From e13d2b96d2b8b4988e1268aa85d4f7b6c89a0983 Mon Sep 17 00:00:00 2001 From: Shubham Patil Date: Tue, 28 Mar 2023 11:57:25 +0530 Subject: [PATCH] Flag esp_secure_cert and nvs_keys partitions as encrypted By default esp_secure_cert and nvs_keys partitions are encrypted as their content needs to be secured using flash encryption, but examples do not flag them as encrypted. So, lets flag them as encrypted for consistency. --- examples/blemesh_bridge/partitions.csv | 3 ++- examples/controller/partitions.csv | 3 ++- examples/generic_switch/partitions.csv | 3 ++- examples/generic_switch/partitions_c6.csv | 4 ++-- examples/generic_switch/partitions_h2.csv | 4 ++-- examples/light/partitions.csv | 4 ++-- examples/light/partitions_h2.csv | 4 ++-- examples/light_switch/partitions.csv | 4 ++-- examples/light_switch/partitions_c6.csv | 4 ++-- examples/light_switch/partitions_h2.csv | 4 ++-- examples/zap_light/partitions.csv | 3 ++- examples/zap_light/partitions_h2.csv | 4 ++-- examples/zigbee_bridge/partitions.csv | 3 ++- 13 files changed, 26 insertions(+), 21 deletions(-) diff --git a/examples/blemesh_bridge/partitions.csv b/examples/blemesh_bridge/partitions.csv index 9945223f7..1038bb5c3 100644 --- a/examples/blemesh_bridge/partitions.csv +++ b/examples/blemesh_bridge/partitions.csv @@ -1,7 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -sec_cert, 0x3F, ,0xd000, 0x3000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x8000, +nvs_keys, data, nvs_keys,, 0x1000, encrypted otadata, data, ota, , 0x2000 phy_init, data, phy, , 0x1000, ota_0, app, ota_0, , 0x1D0000, diff --git a/examples/controller/partitions.csv b/examples/controller/partitions.csv index 76238bddb..591abb55a 100644 --- a/examples/controller/partitions.csv +++ b/examples/controller/partitions.csv @@ -1,7 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -sec_cert, 0x3F, ,0xd000, 0x3000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x6000, +nvs_keys, data, nvs_keys,, 0x1000, encrypted otadata, data, ota, , 0x2000 phy_init, data, phy, , 0x1000, ota_0, app, ota_0, 0x20000, 0x1E0000, diff --git a/examples/generic_switch/partitions.csv b/examples/generic_switch/partitions.csv index f0215a98a..84bf8b7f6 100644 --- a/examples/generic_switch/partitions.csv +++ b/examples/generic_switch/partitions.csv @@ -1,7 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -sec_cert, 0x3F, ,0xd000, 0x3000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x6000, +nvs_keys, data, nvs_keys,, 0x1000, encrypted otadata, data, ota, , 0x2000 phy_init, data, phy, , 0x1000, ota_0, app, ota_0, 0x20000, 0x1E0000, diff --git a/examples/generic_switch/partitions_c6.csv b/examples/generic_switch/partitions_c6.csv index a64b27539..8056fc3cc 100644 --- a/examples/generic_switch/partitions_c6.csv +++ b/examples/generic_switch/partitions_c6.csv @@ -1,8 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -esp_secure_cert, 0x3F, ,0xd000, 0x2000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x6000, -nvs_keys, data, nvs_keys, , 0x1000, +nvs_keys, data, nvs_keys, , 0x1000, encrypted phy_init, data, phy, , 0x1000, ota_0, app, ota_0, , 0x1C0000, ota_1, app, ota_1, , 0x1C0000, diff --git a/examples/generic_switch/partitions_h2.csv b/examples/generic_switch/partitions_h2.csv index a64b27539..8056fc3cc 100644 --- a/examples/generic_switch/partitions_h2.csv +++ b/examples/generic_switch/partitions_h2.csv @@ -1,8 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -esp_secure_cert, 0x3F, ,0xd000, 0x2000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x6000, -nvs_keys, data, nvs_keys, , 0x1000, +nvs_keys, data, nvs_keys, , 0x1000, encrypted phy_init, data, phy, , 0x1000, ota_0, app, ota_0, , 0x1C0000, ota_1, app, ota_1, , 0x1C0000, diff --git a/examples/light/partitions.csv b/examples/light/partitions.csv index 23795d153..84bf8b7f6 100644 --- a/examples/light/partitions.csv +++ b/examples/light/partitions.csv @@ -1,8 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -esp_secure_cert, 0x3F, ,0xd000, 0x2000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x6000, -nvs_keys, data, nvs_keys,, 