesp-tls.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp32-camera.a b/tools/sdk/esp32s3/lib/libesp32-camera.a
index 9c9ea477358..dde00f2d08e 100644
Binary files a/tools/sdk/esp32s3/lib/libesp32-camera.a and b/tools/sdk/esp32s3/lib/libesp32-camera.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_common.a b/tools/sdk/esp32s3/lib/libesp_common.a
index 2f9af9f5b4a..d6cfe2cdb04 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_common.a and b/tools/sdk/esp32s3/lib/libesp_common.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_eth.a b/tools/sdk/esp32s3/lib/libesp_eth.a
index 79b17edece3..895f4a832c4 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_eth.a and b/tools/sdk/esp32s3/lib/libesp_eth.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_event.a b/tools/sdk/esp32s3/lib/libesp_event.a
index ec4cdc86059..82d8f7a8329 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_event.a and b/tools/sdk/esp32s3/lib/libesp_event.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_gdbstub.a b/tools/sdk/esp32s3/lib/libesp_gdbstub.a
index ad3ce59bcc2..63b1153c4d5 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_gdbstub.a and b/tools/sdk/esp32s3/lib/libesp_gdbstub.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_hid.a b/tools/sdk/esp32s3/lib/libesp_hid.a
index bd58d8fd98e..1495c8b0289 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_hid.a and b/tools/sdk/esp32s3/lib/libesp_hid.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_http_client.a b/tools/sdk/esp32s3/lib/libesp_http_client.a
index fa960d47f62..01cd73c2178 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_http_client.a and b/tools/sdk/esp32s3/lib/libesp_http_client.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_http_server.a b/tools/sdk/esp32s3/lib/libesp_http_server.a
index 6ce6132c9e4..2f210f2712b 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_http_server.a and b/tools/sdk/esp32s3/lib/libesp_http_server.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_https_server.a b/tools/sdk/esp32s3/lib/libesp_https_server.a
index a0d5ba631b8..833288e913c 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_https_server.a and b/tools/sdk/esp32s3/lib/libesp_https_server.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_ipc.a b/tools/sdk/esp32s3/lib/libesp_ipc.a
index 0b24426b087..c4f9d111902 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_ipc.a and b/tools/sdk/esp32s3/lib/libesp_ipc.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_lcd.a b/tools/sdk/esp32s3/lib/libesp_lcd.a
index dcdbeaac505..76a1e618fcf 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_lcd.a and b/tools/sdk/esp32s3/lib/libesp_lcd.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_littlefs.a b/tools/sdk/esp32s3/lib/libesp_littlefs.a
index 8187f7e5b34..b03528d8ee4 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_littlefs.a and b/tools/sdk/esp32s3/lib/libesp_littlefs.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_local_ctrl.a b/tools/sdk/esp32s3/lib/libesp_local_ctrl.a
index a699f903554..1fe6af4bd22 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_local_ctrl.a and b/tools/sdk/esp32s3/lib/libesp_local_ctrl.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_netif.a b/tools/sdk/esp32s3/lib/libesp_netif.a
index 0a0c7c31c86..ff90e45ef97 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_netif.a and b/tools/sdk/esp32s3/lib/libesp_netif.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_phy.a b/tools/sdk/esp32s3/lib/libesp_phy.a
index e17cdf2aaf1..4203965e7fc 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_phy.a and b/tools/sdk/esp32s3/lib/libesp_phy.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_rainmaker.a b/tools/sdk/esp32s3/lib/libesp_rainmaker.a
index a8580c929c6..7b97a2f35dd 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_rainmaker.a and b/tools/sdk/esp32s3/lib/libesp_rainmaker.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_ringbuf.a b/tools/sdk/esp32s3/lib/libesp_ringbuf.a
index fd0ab574b88..85a3c1a729d 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_ringbuf.a and b/tools/sdk/esp32s3/lib/libesp_ringbuf.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_timer.a b/tools/sdk/esp32s3/lib/libesp_timer.a
index 1a64dd8167d..37c11f02026 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_timer.a and b/tools/sdk/esp32s3/lib/libesp_timer.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_websocket_client.a b/tools/sdk/esp32s3/lib/libesp_websocket_client.a
index 1725bb1214a..a8502fe4e28 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_websocket_client.a and b/tools/sdk/esp32s3/lib/libesp_websocket_client.a differ
diff --git a/tools/sdk/esp32s3/lib/libesp_wifi.a b/tools/sdk/esp32s3/lib/libesp_wifi.a
index 885014a49d0..96a7bbb6876 100644
Binary files a/tools/sdk/esp32s3/lib/libesp_wifi.a and b/tools/sdk/esp32s3/lib/libesp_wifi.a differ
diff --git a/tools/sdk/esp32s3/lib/libespnow.a b/tools/sdk/esp32s3/lib/libespnow.a
index 0f37d1e23b8..519453095a1 100644
Binary files a/tools/sdk/esp32s3/lib/libespnow.a and b/tools/sdk/esp32s3/lib/libespnow.a differ
diff --git a/tools/sdk/esp32s3/lib/libfatfs.a b/tools/sdk/esp32s3/lib/libfatfs.a
index f88fdc3ff96..72aae0884a3 100644
Binary files a/tools/sdk/esp32s3/lib/libfatfs.a and b/tools/sdk/esp32s3/lib/libfatfs.a differ
diff --git a/tools/sdk/esp32s3/lib/libfreemodbus.a b/tools/sdk/esp32s3/lib/libfreemodbus.a
index abf6ac58e87..6b386964dc3 100644
Binary files a/tools/sdk/esp32s3/lib/libfreemodbus.a and b/tools/sdk/esp32s3/lib/libfreemodbus.a differ
diff --git a/tools/sdk/esp32s3/lib/libhal.a b/tools/sdk/esp32s3/lib/libhal.a
index 0b39321bc12..5748ebf850d 100644
Binary files a/tools/sdk/esp32s3/lib/libhal.a and b/tools/sdk/esp32s3/lib/libhal.a differ
diff --git a/tools/sdk/esp32s3/lib/liblog.a b/tools/sdk/esp32s3/lib/liblog.a
index 17a07b63e7f..1ab3549f5d7 100644
Binary files a/tools/sdk/esp32s3/lib/liblog.a and b/tools/sdk/esp32s3/lib/liblog.a differ
diff --git a/tools/sdk/esp32s3/lib/liblwip.a b/tools/sdk/esp32s3/lib/liblwip.a
index 6ab14596c2b..049353326be 100644
Binary files a/tools/sdk/esp32s3/lib/liblwip.a and b/tools/sdk/esp32s3/lib/liblwip.a differ
diff --git a/tools/sdk/esp32s3/lib/libmbedcrypto.a b/tools/sdk/esp32s3/lib/libmbedcrypto.a
index b19ec6ccd2c..e1c802a8bb4 100644
Binary files a/tools/sdk/esp32s3/lib/libmbedcrypto.a and b/tools/sdk/esp32s3/lib/libmbedcrypto.a differ
diff --git a/tools/sdk/esp32s3/lib/libmbedtls.a b/tools/sdk/esp32s3/lib/libmbedtls.a
index e74d8893056..24f40c8b6a1 100644
Binary files a/tools/sdk/esp32s3/lib/libmbedtls.a and b/tools/sdk/esp32s3/lib/libmbedtls.a differ
diff --git a/tools/sdk/esp32s3/lib/libmbedtls_2.a b/tools/sdk/esp32s3/lib/libmbedtls_2.a
index 34efa8c57c2..682c912e19f 100644
Binary files a/tools/sdk/esp32s3/lib/libmbedtls_2.a and b/tools/sdk/esp32s3/lib/libmbedtls_2.a differ
diff --git a/tools/sdk/esp32s3/lib/libmbedx509.a b/tools/sdk/esp32s3/lib/libmbedx509.a
index be68b89f8f5..712a59e2a3f 100644
Binary files a/tools/sdk/esp32s3/lib/libmbedx509.a and b/tools/sdk/esp32s3/lib/libmbedx509.a differ
diff --git a/tools/sdk/esp32s3/lib/libmdns.a b/tools/sdk/esp32s3/lib/libmdns.a
index 8266e266110..213cec5d63a 100644
Binary files a/tools/sdk/esp32s3/lib/libmdns.a and b/tools/sdk/esp32s3/lib/libmdns.a differ
diff --git a/tools/sdk/esp32s3/lib/libmesh.a b/tools/sdk/esp32s3/lib/libmesh.a
index 7db9776f434..984730c553b 100644
Binary files a/tools/sdk/esp32s3/lib/libmesh.a and b/tools/sdk/esp32s3/lib/libmesh.a differ
diff --git a/tools/sdk/esp32s3/lib/libmqtt.a b/tools/sdk/esp32s3/lib/libmqtt.a
index a72a12af3ca..03976837883 100644
Binary files a/tools/sdk/esp32s3/lib/libmqtt.a and b/tools/sdk/esp32s3/lib/libmqtt.a differ
diff --git a/tools/sdk/esp32s3/lib/libnet80211.a b/tools/sdk/esp32s3/lib/libnet80211.a
