NVS Encryption (idf 4.0 -> idf 4.4)

[SlavaDev503]

Hello.
Our device based on esp32-wroom 32d uses BLE to interact with mobile phones.
Flash encryption is enabled in firmware. We faced with problem when we update firmware to new esp-idf v4.4 from esp-idf v4.0. The problem is the list of stored bonded BLE devices. After update all previously bonded devices was lost. My investigation shows that in esp-idf v4.0 NVS (where list of bonded devices are stored) is not encrypted even flash encryption is enabled, but in new esp-idf v4.4 it is encrypted (even if encrypted flag is not set in partition table). I tried to disable flag "Enable NVS encryption" but it can't be disabled because encryption is used by another encrypted nvs partition to store AWS credentials.

How we can keep list of bonded device in case of update to esp-idf v4.4 from esp-idf v4.0?

[ESP_igrr]

Hi SlavaDev503,
Sorry for the inconvenience during the upgrade. We haven't considered the use case that one NVS partition may be encrypted and the other not encrypted!

You can call nvs_flash_init_partition(NVS_DEFAULT_PART_NAME) instead of nvs_flash_init(). Unlike nvs_flash_init_partition, nvs_flash_init will initialize NVS partition with encryption enabled if CONFIG_NVS_ENCRYPTION is enabled.

[SlavaDev503]

Hi SlavaDev503,
Sorry for the inconvenience during the upgrade. We haven't considered the use case that one NVS partition may be encrypted and the other not encrypted!

You can call nvs_flash_init_partition(NVS_DEFAULT_PART_NAME) instead of nvs_flash_init(). Unlike nvs_flash_init_partition, nvs_flash_init will initialize NVS partition with encryption enabled if CONFIG_NVS_ENCRYPTION is enabled.

It helps. Thank you. Now bonded devices doesn't lost