mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
c1bed366ba
- This features allows the NVS encryption keys to be derived and protected using the HMAC peripheral. Since the encryption keys are derived at runtime, they are not stored anywhere in the flash and hence this feature does not require a separate `nvs_keys` partition.
29 lines
1.4 KiB
Plaintext
29 lines
1.4 KiB
Plaintext
menu "NVS"
|
|
|
|
config NVS_ENCRYPTION
|
|
bool "Enable NVS encryption"
|
|
depends on SECURE_FLASH_ENC_ENABLED || SOC_HMAC_SUPPORTED
|
|
default y if SECURE_FLASH_ENC_ENABLED
|
|
help
|
|
This option enables encryption for NVS. When enabled, XTS-AES is used to encrypt
|
|
the complete NVS data, except the page headers. It requires XTS encryption keys
|
|
to be stored in an encrypted partition (enabling flash encryption is mandatory here)
|
|
or to be derived from an HMAC key burnt in eFuse.
|
|
|
|
config NVS_COMPATIBLE_PRE_V4_3_ENCRYPTION_FLAG
|
|
bool "NVS partition encrypted flag compatible with ESP-IDF before v4.3"
|
|
depends on SECURE_FLASH_ENC_ENABLED
|
|
help
|
|
Enabling this will ignore "encrypted" flag for NVS partitions. NVS encryption
|
|
scheme is different than hardware flash encryption and hence it is not recommended
|
|
to have "encrypted" flag for NVS partitions. This was not being checked in pre v4.3
|
|
IDF. Hence, if you have any devices where this flag is kept enabled in partition
|
|
table then enabling this config will allow to have same behavior as pre v4.3 IDF.
|
|
|
|
config NVS_ASSERT_ERROR_CHECK
|
|
bool "Use assertions for error checking"
|
|
default n
|
|
help
|
|
This option switches error checking type between assertions (y) or return codes (n).
|
|
endmenu
|