flash_encryption sample
Select one of the symbols to view example projects that use it.
 
Outline
#include <stdio.h>
#include <inttypes.h>
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "soc/efuse_reg.h"
#include "esp_efuse.h"
#include "esp_chip_info.h"
#include "esp_flash.h"
#include "esp_partition.h"
#include "esp_flash_encrypt.h"
#include "esp_efuse_table.h"
#include "nvs_flash.h"
#include "flash_encrypt_fatfs.h"
#define CUSTOM_NVS_PART_NAME
TAG
#define TARGET_CRYPT_CNT_EFUSE
#define TARGET_CRYPT_CNT_WIDTH
#define TARGET_CRYPT_CNT_EFUSE
#define TARGET_CRYPT_CNT_WIDTH
can_perform_fatfs_example()
example_custom_nvs_part_init(const char *)
app_main()
example_print_chip_info()
example_print_flash_encryption_status()
example_read_write_flash()
Files
loading...
SourceVuESP-IDF Framework and Examplesflash_encryption samplemain/flash_encrypt_main.c
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
/* Flash encryption Example This example code is in the Public Domain (or CC0 licensed, at your option.) Unless required by applicable law or agreed to in writing, this software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. *//* ... */ #include <stdio.h> #include <inttypes.h> #include "freertos/FreeRTOS.h" #include "freertos/task.h" #include "soc/efuse_reg.h" #include "esp_efuse.h" #include "esp_chip_info.h" #include "esp_flash.h" #include "esp_partition.h" #include "esp_flash_encrypt.h" #include "esp_efuse_table.h" #include "nvs_flash.h" #include "flash_encrypt_fatfs.h"13 includes static void example_print_chip_info(void); static void example_print_flash_encryption_status(void); static void example_read_write_flash(void); #define CUSTOM_NVS_PART_NAME "custom_nvs" static const char* TAG = "example"; #if CONFIG_IDF_TARGET_ESP32 #define TARGET_CRYPT_CNT_EFUSE ESP_EFUSE_FLASH_CRYPT_CNT #define TARGET_CRYPT_CNT_WIDTH 7/* ... */ #else #define TARGET_CRYPT_CNT_EFUSE ESP_EFUSE_SPI_BOOT_CRYPT_CNT #define TARGET_CRYPT_CNT_WIDTH 3/* ... */ #endif // return true, if partitions necessary to demonstrate fatfs encryption are present in the flash static bool can_perform_fatfs_example(void) { const esp_partition_t *fatfs_ne = esp_partition_find_first( ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_FAT, CUSTOM_FAT_PART_NAME_NE); const esp_partition_t *fatfs_e = esp_partition_find_first( ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_FAT, CUSTOM_FAT_PART_NAME_E); if ((fatfs_ne != NULL) && (fatfs_e != NULL)) { ESP_LOGI(TAG, "Partitions %s and %s for FATFS example are present", CUSTOM_FAT_PART_NAME_NE, CUSTOM_FAT_PART_NAME_E); return true; }{...} return false; }{ ... } static esp_err_t example_custom_nvs_part_init(const char *name) { #if CONFIG_NVS_ENCRYPTION esp_err_t ret = ESP_FAIL; const esp_partition_t *key_part = esp_partition_find_first( ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_NVS_KEYS, NULL); if (key_part == NULL) { ESP_LOGE(TAG, "CONFIG_NVS_ENCRYPTION is enabled, but no partition with subtype nvs_keys found in the partition table."); return ret; }{...} nvs_sec_cfg_t cfg = {}; ret = nvs_flash_read_security_cfg(key_part, &cfg); if (ret != ESP_OK) { /* We shall not generate keys here as that must have been done in default NVS partition initialization case */ ESP_LOGE(TAG, "Failed to read NVS security cfg: [0x%02X] (%s)", ret, esp_err_to_name(ret)); return ret; }{...} ret = nvs_flash_secure_init_partition(name, &cfg); if (ret == ESP_OK) { ESP_LOGI(TAG, "NVS partition \"%s\" is encrypted.", name); }{...