index 33358628b82..a2bd357c09b 100644
Binary files a/tools/sdk/esp32s3/lib/libnet80211.a and b/tools/sdk/esp32s3/lib/libnet80211.a differ
diff --git a/tools/sdk/esp32s3/lib/libnewlib.a b/tools/sdk/esp32s3/lib/libnewlib.a
index ffad08f2417..2fab14d9247 100644
Binary files a/tools/sdk/esp32s3/lib/libnewlib.a and b/tools/sdk/esp32s3/lib/libnewlib.a differ
diff --git a/tools/sdk/esp32s3/lib/libnvs_flash.a b/tools/sdk/esp32s3/lib/libnvs_flash.a
index 9719476b021..395da7266b4 100644
Binary files a/tools/sdk/esp32s3/lib/libnvs_flash.a and b/tools/sdk/esp32s3/lib/libnvs_flash.a differ
diff --git a/tools/sdk/esp32s3/lib/libopenssl.a b/tools/sdk/esp32s3/lib/libopenssl.a
index 5774cbcb325..1af1d16a728 100644
Binary files a/tools/sdk/esp32s3/lib/libopenssl.a and b/tools/sdk/esp32s3/lib/libopenssl.a differ
diff --git a/tools/sdk/esp32s3/lib/libpp.a b/tools/sdk/esp32s3/lib/libpp.a
index 11487cd832c..25cc82935c4 100644
Binary files a/tools/sdk/esp32s3/lib/libpp.a and b/tools/sdk/esp32s3/lib/libpp.a differ
diff --git a/tools/sdk/esp32s3/lib/libprotocomm.a b/tools/sdk/esp32s3/lib/libprotocomm.a
index d4f607b7968..e69194b9fe3 100644
Binary files a/tools/sdk/esp32s3/lib/libprotocomm.a and b/tools/sdk/esp32s3/lib/libprotocomm.a differ
diff --git a/tools/sdk/esp32s3/lib/libpthread.a b/tools/sdk/esp32s3/lib/libpthread.a
index da4184eb1c8..91de4192be2 100644
Binary files a/tools/sdk/esp32s3/lib/libpthread.a and b/tools/sdk/esp32s3/lib/libpthread.a differ
diff --git a/tools/sdk/esp32s3/lib/librmaker_common.a b/tools/sdk/esp32s3/lib/librmaker_common.a
index c1daabd039f..c1fdcb9d1c4 100644
Binary files a/tools/sdk/esp32s3/lib/librmaker_common.a and b/tools/sdk/esp32s3/lib/librmaker_common.a differ
diff --git a/tools/sdk/esp32s3/lib/libsmartconfig.a b/tools/sdk/esp32s3/lib/libsmartconfig.a
index 8d9753aae39..95c5633c02c 100644
Binary files a/tools/sdk/esp32s3/lib/libsmartconfig.a and b/tools/sdk/esp32s3/lib/libsmartconfig.a differ
diff --git a/tools/sdk/esp32s3/lib/libsoc.a b/tools/sdk/esp32s3/lib/libsoc.a
index 2bc153ec582..fb9aea73da0 100644
Binary files a/tools/sdk/esp32s3/lib/libsoc.a and b/tools/sdk/esp32s3/lib/libsoc.a differ
diff --git a/tools/sdk/esp32s3/lib/libspiffs.a b/tools/sdk/esp32s3/lib/libspiffs.a
index faa9815f1e3..0ac91464b98 100644
Binary files a/tools/sdk/esp32s3/lib/libspiffs.a and b/tools/sdk/esp32s3/lib/libspiffs.a differ
diff --git a/tools/sdk/esp32s3/lib/libtcp_transport.a b/tools/sdk/esp32s3/lib/libtcp_transport.a
index 68784210974..72265c7f2f9 100644
Binary files a/tools/sdk/esp32s3/lib/libtcp_transport.a and b/tools/sdk/esp32s3/lib/libtcp_transport.a differ
diff --git a/tools/sdk/esp32s3/lib/libtcpip_adapter.a b/tools/sdk/esp32s3/lib/libtcpip_adapter.a
index 9b30e0deb8a..9a19f50c49c 100644
Binary files a/tools/sdk/esp32s3/lib/libtcpip_adapter.a and b/tools/sdk/esp32s3/lib/libtcpip_adapter.a differ
diff --git a/tools/sdk/esp32s3/lib/libusb.a b/tools/sdk/esp32s3/lib/libusb.a
index b46127a2b02..9f826c19e86 100644
Binary files a/tools/sdk/esp32s3/lib/libusb.a and b/tools/sdk/esp32s3/lib/libusb.a differ
diff --git a/tools/sdk/esp32s3/lib/libvfs.a b/tools/sdk/esp32s3/lib/libvfs.a
index fe3bdd6dc80..34bf2848fd8 100644
Binary files a/tools/sdk/esp32s3/lib/libvfs.a and b/tools/sdk/esp32s3/lib/libvfs.a differ
diff --git a/tools/sdk/esp32s3/lib/libwapi.a b/tools/sdk/esp32s3/lib/libwapi.a
index 82910097074..0da3905786c 100644
Binary files a/tools/sdk/esp32s3/lib/libwapi.a and b/tools/sdk/esp32s3/lib/libwapi.a differ
diff --git a/tools/sdk/esp32s3/lib/libwifi_provisioning.a b/tools/sdk/esp32s3/lib/libwifi_provisioning.a
index 466672860d5..1da8a553a90 100644
Binary files a/tools/sdk/esp32s3/lib/libwifi_provisioning.a and b/tools/sdk/esp32s3/lib/libwifi_provisioning.a differ
diff --git a/tools/sdk/esp32s3/lib/libwpa_supplicant.a b/tools/sdk/esp32s3/lib/libwpa_supplicant.a
index e621a7afb82..1be7595cf39 100644
Binary files a/tools/sdk/esp32s3/lib/libwpa_supplicant.a and b/tools/sdk/esp32s3/lib/libwpa_supplicant.a differ
diff --git a/tools/sdk/esp32s3/lib/libxtensa.a b/tools/sdk/esp32s3/lib/libxtensa.a
index 6012925179d..36fb7be41d2 100644
Binary files a/tools/sdk/esp32s3/lib/libxtensa.a and b/tools/sdk/esp32s3/lib/libxtensa.a differ
diff --git a/tools/sdk/esp32s3/opi_opi/include/sdkconfig.h b/tools/sdk/esp32s3/opi_opi/include/sdkconfig.h
index 4c0ed0f489f..f5c1170cc3b 100644
--- a/tools/sdk/esp32s3/opi_opi/include/sdkconfig.h
+++ b/tools/sdk/esp32s3/opi_opi/include/sdkconfig.h
@@ -65,6 +65,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -1009,5 +1010,5 @@
 #define CONFIG_USB_MSC_BUFSIZE CONFIG_TINYUSB_MSC_BUFSIZE
 #define CONFIG_USB_MSC_ENABLED CONFIG_TINYUSB_MSC_ENABLED
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32s3/opi_opi/libesp_hw_support.a b/tools/sdk/esp32s3/opi_opi/libesp_hw_support.a
index 36e754ceb1d..f0dabaa25e4 100644
Binary files a/tools/sdk/esp32s3/opi_opi/libesp_hw_support.a and b/tools/sdk/esp32s3/opi_opi/libesp_hw_support.a differ
diff --git a/tools/sdk/esp32s3/opi_opi/libesp_system.a b/tools/sdk/esp32s3/opi_opi/libesp_system.a
index e5a6ba66885..5d3e99ffad5 100644
Binary files a/tools/sdk/esp32s3/opi_opi/libesp_system.a and b/tools/sdk/esp32s3/opi_opi/libesp_system.a differ
diff --git a/tools/sdk/esp32s3/opi_opi/libfreertos.a b/tools/sdk/esp32s3/opi_opi/libfreertos.a
index 588f88dd65c..7fd9af5d45f 100644
Binary files a/tools/sdk/esp32s3/opi_opi/libfreertos.a and b/tools/sdk/esp32s3/opi_opi/libfreertos.a differ
diff --git a/tools/sdk/esp32s3/opi_opi/libspi_flash.a b/tools/sdk/esp32s3/opi_opi/libspi_flash.a
index dbedf7a359b..3e4e9b9d3da 100644
Binary files a/tools/sdk/esp32s3/opi_opi/libspi_flash.a and b/tools/sdk/esp32s3/opi_opi/libspi_flash.a differ
diff --git a/tools/sdk/esp32s3/opi_opi/sections.ld b/tools/sdk/esp32s3/opi_opi/sections.ld
index 17c9190182b..b9b740e0e3c 100644
--- a/tools/sdk/esp32s3/opi_opi/sections.ld
+++ b/tools/sdk/esp32s3/opi_opi/sections.ld
@@ -204,7 +204,7 @@ SECTIONS
     *libesp_system.a:ubsan.*(.literal .literal.* .text .text.*)
     *libfreertos.a:(EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal.* EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text.*)
     *libfreertos.a:port.*(.literal.pxPortInitialiseStack .literal.unlikely.vPortEndScheduler .literal.vApplicationStackOverflowHook .literal.vPortAssertIfInISR .literal.vPortExitCritical .literal.vPortExitCriticalCompliance .literal.vPortReleaseTaskMPUSettings .literal.vPortSetStackWatchpoint .literal.vPortYieldOtherCore .literal.xPortEnterCriticalTimeout .literal.xPortEnterCriticalTimeoutCompliance .literal.xPortInIsrContext .literal.xPortStartScheduler .text .text.pxPortInitialiseStack .text.unlikely.vPortEndScheduler .text.vApplicationStackOverflowHook .text.vPortAssertIfInISR .text.vPortExitCritical .text.vPortExitCriticalCompliance .text.vPortReleaseTaskMPUSettings .text.vPortSetStackWatchpoint .text.vPortStoreTaskMPUSettings .text.vPortYieldOtherCore .text.xPortEnterCriticalTimeout .text.xPortEnterCriticalTimeoutCompliance .text.xPortGetTickRateHz .text.xPortInIsrContext .text.xPortStartScheduler)
-    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.s_app_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.s_app_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
+    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.other_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.other_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
     *libgcc.a:_divsf3.*(.literal .literal.* .text .text.*)
     *libgcc.a:lib2funcs.*(.literal .literal.* .text .text.*)
     *libgcov.a:(.literal .literal.* .text .text.*)
@@ -270,8 +270,6 @@ SECTIONS
     *(.sdata)
     *(.sdata.*)
     *(.gnu.linkonce.s.*)
-    *(.sdata2)
-    *(.sdata2.*)
     *(.gnu.linkonce.s2.*)
     *(.jcr)
 
