Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).
The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
handling (only when nvs encryption is enabled)
* NVS Encryption will now be turned on by default with flash encryption
* Updated the flash encryption example to shocase NVS encryption
along with information on how to configure and use NVS encryption
* Updated respective test case
* Added two partition tables for NVS encryption
i) Table 1- Single factory app, no OTA, encrypted NVS
ii) Table 2- Factory app, Two OTA, encrypted NVS
Based on report on forum here:
https://esp32.com/viewtopic.php?f=13&t=6382&p=27514
Previous versions were much more relaxed about what could be in the partition
table, erroring out avoids unexpected changes on upgrade like different
partition offsets.
Allows you to move the partition table, it gives more space for the bootloader.
Added a new utility - parttool.py. This utility can search for the offset and/or size of the partitions by name and type/subtype. Use for getting APP_OFFSET and PHY_DATA_OFFSET.
The linker(esp32.bootloader.ld) made changes that allow you to write a custom bootloader code more.
TW14125
Complimentary changes:
1) Partition table definitions files with core dump partition
2) Special sub-type for core dump partition
3) Special version of spi_flash_xxx
4) espcoredump.py is script to get core dump from flash and print useful info
5) FreeRTOS API was extended to get tasks snapshots
Angus Gratton