Merge branch 'bugfix/nvs_partition_encrypted_flag_compatibility_v4.4' into 'release/v4.4'

nvs: add config to ignore "encrypted" flag of nvs partitions (v4.4)

See merge request espressif/esp-idf!15920

components/nvs_flash/Kconfig

@@ -9,4 +9,15 @@ menu "NVS"
             the complete NVS data, except the page headers. It requires XTS encryption keys
             to be stored in an encrypted partition. This means enabling flash encryption is
             a pre-requisite for this feature.
+
+    config NVS_COMPATIBLE_PRE_V4_3_ENCRYPTION_FLAG
+        bool "NVS partition encrypted flag compatible with ESP-IDF before v4.3"
+        depends on SECURE_FLASH_ENC_ENABLED
+        help
+            Enabling this will ignore "encrypted" flag for NVS partitions. NVS encryption
+            scheme is different than hardware flash encryption and hence it is not recommended
+            to have "encrypted" flag for NVS partitions. This was not being checked in pre v4.3
+            IDF. Hence, if you have any devices where this flag is kept enabled in partition
+            table then enabling this config will allow to have same behavior as pre v4.3 IDF.
+
 endmenu

components/spi_flash/partition.c

@@ -227,14 +227,23 @@ static esp_err_t load_partitions(void)
         if (!esp_flash_encryption_enabled()) {
             /* If flash encryption is not turned on, no partitions should be treated as encrypted */
             item->info.encrypted = false;
-        } else if (entry.type == PART_TYPE_APP
-                || (entry.type == PART_TYPE_DATA && entry.subtype == PART_SUBTYPE_DATA_OTA)
-                || (entry.type == PART_TYPE_DATA && entry.subtype == PART_SUBTYPE_DATA_NVS_KEYS)) {
+        } else if (entry.type == ESP_PARTITION_TYPE_APP
+                || (entry.type == ESP_PARTITION_TYPE_DATA && entry.subtype == ESP_PARTITION_SUBTYPE_DATA_OTA)
+                || (entry.type == ESP_PARTITION_TYPE_DATA && entry.subtype == ESP_PARTITION_SUBTYPE_DATA_NVS_KEYS)) {
             /* If encryption is turned on, all app partitions and OTA data
                are always encrypted */
             item->info.encrypted = true;
         }
 
+#if CONFIG_NVS_COMPATIBLE_PRE_V4_3_ENCRYPTION_FLAG
+        if (entry.type == ESP_PARTITION_TYPE_DATA &&
+                    entry.subtype == ESP_PARTITION_SUBTYPE_DATA_NVS &&
+                    (entry.flags & PART_FLAG_ENCRYPTED)) {
+            ESP_LOGI(TAG, "Ignoring encrypted flag for \"%s\" partition", entry.label);
+            item->info.encrypted = false;
+        }
+#endif
+
         // item->info.label is initialized by calloc, so resulting string will be null terminated
         strncpy(item->info.label, (const char*) entry.label, sizeof(item->info.label) - 1);