zephyr support esp32 flash encryption? #86387
Replies: 7 comments
-
|
I will actually test it. https://docs.mcuboot.com/readme-espressif.html Encrypt flash in-place including bootloader, image primary/secondary slot and scratch. There is no description of storage_partition. How to encrypt zephyr's storage_partition? |
Beta Was this translation helpful? Give feedback.
-
|
@rftafas Do you know if there is any support for this? Thanks. |
Beta Was this translation helpful? Give feedback.
-
|
Not entirely sure but I beleive you have to use espressif port of mcuboot for secure boot features |
Beta Was this translation helpful? Give feedback.
-
|
build time: Feb 27 2025 13:56:19 It seems that it is not supported. I will try to write and read directly first, and study nvs when I have time. Advertising successfully started OTA is also unable to proceed. |
Beta Was this translation helpful? Give feedback.
-
|
Flash Encryption follows an "all or nothing" style, so once enabled, it is valid for the whole flash, including storage area. You MUST use MCUboot-Espressif port for that. It won't work with Zephyr port or simpleboot (aka no bootloader) To better understand the process, check chapter 23 of ESP32-C3 TRM, it is fairly well explained there. To note, this is different than ESP-IDF, which can implement partial flash encryption. If Zephyr NVS uses the flash APIs, then it should work. |
Beta Was this translation helpful? Give feedback.
-
|
I have successfully enabled flash encryption and Secure Boot v2, it seems that nvs in zephyr does not use the flash APIs. Also there is a bug with mcumgr ota. Since my app requires ota, I have only enabled secure boot for now. I will fix these when I have time. I tested other functions and they worked fine as long as the write was a multiple of 16 bytes. None of these questions seem to be particularly complicated. |
Beta Was this translation helpful? Give feedback.
-
I saw a simple example but it didn't show the support of zephyr nvs.
/~https://github.com/zephyrproject-rtos/zephyr/blob/main/samples/boards/espressif/flash_encryption/README.rst
Beta Was this translation helpful? Give feedback.
All reactions