NVS Encryption (idf 4.0 -> idf 4.4)

SlavaDev503
Posts: 5
Joined: Thu Apr 30, 2020 1:00 pm

NVS Encryption (idf 4.0 -> idf 4.4)

Postby SlavaDev503 » Tue Apr 19, 2022 8:07 am

Hello.
Our device based on esp32-wroom 32d uses BLE to interact with mobile phones.
Flash encryption is enabled in firmware. We faced with problem when we update firmware to new esp-idf v4.4 from esp-idf v4.0. The problem is the list of stored bonded BLE devices. After update all previously bonded devices was lost. My investigation shows that in esp-idf v4.0 NVS (where list of bonded devices are stored) is not encrypted even flash encryption is enabled, but in new esp-idf v4.4 it is encrypted (even if encrypted flag is not set in partition table). I tried to disable flag "Enable NVS encryption" but it can't be disabled because encryption is used by another encrypted nvs partition to store AWS credentials.

How we can keep list of bonded device in case of update to esp-idf v4.4 from esp-idf v4.0?

ESP_igrr
Posts: 2072
Joined: Tue Dec 01, 2015 8:37 am

Re: NVS Encryption (idf 4.0 -> idf 4.4)

Postby ESP_igrr » Tue Apr 19, 2022 9:18 am

Hi SlavaDev503,
Sorry for the inconvenience during the upgrade. We haven't considered the use case that one NVS partition may be encrypted and the other not encrypted!

You can call nvs_flash_init_partition(NVS_DEFAULT_PART_NAME) instead of nvs_flash_init(). Unlike nvs_flash_init_partition, nvs_flash_init will initialize NVS partition with encryption enabled if CONFIG_NVS_ENCRYPTION is enabled.

SlavaDev503
Posts: 5
Joined: Thu Apr 30, 2020 1:00 pm

Re: NVS Encryption (idf 4.0 -> idf 4.4)

Postby SlavaDev503 » Tue Apr 19, 2022 11:53 am

ESP_igrr wrote:
Tue Apr 19, 2022 9:18 am
Hi SlavaDev503,
Sorry for the inconvenience during the upgrade. We haven't considered the use case that one NVS partition may be encrypted and the other not encrypted!

You can call nvs_flash_init_partition(NVS_DEFAULT_PART_NAME) instead of nvs_flash_init(). Unlike nvs_flash_init_partition, nvs_flash_init will initialize NVS partition with encryption enabled if CONFIG_NVS_ENCRYPTION is enabled.
It helps. Thank you. Now bonded devices doesn't lost

Who is online

Users browsing this forum: tomatosoup and 121 guests