alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'bugfix/nvs_encryption_keys' into 'master'

Browse Source 
NVS: fix nvs_flash_generate_keys to generate random keys (Github PR)

See merge request espressif/esp-idf!12205
This commit is contained in:
Ivan Grokhotkov 2021-02-17 09:44:19 +00:00
commit 674cfe4fd2
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
components/nvs_flash/src/nvs_api.cpp
View File

@ -571,16 +571,28 @@ extern "C" esp_err_t nvs_flash_generate_keys(const esp_partition_t* partition, n
}
for(uint8_t cnt = 0; cnt < NVS_KEY_SIZE; cnt++) {
cfg->eky[cnt] = 0xff;
cfg->tky[cnt] = 0xee;
/* Adjacent 16-byte blocks should be different */
if (((cnt / 16) & 1) == 0) {
cfg->eky[cnt] = 0xff;
cfg->tky[cnt] = 0xee;
} else {
cfg->eky[cnt] = 0x99;
cfg->tky[cnt] = 0x88;
}
}
err = esp_partition_write(partition, 0, cfg->eky, NVS_KEY_SIZE);
/**
* Write key configuration without encryption engine (using raw partition write APIs).
* But the read is decrypted through flash encryption engine. This allows unique NVS encryption configuration,
* as flash encryption key is randomly generated per device.
*/
err = esp_partition_write_raw(partition, 0, cfg->eky, NVS_KEY_SIZE);
if(err != ESP_OK) {
return err;
}
err = esp_partition_write(partition, NVS_KEY_SIZE, cfg->tky, NVS_KEY_SIZE);
/* Write without encryption, see note above */
err = esp_partition_write_raw(partition, NVS_KEY_SIZE, cfg->tky, NVS_KEY_SIZE);
if(err != ESP_OK) {
return err;
}