espressif · klew · Oct 7, 2025
diff --git a/components/nvs_sec_provider/Kconfig b/components/nvs_sec_provider/Kconfig
@@ -36,6 +36,17 @@ menu "NVS Security Provider"
 
     endchoice
 
+    config NVS_SEC_PROVIDER_ABORT_IF_NVS_KEYS_MISSING
+        bool "Ensure NVS keys partition presence on app startup"
+        depends on NVS_SEC_KEY_PROTECT_USING_FLASH_ENC
+        default y
+        help
+            If set (default), there is a check if the NVS keys partition is present.
+            App will call abort if the NVS keys partition is not present.
+
+            If not set, the app does not care if the NVS keys partition is present or not.
+            NVS encryption may not work if the NVS keys partition is not present.
+
     config NVS_SEC_HMAC_EFUSE_KEY_ID
         int "eFuse key ID storing the HMAC key"
         depends on NVS_SEC_KEY_PROTECT_USING_HMAC

diff --git a/components/nvs_sec_provider/nvs_sec_provider.c b/components/nvs_sec_provider/nvs_sec_provider.c
@@ -95,7 +95,9 @@ ESP_SYSTEM_INIT_FN(nvs_sec_provider_register_flash_enc_scheme, SECONDARY, BIT(0)
 
     if (sec_scheme_cfg.nvs_keys_part == NULL) {
         ESP_EARLY_LOGE(TAG, "partition with subtype \"nvs_keys\" not found");
+#ifdef CONFIG_NVS_SEC_PROVIDER_ABORT_IF_NVS_KEYS_MISSING
         return ESP_FAIL;
+#endif  // CONFIG_NVS_SEC_PROVIDER_ABORT_IF_NVS_KEYS_MISSING
     }
 
     nvs_sec_scheme_t *sec_scheme_handle_out = NULL;