feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

Merge branch 'docs/flash_enc_only_s2_v4.2' into 'release/v4.2'

Browse Source 
docs: fix S2 specific flash encryption cmds in ESP32 docs

See merge request espressif/esp-idf!15139
This commit is contained in:
Mahavir Jain
2021-09-16 14:31:38 +00:00
parent 87e9a54f63 33663461c0
commit 0dea76b299
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/en/security/flash-encryption.rst
View File

@@ -302,23 +302,23 @@ To use a host generated key, take the following steps:
espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key.bin KEYPURPOSE espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key.bin KEYPURPOSE
where `BLOCK` is a free keyblock between `BLOCK_KEY0` and `BLOCK_KEY5`. And `KEYPURPOSE` is either `AES_256_KEY_1`, `XTS_AES_256_KEY_2`, `XTS_AES_128_KEY`. See `{IDF_TARGET_NAME} Technical Reference Manual <{IDF_TARGET_TRM_EN_URL}>`_ for a description of the key purposes. where `BLOCK` is a free keyblock between `BLOCK_KEY0` and `BLOCK_KEY5`. And `KEYPURPOSE` is either `AES_256_KEY_1`, `XTS_AES_256_KEY_2`, `XTS_AES_128_KEY`. See `{IDF_TARGET_NAME} Technical Reference Manual <{IDF_TARGET_TRM_EN_URL}>`_ for a description of the key purposes.
AES-128 (256-bit key) - `XTS_AES_128_KEY`: AES-128 (256-bit key) - `XTS_AES_128_KEY`:
.. code-block:: bash .. code-block:: bash
espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key.bin XTS_AES_128_KEY espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key.bin XTS_AES_128_KEY
AES-256 (512-bit key) - `XTS_AES_256_KEY_1` and `XTS_AES_256_KEY_2`. It is not fully supported yet in espefuse.py and espsecure.py. Need to do the following steps: AES-256 (512-bit key) - `XTS_AES_256_KEY_1` and `XTS_AES_256_KEY_2`. It is not fully supported yet in espefuse.py and espsecure.py. Need to do the following steps:
.. code-block:: bash .. code-block:: bash
espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key1.bin XTS_AES_256_KEY_1 espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key1.bin XTS_AES_256_KEY_1
espefuse.py --port PORT burn_key BLOCK+1 my_flash_encryption_key2.bin XTS_AES_256_KEY_2 espefuse.py --port PORT burn_key BLOCK+1 my_flash_encryption_key2.bin XTS_AES_256_KEY_2
where `BLOCK+1` is a block adjacent to `BLOCK` (best practice is to keep them adjacent). where `BLOCK+1` is a block adjacent to `BLOCK` (best practice is to keep them adjacent).
If the key is not burned and the device is started after enabling flash encryption, the {IDF_TARGET_NAME} will generate a random key that software cannot access or modify. If the key is not burned and the device is started after enabling flash encryption, the {IDF_TARGET_NAME} will generate a random key that software cannot access or modify.