Home Explore Help
Sign In
RT-Thread-packages
/
esp-idf
mirror of https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

examples/security: add support for initializing custom NVS partition with encryption

Mahavir Jain 3 years ago
parent
2d08431433
commit
beca401fbc
2 changed files with 41 additions and 1 deletions
Split View Show Diff Stats
  1. 39 1
      examples/security/flash_encryption/main/flash_encrypt_main.c
  2. 2 0
      examples/security/flash_encryption/partitions_example.csv

+ 39 - 1
examples/security/flash_encryption/main/flash_encrypt_main.c
View File 

@@ -22,6 +22,8 @@ static void example_print_chip_info(void);
 
 static void example_print_flash_encryption_status(void);
 
 static void example_read_write_flash(void);
 
 
+#define CUSTOM_NVS_PART_NAME "custom_nvs"
 
+
 
 static const char* TAG = "example";
 
 
 #if CONFIG_IDF_TARGET_ESP32
 
@@ -32,6 +34,35 @@ static const char* TAG = "example";
 
 #define TARGET_CRYPT_CNT_WIDTH  3
 
 #endif
 
 
+static esp_err_t example_custom_nvs_part_init(const char *name)
 
+{
 
+#if CONFIG_NVS_ENCRYPTION
 
+    esp_err_t ret = ESP_FAIL;
 
+    const esp_partition_t *key_part = esp_partition_find_first(
 
+                                          ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_NVS_KEYS, NULL);
 
+    if (key_part == NULL) {
 
+        ESP_LOGE(TAG, "CONFIG_NVS_ENCRYPTION is enabled, but no partition with subtype nvs_keys found in the partition table.");
 
+        return ret;
 
+    }
 
+
 
+    nvs_sec_cfg_t cfg = {};
 
+    ret = nvs_flash_read_security_cfg(key_part, &cfg);
 
+    if (ret != ESP_OK) {
 
+        /* We shall not generate keys here as that must have been done in default NVS partition initialization case */
 
+        ESP_LOGE(TAG, "Failed to read NVS security cfg: [0x%02X] (%s)", ret, esp_err_to_name(ret));
 
+        return ret;
 
+    }
 
+
 
+    ret = nvs_flash_secure_init_partition(name, &cfg);
 
+    if (ret == ESP_OK) {
 
+        ESP_LOGI(TAG, "NVS partition \"%s\" is encrypted.", name);
 
+    }
 
+    return ret;
 
+#else
 
+    return nvs_flash_init_partition(name);
 
+#endif
 
+}
 
+
 
 void app_main(void)
 
 {
 
     printf("\nExample to check Flash Encryption status\n");
 
@@ -46,8 +77,15 @@ void app_main(void)
 
         ret = nvs_flash_init();
 
     }
 
     ESP_ERROR_CHECK(ret);
 
-}
 
 
+    /* Initialize the custom NVS partition */
 
+    ret = example_custom_nvs_part_init(CUSTOM_NVS_PART_NAME);
 
+    if (ret == ESP_ERR_NVS_NO_FREE_PAGES || ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
 
+        ESP_ERROR_CHECK(nvs_flash_erase_partition(CUSTOM_NVS_PART_NAME));
 
+        ret = example_custom_nvs_part_init(CUSTOM_NVS_PART_NAME);
 
+    }
 
+    ESP_ERROR_CHECK(ret);
 
+}
 
 
 static void example_print_chip_info(void)
 
 {

+ 2 - 0
examples/security/flash_encryption/partitions_example.csv
View File 

@@ -5,3 +5,5 @@ storage,    data, 0xff,     ,  0x1000, encrypted
 
 factory,    app,  factory,  , 1M,
 
 # nvs_key partition contains the key that encrypts the NVS partition named nvs. The nvs_key partition needs to be encrypted.
 
 nvs_key,    data, nvs_keys, , 0x1000, encrypted,
 
+# Custom NVS data partition
 
+custom_nvs, data, nvs,      ,  0x6000,