@@ -284,8 +282,8 @@ SECTIONS
     _coredump_dram_start = ABSOLUTE(.);
     *(.dram2.coredump .dram2.coredump.*)
     _coredump_dram_end = ABSOLUTE(.);
-    *libapp_trace.a:app_trace.*(.rodata .rodata.*)
-    *libapp_trace.a:app_trace_util.*(.rodata .rodata.*)
+    *libapp_trace.a:app_trace.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libapp_trace.a:app_trace_util.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _bt_data_start = ABSOLUTE(.);
     *libbt.a:(.data .data.*)
     . = ALIGN(4);
@@ -294,49 +292,49 @@ SECTIONS
     *libbtdm_app.a:(.data .data.*)
     . = ALIGN(4);
     _btdm_data_end = ABSOLUTE(.);
-    *libesp_hw_support.a:opiram_psram.*(.rodata .rodata.*)
-    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.*)
-    *libesp_system.a:esp_err.*(.rodata .rodata.*)
-    *libesp_system.a:ubsan.*(.rodata .rodata.*)
-    *libgcc.a:_divsf3.*(.rodata .rodata.*)
-    *libgcov.a:(.rodata .rodata.*)
-    *libhal.a:cpu_hal.*(.rodata .rodata.*)
-    *libhal.a:i2c_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:ledc_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:soc_hal.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:systimer_hal.*(.rodata .rodata.*)
-    *libhal.a:wdt_hal_iram.*(.rodata .rodata.*)
-    *libheap.a:heap_tlsf.*(.rodata .rodata.*)
-    *libheap.a:multi_heap.*(.rodata .rodata.*)
-    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.*)
-    *libnewlib.a:abort.*(.rodata .rodata.*)
-    *libnewlib.a:assert.*(.rodata .rodata.*)
-    *libnewlib.a:heap.*(.rodata .rodata.*)
-    *libnewlib.a:stdatomic.*(.rodata .rodata.*)
+    *libesp_hw_support.a:opiram_psram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:esp_err.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:ubsan.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcc.a:_divsf3.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcov.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:cpu_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:i2c_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:ledc_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:soc_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:systimer_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:wdt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:heap_tlsf.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:abort.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:assert.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:stdatomic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _nimble_data_start = ABSOLUTE(.);
     *libnimble.a:(.data .data.*)
     . = ALIGN(4);
     _nimble_data_end = ABSOLUTE(.);
-    *libphy.a:(.rodata .rodata.*)
-    *libsoc.a:lldesc.*(.rodata .rodata.*)
-    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic_opi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_oct_flash_init.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_timing_tuning.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_timing_config.*(.rodata .rodata.*)
+    *libphy.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libsoc.a:lldesc.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic_opi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_oct_flash_init.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_timing_tuning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_timing_config.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
 
