From e67128dd0af57bade44cc626530ee21e8308dcaf Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Thu, 11 Nov 2021 12:16:24 +0530 Subject: [PATCH] nvs: add config to ignore "encrypted" flag of nvs partitions This is to allow having pre IDF v4.3 behavior where "encrypted" flag was not being checked for NVS partitions. It is recommended to enable this new config only if you have production devices where NVS partition was being set with "encrypted" flag by mistake. Please see commit aca9ec28b3d091a73605ee89ab63f8f76a996491 which introduced check to not allow NVS partitions with "encrypted" flag set. More discussion on this at: https://github.com/espressif/esp-idf/issues/5747#issuecomment-956223024 https://github.com/espressif/esp-idf/issues/7839#issuecomment-961477667 Closes https://github.com/espressif/esp-idf/issues/7839 Closes IDFGH-6162 --- components/nvs_flash/Kconfig | 11 +++++++++++ components/spi_flash/partition.c | 9 +++++++++ 2 files changed, 20 insertions(+) diff --git a/components/nvs_flash/Kconfig b/components/nvs_flash/Kconfig index 98cf979871..6312591d35 100644 --- a/components/nvs_flash/Kconfig +++ b/components/nvs_flash/Kconfig @@ -9,4 +9,15 @@ menu "NVS" the complete NVS data, except the page headers. It requires XTS encryption keys to be stored in an encrypted partition. This means enabling flash encryption is a pre-requisite for this feature. + + config NVS_COMPATIBLE_PRE_V4_3_ENCRYPTION_FLAG + bool "NVS partition encrypted flag compatible with ESP-IDF before v4.3" + depends on SECURE_FLASH_ENC_ENABLED + help + Enabling this will ignore "encrypted" flag for NVS partitions. NVS encryption + scheme is different than hardware flash encryption and hence it is not recommended + to have "encrypted" flag for NVS partitions. This was not being checked in pre v4.3 + IDF. Hence, if you have any devices where this flag is kept enabled in partition + table then enabling this config will allow to have same behavior as pre v4.3 IDF. + endmenu diff --git a/components/spi_flash/partition.c b/components/spi_flash/partition.c index b4a0f3c5c1..9ac13ebe9d 100644 --- a/components/spi_flash/partition.c +++ b/components/spi_flash/partition.c @@ -229,6 +229,15 @@ static esp_err_t load_partitions(void) item->info.encrypted = true; } +#if CONFIG_NVS_COMPATIBLE_PRE_V4_3_ENCRYPTION_FLAG + if (entry.type == ESP_PARTITION_TYPE_DATA && + entry.subtype == ESP_PARTITION_SUBTYPE_DATA_NVS && + (entry.flags & PART_FLAG_ENCRYPTED)) { + ESP_LOGI(TAG, "Ignoring encrypted flag for \"%s\" partition", entry.label); + item->info.encrypted = false; + } +#endif + // item->info.label is initialized by calloc, so resulting string will be null terminated strncpy(item->info.label, (const char*) entry.label, sizeof(item->info.label) - 1);