I was able to get this working using LittleFS after a bunch of trial and error.
Apparently LittleFS
does support encrypted flash. By changing the spiffs partition to encrypted, I can read and write files using LittleFS. My partition table now looks like this:
Code: Select all
# Name, Type, SubType, Offset, Size, Flags
nvs, data, nvs, 0x9000, 0x3000,
otadata, data, ota, 0xe000, 0x2000,
app0, app, ota_0, 0x10000, 0x140000, encrypted
app1, app, ota_1, 0x150000, 0x140000, encrypted
spiffs, data, spiffs, 0x290000, 0x100000, encrypted
nvs_key, data, nvs_keys, 0x390000, 0x1000, encrypted
coredump, data, coredump, 0x3F0000, 0x10000,
I am using a host generated encryption key, so to package the LittleFS files for flashing I first create the LittleFS binary with something like this:
Code: Select all
mklittlefs.exe -c C:\project\data -b 4096 -p 256 -s 1048576 littlefs.bin
Then encrypt the binary using something like this:
Code: Select all
espsecure.py encrypt_flash_data --aes_xts --keyfile My_encryption_key.bin --address 0x290000 -o encrypted_littlefs.bin littlefs.bin
Then flash the encrypted binary as usual:
Code: Select all
esptool.py --chip esp32c3 --port COM11 --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size 4MB 0x290000 encrypted_littlefs.bin