Encrypted flash and SPIFFS storage together?

newsettler_AI
Posts: 121
Joined: Wed Apr 05, 2017 12:49 pm

Encrypted flash and SPIFFS storage together?

Postby newsettler_AI » Tue Apr 09, 2019 5:14 pm

Hi,

In my project I'm using SPIFFS storage, which contains files:
  • DATA: some kind of read-only (not supposed to be edited after flashing, but have private info, txt files)
  • CONF: files which will be modified from app (but not needed to be protected actually, binary files with some configurations)
I need to secure info in DATA group of files.

I have enabled flash encryption and modified partitions table with "encrypted" flag for spiffs partition:

Code: Select all

# Name,   Type, SubType, Offset,  Size, Flags
nvs,      data, nvs,     0x9000,  0x6000,
phy_init, data, phy,     0xf000,  0x1000,
factory,  app,  factory, 0x10000, 1M,
storage,  data, spiffs,  0x180000, 1M, encrypted
App and storage now is ecrypted ( tested with make read_flash, no plaintext can be find in .bin flash dump)
But now looks like my app cant understand data from DATA files :?

Cant find topic now, but I located one dated by 2016-2017, it was about similar problem.
Briefly, I understand that spiffs cant be encrypted because of different sizes of spiffs page and encryption system "word".
Does SPIFFS / IDF encryption get some progress since then?

If no, are there some workarounds? How to protect some files, but still be able to read them from app? Files must not be included in app.

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Encrypted flash and SPIFFS storage together?

Postby ESP_Angus » Tue Apr 09, 2019 11:46 pm

Hi newsletter_AI,

Unfortunately, SPIFFS makes a lot of optimisations about the way NOR flash works (being able to write any bit 1 to bit 0 with no other effects) and this is incompatible with flash encryption. So encrypted SPIFFS will never be supported.

For storing encrypted data there are two supported options:

1) Encrypted NVS. See here: https://docs.espressif.com/projects/esp ... encryption

2) For read-only data, you can create a FATFS image, write it encrypted to a partition, and mount it as raw data in read-only mode.

newsettler_AI
Posts: 121
Joined: Wed Apr 05, 2017 12:49 pm

Re: Encrypted flash and SPIFFS storage together?

Postby newsettler_AI » Wed Apr 10, 2019 11:23 am

ESP_Angus,

Thank you for information. Looks like SPIFFS not suitable for my task.

Actually, I'm using SPIFFS because it have wrappers for creating bin file from PC folder (mkspiffs).
This makes uploading DATA files(those I want to secure) pretty easy to use for multiple devices, which require to be loaded with different DATA files.

Does FATFS have some tools like mkspiffs?
I have found some 3rd party tools:

https://github.com/TobleMiner/mk_esp32fat

https://github.com/lllucius/esp32_fatfsimage

https://github.com/jkearins/ESP32_mkfatfs

But not sure about compability... Any official tool exist or in plans?

And one more question: can I use SPIFFS and FATFS simultaneously?

My idea is next.

Create one partition for SPIFFS and one for FATFS, something like this:

Code: Select all

# Name,   Type, SubType, Offset,  Size, Flags
nvs,      data, nvs,     0x9000,  0x6000,
phy_init, data, phy,     0xf000,  0x1000,
factory,  app,  factory, 0x10000, 1M,
storage,  data, spiffs,  0x180000, 1M, 
storage,  data, fatfs,  0x200000, , encrypted
Then I will leave all my logic of operation with CONF files as is, and update only DATA files in FATFS partition (and its handling in application).
Does it make sence or better refuse to use SPIFFS completely?

User avatar
fly135
Posts: 606
Joined: Wed Jan 03, 2018 8:33 pm
Location: Orlando, FL

Re: Encrypted flash and SPIFFS storage together?

Postby fly135 » Wed Apr 10, 2019 4:58 pm

ESP_Angus wrote:
Tue Apr 09, 2019 11:46 pm
2) For read-only data, you can create a FATFS image, write it encrypted to a partition, and mount it as raw data in read-only mode.
So we cannot write data to an encyrpted file system during runtime? I need to provision the ESP32 during runtime and store sensitive in encrypted storage. Is NVS the only option for that?

John A

ESP_igrr
Posts: 2071
Joined: Tue Dec 01, 2015 8:37 am

Re: Encrypted flash and SPIFFS storage together?

Postby ESP_igrr » Thu Apr 11, 2019 2:03 am

You can write to encrypted FATFS, but for read/write scenario it is recommended to use FATFS on top of wear_levelling library.

User avatar
fly135
Posts: 606
Joined: Wed Jan 03, 2018 8:33 pm
Location: Orlando, FL

Re: Encrypted flash and SPIFFS storage together?

Postby fly135 » Thu Apr 11, 2019 3:47 pm

ESP_igrr wrote:
Thu Apr 11, 2019 2:03 am
You can write to encrypted FATFS, but for read/write scenario it is recommended to use FATFS on top of wear_levelling library.
I'm still confused. Are you saying that wear leveling and encryption are mutually exclusive? I'm thinking that wear leveling won't be important for sensitive data that is only written on an infrequent basis.

John A

ESP_igrr
Posts: 2071
Joined: Tue Dec 01, 2015 8:37 am

Re: Encrypted flash and SPIFFS storage together?

Postby ESP_igrr » Thu Apr 11, 2019 3:55 pm

No, they aren't mutually exclusive. FATFS is compatible with flash encryption, both with wear_levelling and without. When FATFS is read-only, it can be used without wear_levelling. When it is used for reading and writing, it should be used together with wear_levelling.

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Encrypted flash and SPIFFS storage together?

Postby ESP_Angus » Thu Apr 11, 2019 11:37 pm

(Note that there is one limitation for flash encryption + wear levelling + read/write FATFS, which is that wear levelling only added flash encryption support in ESP-IDF V3.2 and newer. The other options are also available in ESP-IDF V3.1.x.)

dastoned
Posts: 50
Joined: Fri May 29, 2020 2:52 pm

Re: Encrypted flash and SPIFFS storage together?

Postby dastoned » Thu Apr 08, 2021 9:35 am

I'm looking to download and store some largish binary files (OTA firmware images for another microcontroller in the system, size up to 128 KiB) in encrypted Flash. Hence, just to validate the information in this thread from 2 years ago, are the following statements reasonably correct for ESP IDF 4.2?
  1. Flash encryption with SPIFFS does not work and is not expected to work in future.
  2. Flash encryption with FAT (with or without wear_levelling) works fine for both reading and writing large binaries.
  3. Flash encryption with NVS works fine for both reading and writing large binaries (up to NVS blob limit of 508000 B).
Side note: if statement a. is correct, I would really, really expect to see a note in SPIFFS documentation stating that. I'm in the middle of designing an SPIFFS-based solution and just stumbled on this thread accidentally without having a clue :)

Who is online

Users browsing this forum: Google [Bot] and 72 guests