@martins I've seen that in the changelog of v4.3 as breaking change, but as I interpret that is: it is now enabled by default, but we already enabled that option manually before v4.3 (Component config -> NVS -> Enable NVS encryption). But to be sure, I will investigate this further.
@ESP_rrtandler I added the printf, but the result doesn't tell me much. The error is always 0: `nvs_flash_init() returned: [0x0000]`
NVS erased after OTA
Re: NVS erased after OTA
Follow-up on the breaking change in v4.3: when I do a read_flash with the esptool of a device that has flash encryption enabled in v4.2, only the partitions labeled "encrypted" are indeed encrypted and the partition labeled "nvs" is not. I expect the breaking change to be that v4.3 will encrypt the partition labeled "nvs" eventhough the partition isn't labeled "encrypted" in partitions.csv.
Can someone from ESP confirm this?
Can someone from ESP confirm this?
-
ESP_rrtandler
- Posts: 52
- Joined: Wed May 31, 2023 6:54 pm
Re: NVS erased after OTA
@erikha - The NVS encryption is controlled in a different way than other data partitions encryption.
You can refer to the documentations chunks dealing with these differences:
- Enabled flash encryption ignores the "encrypted" flag for partitions of type=data, subtype=nvs
- If NVS data partition has to be encrypted, the flash encryption (above) has to be enabled, extra partition of type=data, subtype=key and flag encrypted=true has to be added to the partition table. To initialize the encrypted NVS partition, the nvs_flash_secure_init() is called instead nvs_flash_init().
You can refer to the documentations chunks dealing with these differences:
Re: NVS erased after OTA
I've found a solution that works for me.
Since v4.3 the function nvs_flash_init() does use the function nvs_flash_secure_init_partition() when nvs encryption is enabled via menuconfig. When this nvs encryption isn't enabled via menuconfig, the function nvs_flash_init() just returns nvs_flash_init_partition(NVS_DEFAULT_PART_NAME).
This made me think that I could replace the call to nvs_flash_init() with nvs_flash_init_partition(NVS_DEFAULT_PART_NAME) to mitigate the problem, and indeed, it did. I'm now able to initialize the default nvs partition after an update without losing data.
Thank you all for your input.
Since v4.3 the function nvs_flash_init() does use the function nvs_flash_secure_init_partition() when nvs encryption is enabled via menuconfig. When this nvs encryption isn't enabled via menuconfig, the function nvs_flash_init() just returns nvs_flash_init_partition(NVS_DEFAULT_PART_NAME).
This made me think that I could replace the call to nvs_flash_init() with nvs_flash_init_partition(NVS_DEFAULT_PART_NAME) to mitigate the problem, and indeed, it did. I'm now able to initialize the default nvs partition after an update without losing data.
Thank you all for your input.
Who is online
Users browsing this forum: Applebot, YisouSpider and 10 guests