espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-31 19:24:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/nvs_partition_encrypted_flag_compatibility_v4.3' into 'release/v4.3'

Browse Source 
nvs: add config to ignore "encrypted" flag of nvs partitions (v4.3)

See merge request espressif/esp-idf!15921
This commit is contained in:
Mahavir Jain
2021-11-17 03:56:42 +00:00
parent fa640fef3e 2b4604ce8e
commit a397a70373
2 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
components/nvs_flash/Kconfig
View File

@@ -9,4 +9,15 @@ menu "NVS"
the complete NVS data, except the page headers. It requires XTS encryption keys the complete NVS data, except the page headers. It requires XTS encryption keys
to be stored in an encrypted partition. This means enabling flash encryption is to be stored in an encrypted partition. This means enabling flash encryption is
a pre-requisite for this feature. a pre-requisite for this feature.
config NVS_COMPATIBLE_PRE_V4_3_ENCRYPTION_FLAG
bool "NVS partition encrypted flag compatible with ESP-IDF before v4.3"
depends on SECURE_FLASH_ENC_ENABLED
help
Enabling this will ignore "encrypted" flag for NVS partitions. NVS encryption
scheme is different than hardware flash encryption and hence it is not recommended
to have "encrypted" flag for NVS partitions. This was not being checked in pre v4.3
IDF. Hence, if you have any devices where this flag is kept enabled in partition
table then enabling this config will allow to have same behavior as pre v4.3 IDF.
endmenu endmenu

15
components/spi_flash/partition.c
View File

@@ -222,14 +222,23 @@ static esp_err_t load_partitions(void)
if (!esp_flash_encryption_enabled()) { if (!esp_flash_encryption_enabled()) {
/* If flash encryption is not turned on, no partitions should be treated as encrypted */ /* If flash encryption is not turned on, no partitions should be treated as encrypted */
item->info.encrypted = false; item->info.encrypted = false;
} else if (entry.type == PART_TYPE_APP } else if (entry.type == ESP_PARTITION_TYPE_APP
|| (entry.type == PART_TYPE_DATA && entry.subtype == PART_SUBTYPE_DATA_OTA) || (entry.type == ESP_PARTITION_TYPE_DATA && entry.subtype == ESP_PARTITION_SUBTYPE_DATA_OTA)
|| (entry.type == PART_TYPE_DATA && entry.subtype == PART_SUBTYPE_DATA_NVS_KEYS)) { || (entry.type == ESP_PARTITION_TYPE_DATA && entry.subtype == ESP_PARTITION_SUBTYPE_DATA_NVS_KEYS)) {
/* If encryption is turned on, all app partitions and OTA data /* If encryption is turned on, all app partitions and OTA data
are always encrypted */ are always encrypted */
item->info.encrypted = true; item->info.encrypted = true;
} }
#if CONFIG_NVS_COMPATIBLE_PRE_V4_3_ENCRYPTION_FLAG
if (entry.type == ESP_PARTITION_TYPE_DATA &&
entry.subtype == ESP_PARTITION_SUBTYPE_DATA_NVS &&
(entry.flags & PART_FLAG_ENCRYPTED)) {
ESP_LOGI(TAG, "Ignoring encrypted flag for \"%s\" partition", entry.label);
item->info.encrypted = false;
}
#endif
// item->info.label is initialized by calloc, so resulting string will be null terminated // item->info.label is initialized by calloc, so resulting string will be null terminated
strncpy(item->info.label, (const char*) entry.label, sizeof(item->info.label) - 1); strncpy(item->info.label, (const char*) entry.label, sizeof(item->info.label) - 1);