diff --git a/docs/en/security/flash-encryption.rst b/docs/en/security/flash-encryption.rst index 9a2a1da432..4606cbaa75 100644 --- a/docs/en/security/flash-encryption.rst +++ b/docs/en/security/flash-encryption.rst @@ -512,7 +512,7 @@ If all partitions needs to be updated in encrypted format, run: .. note:: - The above operations only apply if the `DIS_DOWNLOAD_MANUAL_ENCRYPT` eFuse bit has not been programmed. If this eFuse bit has been programmed, you need to flash the encrypted firmware image instead. + The above operations are only applicable when the ``DIS_DOWNLOAD_MANUAL_ENCRYPT`` eFuse bit has not been programmed. If this eFuse bit has been programmed, you must flash the pre-encrypted ciphertext image instead. .. _flash-enc-release-mode: diff --git a/docs/en/security/security-features-enablement-workflows.rst b/docs/en/security/security-features-enablement-workflows.rst index 42dd47df00..8e94beb022 100644 --- a/docs/en/security/security-features-enablement-workflows.rst +++ b/docs/en/security/security-features-enablement-workflows.rst @@ -320,7 +320,7 @@ In this case all the eFuses related to Flash Encryption are written with help of .. note:: - If secure boot is also enabled, please perform the secure boot firmware signing first, and then carry out the above encryption operation. + If secure boot is enabled, perform secure boot signing of the firmware before carrying out the above encryption operation. In the above command, the offsets are used for a sample firmware, and the actual offset for your firmware can be obtained by checking the partition table entry or by running `idf.py partition-table`. Please note that not all the binaries need to be encrypted, the encryption applies only to those generated from the partitions which are marked as ``encrypted`` in the partition table definition file. Other binaries are flashed unencrypted, i.e., as a plain output of the build process. diff --git a/docs/zh_CN/security/flash-encryption.rst b/docs/zh_CN/security/flash-encryption.rst index 01cf0c7e33..ba48561907 100644 --- a/docs/zh_CN/security/flash-encryption.rst +++ b/docs/zh_CN/security/flash-encryption.rst @@ -512,7 +512,7 @@ flash 加密设置 .. note:: - 上述操作仅适用于 DIS_DOWNLOAD_MANUAL_ENCRYPT eFuse 位未被烧录的情况。如果该 eFuse 位已被烧录,则需要烧录加密后的密文镜像。 + 上述操作仅适用于 ``DIS_DOWNLOAD_MANUAL_ENCRYPT`` eFuse 位未被烧录的情况。如果该 eFuse 位已被烧录,则需要烧录加密后的密文镜像。 .. _flash-enc-release-mode: diff --git a/docs/zh_CN/security/security-features-enablement-workflows.rst b/docs/zh_CN/security/security-features-enablement-workflows.rst index 995a5bb532..3a92be5a55 100644 --- a/docs/zh_CN/security/security-features-enablement-workflows.rst +++ b/docs/zh_CN/security/security-features-enablement-workflows.rst @@ -320,7 +320,7 @@ .. note:: - 如同时开启了 secure boot,请先 secure boot 签名固件后再做上述加密操作。 + 如果同时启用了安全启动功能,请先对固件进行安全启动签名,再执行上述加密操作。 上述命令中的偏移量仅适用于示例固件,请通过检查分区表条目或运行 `idf.py partition-table` 来获取你固件的实际偏移量。请注意,不需要加密所有二进制文件,只需加密在分区表定义文件中带有 ``encrypted`` 标记的文件,其他二进制文件只作为构建过程的普通输出进行烧录。 @@ -733,4 +733,4 @@ Secure Boot v2 指南 使用 ``esptool.py`` 命令,将 NVS 分区 (``nvs_encr_partition.bin``) 和 NVS 加密密钥 (``nvs_encr_key.bin``) 烧录到各自的偏移地址。通过 ``idf.py build`` 成功后打印的输出,可查看所有推荐的 ``esptool.py`` 命令行选项。 - 若芯片启用了 flash 加密,请在烧录之前先加密 NVS 加密秘钥分区。详情请参阅 `flash 加密工作流程 `_ 中与烧录相关的步骤。 + 若芯片启用了 flash 加密,请在烧录前先对 NVS 加密密钥分区进行加密。详情请参阅 `flash 加密工作流程 `_ 中与烧录相关的步骤。