SPIFFS when Flash encryption is enabled

[PatrickVisser]

I currently am having a problem when trying to use SPIFFS.
I want to use SPIFFS for storing some settings, and logs for a project.
The partition data is generated on a host computer and then flashed.

It works correctly when not using Flash encryption.
The partition for the SPIFFS is not encrypted!!

Only want to use the Flash encryption for the application code.

the controller can't even format the partition.

Code: Select all

I (1016) Storage: Initializing SPIFFS data partition
W (1022) SPIFFS: mount failed, -10025. formatting...
E (2496) SPIFFS: mount failed, -10025
E (2496) Storage: Failed to mount or format filesystem

i am using idf version ESP-IDF v4.3.2 and a ESP32-U4WDH (revision 3)

my biggest question is: is this even possible?
and what is going wrong

[aaknitt]

I'm having similar troubles with the ESP32-C3. I'm using littlefs instead of SPIFFS, but I think the issue is likely common to both.

According to this closed issue, it seems like it should be possible:
https://github.com/espressif/esp-idf/issues/2001

I'm wondering if I also have an issue with my partition table but so far haven't been able to identify a problem.

This is my partition table:

Code: Select all

# Name,   Type, SubType,  Offset,   Size, Flags
nvs,      data, nvs,      0x9000,   0x3000,
otadata,  data, ota,      0xe000,   0x2000,
app0,     app,  ota_0,    0x10000,  0x140000, encrypted
app1,     app,  ota_1,    0x150000, 0x140000, encrypted
spiffs,   data, spiffs,   0x290000, 0x100000,
nvs_key,  data, nvs_keys, 0x390000, 0x100,     encrypted
coredump, data, coredump, 0x3F0000, 0x10000,

I create the littlefs binary using this command:

Code: Select all

mklittlefs.exe -c "\Arduino\sketch_folder\data" -b 4096 -p 256 -s 1048576 littlefs.bin

And then flash it using this command:

Code: Select all

esptool.py --chip esp32c3 --port COM11 --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size 4MB  0x290000 littlefs.bin

Any guidance would be appreciated.

[aaknitt]

I was able to get this working using LittleFS after a bunch of trial and error.

Apparently LittleFS does support encrypted flash. By changing the spiffs partition to encrypted, I can read and write files using LittleFS. My partition table now looks like this:

Code: Select all

# Name,   Type, SubType,  Offset,   Size, Flags
nvs,      data, nvs,      0x9000,   0x3000,
otadata,  data, ota,      0xe000,   0x2000,
app0,     app,  ota_0,    0x10000,  0x140000, encrypted
app1,     app,  ota_1,    0x150000, 0x140000, encrypted
spiffs,   data, spiffs,   0x290000, 0x100000, encrypted
nvs_key,  data, nvs_keys, 0x390000, 0x1000,   encrypted
coredump, data, coredump, 0x3F0000, 0x10000,

I am using a host generated encryption key, so to package the LittleFS files for flashing I first create the LittleFS binary with something like this:

Code: Select all

mklittlefs.exe -c C:\project\data -b 4096 -p 256 -s 1048576 littlefs.bin

Then encrypt the binary using something like this:

Code: Select all

espsecure.py encrypt_flash_data --aes_xts --keyfile My_encryption_key.bin --address 0x290000 -o encrypted_littlefs.bin littlefs.bin

Then flash the encrypted binary as usual:

Code: Select all

esptool.py --chip esp32c3 --port COM11 --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size 4MB 0x290000 encrypted_littlefs.bin