fix : apply the suggestion from doc team

2026-01-15 01:02:29 +00:00 · 2025-09-22 09:59:54 +00:00
parent e3a34f5453
commit a4e05f49c0
4 changed files with 5 additions and 5 deletions
--- a/docs/en/security/flash-encryption.rst
+++ b/docs/en/security/flash-encryption.rst
@@ -512,7 +512,7 @@ If all partitions needs to be updated in encrypted format, run:

 .. note::

-    The above operations only apply if the `DIS_DOWNLOAD_MANUAL_ENCRYPT` eFuse bit has not been programmed. If this eFuse bit has been programmed, you need to flash the encrypted firmware image instead.
+    The above operations are only applicable when the ``DIS_DOWNLOAD_MANUAL_ENCRYPT`` eFuse bit has not been programmed. If this eFuse bit has been programmed, you must flash the pre-encrypted ciphertext image instead.

 .. _flash-enc-release-mode:

--- a/docs/en/security/security-features-enablement-workflows.rst
+++ b/docs/en/security/security-features-enablement-workflows.rst
@@ -320,7 +320,7 @@ In this case all the eFuses related to Flash Encryption are written with help of

    .. note::

-        If secure boot is also enabled, please perform the secure boot firmware signing first, and then carry out the above encryption operation.
+        If secure boot is enabled, perform secure boot signing of the firmware before carrying out the above encryption operation.

    In the above command, the offsets are used for a sample firmware, and the actual offset for your firmware can be obtained by checking the partition table entry or by running `idf.py partition-table`. Please note that not all the binaries need to be encrypted, the encryption applies only to those generated from the partitions which are marked as ``encrypted`` in the partition table definition file. Other binaries are flashed unencrypted, i.e., as a plain output of the build process.

--- a/docs/zh_CN/security/flash-encryption.rst
+++ b/docs/zh_CN/security/flash-encryption.rst
@@ -512,7 +512,7 @@ flash 加密设置

 .. note::

-    上述操作仅适用于 DIS_DOWNLOAD_MANUAL_ENCRYPT eFuse 位未被烧录的情况。如果该 eFuse 位已被烧录，则需要烧录加密后的密文镜像。
+    上述操作仅适用于 ``DIS_DOWNLOAD_MANUAL_ENCRYPT`` eFuse 位未被烧录的情况。如果该 eFuse 位已被烧录，则需要烧录加密后的密文镜像。

 .. _flash-enc-release-mode:

--- a/docs/zh_CN/security/security-features-enablement-workflows.rst
+++ b/docs/zh_CN/security/security-features-enablement-workflows.rst
@@ -320,7 +320,7 @@

    .. note::

-        如同时开启了 secure boot，请先 secure boot 签名固件后再做上述加密操作。
+        如果同时启用了安全启动功能，请先对固件进行安全启动签名，再执行上述加密操作。

    上述命令中的偏移量仅适用于示例固件，请通过检查分区表条目或运行 `idf.py partition-table` 来获取你固件的实际偏移量。请注意，不需要加密所有二进制文件，只需加密在分区表定义文件中带有 ``encrypted`` 标记的文件，其他二进制文件只作为构建过程的普通输出进行烧录。

@@ -733,4 +733,4 @@ Secure Boot v2 指南

    使用 ``esptool.py`` 命令，将 NVS 分区 (``nvs_encr_partition.bin``) 和 NVS 加密密钥 (``nvs_encr_key.bin``) 烧录到各自的偏移地址。通过 ``idf.py build`` 成功后打印的输出，可查看所有推荐的 ``esptool.py`` 命令行选项。

-    若芯片启用了 flash 加密，请在烧录之前先加密 NVS 加密秘钥分区。详情请参阅 `flash 加密工作流程 <enable-flash-encryption-externally_>`_ 中与烧录相关的步骤。
+    若芯片启用了 flash 加密，请在烧录前先对 NVS 加密密钥分区进行加密。详情请参阅 `flash 加密工作流程 <enable-flash-encryption-externally_>`_ 中与烧录相关的步骤。