0x1000, +nvs_keys, data, nvs_keys,, 0x1000, encrypted otadata, data, ota, , 0x2000 phy_init, data, phy, , 0x1000, ota_0, app, ota_0, 0x20000, 0x1E0000, diff --git a/examples/light/partitions_h2.csv b/examples/light/partitions_h2.csv index a64b27539..8056fc3cc 100644 --- a/examples/light/partitions_h2.csv +++ b/examples/light/partitions_h2.csv @@ -1,8 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -esp_secure_cert, 0x3F, ,0xd000, 0x2000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x6000, -nvs_keys, data, nvs_keys, , 0x1000, +nvs_keys, data, nvs_keys, , 0x1000, encrypted phy_init, data, phy, , 0x1000, ota_0, app, ota_0, , 0x1C0000, ota_1, app, ota_1, , 0x1C0000, diff --git a/examples/light_switch/partitions.csv b/examples/light_switch/partitions.csv index 23795d153..84bf8b7f6 100644 --- a/examples/light_switch/partitions.csv +++ b/examples/light_switch/partitions.csv @@ -1,8 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -esp_secure_cert, 0x3F, ,0xd000, 0x2000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x6000, -nvs_keys, data, nvs_keys,, 0x1000, +nvs_keys, data, nvs_keys,, 0x1000, encrypted otadata, data, ota, , 0x2000 phy_init, data, phy, , 0x1000, ota_0, app, ota_0, 0x20000, 0x1E0000, diff --git a/examples/light_switch/partitions_c6.csv b/examples/light_switch/partitions_c6.csv index a64b27539..8056fc3cc 100644 --- a/examples/light_switch/partitions_c6.csv +++ b/examples/light_switch/partitions_c6.csv @@ -1,8 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -esp_secure_cert, 0x3F, ,0xd000, 0x2000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x6000, -nvs_keys, data, nvs_keys, , 0x1000, +nvs_keys, data, nvs_keys, , 0x1000, encrypted phy_init, data, phy, , 0x1000, ota_0, app, ota_0, , 0x1C0000, ota_1, app, ota_1, , 0x1C0000, diff --git a/examples/light_switch/partitions_h2.csv b/examples/light_switch/partitions_h2.csv index a64b27539..8056fc3cc 100644 --- a/examples/light_switch/partitions_h2.csv +++ b/examples/light_switch/partitions_h2.csv @@ -1,8 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -esp_secure_cert, 0x3F, ,0xd000, 0x2000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x6000, -nvs_keys, data, nvs_keys, , 0x1000, +nvs_keys, data, nvs_keys, , 0x1000, encrypted phy_init, data, phy, , 0x1000, ota_0, app, ota_0, , 0x1C0000, ota_1, app, ota_1, , 0x1C0000, diff --git a/examples/zap_light/partitions.csv b/examples/zap_light/partitions.csv index f0215a98a..84bf8b7f6 100644 --- a/examples/zap_light/partitions.csv +++ b/examples/zap_light/partitions.csv @@ -1,7 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -sec_cert, 0x3F, ,0xd000, 0x3000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x6000, +nvs_keys, data, nvs_keys,, 0x1000, encrypted otadata, data, ota, , 0x2000 phy_init, data, phy, , 0x1000, ota_0, app, ota_0, 0x20000, 0x1E0000, diff --git a/examples/zap_light/partitions_h2.csv b/examples/zap_light/partitions_h2.csv index a64b27539..8056fc3cc 100644 --- a/examples/zap_light/partitions_h2.csv +++ b/examples/zap_light/partitions_h2.csv @@ -1,8 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -esp_secure_cert, 0x3F, ,0xd000, 0x2000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x6000, -nvs_keys, data, nvs_keys, , 0x1000, +nvs_keys, data, nvs_keys, , 0x1000, encrypted phy_init, data, phy, , 0x1000, ota_0, app, ota_0, , 0x1C0000, ota_1, app, ota_1, , 0x1C0000, diff --git a/examples/zigbee_bridge/partitions.csv b/examples/zigbee_bridge/partitions.csv index d0b51efb4..840c359bc 100644 --- a/examples/zigbee_bridge/partitions.csv +++ b/examples/zigbee_bridge/partitions.csv @@ -1,7 +1,8 @@ # Name, Type, SubType, Offset, Size, Flags # Note: Firmware partition offset needs to be 64K aligned, initial 36K (9 sectors) are reserved for bootloader and partition table -sec_cert, 0x3F, ,0xd000, 0x3000, , # Never mark this as an encrypted partition +esp_secure_cert, 0x3F, ,0xd000, 0x2000, encrypted nvs, data, nvs, 0x10000, 0x8000, +nvs_keys, data, nvs_keys,, 0x1000, encrypted otadata, data, ota, , 0x2000 phy_init, data, phy, , 0x1000, ota_0, app, ota_0, , 0x1D0000,