espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-05 13:44:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

examples/security: add support for initializing custom NVS partition with encryption

Browse Source
This commit is contained in:
Mahavir Jain
2022-06-02 18:13:43 +05:30
parent 2d08431433
commit beca401fbc
2 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
examples/security/flash_encryption/main/flash_encrypt_main.c
View File

@@ -22,6 +22,8 @@ static void example_print_chip_info(void);
static void example_print_flash_encryption_status(void); static void example_print_flash_encryption_status(void);
static void example_read_write_flash(void); static void example_read_write_flash(void);
#define CUSTOM_NVS_PART_NAME "custom_nvs"
static const char* TAG = "example"; static const char* TAG = "example";
#if CONFIG_IDF_TARGET_ESP32 #if CONFIG_IDF_TARGET_ESP32
@@ -32,6 +34,35 @@ static const char* TAG = "example";
#define TARGET_CRYPT_CNT_WIDTH 3 #define TARGET_CRYPT_CNT_WIDTH 3
#endif #endif
static esp_err_t example_custom_nvs_part_init(const char *name)
{
#if CONFIG_NVS_ENCRYPTION
esp_err_t ret = ESP_FAIL;
const esp_partition_t *key_part = esp_partition_find_first(
ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_NVS_KEYS, NULL);
if (key_part == NULL) {
ESP_LOGE(TAG, "CONFIG_NVS_ENCRYPTION is enabled, but no partition with subtype nvs_keys found in the partition table.");
return ret;
}
nvs_sec_cfg_t cfg = {};
ret = nvs_flash_read_security_cfg(key_part, &cfg);
if (ret != ESP_OK) {
/* We shall not generate keys here as that must have been done in default NVS partition initialization case */
ESP_LOGE(TAG, "Failed to read NVS security cfg: [0x%02X] (%s)", ret, esp_err_to_name(ret));
return ret;
}
ret = nvs_flash_secure_init_partition(name, &cfg);
if (ret == ESP_OK) {
ESP_LOGI(TAG, "NVS partition \"%s\" is encrypted.", name);
}
return ret;
#else
return nvs_flash_init_partition(name);
#endif
}
void app_main(void) void app_main(void)
{ {
printf("\nExample to check Flash Encryption status\n"); printf("\nExample to check Flash Encryption status\n");
@@ -46,8 +77,15 @@ void app_main(void)
ret = nvs_flash_init(); ret = nvs_flash_init();
} }
ESP_ERROR_CHECK(ret); ESP_ERROR_CHECK(ret);
}
/* Initialize the custom NVS partition */
ret = example_custom_nvs_part_init(CUSTOM_NVS_PART_NAME);
if (ret == ESP_ERR_NVS_NO_FREE_PAGES || ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
ESP_ERROR_CHECK(nvs_flash_erase_partition(CUSTOM_NVS_PART_NAME));
ret = example_custom_nvs_part_init(CUSTOM_NVS_PART_NAME);
}
ESP_ERROR_CHECK(ret);
}
static void example_print_chip_info(void) static void example_print_chip_info(void)
{ {

2
examples/security/flash_encryption/partitions_example.csv
View File

@@ -5,3 +5,5 @@ storage, data, 0xff, , 0x1000, encrypted
factory, app, factory, , 1M, factory, app, factory, , 1M,
# nvs_key partition contains the key that encrypts the NVS partition named nvs. The nvs_key partition needs to be encrypted. # nvs_key partition contains the key that encrypts the NVS partition named nvs. The nvs_key partition needs to be encrypted.
nvs_key, data, nvs_keys, , 0x1000, encrypted, nvs_key, data, nvs_keys, , 0x1000, encrypted,
# Custom NVS data partition
custom_nvs, data, nvs, , 0x6000,
1 # Name, Type, SubType, Offset, Size, Flags
5 factory, app, factory, , 1M,
6 # nvs_key partition contains the key that encrypts the NVS partition named nvs. The nvs_key partition needs to be encrypted.
7 nvs_key, data, nvs_keys, , 0x1000, encrypted,
8 # Custom NVS data partition
9 custom_nvs, data, nvs, , 0x6000,