Reputation: 1597
ESP32 Flash Encryption
Working on implementing flash encryption and secure boot on ESP32. The first step is to get flash encryption working. I am targeting the following settings:
- Release Mode
- No reflash over UART.
- Use the esp generated key (no need to reflash anything).
MAlong with my 2 OTA app partitions, I have used a data partition of sub-type nvs to store my device security certificate for access to my cloud backend.
In my partitions.csv file, I don't think I can set the nvs partition to encrypted as it would brick my device. How can this be made secure?
Do I need to add nvs encryption an nvs_keys partition?
Upvotes: 1
Views: 1057
Answers (1)
Reputation: 4762
NVS partitions can also be encrypted, but it's done differently from encrypting everything else in Flash. In short, you need two partitions. One is your NVS data partition which gets encrypted using NVS encryption algorithm. Other is the "NVS keys" partition which holds the encryption keys for previous, and this one gets encrypted using the standard Flash encryption algorithm. If it sounds confusing, welcome to the club. But once you dig through this, it works fine.
Pre-generating an encrypted NVS data partition with some data on it (e.g. your certificate) now gets an extra step where you encrypt it on your computer before writing it to Flash.
Upvotes: 3
Related Questions
- Write String to permanent flash memory of Arduino ESP32
- Autokey Encryption
- Flashing ESP32's memory without installing the whole IDF?
- How to store data in flash memory of ESP32?
- writing and reading object into esp32 flash memory, arduino
- esp32 and php XXTEA strings encryption
- Flash Encryption PHP Decryption
- Flash & C# encryption
- encrypting flash files
- encrypting data using blowfish under flash