mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
docs/Flash encryption: Add encrypted partitions section
This commit is contained in:
parent
6d4a116625
commit
b078541ca5
@ -17,17 +17,6 @@ Introduction
|
||||
|
||||
Flash encryption is intended for encrypting the contents of the {IDF_TARGET_NAME}'s off-chip flash memory. Once this feature is enabled, firmware is flashed as plaintext, and then the data is encrypted in place on the first boot. As a result, physical readout of flash will not be sufficient to recover most flash contents.
|
||||
|
||||
With flash encryption enabled, the following types of data are encrypted by default:
|
||||
|
||||
- Firmware bootloader
|
||||
- Partition Table
|
||||
- All "app" type partitions
|
||||
|
||||
Other types of data can be encrypted conditionally:
|
||||
|
||||
- Any partition marked with the ``encrypted`` flag in the partition table. For details, see :ref:`encrypted-partition-flag`.
|
||||
- Secure Boot bootloader digest if Secure Boot is enabled (see below).
|
||||
|
||||
.. only:: esp32
|
||||
|
||||
:doc:`Secure Boot <secure-boot-v2>` is a separate feature which can be used together with flash encryption to create an even more secure environment.
|
||||
@ -40,6 +29,24 @@ Other types of data can be encrypted conditionally:
|
||||
|
||||
Enabling flash encryption limits the options for further updates of {IDF_TARGET_NAME}. Before using this feature, read the document and make sure to understand the implications.
|
||||
|
||||
.. _encrypted-partitions:
|
||||
|
||||
Encrypted Partitions
|
||||
--------------------
|
||||
|
||||
With flash encryption enabled, the following types of data are encrypted by default:
|
||||
|
||||
- Firmware bootloader
|
||||
- Partition Table
|
||||
- :ref:`nvs_encr_key_partition`
|
||||
- Otadata
|
||||
- All "app" type partitions
|
||||
|
||||
Other types of data can be encrypted conditionally:
|
||||
|
||||
- Any partition marked with the ``encrypted`` flag in the partition table. For details, see :ref:`encrypted-partition-flag`.
|
||||
- Secure Boot bootloader digest if Secure Boot is enabled (see below).
|
||||
|
||||
.. _flash-encryption-efuse:
|
||||
|
||||
Relevant eFuses
|
||||
|
@ -17,17 +17,6 @@ flash 加密
|
||||
|
||||
flash 加密功能用于加密与 {IDF_TARGET_NAME} 搭载使用的片外 flash 中的内容。启用 flash 加密功能后,固件会以明文形式烧录,然后在首次启动时将数据进行加密。因此,物理读取 flash 将无法恢复大部分 flash 内容。
|
||||
|
||||
启用 flash 加密后,系统将默认加密下列类型的 flash 数据:
|
||||
|
||||
- 固件引导加载程序
|
||||
- 分区表
|
||||
- 所有 “app” 类型的分区
|
||||
|
||||
其他类型的数据将视情况进行加密:
|
||||
|
||||
- 任何在分区表中标有“加密”标志的分区。详情请见 :ref:`encrypted-partition-flag`。
|
||||
- 如果启用了安全启动,则可以加密安全启动引导程序摘要(见下文)。
|
||||
|
||||
.. only:: esp32
|
||||
|
||||
:doc:`安全启动<secure-boot-v2>` 是一个独立的功能,可以与 flash 加密一起使用,从而创建更安全的环境。
|
||||
@ -40,6 +29,24 @@ flash 加密功能用于加密与 {IDF_TARGET_NAME} 搭载使用的片外 flash
|
||||
|
||||
启用 flash 加密将限制后续 {IDF_TARGET_NAME} 更新。在使用 flash 加密功能前,请务必阅读本文档了解其影响。
|
||||
|
||||
.. _encrypted-partitions:
|
||||
|
||||
Encrypted Partitions
|
||||
--------------------
|
||||
|
||||
启用 flash 加密后,系统将默认加密下列类型的 flash 数据:
|
||||
|
||||
- 固件引导加载程序
|
||||
- 分区表
|
||||
- :ref:`nvs_encr_key_partition`
|
||||
- Otadata
|
||||
- 所有 “app” 类型的分区
|
||||
|
||||
其他类型的数据将视情况进行加密:
|
||||
|
||||
- 任何在分区表中标有“加密”标志的分区。详情请见 :ref:`encrypted-partition-flag`。
|
||||
- 如果启用了安全启动,则可以加密安全启动引导程序摘要(见下文)。
|
||||
|
||||
.. _flash-encryption-efuse:
|
||||
|
||||
相关 eFuses
|
||||
|
Loading…
Reference in New Issue
Block a user