From 98655d4ad3400aa77ca567804cd941e3c18f4282 Mon Sep 17 00:00:00 2001 From: renpeiying Date: Thu, 15 Aug 2024 18:44:41 +0800 Subject: [PATCH] docs: Update CN translation for partition-table and nvs-encryption --- docs/en/api-guides/partition-tables.rst | 1 + docs/zh_CN/api-guides/partition-tables.rst | 21 ++++++++++++++++++- .../api-reference/storage/nvs_encryption.rst | 12 +++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/docs/en/api-guides/partition-tables.rst b/docs/en/api-guides/partition-tables.rst index b9432bb2d8..9da55858a1 100644 --- a/docs/en/api-guides/partition-tables.rst +++ b/docs/en/api-guides/partition-tables.rst @@ -332,6 +332,7 @@ The command-line interface of `parttool.py` has the following structure: If the device has already enabled ``Flash Encryption`` or ``Secure Boot``, attempting to use commands that modify the flash content, such as ``erase_partition`` or ``write_partition``, will result in an error. This error is generated by the erase command of ``esptool.py``, which is called first before writing. This error is done as a safety measure to prevent bricking your device. :: + A fatal error occurred: Active security features detected, erasing flash is disabled as a safety measure. Use --force to override, please use with caution, otherwise it may brick your device! To work around this, you need use the ``--force`` flag with ``esptool.py``. Specifically, the ``parttool.py`` provides the ``--esptool-erase-args`` argument that help to pass this flag to ``esptool.py``. diff --git a/docs/zh_CN/api-guides/partition-tables.rst b/docs/zh_CN/api-guides/partition-tables.rst index 0c744b589c..7297ccf528 100644 --- a/docs/zh_CN/api-guides/partition-tables.rst +++ b/docs/zh_CN/api-guides/partition-tables.rst @@ -17,7 +17,7 @@ - "Single factory app, no OTA" - "Factory app, two OTA definitions" -在以上两种选项中,出厂应用程序均将被烧录至 flash 的 0x10000 偏移地址处。这时,运行 `idf.py partition-table` ,即可以打印当前使用分区表的信息摘要。 +在以上两种选项中,出厂应用程序均将被烧录至 flash 的 0x10000 偏移地址处。这时,运行 ``idf.py partition-table``,即可以打印当前使用分区表的信息摘要。 内置分区表 ------------ @@ -328,6 +328,25 @@ Python API # 打印默认启动分区的大小 parttool.py --port "/dev/ttyUSB1" get_partition_info --partition-boot-default --info size +.. note:: + 如果设备启用了 ``Flash Encryption`` 或 ``Secure Boot``,尝试使用修改 flash 内容的命令(如 ``erase_partition`` 或 ``write_partition``)会导致错误。这是因为 ``esptool.py`` 的擦除命令会在写入之前先被调用。这个“错误”实际上是一个用来防止设备变砖的安全措施。 + + :: + + A fatal error occurred: Active security features detected, erasing flash is disabled as a safety measure. Use --force to override, please use with caution, otherwise it may brick your device! + + 要解决此问题,需在运行 ``esptool.py`` 时使用 ``--force`` 参数。具体而言,``parttool.py`` 提供了 ``--esptool-erase-args`` 参数,用来将 ``--force`` 参数传递给 ``esptool.py``。 + + .. code-block:: bash + + # 擦除名为 'storage' 的分区 + # 如果启用了 Flash Encryption 或 Secure Boot,则添加 "--esptool-erase-args=force" + parttool.py --port "/dev/ttyUSB1" --esptool-erase-args=force erase_partition --partition-name=storage + + # 将名为 'factory.bin' 的文件内容写入 'factory' 分区 + # 如果启用了 Flash Encryption 或 Secure Boot,则添加 "--esptool-erase-args=force" + parttool.py --port "/dev/ttyUSB1" --esptool-erase-args=force write_partition --partition-name=factory --input "factory.bin" + 更多信息可用 `--help` 指令查看: .. code-block:: bash diff --git a/docs/zh_CN/api-reference/storage/nvs_encryption.rst b/docs/zh_CN/api-reference/storage/nvs_encryption.rst index 5417f59c06..f0565d02de 100644 --- a/docs/zh_CN/api-reference/storage/nvs_encryption.rst +++ b/docs/zh_CN/api-reference/storage/nvs_encryption.rst @@ -66,6 +66,10 @@ NVS 密钥分区 parttool.py --port PORT --partition-table-file=PARTITION_TABLE_FILE --partition-table-offset PARTITION_TABLE_OFFSET erase_partition --partition-type=data --partition-subtype=nvs_keys + # 如果启用了 Flash Encryption 或 Secure Boot,需要使用 "--esptool-erase-args=force" 来抑制错误: + # "Active security features detected, erasing flash is disabled as a safety measure. Use --force to override ..." + parttool.py --port PORT --esptool-erase-args=force --partition-table-file=PARTITION_TABLE_FILE --partition-table-offset PARTITION_TABLE_OFFSET erase_partition --partition-type=data --partition-subtype=nvs_keys + **使用预生成的 NVS 密钥分区** 如果 :ref:`nvs_encr_key_partition` 中的密钥不是由应用程序生成,则需要使用预先生成的密钥分区。可以使用 :doc:`/api-reference/storage/nvs_partition_gen` 生成包含 XTS 加密密钥的 :ref:`nvs_encr_key_partition`。然后使用以下两个命令将预生成的密钥分区存储到 flash 上: @@ -80,12 +84,20 @@ NVS 密钥分区 parttool.py --port PORT --partition-table-offset PARTITION_TABLE_OFFSET write_partition --partition-name="name of nvs_key partition" --input NVS_KEY_PARTITION_FILE + # 如果启用了 Flash Encryption 或 Secure Boot,需要使用 "--esptool-erase-args=force" 来抑制错误: + # "Active security features detected, erasing flash is disabled as a safety measure. Use --force to override ..." + parttool.py --port PORT --esptool-erase-args=force --partition-table-offset PARTITION_TABLE_OFFSET write_partition --partition-name="name of nvs_key partition" --input NVS_KEY_PARTITION_FILE + .. note:: 如果设备是在 flash 加密开发模式下加密的,那么要更新 NVS 密钥分区就需要使用 :component_file:`parttool.py ` 来加密 NVS 密钥分区,并提供一个指向你构建目录中未加密分区表的指针 (build/partition_table),因为设备上的分区表也是加密的。命令如下: :: parttool.py --esptool-write-args encrypt --port PORT --partition-table-file=PARTITION_TABLE_FILE --partition-table-offset PARTITION_TABLE_OFFSET write_partition --partition-name="nvs_key 分区名称" --input NVS_KEY_PARTITION_FILE + # 如果启用了 Flash Encryption 或 Secure Boot,需要使用 "--esptool-erase-args=force" 来抑制错误: + # "Active security features detected, erasing flash is disabled as a safety measure. Use --force to override ..." + parttool.py --esptool-erase-args=force --esptool-write-args encrypt --port PORT --partition-table-file=PARTITION_TABLE_FILE --partition-table-offset PARTITION_TABLE_OFFSET write_partition --partition-name="name of nvs_key partition" --input NVS_KEY_PARTITION_FILE + 由于密钥分区被标记为 ``encrypted``,且 :doc:`../../security/flash-encryption` 已启用,引导程序会在首次启动时使用 flash 加密密钥对此分区进行加密。 一个应用程序可以使用不同的密钥对不同的 NVS 分区进行加密,从而拥有多个密钥分区。应用程序应为加密或解密操作提供正确的密钥分区和密钥信息。