SPIFFS when Flash encryption is enabled

PatrickVisser
Posts: 5
Joined: Tue Mar 28, 2023 5:47 am

SPIFFS when Flash encryption is enabled

Postby PatrickVisser » Tue Mar 28, 2023 6:17 am

I currently am having a problem when trying to use SPIFFS.
I want to use SPIFFS for storing some settings, and logs for a project.
The partition data is generated on a host computer and then flashed.

It works correctly when not using Flash encryption.
The partition for the SPIFFS is not encrypted!!

Only want to use the Flash encryption for the application code.

the controller can't even format the partition.

Code: Select all

I (1016) Storage: Initializing SPIFFS data partition
W (1022) SPIFFS: mount failed, -10025. formatting...
E (2496) SPIFFS: mount failed, -10025
E (2496) Storage: Failed to mount or format filesystem
i am using idf version ESP-IDF v4.3.2 and a ESP32-U4WDH (revision 3)

my biggest question is: is this even possible?
and what is going wrong

aaknitt
Posts: 2
Joined: Sun Apr 16, 2023 10:42 pm

Re: SPIFFS when Flash encryption is enabled

Postby aaknitt » Sun Apr 16, 2023 10:48 pm

I'm having similar troubles with the ESP32-C3. I'm using littlefs instead of SPIFFS, but I think the issue is likely common to both.

According to this closed issue, it seems like it should be possible:
https://github.com/espressif/esp-idf/issues/2001

I'm wondering if I also have an issue with my partition table but so far haven't been able to identify a problem.

This is my partition table:

Code: Select all

# Name,   Type, SubType,  Offset,   Size, Flags
nvs,      data, nvs,      0x9000,   0x3000,
otadata,  data, ota,      0xe000,   0x2000,
app0,     app,  ota_0,    0x10000,  0x140000, encrypted
app1,     app,  ota_1,    0x150000, 0x140000, encrypted
spiffs,   data, spiffs,   0x290000, 0x100000,
nvs_key,  data, nvs_keys, 0x390000, 0x100,     encrypted
coredump, data, coredump, 0x3F0000, 0x10000,
I create the littlefs binary using this command:

Code: Select all

mklittlefs.exe -c "\Arduino\sketch_folder\data" -b 4096 -p 256 -s 1048576 littlefs.bin
And then flash it using this command:

Code: Select all

esptool.py --chip esp32c3 --port COM11 --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size 4MB  0x290000 littlefs.bin
Any guidance would be appreciated.

aaknitt
Posts: 2
Joined: Sun Apr 16, 2023 10:42 pm

Re: SPIFFS when Flash encryption is enabled

Postby aaknitt » Sat Apr 22, 2023 10:34 pm

I was able to get this working using LittleFS after a bunch of trial and error.

Apparently LittleFS does support encrypted flash. By changing the spiffs partition to encrypted, I can read and write files using LittleFS. My partition table now looks like this:

Code: Select all

# Name,   Type, SubType,  Offset,   Size, Flags
nvs,      data, nvs,      0x9000,   0x3000,
otadata,  data, ota,      0xe000,   0x2000,
app0,     app,  ota_0,    0x10000,  0x140000, encrypted
app1,     app,  ota_1,    0x150000, 0x140000, encrypted
spiffs,   data, spiffs,   0x290000, 0x100000, encrypted
nvs_key,  data, nvs_keys, 0x390000, 0x1000,   encrypted
coredump, data, coredump, 0x3F0000, 0x10000,
I am using a host generated encryption key, so to package the LittleFS files for flashing I first create the LittleFS binary with something like this:

Code: Select all

mklittlefs.exe -c C:\project\data -b 4096 -p 256 -s 1048576 littlefs.bin
Then encrypt the binary using something like this:

Code: Select all

espsecure.py encrypt_flash_data --aes_xts --keyfile My_encryption_key.bin --address 0x290000 -o encrypted_littlefs.bin littlefs.bin
Then flash the encrypted binary as usual:

Code: Select all

esptool.py --chip esp32c3 --port COM11 --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size 4MB 0x290000 encrypted_littlefs.bin

Who is online

Users browsing this forum: Eltrion and 169 guests