Encrypted flash and SPIFFS storage together?

[newsettler_AI]

Hi,

In my project I'm using SPIFFS storage, which contains files:

• DATA: some kind of read-only (not supposed to be edited after flashing, but have private info, txt files)
• CONF: files which will be modified from app (but not needed to be protected actually, binary files with some configurations)

I need to secure info in DATA group of files.

I have enabled flash encryption and modified partitions table with "encrypted" flag for spiffs partition:

Code: Select all

# Name,   Type, SubType, Offset,  Size, Flags
nvs,      data, nvs,     0x9000,  0x6000,
phy_init, data, phy,     0xf000,  0x1000,
factory,  app,  factory, 0x10000, 1M,
storage,  data, spiffs,  0x180000, 1M, encrypted

App and storage now is ecrypted ( tested with make read_flash, no plaintext can be find in .bin flash dump)
But now looks like my app cant understand data from DATA files

Cant find topic now, but I located one dated by 2016-2017, it was about similar problem.
Briefly, I understand that spiffs cant be encrypted because of different sizes of spiffs page and encryption system "word".
Does SPIFFS / IDF encryption get some progress since then?

If no, are there some workarounds? How to protect some files, but still be able to read them from app? Files must not be included in app.

[ESP_Angus]

Hi newsletter_AI,

Unfortunately, SPIFFS makes a lot of optimisations about the way NOR flash works (being able to write any bit 1 to bit 0 with no other effects) and this is incompatible with flash encryption. So encrypted SPIFFS will never be supported.

For storing encrypted data there are two supported options:

1) Encrypted NVS. See here: https://docs.espressif.com/projects/esp ... encryption

2) For read-only data, you can create a FATFS image, write it encrypted to a partition, and mount it as raw data in read-only mode.

[newsettler_AI]

ESP_Angus,

Thank you for information. Looks like SPIFFS not suitable for my task.

Actually, I'm using SPIFFS because it have wrappers for creating bin file from PC folder (mkspiffs).
This makes uploading DATA files(those I want to secure) pretty easy to use for multiple devices, which require to be loaded with different DATA files.

Does FATFS have some tools like mkspiffs?
I have found some 3rd party tools:

https://github.com/TobleMiner/mk_esp32fat

https://github.com/lllucius/esp32_fatfsimage

https://github.com/jkearins/ESP32_mkfatfs

But not sure about compability... Any official tool exist or in plans?

And one more question: can I use SPIFFS and FATFS simultaneously?

My idea is next.

Create one partition for SPIFFS and one for FATFS, something like this:

Code: Select all

# Name,   Type, SubType, Offset,  Size, Flags
nvs,      data, nvs,     0x9000,  0x6000,
phy_init, data, phy,     0xf000,  0x1000,
factory,  app,  factory, 0x10000, 1M,
storage,  data, spiffs,  0x180000, 1M, 
storage,  data, fatfs,  0x200000, , encrypted

Then I will leave all my logic of operation with CONF files as is, and update only DATA files in FATFS partition (and its handling in application).
Does it make sence or better refuse to use SPIFFS completely?

[fly135]

2) For read-only data, you can create a FATFS image, write it encrypted to a partition, and mount it as raw data in read-only mode.

So we cannot write data to an encyrpted file system during runtime? I need to provision the ESP32 during runtime and store sensitive in encrypted storage. Is NVS the only option for that?

John A

[ESP_igrr]

You can write to encrypted FATFS, but for read/write scenario it is recommended to use FATFS on top of wear_levelling library.

[fly135]

You can write to encrypted FATFS, but for read/write scenario it is recommended to use FATFS on top of wear_levelling library.

I'm still confused. Are you saying that wear leveling and encryption are mutually exclusive? I'm thinking that wear leveling won't be important for sensitive data that is only written on an infrequent basis.

John A

[ESP_igrr]

No, they aren't mutually exclusive. FATFS is compatible with flash encryption, both with wear_levelling and without. When FATFS is read-only, it can be used without wear_levelling. When it is used for reading and writing, it should be used together with wear_levelling.

[ESP_Angus]

(Note that there is one limitation for flash encryption + wear levelling + read/write FATFS, which is that wear levelling only added flash encryption support in ESP-IDF V3.2 and newer. The other options are also available in ESP-IDF V3.1.x.)

[dastoned]

I'm looking to download and store some largish binary files (OTA firmware images for another microcontroller in the system, size up to 128 KiB) in encrypted Flash. Hence, just to validate the information in this thread from 2 years ago, are the following statements reasonably correct for ESP IDF 4.2?

1. Flash encryption with SPIFFS does not work and is not expected to work in future.
2. Flash encryption with FAT (with or without wear_levelling) works fine for both reading and writing large binaries.
3. Flash encryption with NVS works fine for both reading and writing large binaries (up to NVS blob limit of 508000 B).

Side note: if statement a. is correct, I would really, really expect to see a note in SPIFFS documentation stating that. I'm in the middle of designing an SPIFFS-based solution and just stumbled on this thread accidentally without having a clue