From 33663461c0cb4cf5e901650578db148732dc8e03 Mon Sep 17 00:00:00 2001 From: Marius Vikhammer Date: Thu, 9 Sep 2021 10:38:48 +0800 Subject: [PATCH] docs: fix S2 specific flash encryption cmds in ESP32 docs Closes https://github.com/espressif/esp-idf/issues/7537 --- docs/en/security/flash-encryption.rst | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/en/security/flash-encryption.rst b/docs/en/security/flash-encryption.rst index 954ea01934..f758204a8c 100644 --- a/docs/en/security/flash-encryption.rst +++ b/docs/en/security/flash-encryption.rst @@ -302,23 +302,23 @@ To use a host generated key, take the following steps: espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key.bin KEYPURPOSE - where `BLOCK` is a free keyblock between `BLOCK_KEY0` and `BLOCK_KEY5`. And `KEYPURPOSE` is either `AES_256_KEY_1`, `XTS_AES_256_KEY_2`, `XTS_AES_128_KEY`. See `{IDF_TARGET_NAME} Technical Reference Manual <{IDF_TARGET_TRM_EN_URL}>`_ for a description of the key purposes. + where `BLOCK` is a free keyblock between `BLOCK_KEY0` and `BLOCK_KEY5`. And `KEYPURPOSE` is either `AES_256_KEY_1`, `XTS_AES_256_KEY_2`, `XTS_AES_128_KEY`. See `{IDF_TARGET_NAME} Technical Reference Manual <{IDF_TARGET_TRM_EN_URL}>`_ for a description of the key purposes. - AES-128 (256-bit key) - `XTS_AES_128_KEY`: + AES-128 (256-bit key) - `XTS_AES_128_KEY`: - .. code-block:: bash + .. code-block:: bash - espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key.bin XTS_AES_128_KEY + espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key.bin XTS_AES_128_KEY - AES-256 (512-bit key) - `XTS_AES_256_KEY_1` and `XTS_AES_256_KEY_2`. It is not fully supported yet in espefuse.py and espsecure.py. Need to do the following steps: + AES-256 (512-bit key) - `XTS_AES_256_KEY_1` and `XTS_AES_256_KEY_2`. It is not fully supported yet in espefuse.py and espsecure.py. Need to do the following steps: - .. code-block:: bash + .. code-block:: bash - espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key1.bin XTS_AES_256_KEY_1 + espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key1.bin XTS_AES_256_KEY_1 - espefuse.py --port PORT burn_key BLOCK+1 my_flash_encryption_key2.bin XTS_AES_256_KEY_2 + espefuse.py --port PORT burn_key BLOCK+1 my_flash_encryption_key2.bin XTS_AES_256_KEY_2 - where `BLOCK+1` is a block adjacent to `BLOCK` (best practice is to keep them adjacent). + where `BLOCK+1` is a block adjacent to `BLOCK` (best practice is to keep them adjacent). If the key is not burned and the device is started after enabling flash encryption, the {IDF_TARGET_NAME} will generate a random key that software cannot access or modify.