Skip to content

fix(nvs_sec_provider): add option to skip reset when nvs_keys is missing (IDFGH-16597) #17710

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(nvs_sec_provider): add option to skip reset when nvs_keys is missing (IDFGH-16597) #17710

wants to merge 1 commit into from
+13 −0

Conversation

klew
Copy link
Contributor

@klew klew commented Oct 7, 2025

Description

NVS flash encrytpion rely on nvs_keys partition and it will not work when such partition is missing. In aaf1f86 there was added a check if nvs_keys partition is present with strong enforcement - it will return ESP_FAIL in early startup step, which causes abort() and reset loop of an application.

aaf1f86 change was available since v5.4 and it was not even mentioned in release notes, but it creates a regression which can brick devices. This strong enforcement is blocking ability to develop an application which can operate with NVS encrytpion (based on nvs_keys) and also operate without NVS encryption (when nvs_keys is missing).

Current fix adds a menuconfig option which allow to skip returning ESP_FAIL when partition is missing. Then application can decide in runtime what should be done when it's missing - instead of reset in early startup phase.

Related

Closes #17703

Testing

In general, this "return ESP_FAIL" was not present in earlier versions of nvs_sec_provider and whole component can handle missing nvs_keys partition (there are error logs in such scenarios, which is expected).
I run code with this flag enabled and disabled, with and without nvs_keys partition. All work as expected.

Checklist

Before submitting a Pull Request, please ensure the following:

  • 🚨 This PR does not introduce breaking changes.
  • All CI checks (GH Actions) pass.
  • Documentation is updated as needed.
  • Tests are updated or added as necessary.
  • Code is well-commented, especially in complex areas.
  • Git history is clean — commits are squashed to the minimum necessary.

@klew
fix(nvs_sec_provider): add option to skip reset when nvs_keys is missing
5f83617 
NVS flash encrytpion rely on nvs_keys partition and it will not work
when such partition is missing. In aaf1f86 there was added a check if
nvs_keys partition is present with strong enforcement - it will return
ESP_FAIL in early startup step, which causes abort() and reset loop of
an application.

This change was available since v5.4 and it was not even mentioned in
release notes, but it creates a regression which can brick devices.
This strong enforcement is blocking ability to develop an application
which can operate with NVS encrytpion (based on nvs_keys) and also
operate without NVS encryption (when nvs_keys is missing).

Current fix adds an menuconfig option which allow to skip returning
ESP_FAIL when partition is missing. Then application can in runtime
decide what shlould be done when it's missing - instead of reset in
early startup phase.
Closes espressif#17703
@CLAassistant
Copy link

CLAassistant commented Oct 7, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 7, 2025

Warnings
⚠️

Some issues found for the commit messages in this PR:

  • the commit message "fix(nvs_sec_provider): add option to skip reset when nvs_keys is missing":
    • footer must have leading blank line

Please fix these commit messages - here are some basic tips:

  • follow Conventional Commits style
  • correct format of commit message should be: <type/action>(<scope/component>): <summary>, for example fix(esp32): Fixed startup timeout issue
  • allowed types are: change,ci,docs,feat,fix,refactor,remove,revert,test
  • sufficiently descriptive message summary should be between 20 to 72 characters and start with upper case letter
  • avoid Jira references in commit messages (unavailable/irrelevant for our customers)

TIP: Install pre-commit hooks and run this check when committing (uses the Conventional Precommit Linter).

👋 Hello klew, we appreciate your contribution to this project!

📘 Please review the project's Contributions Guide for key guidelines on code, documentation, testing, and more.
🖊️ Please also make sure you have read and signed the Contributor License Agreement for this project.
Click to see more instructions ...


This automated output is generated by the PR linter DangerJS, which checks if your Pull Request meets the project's requirements and helps you fix potential issues.

DangerJS is triggered with each push event to a Pull Request and modify the contents of this comment.

Please consider the following:
- Danger mainly focuses on the PR structure and formatting and can't understand the meaning behind your code or changes.
- Danger is not a substitute for human code reviews; it's still important to request a code review from your colleagues.
- Resolve all warnings (⚠️ ) before requesting a review from human reviewers - they will appreciate it.
- To manually retry these Danger checks, please navigate to the Actions tab and re-run last Danger workflow.

Review and merge process you can expect ...


We do welcome contributions in the form of bug reports, feature requests and pull requests via this public GitHub repository.

This GitHub project is public mirror of our internal git repository

1. An internal issue has been created for the PR, we assign it to the relevant engineer.
2. They review the PR and either approve it or ask you for changes or clarifications.
3. Once the GitHub PR is approved, we synchronize it into our internal git repository.
4. In the internal git repository we do the final review, collect approvals from core owners and make sure all the automated tests are passing.
- At this point we may do some adjustments to the proposed change, or extend it by adding tests or documentation.
5. If the change is approved and passes the tests it is merged into the default branch.
5. On next sync from the internal git repository merged change will appear in this public GitHub repository.

Generated by 🚫 dangerJS against 5f83617

@github-actions github-actions bot changed the title fix(nvs_sec_provider): add option to skip reset when nvs_keys is missing fix(nvs_sec_provider): add option to skip reset when nvs_keys is missing (IDFGH-16597) Oct 7, 2025
@espressif-bot espressif-bot added the Status: Opened Issue is new label Oct 7, 2025
@mahavirj mahavirj requested a review from laukik-hase October 7, 2025 09:59
@lukfud
Copy link

lukfud commented Oct 7, 2025

👍 @klew

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@laukik-hase laukik-hase Awaiting requested review from laukik-hase

Assignees

@pacucha42 pacucha42

Labels

Status: Opened Issue is new

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add option to skip automatic nvs_sec_provider initialization (IDFGH-16587)

5 participants

@klew @CLAassistant @lukfud @pacucha42 @espressif-bot