ESP32 Forum

Posted: **Thu Apr 11, 2019 8:38 am**

Wrong offset on the burning of the keys.. it should be 0x310000

Hello all,

I am working on a second product based on the ESP32 and want to use the NVS encryption mechanism to encrypt
some strings.
When using non-encryption on the NVS these strings are loading correctly.

The encryption part seems to work OK, inits the nvs_key partition, finds the keys,
nvs_flash_secure_init returns 0,
and nvs_open(...) returns also 0

But when the call of nvs_get_str(...) happens this returns 0x1102 which means ESP_ERR_NVS_NOT_FOUND if the requested key doesn't exist as per documentation...

ESP-IDF is v4.0-dev-290-gc064e00 and the procedure I follow is the following:

Creation of the NVS encrypted bin and keys
Code: Select all
/data/esp/esp-idf/components/nvs_flash/nvs_partition_generator/nvs_partition_gen.py --input nvs_flash.csv --output nvs_flash_encrypted.bin --size 0x4000 --encrypt True --keygen True
Burning of NVS encrypted bin and keys
Code: Select all
python /data/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 2000000 --before default_reset --after no_reset write_flash --flash_size detect 0x9000 nvs_flash_encrypted.bin

python /data/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 2000000 --before default_reset --after no_reset write_flash --flash_size detect 0x211000 keys/encryption_keys_04-11_09-45.bin
After the writing of the nvs bin and keys, I burn the bootloader and the firmware.
The module boots correctly and when it comes to the point where the nvs_get_str it fails..

The csv files are :
NVS csv file looks like
Code: Select all
key,type,encoding,value
test_namespace,namespace,,
config,file,string,/data/nvs_files/config.json
test1,file,string,/data/nvs_files/test1.txt
test2,file,string,/data/nvs_files/test2.txt
test3,file,string,/data/nvs_files/test3.txt
Partitions csv file
Code: Select all
nvs,data,nvs,0x9000,16K,
otadata,data,ota,0xd000,8K
phy_init,data,phy,0xf000,4K
factory,app,factory,0x10000,1M
ota_0,app,ota_0,0x110000,1M
ota_1,app,ota_1,0x210000,1M
nvs_key,data,nvs_keys,,4K,encrypted
storage_1,data,fat,,764K
None of the config, test1 etc keys are getting loaded when using encryption..
Has someone encounter this ?

thanks
Chris

Posted: **Tue May 26, 2020 8:31 am**

I encountered the same problem. After NVS encryption, NVS secure intialization with the key and NVS partition initialization works fine but when I try to read using nvs_get_str, it fails. Not sure how to fix it. Have you fixed it?

Posted: **Thu May 28, 2020 6:52 am**

Hi @pollock694.

If I'm not mistaken, the original poster used a wrong offset for writing the nvs keys into flash...
If you're sure that you used the correct offset, then:
Could you please post your IDF version, then code you use (if possible) and a console log? Some environment information (which host OS, etc.) would be nice as well. I would really like to help you but right now I can't since I don't have that information.

Thanks!

Posted: **Thu May 28, 2020 7:55 pm**

Hi @nickname,

Thank you for your reply. I was using the correct offset but I figured out that I was using esp32 chip revision 0. It works fine when I try it on chip revision 1. No issues so far!

ESP32 Forum

[SOLVED] NVS encryption and nvs_get_str behaviour

[SOLVED] NVS encryption and nvs_get_str behaviour

Re: [SOLVED] NVS encryption and nvs_get_str behaviour

Re: [SOLVED] NVS encryption and nvs_get_str behaviour

Re: [SOLVED] NVS encryption and nvs_get_str behaviour