     _data_end = ABSOLUTE(.);
     . = ALIGN(4);
@@ -480,7 +478,7 @@ SECTIONS
   {
     _flash_rodata_start = ABSOLUTE(.);
 
-    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata.*)
+    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .sdata2 EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .sdata2.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .srodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .srodata.*)
     *(.rodata_wlog_error .rodata_wlog_error.*)
 
     *(.irom1.text) /* catch stray ICACHE_RODATA_ATTR */
diff --git a/tools/sdk/esp32s3/opi_qspi/include/sdkconfig.h b/tools/sdk/esp32s3/opi_qspi/include/sdkconfig.h
index 0f6bb3fa6d6..8ad5718e3cc 100644
--- a/tools/sdk/esp32s3/opi_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32s3/opi_qspi/include/sdkconfig.h
@@ -65,6 +65,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -1007,5 +1008,5 @@
 #define CONFIG_USB_MSC_BUFSIZE CONFIG_TINYUSB_MSC_BUFSIZE
 #define CONFIG_USB_MSC_ENABLED CONFIG_TINYUSB_MSC_ENABLED
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32s3/opi_qspi/libesp_hw_support.a b/tools/sdk/esp32s3/opi_qspi/libesp_hw_support.a
index b1a44ba3657..b9c64b525af 100644
Binary files a/tools/sdk/esp32s3/opi_qspi/libesp_hw_support.a and b/tools/sdk/esp32s3/opi_qspi/libesp_hw_support.a differ
diff --git a/tools/sdk/esp32s3/opi_qspi/libesp_system.a b/tools/sdk/esp32s3/opi_qspi/libesp_system.a
index 3cb3c708e3e..05ae0f829a9 100644
Binary files a/tools/sdk/esp32s3/opi_qspi/libesp_system.a and b/tools/sdk/esp32s3/opi_qspi/libesp_system.a differ
diff --git a/tools/sdk/esp32s3/opi_qspi/libfreertos.a b/tools/sdk/esp32s3/opi_qspi/libfreertos.a
index 588f88dd65c..7fd9af5d45f 100644
Binary files a/tools/sdk/esp32s3/opi_qspi/libfreertos.a and b/tools/sdk/esp32s3/opi_qspi/libfreertos.a differ
diff --git a/tools/sdk/esp32s3/opi_qspi/libspi_flash.a b/tools/sdk/esp32s3/opi_qspi/libspi_flash.a
index 04c2b969274..c6a07c2a37b 100644
Binary files a/tools/sdk/esp32s3/opi_qspi/libspi_flash.a and b/tools/sdk/esp32s3/opi_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32s3/opi_qspi/sections.ld b/tools/sdk/esp32s3/opi_qspi/sections.ld
index 8ea22bc135b..a11d2915b17 100644
--- a/tools/sdk/esp32s3/opi_qspi/sections.ld
+++ b/tools/sdk/esp32s3/opi_qspi/sections.ld
@@ -204,7 +204,7 @@ SECTIONS
     *libesp_system.a:ubsan.*(.literal .literal.* .text .text.*)
     *libfreertos.a:(EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal.* EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text.*)
     *libfreertos.a:port.*(.literal.pxPortInitialiseStack .literal.unlikely.vPortEndScheduler .literal.vApplicationStackOverflowHook .literal.vPortAssertIfInISR .literal.vPortExitCritical .literal.vPortExitCriticalCompliance .literal.vPortReleaseTaskMPUSettings .literal.vPortSetStackWatchpoint .literal.vPortYieldOtherCore .literal.xPortEnterCriticalTimeout .literal.xPortEnterCriticalTimeoutCompliance .literal.xPortInIsrContext .literal.xPortStartScheduler .text .text.pxPortInitialiseStack .text.unlikely.vPortEndScheduler .text.vApplicationStackOverflowHook .text.vPortAssertIfInISR .text.vPortExitCritical .text.vPortExitCriticalCompliance .text.vPortReleaseTaskMPUSettings .text.vPortSetStackWatchpoint .text.vPortStoreTaskMPUSettings .text.vPortYieldOtherCore .text.xPortEnterCriticalTimeout .text.xPortEnterCriticalTimeoutCompliance .text.xPortGetTickRateHz .text.xPortInIsrContext .text.xPortStartScheduler)
-    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.s_app_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.s_app_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
+    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.other_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.other_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
     *libgcc.a:_divsf3.*(.literal .literal.* .text .text.*)
     *libgcc.a:lib2funcs.*(.literal .literal.* .text .text.*)
     *libgcov.a:(.literal .literal.* .text .text.*)
@@ -270,8 +270,6 @@ SECTIONS
     *(.sdata)
     *(.sdata.*)
     *(.gnu.linkonce.s.*)
-    *(.sdata2)
-    *(.sdata2.*)
     *(.gnu.linkonce.s2.*)
     *(.jcr)
 
