feat(examples/security): Extend flash_encryption example with fatfs encryption

Updated the flash_encryption example to demonstrate the usage of fatfs encryption. Updated existing test case to ensure accurate and reliable testing. Documentation of storage section extended by security relarted summary. Closes https://github.com/espressif/esp-idf/issues/11551 Closes https://github.com/espressif/esp-idf/issues/13668
2025-09-30 19:19:21 +00:00 · 2023-12-06 17:25:58 +01:00
parent 9e16b45dac
commit 68df525394
12 changed files with 608 additions and 58 deletions
--- a/docs/en/api-reference/storage/index.rst
+++ b/docs/en/api-reference/storage/index.rst
@@ -12,6 +12,8 @@ This section contains reference of the high-level storage APIs. They are based o
 - :doc:`FAT <fatfs>` is a standard file system which can be used in SPI flash or on SD/MMC cards
 - :doc:`Wear Levelling <wear-levelling>` library implements a flash translation layer (FTL) suitable for SPI NOR flash. It is used as a container for FAT partitions in flash.

+Topics related to :doc:`Storage Security <storage-security>` are described in separate section.
+
 .. note::

    It is suggested to use high-level APIs (``esp_partition`` or file system) instead of low-level driver APIs to access the SPI NOR flash.
@@ -33,5 +35,47 @@ This section contains reference of the high-level storage APIs. They are based o
    spiffs
    vfs
    wear-levelling
+    storage-security.rst

-Code examples for this API section are provided in the :example:`storage` directory of ESP-IDF examples.
+.. list-table:: Code examples for this API section
+    :widths: 25 75
+    :header-rows: 0
+
+    * - **Link**
+      - **Description**
+    * - :doc:`FAT <fatfs>`
+      -
+    * - :example:`<wear_levelling <storage/wear_levelling>`
+      - Demonstrates using FATFS over wear leveling on internal flash.
+    * - :example:`ext_flash_fatfs <storage/ext_flash_fatfs>`
+      - Demonstrates using FATFS over wear leveling on external flash.
+    * - :example:`fatfsgen <storage/fatfsgen>`
+      - Demonstrates the capabilities of Python-based tooling for FATFS images available on host computers.
+    * - :doc:`Non-Volatile Storage library (NVS) <nvs_flash>`
+      -
+    * - :example:`nvs_rw_blob <storage/nvs_rw_blob>`
+      - Shows the use of the C-style API to read and write blob data types in NVS flash.
+    * - :example:`nvs_rw_value <storage/nvs_rw_value>`
+      - Shows the use of the C-style API to read and write integer data types in NVS flash.
+    * - :example:`nvs_rw_value_cxx <storage/nvs_rw_value_cxx>`
+      - Shows the use of the C++-style API to read and write integer data types in NVS flash.
+    * - :example:`nvsgen <storage/nvsgen>`
+      - Demonstrates how to use the Python-based NVS image generation tool to create an NVS partition image from the contents of a CSV file.
+    * - :doc:`SPIFFS <spiffs>`
+      -
+    * - :example:`spiffs <storage/spiffs>`
+      - Shows the use of the SPIFFS API to initialize the filesystem and work with files using POSIX functions.
+    * - :example:`spiffsgen <storage/spiffsgen>`
+      - Demonstrates the capabilities of Python-based tooling for SPIFFS images available on host computers.
+    * - :doc:`Partitions API <partition>`
+      -
+    * - :example:`partition_api <storage/partition_api>`
+      - Provides an overview of API functions to look up particular partitions, perform basic I/O operations, and use partitions via CPU memory mapping.
+    * - :example:`parttool <storage/parttool>`
+      - Demonstrates the capabilities of Python-based tooling for partition images available on host computers.
+    * - :doc:`Virtual File System (VFS) <vfs>`
+      -
+    * - :example:`littlefs <storage/littlefs>`
+      - Shows the use of the LittleFS component to initialize the filesystem and work with a file using POSIX functions.
+    * - :example:`semihost_vfs <storage/semihost_vfs>`
+      - Demonstrates the use of the VFS API to let an ESP-based device access a file on a JTAG-connected host using POSIX functions.
--- a/docs/en/api-reference/storage/storage-security.rst
+++ b/docs/en/api-reference/storage/storage-security.rst
@@ -0,0 +1,24 @@
+Storage Security
+================
+
+:link_to_translation:`zh_CN:[中文]`
+
+Overview of Available Resources
+-------------------------------
+
+Data privacy is achieved by using the :doc:`../../security/flash-encryption` feature. This mechanism is currently used by FATFS and LittleFS and is recommended for new storage type implementations based on the Partitions API.
+NVS storage uses a proprietary :doc:`NVS encryption <nvs_encryption>` implementation.
+
+Workflows focused on overall system security are described in the :doc:`Host Based Workflows <../../security/host-based-security-workflows>`.
+Workflows related to the combination of multiple secured storage components in one project are presented in the :example:`Flash Encryption Example <security/flash_encryption>`.
+
+.. list-table:: Relevant storage security examples
+    :widths: 25 75
+    :header-rows: 0
+
+    * - **Link**
+      - **Description**
+    * - :example:`nvs_encryption_hmac <security/nvs_encryption_hmac>`
+      - Demonstrates NVS encryption with an HMAC-based encryption key protection scheme.
+    * - :example:`flash_encryption <security/flash_encryption>`
+      - Provides a combined example showing the coexistence of NVS encryption, FATFS encryption, and encrypted custom data access via the Partitions API. Security related workflows for both development and production are also provided.