esp-idf/docs/en/api-reference/storage/storage-security.rst

Storage Security
================

:link_to_translation:`zh_CN:[中文]`

Overview of Available Resources
-------------------------------

Data privacy is achieved by using the :doc:`../../security/flash-encryption` feature. This mechanism is currently used by FATFS and LittleFS and is recommended for new storage type implementations based on the Partitions API.
NVS storage uses a proprietary :doc:`NVS encryption <nvs_encryption>` implementation.

Workflows focused on overall system security are described in the :doc:`Host Based Workflows <../../security/host-based-security-workflows>`.
Workflows related to the combination of multiple secured storage components in one project are presented in the :example:`Flash Encryption Example <security/flash_encryption>`.

.. list-table:: Relevant storage security examples
    :widths: 25 75
    :header-rows: 0

    * - **Link**
      - **Description**
    * - :example:`nvs_encryption_hmac <security/nvs_encryption_hmac>`
      - Demonstrates NVS encryption with an HMAC-based encryption key protection scheme.
    * - :example:`flash_encryption <security/flash_encryption>`
      - Provides a combined example showing the coexistence of NVS encryption, FATFS encryption, and encrypted custom data access via the Partitions API. Security related workflows for both development and production are also provided.
feat(examples/security): Extend flash_encryption example with fatfs encryption Updated the flash_encryption example to demonstrate the usage of fatfs encryption. Updated existing test case to ensure accurate and reliable testing. Documentation of storage section extended by security relarted summary. Closes https://github.com/espressif/esp-idf/issues/11551 Closes https://github.com/espressif/esp-idf/issues/13668 2023-12-06 11:25:58 -05:00			`Storage Security`
			`================`

			:link_to_translation:`zh_CN:[中文]`

			`Overview of Available Resources`
			`-------------------------------`

			Data privacy is achieved by using the :doc:`../../security/flash-encryption` feature. This mechanism is currently used by FATFS and LittleFS and is recommended for new storage type implementations based on the Partitions API.
			NVS storage uses a proprietary :doc:`NVS encryption <nvs_encryption>` implementation.

			Workflows focused on overall system security are described in the :doc:`Host Based Workflows <../../security/host-based-security-workflows>`.
			Workflows related to the combination of multiple secured storage components in one project are presented in the :example:`Flash Encryption Example <security/flash_encryption>`.

			`.. list-table:: Relevant storage security examples`
			`:widths: 25 75`
			`:header-rows: 0`

			`* - Link`
			`- Description`
			* - :example:`nvs_encryption_hmac <security/nvs_encryption_hmac>`
			`- Demonstrates NVS encryption with an HMAC-based encryption key protection scheme.`
			* - :example:`flash_encryption <security/flash_encryption>`
			`- Provides a combined example showing the coexistence of NVS encryption, FATFS encryption, and encrypted custom data access via the Partitions API. Security related workflows for both development and production are also provided.`