Merge branch 'feature/add_documentation_for_external_flash_encryption_v5.1' into 'release/v5.1'

flash_encryption_docs: Add documentation regarding enabling flash encryption externally through espefuse tool (v5.1) See merge request espressif/esp-idf!30522
2024-10-05 20:47:46 -04:00 · 2024-05-10 20:35:11 +08:00 · 2024-05-10 20:35:11 +08:00 · 6aa5c43b70
commit 6aa5c43b70
parent 41de6d2f90 43d48bb23f
2 changed files with 36 additions and 22 deletions
--- a/docs/en/security/flash-encryption.rst
+++ b/docs/en/security/flash-encryption.rst
@ -17,17 +17,6 @@ Introduction
 Flash encryption is intended for encrypting the contents of the {IDF_TARGET_NAME}'s off-chip flash memory. Once this feature is enabled, firmware is flashed as plaintext, and then the data is encrypted in place on the first boot. As a result, physical readout of flash will not be sufficient to recover most flash contents.
 With flash encryption enabled, the following types of data are encrypted by default:
 - Firmware bootloader
 - Partition Table
 - All "app" type partitions
 Other types of data can be encrypted conditionally:
 - Any partition marked with the ``encrypted`` flag in the partition table. For details, see :ref:`encrypted-partition-flag`.
 - Secure Boot bootloader digest if Secure Boot is enabled (see below).
 .. only:: esp32
    :doc:`Secure Boot <secure-boot-v2>` is a separate feature which can be used together with flash encryption to create an even more secure environment.
@ -40,6 +29,24 @@ Other types of data can be encrypted conditionally:
    Enabling flash encryption limits the options for further updates of {IDF_TARGET_NAME}. Before using this feature, read the document and make sure to understand the implications.
 .. _encrypted-partitions:
 Encrypted Partitions
 --------------------
 With flash encryption enabled, the following types of data are encrypted by default:
 - Firmware bootloader
 - Partition Table
 - :ref:`nvs_key_partition`
 - Otadata
 - All "app" type partitions
 Other types of data can be encrypted conditionally:
 - Any partition marked with the ``encrypted`` flag in the partition table. For details, see :ref:`encrypted-partition-flag`.
 - Secure Boot bootloader digest if Secure Boot is enabled (see below).
 .. _flash-encryption-efuse:
 Relevant eFuses
--- a/docs/zh_CN/security/flash-encryption.rst
+++ b/docs/zh_CN/security/flash-encryption.rst
@ -17,17 +17,6 @@ flash 加密
 flash 加密功能用于加密与 {IDF_TARGET_NAME} 搭载使用的片外 flash 中的内容。启用 flash 加密功能后，固件会以明文形式烧录，然后在首次启动时将数据进行加密。因此，物理读取 flash 将无法恢复大部分 flash 内容。
 启用 flash 加密后，系统将默认加密下列类型的 flash 数据：
 - 固件引导加载程序
 - 分区表
 - 所有 “app” 类型的分区
 其他类型的数据将视情况进行加密：
 - 任何在分区表中标有“加密”标志的分区。详情请见 :ref:`encrypted-partition-flag`。
 - 如果启用了安全启动，则可以加密安全启动引导程序摘要（见下文）。
 .. only:: esp32
    :doc:`安全启动<secure-boot-v2>` 是一个独立的功能，可以与 flash 加密一起使用，从而创建更安全的环境。
@ -40,6 +29,24 @@ flash 加密功能用于加密与 {IDF_TARGET_NAME} 搭载使用的片外 flash
    启用 flash 加密将限制后续 {IDF_TARGET_NAME} 更新。在使用 flash 加密功能前，请务必阅读本文档了解其影响。
 .. _encrypted-partitions:
 Encrypted Partitions
 --------------------
 启用 flash 加密后，系统将默认加密下列类型的 flash 数据：
 - 固件引导加载程序
 - 分区表
 - :ref:`nvs_key_partition`
 - Otadata
 - 所有 “app” 类型的分区
 其他类型的数据将视情况进行加密：
 - 任何在分区表中标有“加密”标志的分区。详情请见 :ref:`encrypted-partition-flag`。
 - 如果启用了安全启动，则可以加密安全启动引导程序摘要（见下文）。
 .. _flash-encryption-efuse:
 相关 eFuses