At this point we have our bootloader, and 3 app partitions (a factory, and two OTA partitions), as well as a FATFS partition, and core dump partition, and a few NVS partitions, etc... For our (several thousand) devices in the wild now running this setup, we wanted to enable remote uploading of the core dumps to our servers, so we could do crash analysis...
Unfortunately when we enabled the code in a dev firmware, we quickly encountered the following error when trying to read out the core dump data at runtime:
E (4122) esp_core_dump_elf: Flash encryption enabled in hardware and core dump partition is not encrypted!
And I'm getting an ESP_ERR_NOT_SUPPORTED back from the coredump functions.
The error is being thrown by esp_core_dump_get_summary which we're just using as a test trying to get the summary info from the header initially and ship it via MQTT.
So I have a few questions that this raises:
- First off, is there any way we can retroactively apply the encryption flag to the core dump partition on an existing encrypted device?
- If we can't, then is there any way we can make this work (able to read data out to transmit to server from a core dump on an "unecrypted" partition?)
- Lastly, if the coredump partition is unencrypted, does that mean the core dumps are being stored in plain text despite the flash encryption setting? As a result I suspect this is a major security risk for us...
Code: Select all
sec_cert, 0x3F, , 0x11000, 0x3000, , # Never mark this as an encrypted partition
nvs, data, nvs, 0x14000, 0x6000,
otadata, data, ota, , 0x2000,
phy_init, data, phy, , 0x1000,
rmaker, data, nvs, , 0x6000,
coredump, data, coredump, , 512K,
factory, app, factory, 0xB0000, 3M, encrypted
ota_0, app, ota_0, , 3M, encrypted
ota_1, app, ota_1, , 3M, encrypted
storage, data, fat, , 6M, encrypted
Thanks in advance for any ideas, suggestions and feedback, we're greatly appreciative.