Hi,
If I need to read and write nvs while my flash encryption is enabled. What steps I need to do.
I read it https://docs.espressif.com/projects/esp ... flash.html
not understood with flash encryption is enabled.
But do provide me example using while flash encryption is enabled that is I upload encrypted parition.bin
Do I need to check if flash encryption is enabled. Do I have provide encryption key in C/C++ to read and write nvs.
Kindly do reply urgently.
Populate nvs_sec_cfg_t struct using nvs_flash_read_security_cfg or nvs_flash_generate_keys APIs ????
for read/writing any file from storage area/partition. Is there special fopen to fo as well if flash encryption is enabled.
Thanks,
Naeem
Non-volatile storage with flash encryption enabled.
Re: Non-volatile storage with flash encryption enabled.
ok, thanks. I will try to do same later. check flash encryption is enabled or not in the code.
Re: Non-volatile storage with flash encryption enabled.
The code I downloaded from master branch is few months. SDK is updated with NVS flash encryption I guess recently.
How and where I can get build which contains NVS code compile and whole SDK build successfully.
Code: Select all
const esp_partition_t* key_part = esp_partition_find_first(
ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_NVS_KEYS, NULL);
const esp_partition_t* nvs_partition = esp_partition_find_first(
ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_NVS, NULL);
assert(nvs_partition && "partition table must have an NVS partition");
ESP_ERROR_CHECK(esp_partition_erase_range(nvs_partition, 0, nvs_partition->size));
nvs_sec_cfg_t cfg;
esp_err_t err = nvs_flash_read_security_cfg(key_part, &cfg);
if (err == ESP_ERR_NVS_KEYS_NOT_INITIALIZED) {
TEST_ESP_OK(nvs_flash_generate_keys(key_part, &cfg));
}
else {
ESP_ERROR_CHECK(err);
}
TEST_ESP_OK(nvs_flash_secure_init(&cfg));
Naeem
Re: Non-volatile storage with flash encryption enabled.
Currently only master branch (since commit linked above) has NVS encryption support. This will be added to ESP-IDF V3.2.snahmad75 wrote: How and where I can get build which contains NVS code compile and whole SDK build successfully.
Re: Non-volatile storage with flash encryption enabled.
In my code which I download few months back. I have flash encryption enabled. still I can read NVS. once i get latest code. It will stop working unless i used NVS init function when flash encryption is enabled. Am I right?
ok, you mean it will added to V3.2 when it gets released.
ok, you mean it will added to V3.2 when it gets released.
Re: Non-volatile storage with flash encryption enabled.
No. It is different encryption so old nvs will still work with the non-secure apis.snahmad75 wrote: It will stop working unless i used NVS init function when flash encryption is enabled. Am I right?
Re: Non-volatile storage with flash encryption enabled.
You can continue to use the "old" NVS with flash encryption, but the NVS data is not being encrypted.snahmad75 wrote:In my code which I download few months back. I have flash encryption enabled. still I can read NVS. once i get latest code. It will stop working unless i used NVS init function when flash encryption is enabled. Am I right?
Yes. Master branch is currently "v3.2-dev" (ie development working towards v3.2).snahmad75 wrote:ok, you mean it will added to V3.2 when it gets released.
Re: Non-volatile storage with flash encryption enabled.
good, thanks. got it.
Re: Non-volatile storage with flash encryption enabled.
I am evaluating the NVS with Encryption ( comparing with regular partition encryption ).
As far as I understand, NVS encryption is a run-time operation if the key is to be auto generated. This would store run-time data.
Any factory data would need to be pre-encrypted which would imply a known key or generate both the NVS and NVS Key at manufacturing time. For almost read-only data, using a standard encrypted data partition ( handled by the flash with flash encryption key ) looks like less work.
I am not able to test the generation of a NVS partition with encryption.
I tested with python2.7 and python3.5 same result.
Developing under Ubuntu 16.04.
Regards,
Stan
As far as I understand, NVS encryption is a run-time operation if the key is to be auto generated. This would store run-time data.
Any factory data would need to be pre-encrypted which would imply a known key or generate both the NVS and NVS Key at manufacturing time. For almost read-only data, using a standard encrypted data partition ( handled by the flash with flash encryption key ) looks like less work.
I am not able to test the generation of a NVS partition with encryption.
Code: Select all
nvs_partition_gen.py sample.csv sample_encrypted.bin 0x6000 --encrypt True --keyfile mynvs_openssl_key.bin
Traceback (most recent call last):
File "nvs_partition_gen.py", line 775, in <module>
main()
File "nvs_partition_gen.py", line 770, in main
nvs_part_gen(input_filename, output_filename, input_size, key_gen, is_encrypt_data, key_file, version_no)
File "nvs_partition_gen.py", line 682, in nvs_part_gen
key_input = key_f.readline()
File "/usr/lib/python3.5/codecs.py", line 321, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x9a in position 0: invalid start byte
Developing under Ubuntu 16.04.
Regards,
Stan