← index #8706PR #17337
Off-topic · high · value 1.603
QUERY · ISSUE

Flash encryption on esp32

openby MauroDiamantinoopened 2022-05-28updated 2025-03-20
enhancement

Hello, have you implemented a way to allow a developer to compile micropython with flash encryption enabled? is it possible to modify sdkconfig to enable flash encryption? which is the best way to do that?

CANDIDATE · PULL REQUEST

esp32: auto-detect the SPI flash size and automatically size the filesystem

mergedby dpgeorgeopened 2025-05-22updated 2025-06-13
port-esp32

Summary

Currently in the esp32 port the size of the SPI flash must be configured at build time, eg 4MiB, 8MiB, etc. Also, the esp32 partition table must be configured at build time, which depends on the size of the SPI flash. A bigger flash means more can be allocated to the user filesystem.

This PR makes it so the SPI flash size is automatically determined at runtime, and the filesystem size is automatically set to take up as much room as possible.

This works by:

  1. Setting the SPI flash size to be 4MiB in the build (or some other value, as long as the firmware app fits).
  2. Removing the vfs partition from the esp32 partition table (only nvs, phy_init and firmware remains in the partition table).
  3. At boot, query the physical size of the SPI flash and use that as the actual size in the code.
  4. If it doesn't already exist, automatically create a vfs partition which takes up the flash from the end of the firmware partition to the end of flash.

This allows simplifying a lot of board configurations, and removing some board variants that just change the flash size.

It's also fully backwards compatible, in the following sense:

  1. Existing boards with MicroPython firmware will continue to work with the same filesystem, ie the filesystem won't be erased when the firmware is updated.
  2. If a user has a custom esp32 partition table and installs MicroPython as a bare app into the app partition, the new MicroPython firmware will honor the esp32 partition table and use either vfs or ffat partitions as the filesystem.

Eventually this mechanism will be extended:

  • to other ports, probably rp2 next
  • to allow users to customise the filesystem layout, and enable ROMFS partition(s) without rebuilding firmware

Testing

Tested with ESP32_GENERIC on a board with 4MiB of flash, and ESP32_GENERIC_S2 on a board with 16MiB flash. The filesystem size was correctly detected.

Trade-offs and Alternatives

  • Boards configured for OTA have not been changed, they still define the filesystem partition explicitly. PR updated to now cover all boards.
  • It may be that the physical flash size cannot be detected correctly, but I think the IDF has covered most cases by now.
  • Custom board definitions can override the auto detect feature by defining their own MICROPY_BOARD_STARTUP macro.

Keyboard

j / / n
next pair
k / / p
previous pair
1 / / h
show query pane
2 / / l
show candidate pane
c
copy suggested comment
r
toggle reasoning
g i
go to index
?
show this help
esc
close overlays

press ? or esc to close

copied