NVS erased after OTA

[m.couvet]

Hi, I'm working on a project with esp32 esp-idf framework which use encrypted NVS features and firmwares encryption features. It's been one year i worked on this project and this week a realy weird problemes happend, while doing an OTA from on firmware to another, all the NVS partition of the ESP had been wiped, thus the device is unable to load it's parametter.. Fortunately i'm still in encryption dev mode, i can keep flashing firmware / NVS partition, but the goal is to send the device on site and being sure this will not happen again. So far i've checked the code, the partition table, and no clue about what can produce the compelte deletion of NVSs partitions on this OTA. If you have been in this kind of situation, have some clue about what happened, please help me understand ... Any flags that reset the NVS at boot ? ...

[mzincali]

Is it possible that the size of your firmware changed, and it is overwriting your old NVS?

[m.couvet]

Nope, both firmwares are the same size (1 970 176Mo), i was wondering if the build process is looking at both nvs.csv file which helps generating the partition. From one firmware to another, one of the partition have a line updated frome "foo:"http"" -> "foo:"https[...]"". Even if this file isn't part of the firmware, if it's taken in account during the build process may be this can leads to an variation of the NVS size ? But the NVS is modified inside the esp32 while it's living (updating some configuraiton parameter etc) so that's realy weird if it is what happend. So i'll test that n the day, but i'm not convinced about that.

[mbratch]

Are you able to reproduce this scenario?

[martins]

Reminds me of situation that happened to me - debug firmware build with virtual efuses (therefore no physical encryption) was OTA uploaded to fully secured device with HW efuses, secure boot and encryprions. NVS was rendered unreadable and if using example NVS init procedures it would be wiped by default.

[erikha]

I ran into pretty much the same issue. We've updated the framework from v4.2 to v4.4.8 and the partition labeled as "nvs" gets erased. We have some other custom partitions that are not affected by this issue. Did someone find a solution yet?

[martins]

@erikha In my case I've setup proper workflow using SECURE_VER with anti-rollback which prevents booting firmware with lower secure version than what is set in efuses. This way I can not run debug firmware on secured device.

Not sure if that was OP's issue tho.

[erikha]

I think you are talking about another issue. My issue is closer to what OP describes.

I created a minimal working example to prove my point with an explanation how to reproduce the issue: https://github.com/hardeman/esp32-nvs-e ... e_issue.md

[martins]

@erikha I vaguely remember there was some change regarding nvs encryption around v4.3, maybe this could point you in right direction: https://github.com/espressif/esp-idf/is ... 1354360178

[ESP_rrtandler]

Hi @erikha - Could you slightly modify the example and post the value returned by the printf added ?
i.e.

Code: Select all

void app_main(void)
{
    // Initialize NVS
    esp_err_t err = nvs_flash_init();
    // report initial error code of nvs_flash_init
    printf("nvs_flash_init() returned: [0x%04X]\n", err);