Store Wifi credentials (SSID and password) on nvs during manufacturing

[nightsky_sk]

hmm.. either I've post in wrong thread or I described my issue in to complicated way...

Let's try to describe it more clear way:

My partition table is following:

Code: Select all

nvs,      data, nvs,     0x10000,  0x6000
otadata,  data, ota,     0x16000,  0x2000
phy_init, data, phy,     0x18000,  0x1000
ota_0,    0,    ota_0,   0x20000,  1800K
ota_1,    0,    ota_1,   ,         1800K
storage,  data, nvs,     ,         0x9000

so `storage` is nvs partition which is not encrypted and I can create and compile it in advance in and flash to esp together with firmware. Here is no problem.

The problem is with standard `nvs, data, nvs, 0x10000, 0x6000` which is encrypted by default, and this is partition where wificredentials are stored.
The question is how I can access to read or create this partition to flash with manufacturing data like WiFi Credentials

[nightsky_sk]

I've searched forum and github but I couldn't find answer to my question.
I know how to create, flash and read custom nvs partition with manufacturing data (however I don't use encryption for that)

My software use BLE wifi provisioning https://docs.espressif.com/projects/esp ... oning.html as standard procedure on launch, however I would like to flash default ssid and password to nvs in manufacturing process.

First what I tried to do is to read and check what is stored on default nvs partition which store WIFI credentials, how ever it is encrypted by default.
Later I found https://github.com/AFontaine79/Espressif-NVS-Analyzer repo which show some content of default nvs partition, but I'm not sure if that is namespace and variable are also the same in my case, also this repo doesn't handle encrypted partition

Code: Select all

D:\Users\AFont\Documents\Projects\softAP>analyze_nvs.py nvs_readout.bin -s
Namespace nvs.net80211
  ...
  ap.ssid         : BLOB  esp32ap
  ap.passwd       : BLOB  12345678
  ...
  
D:\Users\AFont\Documents\Projects\softAP>analyze_nvs.py nvs_readout.bin
Namespace nvs.net80211
  ...
  ap.ssid         : BLOB  07 00 00 00 65 73 70 33 32 61 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  ap.passwd       : BLOB  31 32 33 34 35 36 37 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  ...

So my question is
- how to proceed to ensure which namespace and variable are stored on my nvs?
- is it possible to gain default encryption key to decode existing nvs partition?
- how to prepare flash nvs partition in manufacturing process if partition is encrypted by default?

[ESP_Sprite]

I believe the way SecureBoot works is that you first flash everything to your ESP unencrypted, then on first boot the bootloader will encrypt everything that needs encrypting; as such, you can probably flash your (unencrypted) NVS stuff in the same command line as you flash your (unencrypted) main program, bootloader etc. Note I don't have personal experience with encryption, so please double-check the docs on that.