NVS encryption activation with an OTA

lodogg
Posts: 7
Joined: Wed Sep 11, 2019 11:06 am

NVS encryption activation with an OTA

Postby lodogg » Thu Aug 10, 2023 1:44 pm

Hello, I wanted to know if anyone has experience in enabling NVS encryption through an OTA.
The tests I conducted involved OTA installation of a firmware that, upon startup, would update the bootloader (enabling secure boot and flash encryption) and the partition table by adding the nvs_key record after the partitions already specified in the old partition table (using some unused flash space). I am satisfied with the bootloader update results, and the activation of flash encryption and secure boot seems to work well. However, with the addition of the nvs_key in the partition table, it appears that the old information saved in NVS is no longer present.
So, my question is: by enabling NVS encryption, are the previously saved plaintext data in NVS no longer accessible?

ESP_rrtandler
Posts: 23
Joined: Wed May 31, 2023 6:54 pm

Re: NVS encryption activation with an OTA

Postby ESP_rrtandler » Tue Aug 15, 2023 8:41 am

Hi lodogg,

If you want to achieve "encrypt in place" you would have to copy the data elsewhere, re-initialize the partition, and rewrite all the data.

Regards

Who is online

Users browsing this forum: Majestic-12 [Bot], MicroController and 65 guests