change(nvs_sec_provider): Make the HMAC-based NVS security scheme default for supported SoCs

- When NVS encryption is enabled on SoCs with the HMAC peripheral that have flash encryption enabled, the HMAC-based NVS encryption scheme is now selected as default instead of the flash encryption-based scheme. - If your application previously used the flash encryption-based scheme, you need to manually configure the NVS encryption scheme to flash encryption from HMAC through ``menuconfig`` or your project's ``sdkconfig`` (i.e., setting ``CONFIG_NVS_SEC_KEY_PROTECT_USING_FLASH_ENC=y``).
2025-11-24 20:11:59 +00:00 · 2025-09-18 14:47:35 +05:30
parent f565fc2481
commit 1ea0fc261d
17 changed files with 25 additions and 1 deletions
--- a/examples/security/flash_encryption/sdkconfig.ci.rom_impl
+++ b/examples/security/flash_encryption/sdkconfig.ci.rom_impl
@@ -7,6 +7,7 @@ CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
 CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=y
 CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y
 CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y
+CONFIG_NVS_SEC_KEY_PROTECT_USING_FLASH_ENC=y

 CONFIG_SPI_FLASH_ROM_IMPL=y
 CONFIG_COMPILER_OPTIMIZATION_SIZE=y