Encrypted SPIFFS

#1

In most of the mongoose-os examples that use a TLS client certificate and key these are stored as files in SPIFFS. Also the mgos_sys_config singleton stores its data as a file in SPIFFS.

For the EPS32 platform, is SPIFFS encrypted if ESP32 flash encryption is enabled?

If not, what mechanisms does mongoose-os offer on ESP32 for storing secure information like a client certificate and key?

For things that change a least once in the lifetime of a product (i.e. mgos_sys_config variables including WiFi credentials) where can this be securely written at run time?

#2

I’ve re-read https://mongoose-os.com/docs/mongoose-os/userguide/security.md#esp32-flash-encryption, and it answer my exact question.

:smiley:

1 Like