Merge branch 'bugfix/nvs_partition_encrypted_flag_compatibility_v4.4' into 'release/v4.4'

nvs: add config to ignore "encrypted" flag of nvs partitions (v4.4)

See merge request espressif/esp-idf!15920
This commit is contained in:
Mahavir Jain 2021-11-23 05:46:44 +00:00
commit 81e0c7f662
2 changed files with 23 additions and 3 deletions

View File

@ -9,4 +9,15 @@ menu "NVS"
the complete NVS data, except the page headers. It requires XTS encryption keys
to be stored in an encrypted partition. This means enabling flash encryption is
a pre-requisite for this feature.
config NVS_COMPATIBLE_PRE_V4_3_ENCRYPTION_FLAG
bool "NVS partition encrypted flag compatible with ESP-IDF before v4.3"
depends on SECURE_FLASH_ENC_ENABLED
help
Enabling this will ignore "encrypted" flag for NVS partitions. NVS encryption
scheme is different than hardware flash encryption and hence it is not recommended
to have "encrypted" flag for NVS partitions. This was not being checked in pre v4.3
IDF. Hence, if you have any devices where this flag is kept enabled in partition
table then enabling this config will allow to have same behavior as pre v4.3 IDF.
endmenu

View File

@ -227,14 +227,23 @@ static esp_err_t load_partitions(void)
if (!esp_flash_encryption_enabled()) {
/* If flash encryption is not turned on, no partitions should be treated as encrypted */
item->info.encrypted = false;
} else if (entry.type == PART_TYPE_APP
|| (entry.type == PART_TYPE_DATA && entry.subtype == PART_SUBTYPE_DATA_OTA)
|| (entry.type == PART_TYPE_DATA && entry.subtype == PART_SUBTYPE_DATA_NVS_KEYS)) {
} else if (entry.type == ESP_PARTITION_TYPE_APP
|| (entry.type == ESP_PARTITION_TYPE_DATA && entry.subtype == ESP_PARTITION_SUBTYPE_DATA_OTA)
|| (entry.type == ESP_PARTITION_TYPE_DATA && entry.subtype == ESP_PARTITION_SUBTYPE_DATA_NVS_KEYS)) {
/* If encryption is turned on, all app partitions and OTA data
are always encrypted */
item->info.encrypted = true;
}
#if CONFIG_NVS_COMPATIBLE_PRE_V4_3_ENCRYPTION_FLAG
if (entry.type == ESP_PARTITION_TYPE_DATA &&
entry.subtype == ESP_PARTITION_SUBTYPE_DATA_NVS &&
(entry.flags & PART_FLAG_ENCRYPTED)) {
ESP_LOGI(TAG, "Ignoring encrypted flag for \"%s\" partition", entry.label);
item->info.encrypted = false;
}
#endif
// item->info.label is initialized by calloc, so resulting string will be null terminated
strncpy(item->info.label, (const char*) entry.label, sizeof(item->info.label) - 1);