@@ -284,8 +282,8 @@ SECTIONS
     _coredump_dram_start = ABSOLUTE(.);
     *(.dram2.coredump .dram2.coredump.*)
     _coredump_dram_end = ABSOLUTE(.);
-    *libapp_trace.a:app_trace.*(.rodata .rodata.*)
-    *libapp_trace.a:app_trace_util.*(.rodata .rodata.*)
+    *libapp_trace.a:app_trace.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libapp_trace.a:app_trace_util.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _bt_data_start = ABSOLUTE(.);
     *libbt.a:(.data .data.*)
     . = ALIGN(4);
@@ -294,49 +292,49 @@ SECTIONS
     *libbtdm_app.a:(.data .data.*)
     . = ALIGN(4);
     _btdm_data_end = ABSOLUTE(.);
-    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.*)
-    *libesp_hw_support.a:spiram_psram.*(.rodata .rodata.*)
-    *libesp_system.a:esp_err.*(.rodata .rodata.*)
-    *libesp_system.a:ubsan.*(.rodata .rodata.*)
-    *libgcc.a:_divsf3.*(.rodata .rodata.*)
-    *libgcov.a:(.rodata .rodata.*)
-    *libhal.a:cpu_hal.*(.rodata .rodata.*)
-    *libhal.a:i2c_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:ledc_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:soc_hal.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:systimer_hal.*(.rodata .rodata.*)
-    *libhal.a:wdt_hal_iram.*(.rodata .rodata.*)
-    *libheap.a:heap_tlsf.*(.rodata .rodata.*)
-    *libheap.a:multi_heap.*(.rodata .rodata.*)
-    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.*)
-    *libnewlib.a:abort.*(.rodata .rodata.*)
-    *libnewlib.a:assert.*(.rodata .rodata.*)
-    *libnewlib.a:heap.*(.rodata .rodata.*)
-    *libnewlib.a:stdatomic.*(.rodata .rodata.*)
+    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_hw_support.a:spiram_psram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:esp_err.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:ubsan.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcc.a:_divsf3.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcov.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:cpu_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:i2c_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:ledc_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:soc_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:systimer_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:wdt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:heap_tlsf.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:abort.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:assert.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:stdatomic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _nimble_data_start = ABSOLUTE(.);
     *libnimble.a:(.data .data.*)
     . = ALIGN(4);
     _nimble_data_end = ABSOLUTE(.);
-    *libphy.a:(.rodata .rodata.*)
-    *libsoc.a:lldesc.*(.rodata .rodata.*)
-    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic_opi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_oct_flash_init.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_timing_tuning.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_timing_config.*(.rodata .rodata.*)
+    *libphy.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libsoc.a:lldesc.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic_opi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_oct_flash_init.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_timing_tuning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_timing_config.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
 
     _data_end = ABSOLUTE(.);
     . = ALIGN(4);
@@ -480,8 +478,8 @@ SECTIONS
   {
     _flash_rodata_start = ABSOLUTE(.);
 
-    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata.*)
     *(.rodata_wlog_error .rodata_wlog_error.*)
+    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .sdata2 EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .sdata2.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .srodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_oct_flash_init.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .srodata.*)
 
