ESP32 Forum

ESP32 Official Forum
https://esp32.com/

NVS erased after OTA

https://esp32.com/viewtopic.php?t=36488

Page 2 of 2

Re: NVS erased after OTA

Posted: Wed Apr 16, 2025 6:19 am
by erikha
@martins I've seen that in the changelog of v4.3 as breaking change, but as I interpret that is: it is now enabled by default, but we already enabled that option manually before v4.3 (Component config -> NVS -> Enable NVS encryption). But to be sure, I will investigate this further.

@ESP_rrtandler I added the printf, but the result doesn't tell me much. The error is always 0: `nvs_flash_init() returned: [0x0000]`

Re: NVS erased after OTA

Posted: Wed Apr 16, 2025 7:37 am
by erikha
Follow-up on the breaking change in v4.3: when I do a read_flash with the esptool of a device that has flash encryption enabled in v4.2, only the partitions labeled "encrypted" are indeed encrypted and the partition labeled "nvs" is not. I expect the breaking change to be that v4.3 will encrypt the partition labeled "nvs" eventhough the partition isn't labeled "encrypted" in partitions.csv.

Can someone from ESP confirm this?

Re: NVS erased after OTA

Posted: Wed Apr 16, 2025 10:09 am
by ESP_rrtandler
@erikha - The NVS encryption is controlled in a different way than other data partitions encryption.
  • Enabled flash encryption ignores the "encrypted" flag for partitions of type=data, subtype=nvs
  • If NVS data partition has to be encrypted, the flash encryption (above) has to be enabled, extra partition of type=data, subtype=key and flag encrypted=true has to be added to the partition table. To initialize the encrypted NVS partition, the nvs_flash_secure_init() is called instead nvs_flash_init().

You can refer to the documentations chunks dealing with these differences:

Re: NVS erased after OTA

Posted: Wed Apr 16, 2025 1:44 pm
by erikha
I've found a solution that works for me.

Since v4.3 the function nvs_flash_init() does use the function nvs_flash_secure_init_partition() when nvs encryption is enabled via menuconfig. When this nvs encryption isn't enabled via menuconfig, the function nvs_flash_init() just returns nvs_flash_init_partition(NVS_DEFAULT_PART_NAME).

This made me think that I could replace the call to nvs_flash_init() with nvs_flash_init_partition(NVS_DEFAULT_PART_NAME) to mitigate the problem, and indeed, it did. I'm now able to initialize the default nvs partition after an update without losing data.

Thank you all for your input.
All times are UTC
Page 2 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/