Flash Encryption / Jumpstart Example / NVS Encryption

monkey
Posts: 21
Joined: Mon Jun 17, 2019 10:47 pm

Flash Encryption / Jumpstart Example / NVS Encryption

Postby monkey » Sat Nov 13, 2021 9:07 am

I've created an application based on the jumpstart template (more or less). I've got a massive problem with this template. Security certificates go into nvs. Therefore, as far as I can tell, there is no way to encrypt them. NVS partitions can't use flash encryption, so must use nvs encryption. But that would entail creating an nvs_keys partition and flash encrypting that. And using it as a location to store your nvs key. Problem is how do you get your data in there in the first place. Do you have to explicitly read the nvs in plaintext first time round and then use the nvs encrypted from then on with a flag to say you've done so??? That's crazy complicated.

I need best practices on this. I have used the nvs approach. So without having to rip up my whole project, how do I secure my certificates? Any black belt esp32 security peeps around?

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: Flash Encryption / Jumpstart Example / NVS Encryption

Postby WiFive » Sat Nov 13, 2021 3:27 pm

monkey wrote:
Sat Nov 13, 2021 9:07 am
Problem is how do you get your data in there in the first place.
https://docs.espressif.com/projects/esp ... -partition

Who is online

Users browsing this forum: ESP_Sprite and 330 guests