     *(.irom1.text) /* catch stray ICACHE_RODATA_ATTR */
     *(.gnu.linkonce.r.*)
diff --git a/tools/sdk/esp32s3/qio_opi/include/sdkconfig.h b/tools/sdk/esp32s3/qio_opi/include/sdkconfig.h
index 106205d9778..4b584865605 100644
--- a/tools/sdk/esp32s3/qio_opi/include/sdkconfig.h
+++ b/tools/sdk/esp32s3/qio_opi/include/sdkconfig.h
@@ -64,6 +64,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -1009,5 +1010,5 @@
 #define CONFIG_USB_MSC_BUFSIZE CONFIG_TINYUSB_MSC_BUFSIZE
 #define CONFIG_USB_MSC_ENABLED CONFIG_TINYUSB_MSC_ENABLED
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32s3/qio_opi/libesp_hw_support.a b/tools/sdk/esp32s3/qio_opi/libesp_hw_support.a
index 36e754ceb1d..f0dabaa25e4 100644
Binary files a/tools/sdk/esp32s3/qio_opi/libesp_hw_support.a and b/tools/sdk/esp32s3/qio_opi/libesp_hw_support.a differ
diff --git a/tools/sdk/esp32s3/qio_opi/libesp_system.a b/tools/sdk/esp32s3/qio_opi/libesp_system.a
index c7d4081d05d..319eb518508 100644
Binary files a/tools/sdk/esp32s3/qio_opi/libesp_system.a and b/tools/sdk/esp32s3/qio_opi/libesp_system.a differ
diff --git a/tools/sdk/esp32s3/qio_opi/libfreertos.a b/tools/sdk/esp32s3/qio_opi/libfreertos.a
index 588f88dd65c..7fd9af5d45f 100644
Binary files a/tools/sdk/esp32s3/qio_opi/libfreertos.a and b/tools/sdk/esp32s3/qio_opi/libfreertos.a differ
diff --git a/tools/sdk/esp32s3/qio_opi/libspi_flash.a b/tools/sdk/esp32s3/qio_opi/libspi_flash.a
index 9e00f09614f..591aecfe1bd 100644
Binary files a/tools/sdk/esp32s3/qio_opi/libspi_flash.a and b/tools/sdk/esp32s3/qio_opi/libspi_flash.a differ
diff --git a/tools/sdk/esp32s3/qio_opi/sections.ld b/tools/sdk/esp32s3/qio_opi/sections.ld
index 49be3a70be7..699e69756a1 100644
--- a/tools/sdk/esp32s3/qio_opi/sections.ld
+++ b/tools/sdk/esp32s3/qio_opi/sections.ld
@@ -204,7 +204,7 @@ SECTIONS
     *libesp_system.a:ubsan.*(.literal .literal.* .text .text.*)
     *libfreertos.a:(EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal.* EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text.*)
     *libfreertos.a:port.*(.literal.pxPortInitialiseStack .literal.unlikely.vPortEndScheduler .literal.vApplicationStackOverflowHook .literal.vPortAssertIfInISR .literal.vPortExitCritical .literal.vPortExitCriticalCompliance .literal.vPortReleaseTaskMPUSettings .literal.vPortSetStackWatchpoint .literal.vPortYieldOtherCore .literal.xPortEnterCriticalTimeout .literal.xPortEnterCriticalTimeoutCompliance .literal.xPortInIsrContext .literal.xPortStartScheduler .text .text.pxPortInitialiseStack .text.unlikely.vPortEndScheduler .text.vApplicationStackOverflowHook .text.vPortAssertIfInISR .text.vPortExitCritical .text.vPortExitCriticalCompliance .text.vPortReleaseTaskMPUSettings .text.vPortSetStackWatchpoint .text.vPortStoreTaskMPUSettings .text.vPortYieldOtherCore .text.xPortEnterCriticalTimeout .text.xPortEnterCriticalTimeoutCompliance .text.xPortGetTickRateHz .text.xPortInIsrContext .text.xPortStartScheduler)
-    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.s_app_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.s_app_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
+    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.other_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.other_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
     *libgcc.a:_divsf3.*(.literal .literal.* .text .text.*)
     *libgcc.a:lib2funcs.*(.literal .literal.* .text .text.*)
     *libgcov.a:(.literal .literal.* .text .text.*)
@@ -269,8 +269,6 @@ SECTIONS
     *(.sdata)
     *(.sdata.*)
     *(.gnu.linkonce.s.*)
-    *(.sdata2)
-    *(.sdata2.*)
     *(.gnu.linkonce.s2.*)
     *(.jcr)
 
@@ -283,8 +281,8 @@ SECTIONS
     _coredump_dram_start = ABSOLUTE(.);
     *(.dram2.coredump .dram2.coredump.*)
     _coredump_dram_end = ABSOLUTE(.);
-    *libapp_trace.a:app_trace.*(.rodata .rodata.*)
-    *libapp_trace.a:app_trace_util.*(.rodata .rodata.*)
+    *libapp_trace.a:app_trace.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libapp_trace.a:app_trace_util.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _bt_data_start = ABSOLUTE(.);
     *libbt.a:(.data .data.*)
     . = ALIGN(4);
@@ -293,48 +291,48 @@ SECTIONS
     *libbtdm_app.a:(.data .data.*)
     . = ALIGN(4);
     _btdm_data_end = ABSOLUTE(.);
-    *libesp_hw_support.a:opiram_psram.*(.rodata .rodata.*)
-    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.*)
-    *libesp_system.a:esp_err.*(.rodata .rodata.*)
-    *libesp_system.a:ubsan.*(.rodata .rodata.*)
-    *libgcc.a:_divsf3.*(.rodata .rodata.*)
-    *libgcov.a:(.rodata .rodata.*)
-    *libhal.a:cpu_hal.*(.rodata .rodata.*)
-    *libhal.a:i2c_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:ledc_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:soc_hal.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:systimer_hal.*(.rodata .rodata.*)
-    *libhal.a:wdt_hal_iram.*(.rodata .rodata.*)
-    *libheap.a:heap_tlsf.*(.rodata .rodata.*)
-    *libheap.a:multi_heap.*(.rodata .rodata.*)
-    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.*)
-    *libnewlib.a:abort.*(.rodata .rodata.*)
-    *libnewlib.a:assert.*(.rodata .rodata.*)
-    *libnewlib.a:heap.*(.rodata .rodata.*)
-    *libnewlib.a:stdatomic.*(.rodata .rodata.*)
+    *libesp_hw_support.a:opiram_psram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:esp_err.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:ubsan.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcc.a:_divsf3.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcov.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:cpu_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:i2c_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:ledc_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:soc_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:systimer_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:wdt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:heap_tlsf.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:abort.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:assert.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:stdatomic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _nimble_data_start = ABSOLUTE(.);
     *libnimble.a:(.data .data.*)
     . = ALIGN(4);
     _nimble_data_end = ABSOLUTE(.);
-    *libphy.a:(.rodata .rodata.*)
-    *libsoc.a:lldesc.*(.rodata .rodata.*)
-    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic_opi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_timing_tuning.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_timing_config.*(.rodata .rodata.*)
+    *libphy.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libsoc.a:lldesc.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic_opi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_timing_tuning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_timing_config.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
 
     _data_end = ABSOLUTE(.);
     . = ALIGN(4);
@@ -363,8 +361,8 @@ SECTIONS
     *(.ext_ram.bss*)
 
     *(.bss .bss.*)
-    *(.ext_ram.bss .ext_ram.bss.*)
     *(.dynbss .dynsbss .gnu.linkonce.b .gnu.linkonce.b.* .gnu.linkonce.sb .gnu.linkonce.sb.* .gnu.linkonce.sb2 .gnu.linkonce.sb2.* .sbss .sbss.* .sbss2 .sbss2.* .scommon .share.mem)
+    *(.ext_ram.bss .ext_ram.bss.*)
     *(COMMON)
     _bt_bss_start = ABSOLUTE(.);
     *libbt.a:(.bss .bss.* COMMON)
@@ -478,7 +476,7 @@ SECTIONS
   {
     _flash_rodata_start = ABSOLUTE(.);
 
-    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata.*)
+    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .sdata2 EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .sdata2.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .srodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:opiram_psram.* *libesp_hw_support.a:rtc_clk.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .srodata.*)
     *(.rodata_wlog_error .rodata_wlog_error.*)
 
