ESP32 Forum

hello,

I need to load multiple esp32 devices with different data like certificates, configuration files etc. and encrypted them.

In a previous attempt I tried to use spiffs.. That went pretty much as expected.. easy build and flash
on each esp32..

When I enabled the encryption the spiffs partition didnt got encrypted because that is the way flash encryption works.
I need to have same firmware but different configuration data and all of them to be encrypted.
Embedding the configuration data (certs and files) in firmware is an option but this will add delay in production line because of the
different build for each esp32..


Has someone else encountered such a problem ?

Thanks,
Chris..

Hi Chris,

The approach WiFive links to is the easiest approach if you want a dedicated filesystem with this data. Create a read-only fatfs image, and mark this partition as encrypted in the partition table and the filesystem will be encrypted during first boot, and you can open it and read back data.

If you only have a small amount of files which are the same for each device, you can also embed the files directly in the app (which is entirely encrypted):
https://docs.espressif.com/projects/esp ... inary-data

Support for encrypted read/write fatfs and encrypted NVS are both being worked on now and will be available soon.

Thank you both for the information

I tried the wearleveling example just to check that I could mount and work the fat partition i added in partitions.csv.

nvs,data,nvs,0x9000,16K,
otadata,data,ota,0xd000,8K,
phy_init,data,phy,0xf000,4K,
factory,app,factory,0x10000,1M,
ota_0,app,ota_0,0x110000,1M,
ota_1,app,ota_1,0x210000,1M,
storage,data,spiffs,0x310000,256K
storage_1,data,fat,0x350000,540K

It mount, it wrote data and read them as expected

Then I tried to create an empty fat image on my linux box using : and flashed this with :
python /data/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 2000000 --before default_reset --after no_reset write_flash --flash_size detect 0x350000 /home/cte/540kb.img

the code that tries to mount is :
What I get is :
(135) vfs_fat_spiflash: f_mount failed (13)

I tried also to create the fat image using :
./mkfatfs -c ~/image_data -s 552960 540kb.img

I got the same error
(135) vfs_fat_spiflash: f_mount failed (13)

I believe that creating and flashing the image from the host computer is somehow fishy ...

I am using 86148a740b12b commit of the idf...

Any help will be greatly appreciated..

Thanks
Chris

Hi Chris,

There are two options for FAT filesystems in ESP-IDF right now:

- Wear levelling FATFS. This adds a "wear levelling" layer between the fatfs sector-based data and the flash itself, to avoid the FAT sectors wearing out the flash prematurely. For this reason you can't flash a "plain" FAT image and then mount it. A tool for generating wear levelling images on the host is planned but not released, at the moment you have the wear levelling FATFS from inside ESP-IDF itself.

- Read-only "raw" FATFS. This uses a different API to mount the FATFS directly, but it can't be written to. A different API is used to mount. See here: https://docs.espressif.com/projects/esp ... -only-mode

If you use the "raw" API to mount the partition, you should be able to generate it on the host as a FATFS disk image and flash it.

I would love to get access to such a tool (to generate FATFS/WL images on the host.)

Previously I had used this project with great success:
https://github.com/jkearins/ESP32_mkfatfs

But I believe something has changed recently in esp-idf w.r.t. WL (a new version V2?), and the V1 -> V2 upgrade process (when using these generated images) is not working for me upon reboot.

@ESP_Angus:
Any update on when we can expect the r/w fatfs and NVS encryption to be available?

Support for encrypted read/write fatfs and encrypted NVS are both being worked on now and will be available soon.

jas39_ wrote:@ESP_Angus:
Any update on when we can expect the r/w fatfs and NVS encryption to be available?

Support for encrypted read/write fatfs and encrypted NVS are both being worked on now and will be available soon.

Sorry, I forgot to the update the forum.

The current master branch should work with encrypted read/write fatfs (over wear levelling layer). This support will be in ESP-IDF V3.2 release.

NVS Encryption support has been developed and is currently in review. It is also planned for the V3.2 release.

WiFive wrote:https://github.com/lllucius/esp32_fatfsimage

@WiFive last commit on this was in 2017 -- have you used it without issues on the latest esp-idf master? I'll use a different third-party tool like this if it works for now!