esp-idf/components/nvs_flash/Kconfig

menu "NVS"

    config NVS_ENCRYPTION
        bool "Enable NVS encryption"
        default y
        depends on SECURE_FLASH_ENC_ENABLED
        help
            This option enables encryption for NVS. When enabled, AES-XTS is used to encrypt
            the complete NVS data, except the page headers. It requires XTS encryption keys
            to be stored in an encrypted partition. This means enabling flash encryption is
            a pre-requisite for this feature.

    config NVS_COMPATIBLE_PRE_V4_3_ENCRYPTION_FLAG
        bool "NVS partition encrypted flag compatible with ESP-IDF before v4.3"
        depends on SECURE_FLASH_ENC_ENABLED
        help
            Enabling this will ignore "encrypted" flag for NVS partitions. NVS encryption
            scheme is different than hardware flash encryption and hence it is not recommended
            to have "encrypted" flag for NVS partitions. This was not being checked in pre v4.3
            IDF. Hence, if you have any devices where this flag is kept enabled in partition
            table then enabling this config will allow to have same behavior as pre v4.3 IDF.

endmenu
Fix Kconfig issues discovered by upstream Kconfiglib 2019-09-23 16:10:57 +02:00			`menu "NVS"`
nvs_flash: Add support for nvs encryption 2018-07-02 16:40:43 +05:30
Correct Kconfigs according to the coding style 2019-01-25 17:10:53 +01:00			`config NVS_ENCRYPTION`
			`bool "Enable NVS encryption"`
nvs_flash: Modify the default NVS initialization API with internal nvs encryption handling (only when nvs encryption is enabled) * NVS Encryption will now be turned on by default with flash encryption * Updated the flash encryption example to shocase NVS encryption along with information on how to configure and use NVS encryption * Updated respective test case * Added two partition tables for NVS encryption i) Table 1- Single factory app, no OTA, encrypted NVS ii) Table 2- Factory app, Two OTA, encrypted NVS 2020-12-15 08:31:39 +05:30			`default y`
Rename Kconfig options (components/bootloader) 2019-05-09 14:10:35 +02:00			`depends on SECURE_FLASH_ENC_ENABLED`
Correct Kconfigs according to the coding style 2019-01-25 17:10:53 +01:00			`help`
			`This option enables encryption for NVS. When enabled, AES-XTS is used to encrypt`
			`the complete NVS data, except the page headers. It requires XTS encryption keys`
			`to be stored in an encrypted partition. This means enabling flash encryption is`
			`a pre-requisite for this feature.`
nvs: add config to ignore "encrypted" flag of nvs partitions This is to allow having pre IDF v4.3 behavior where "encrypted" flag was not being checked for NVS partitions. It is recommended to enable this new config only if you have production devices where NVS partition was being set with "encrypted" flag by mistake. Please see commit aca9ec28b3d091a73605ee89ab63f8f76a996491 which introduced check to not allow NVS partitions with "encrypted" flag set. More discussion on this at: https://github.com/espressif/esp-idf/issues/5747#issuecomment-956223024 https://github.com/espressif/esp-idf/issues/7839#issuecomment-961477667 Closes https://github.com/espressif/esp-idf/issues/7839 Closes IDFGH-6162 2021-11-11 12:16:24 +05:30
			`config NVS_COMPATIBLE_PRE_V4_3_ENCRYPTION_FLAG`
			`bool "NVS partition encrypted flag compatible with ESP-IDF before v4.3"`
			`depends on SECURE_FLASH_ENC_ENABLED`
			`help`
			`Enabling this will ignore "encrypted" flag for NVS partitions. NVS encryption`
			`scheme is different than hardware flash encryption and hence it is not recommended`
			`to have "encrypted" flag for NVS partitions. This was not being checked in pre v4.3`
			`IDF. Hence, if you have any devices where this flag is kept enabled in partition`
			`table then enabling this config will allow to have same behavior as pre v4.3 IDF.`

nvs_flash: Add support for nvs encryption 2018-07-02 16:40:43 +05:30			`endmenu`