     *(.irom1.text) /* catch stray ICACHE_RODATA_ATTR */
diff --git a/tools/sdk/esp32s3/qio_qspi/include/sdkconfig.h b/tools/sdk/esp32s3/qio_qspi/include/sdkconfig.h
index e2feff30ca1..2304f4da00e 100644
--- a/tools/sdk/esp32s3/qio_qspi/include/sdkconfig.h
+++ b/tools/sdk/esp32s3/qio_qspi/include/sdkconfig.h
@@ -64,6 +64,7 @@
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH 1
 #define CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD 0
 #define CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE 1024
+#define CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD 90
 #define CONFIG_ESP_RMAKER_SCHEDULING_MAX_SCHEDULES 10
 #define CONFIG_ESP_RMAKER_SCENES_MAX_SCENES 10
 #define CONFIG_ENABLE_ARDUINO_DEPENDS 1
@@ -1007,5 +1008,5 @@
 #define CONFIG_USB_MSC_BUFSIZE CONFIG_TINYUSB_MSC_BUFSIZE
 #define CONFIG_USB_MSC_ENABLED CONFIG_TINYUSB_MSC_ENABLED
 #define CONFIG_WARN_WRITE_STRINGS CONFIG_COMPILER_WARN_WRITE_STRINGS
-#define CONFIG_ARDUINO_IDF_COMMIT "c9140caf8c"
+#define CONFIG_ARDUINO_IDF_COMMIT "ee2029c38a"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.4"
diff --git a/tools/sdk/esp32s3/qio_qspi/libesp_hw_support.a b/tools/sdk/esp32s3/qio_qspi/libesp_hw_support.a
index b1a44ba3657..b9c64b525af 100644
Binary files a/tools/sdk/esp32s3/qio_qspi/libesp_hw_support.a and b/tools/sdk/esp32s3/qio_qspi/libesp_hw_support.a differ
diff --git a/tools/sdk/esp32s3/qio_qspi/libesp_system.a b/tools/sdk/esp32s3/qio_qspi/libesp_system.a
index 1fadd4f6004..70d12b74f6a 100644
Binary files a/tools/sdk/esp32s3/qio_qspi/libesp_system.a and b/tools/sdk/esp32s3/qio_qspi/libesp_system.a differ
diff --git a/tools/sdk/esp32s3/qio_qspi/libfreertos.a b/tools/sdk/esp32s3/qio_qspi/libfreertos.a
index 588f88dd65c..7fd9af5d45f 100644
Binary files a/tools/sdk/esp32s3/qio_qspi/libfreertos.a and b/tools/sdk/esp32s3/qio_qspi/libfreertos.a differ
diff --git a/tools/sdk/esp32s3/qio_qspi/libspi_flash.a b/tools/sdk/esp32s3/qio_qspi/libspi_flash.a
index 42de5a20801..81a824d0a0c 100644
Binary files a/tools/sdk/esp32s3/qio_qspi/libspi_flash.a and b/tools/sdk/esp32s3/qio_qspi/libspi_flash.a differ
diff --git a/tools/sdk/esp32s3/qio_qspi/sections.ld b/tools/sdk/esp32s3/qio_qspi/sections.ld
index 14464a2ec3f..ef6ee0842bb 100644
--- a/tools/sdk/esp32s3/qio_qspi/sections.ld
+++ b/tools/sdk/esp32s3/qio_qspi/sections.ld
@@ -204,7 +204,7 @@ SECTIONS
     *libesp_system.a:ubsan.*(.literal .literal.* .text .text.*)
     *libfreertos.a:(EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .literal.* EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text EXCLUDE_FILE(*libfreertos.a:port.* *libfreertos.a:port_common.*) .text.*)
     *libfreertos.a:port.*(.literal.pxPortInitialiseStack .literal.unlikely.vPortEndScheduler .literal.vApplicationStackOverflowHook .literal.vPortAssertIfInISR .literal.vPortExitCritical .literal.vPortExitCriticalCompliance .literal.vPortReleaseTaskMPUSettings .literal.vPortSetStackWatchpoint .literal.vPortYieldOtherCore .literal.xPortEnterCriticalTimeout .literal.xPortEnterCriticalTimeoutCompliance .literal.xPortInIsrContext .literal.xPortStartScheduler .text .text.pxPortInitialiseStack .text.unlikely.vPortEndScheduler .text.vApplicationStackOverflowHook .text.vPortAssertIfInISR .text.vPortExitCritical .text.vPortExitCriticalCompliance .text.vPortReleaseTaskMPUSettings .text.vPortSetStackWatchpoint .text.vPortStoreTaskMPUSettings .text.vPortYieldOtherCore .text.xPortEnterCriticalTimeout .text.xPortEnterCriticalTimeoutCompliance .text.xPortGetTickRateHz .text.xPortInIsrContext .text.xPortStartScheduler)
-    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.s_app_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.s_app_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
+    *libfreertos.a:port_common.*(.literal.esp_startup_start_app_common .literal.other_cpu_startup_idle_hook_cb .literal.vApplicationGetIdleTaskMemory .literal.vApplicationGetTimerTaskMemory .literal.xPortCheckValidTCBMem .literal.xPortcheckValidStackMem .text .text.esp_startup_start_app_common .text.other_cpu_startup_idle_hook_cb .text.vApplicationGetIdleTaskMemory .text.vApplicationGetTimerTaskMemory .text.xPortCheckValidTCBMem .text.xPortcheckValidStackMem)
     *libgcc.a:_divsf3.*(.literal .literal.* .text .text.*)
     *libgcc.a:lib2funcs.*(.literal .literal.* .text .text.*)
     *libgcov.a:(.literal .literal.* .text .text.*)
@@ -269,8 +269,6 @@ SECTIONS
     *(.sdata)
     *(.sdata.*)
     *(.gnu.linkonce.s.*)
-    *(.sdata2)
-    *(.sdata2.*)
     *(.gnu.linkonce.s2.*)
     *(.jcr)
 
