NVS Encryption Question and Problem

lnayman07
Posts: 1
Joined: Wed Sep 11, 2024 8:18 pm

NVS Encryption Question and Problem

Postby lnayman07 » Wed Sep 11, 2024 8:24 pm

Dear sirs,

I have been struggling with this NVS encryption feature for a while and even upgraded to latest v5.3 esp-idf. Can you please provide some suggestions:

Question: How do enable NVS encryption such that its the mode where the ESP32 generates its own symmetric key inside and then encrypts the NVS partition contents AFTER I have written it to flash?

I configured the CONFIG_NVS_ENCRYPTION=y in the sdkconfig

Here are some more details:


When NVS encryption is enabled and I generate the NVS image in plain text outside of the device and then program it to device, the ESP32 fails to generate its own key and this causes the NVS section to NOT be encrypted.

I would expect that once the NVS plain-text image is programmed, that the device will generate its own key (never seen outside of the device) and allow NVS section to be encrypted

**Here are things that do work:**
- Generating the key outside of the system and then pre-encrypting the NVS and writing the keys and NVS does allow NVS to be encrypted
- Not programming the NVS image into the device BUT instead just having the code do NVS read() /writes() and enabling NVS encryption does manage to generate the key inside the device and encrypt.

Thank you much and any suggestions would greatly help.
-Laura

Who is online

Users browsing this forum: No registered users and 57 guests