NVS encryption activation with an OTA
Posted: Thu Aug 10, 2023 1:44 pm
Hello, I wanted to know if anyone has experience in enabling NVS encryption through an OTA.
The tests I conducted involved OTA installation of a firmware that, upon startup, would update the bootloader (enabling secure boot and flash encryption) and the partition table by adding the nvs_key record after the partitions already specified in the old partition table (using some unused flash space). I am satisfied with the bootloader update results, and the activation of flash encryption and secure boot seems to work well. However, with the addition of the nvs_key in the partition table, it appears that the old information saved in NVS is no longer present.
So, my question is: by enabling NVS encryption, are the previously saved plaintext data in NVS no longer accessible?
The tests I conducted involved OTA installation of a firmware that, upon startup, would update the bootloader (enabling secure boot and flash encryption) and the partition table by adding the nvs_key record after the partitions already specified in the old partition table (using some unused flash space). I am satisfied with the bootloader update results, and the activation of flash encryption and secure boot seems to work well. However, with the addition of the nvs_key in the partition table, it appears that the old information saved in NVS is no longer present.
So, my question is: by enabling NVS encryption, are the previously saved plaintext data in NVS no longer accessible?