@@ -283,8 +281,8 @@ SECTIONS
     _coredump_dram_start = ABSOLUTE(.);
     *(.dram2.coredump .dram2.coredump.*)
     _coredump_dram_end = ABSOLUTE(.);
-    *libapp_trace.a:app_trace.*(.rodata .rodata.*)
-    *libapp_trace.a:app_trace_util.*(.rodata .rodata.*)
+    *libapp_trace.a:app_trace.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libapp_trace.a:app_trace_util.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _bt_data_start = ABSOLUTE(.);
     *libbt.a:(.data .data.*)
     . = ALIGN(4);
@@ -293,48 +291,48 @@ SECTIONS
     *libbtdm_app.a:(.data .data.*)
     . = ALIGN(4);
     _btdm_data_end = ABSOLUTE(.);
-    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.*)
-    *libesp_hw_support.a:spiram_psram.*(.rodata .rodata.*)
-    *libesp_system.a:esp_err.*(.rodata .rodata.*)
-    *libesp_system.a:ubsan.*(.rodata .rodata.*)
-    *libgcc.a:_divsf3.*(.rodata .rodata.*)
-    *libgcov.a:(.rodata .rodata.*)
-    *libhal.a:cpu_hal.*(.rodata .rodata.*)
-    *libhal.a:i2c_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:ledc_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:soc_hal.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.*)
-    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.*)
-    *libhal.a:systimer_hal.*(.rodata .rodata.*)
-    *libhal.a:wdt_hal_iram.*(.rodata .rodata.*)
-    *libheap.a:heap_tlsf.*(.rodata .rodata.*)
-    *libheap.a:multi_heap.*(.rodata .rodata.*)
-    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.*)
-    *libnewlib.a:abort.*(.rodata .rodata.*)
-    *libnewlib.a:assert.*(.rodata .rodata.*)
-    *libnewlib.a:heap.*(.rodata .rodata.*)
-    *libnewlib.a:stdatomic.*(.rodata .rodata.*)
+    *libesp_hw_support.a:rtc_clk.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_hw_support.a:spiram_psram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:esp_err.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libesp_system.a:ubsan.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcc.a:_divsf3.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libgcov.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:cpu_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:i2c_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:ledc_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:soc_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_encrypt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_gpspi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_flash_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:spi_slave_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:systimer_hal.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libhal.a:wdt_hal_iram.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:heap_tlsf.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libheap.a:multi_heap_poisoning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:abort.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:assert.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:heap.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libnewlib.a:stdatomic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
     _nimble_data_start = ABSOLUTE(.);
     *libnimble.a:(.data .data.*)
     . = ALIGN(4);
     _nimble_data_end = ABSOLUTE(.);
-    *libphy.a:(.rodata .rodata.*)
-    *libsoc.a:lldesc.*(.rodata .rodata.*)
-    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_mxic_opi.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_flash_timing_tuning.*(.rodata .rodata.*)
-    *libspi_flash.a:spi_timing_config.*(.rodata .rodata.*)
+    *libphy.a:(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libsoc.a:lldesc.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:memspi_host_driver.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_boya.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_gd.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_generic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_issi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_mxic_opi.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_th.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_chip_winbond.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_rom_patch.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_flash_timing_tuning.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
+    *libspi_flash.a:spi_timing_config.*(.rodata .rodata.* .sdata2 .sdata2.* .srodata .srodata.*)
 
     _data_end = ABSOLUTE(.);
     . = ALIGN(4);
@@ -478,8 +476,8 @@ SECTIONS
   {
     _flash_rodata_start = ABSOLUTE(.);
 
-    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata.*)
     *(.rodata_wlog_error .rodata_wlog_error.*)
+    *(EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .rodata.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .sdata2 EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .sdata2.* EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .srodata EXCLUDE_FILE(*libgcov.a *libphy.a *libapp_trace.a:app_trace.* *libapp_trace.a:app_trace_util.* *libesp_hw_support.a:rtc_clk.* *libesp_hw_support.a:spiram_psram.* *libesp_system.a:esp_err.* *libesp_system.a:ubsan.* *libgcc.a:_divsf3.* *libhal.a:cpu_hal.* *libhal.a:i2c_hal_iram.* *libhal.a:ledc_hal_iram.* *libhal.a:soc_hal.* *libhal.a:spi_flash_encrypt_hal_iram.* *libhal.a:spi_flash_hal_gpspi.* *libhal.a:spi_flash_hal_iram.* *libhal.a:spi_hal_iram.* *libhal.a:spi_slave_hal_iram.* *libhal.a:systimer_hal.* *libhal.a:wdt_hal_iram.* *libheap.a:heap_tlsf.* *libheap.a:multi_heap.* *libheap.a:multi_heap_poisoning.* *libnewlib.a:abort.* *libnewlib.a:assert.* *libnewlib.a:heap.* *libnewlib.a:stdatomic.* *libsoc.a:lldesc.* *libspi_flash.a:memspi_host_driver.* *libspi_flash.a:spi_flash_chip_boya.* *libspi_flash.a:spi_flash_chip_gd.* *libspi_flash.a:spi_flash_chip_generic.* *libspi_flash.a:spi_flash_chip_issi.* *libspi_flash.a:spi_flash_chip_mxic.* *libspi_flash.a:spi_flash_chip_mxic_opi.* *libspi_flash.a:spi_flash_chip_th.* *libspi_flash.a:spi_flash_chip_winbond.* *libspi_flash.a:spi_flash_rom_patch.* *libspi_flash.a:spi_flash_timing_tuning.* *libspi_flash.a:spi_timing_config.*) .srodata.*)
 
     *(.irom1.text) /* catch stray ICACHE_RODATA_ATTR */
     *(.gnu.linkonce.r.*)
diff --git a/tools/sdk/esp32s3/sdkconfig b/tools/sdk/esp32s3/sdkconfig
index 17c5f3c091f..993d8ce61dc 100644
--- a/tools/sdk/esp32s3/sdkconfig
+++ b/tools/sdk/esp32s3/sdkconfig
@@ -175,6 +175,7 @@ CONFIG_ESP_RMAKER_OTA_AUTOFETCH_PERIOD=0
 # CONFIG_ESP_RMAKER_SKIP_VERSION_CHECK is not set
 # CONFIG_ESP_RMAKER_SKIP_PROJECT_NAME_CHECK is not set
 CONFIG_ESP_RMAKER_OTA_HTTP_RX_BUFFER_SIZE=1024
+CONFIG_ESP_RMAKER_OTA_ROLLBACK_WAIT_PERIOD=90
 # end of ESP RainMaker OTA Config
 
 #
@@ -2170,6 +2171,7 @@ CONFIG_CAMERA_CORE0=y
 # CONFIG_CAMERA_CORE1 is not set
 # CONFIG_CAMERA_NO_AFFINITY is not set
 CONFIG_CAMERA_DMA_BUFFER_SIZE_MAX=32768
+# CONFIG_CAMERA_CONVERTER_ENABLED is not set
 # end of Camera configuration
 
 #