} return ret;/* ... */ #else return nvs_flash_init_partition(name); #endif }{ ... } void app_main(void) { printf("\nExample to check Flash Encryption status\n"); example_print_chip_info(); example_print_flash_encryption_status(); example_read_write_flash(); if (can_perform_fatfs_example()) { example_read_write_fatfs(); }{...} /* Initialize the default NVS partition */ esp_err_t ret = nvs_flash_init(); if (ret == ESP_ERR_NVS_NO_FREE_PAGES || ret == ESP_ERR_NVS_NEW_VERSION_FOUND) { ESP_ERROR_CHECK(nvs_flash_erase()); ret = nvs_flash_init(); }{...} ESP_ERROR_CHECK(ret); /* Initialize the custom NVS partition */ ret = example_custom_nvs_part_init(CUSTOM_NVS_PART_NAME); if (ret == ESP_ERR_NVS_NO_FREE_PAGES || ret == ESP_ERR_NVS_NEW_VERSION_FOUND) { ESP_ERROR_CHECK(nvs_flash_erase_partition(CUSTOM_NVS_PART_NAME)); ret = example_custom_nvs_part_init(CUSTOM_NVS_PART_NAME); }{...} ESP_ERROR_CHECK(ret); }{ ... } static void example_print_chip_info(void) { /* Print chip information */ esp_chip_info_t chip_info; uint32_t flash_size; esp_chip_info(&chip_info); printf("This is %s chip with %d CPU core(s), WiFi%s%s, ", CONFIG_IDF_TARGET, chip_info.cores, (chip_info.features & CHIP_FEATURE_BT) ? "/BT" : "", (chip_info.features & CHIP_FEATURE_BLE) ? "/BLE" : ""); unsigned major_rev = chip_info.revision / 100; unsigned minor_rev = chip_info.revision % 100; printf("silicon revision v%d.%d, ", major_rev, minor_rev); if (esp_flash_get_size(NULL, &flash_size) != ESP_OK) { printf("Get flash size failed"); return; }{...} printf("%" PRIu32 "MB %s flash\n", flash_size / (1024 * 1024), (chip_info.features & CHIP_FEATURE_EMB_FLASH) ? "embedded" : "external"); }{ ... } static void example_print_flash_encryption_status(void) { uint32_t flash_crypt_cnt = 0; esp_efuse_read_field_blob(TARGET_CRYPT_CNT_EFUSE, &flash_crypt_cnt, TARGET_CRYPT_CNT_WIDTH); printf("FLASH_CRYPT_CNT eFuse value is %" PRIu32 "\n", flash_crypt_cnt); esp_flash_enc_mode_t mode = esp_get_flash_encryption_mode(); if (mode == ESP_FLASH_ENC_MODE_DISABLED) { printf("Flash encryption feature is disabled\n"); }{...} else { printf("Flash encryption feature is enabled in %s mode\n", mode == ESP_FLASH_ENC_MODE_DEVELOPMENT ? "DEVELOPMENT" : "RELEASE"); }{...} }{ ... } static void example_read_write_flash(void) { const esp_partition_t* partition = esp_partition_find_first( ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_ANY, "storage"); assert(partition); printf("Erasing partition \"%s\" (0x%" PRIx32 " bytes)\n", partition->label, partition->size); ESP_ERROR_CHECK(esp_partition_erase_range(partition, 0, partition->size)); /* Generate the data which will be written */ const size_t data_size = 32; uint8_t plaintext_data[data_size]; for (uint8_t i = 0; i < data_size; ++i) { plaintext_data[i] = i; }{...} printf("Writing data with esp_partition_write:\n"); ESP_LOG_BUFFER_HEXDUMP(TAG, plaintext_data, data_size, ESP_LOG_INFO); ESP_ERROR_CHECK(esp_partition_write(partition, 0, plaintext_data, data_size)); uint8_t read_data[data_size]; printf("Reading with esp_partition_read:\n"); ESP_ERROR_CHECK(esp_partition_read(partition, 0, read_data, data_size)); ESP_LOG_BUFFER_HEXDUMP(TAG, read_data, data_size, ESP_LOG_INFO); printf("Reading with esp_flash_read:\n"); ESP_ERROR_CHECK(esp_flash_read(NULL, read_data, partition->address, data_size)); ESP_LOG_BUFFER_HEXDUMP(TAG, read_data, data_size, ESP_LOG_INFO); }{ ... }
Details
Show:
from
Types: Columns: