Merge branch 'feature/storage_fatfs_encr_example' into 'master'

security: flash_encryption example extended with fatfs encryption

Closes IDF-7639

See merge request espressif/esp-idf!27729

docs/en/api-reference/storage/index.rst

@@ -12,6 +12,8 @@ This section contains reference of the high-level storage APIs. They are based o
 - :doc:`FAT <fatfs>` is a standard file system which can be used in SPI flash or on SD/MMC cards
 - :doc:`Wear Levelling <wear-levelling>` library implements a flash translation layer (FTL) suitable for SPI NOR flash. It is used as a container for FAT partitions in flash.
 
+Topics related to :doc:`Storage Security <storage-security>` are described in separate section.
+
 .. note::
 
     It is suggested to use high-level APIs (``esp_partition`` or file system) instead of low-level driver APIs to access the SPI NOR flash.
@@ -33,5 +35,47 @@ This section contains reference of the high-level storage APIs. They are based o
     spiffs
     vfs
     wear-levelling
+    storage-security.rst
+
+.. list-table:: Code examples for this API section
+    :widths: 25 75
+    :header-rows: 0
 
-Code examples for this API section are provided in the :example:`storage` directory of ESP-IDF examples.
+    * - **Link**
+      - **Description**
+    * - :doc:`FAT <fatfs>`
+      -
+    * - :example:`<wear_levelling <storage/wear_levelling>`
+      - Demonstrates using FATFS over wear leveling on internal flash.
+    * - :example:`ext_flash_fatfs <storage/ext_flash_fatfs>`
+      - Demonstrates using FATFS over wear leveling on external flash.
+    * - :example:`fatfsgen <storage/fatfsgen>`
+      - Demonstrates the capabilities of Python-based tooling for FATFS images available on host computers.
+    * - :doc:`Non-Volatile Storage library (NVS) <nvs_flash>`
+      -
+    * - :example:`nvs_rw_blob <storage/nvs_rw_blob>`
+      - Shows the use of the C-style API to read and write blob data types in NVS flash.
+    * - :example:`nvs_rw_value <storage/nvs_rw_value>`
+      - Shows the use of the C-style API to read and write integer data types in NVS flash.
+    * - :example:`nvs_rw_value_cxx <storage/nvs_rw_value_cxx>`
+      - Shows the use of the C++-style API to read and write integer data types in NVS flash.
+    * - :example:`nvsgen <storage/nvsgen>`
+      - Demonstrates how to use the Python-based NVS image generation tool to create an NVS partition image from the contents of a CSV file.
+    * - :doc:`SPIFFS <spiffs>`
+      -
+    * - :example:`spiffs <storage/spiffs>`
+      - Shows the use of the SPIFFS API to initialize the filesystem and work with files using POSIX functions.
+    * - :example:`spiffsgen <storage/spiffsgen>`
+      - Demonstrates the capabilities of Python-based tooling for SPIFFS images available on host computers.
+    * - :doc:`Partitions API <partition>`
+      -
+    * - :example:`partition_api <storage/partition_api>`
+      - Provides an overview of API functions to look up particular partitions, perform basic I/O operations, and use partitions via CPU memory mapping.
+    * - :example:`parttool <storage/parttool>`
+      - Demonstrates the capabilities of Python-based tooling for partition images available on host computers.
+    * - :doc:`Virtual File System (VFS) <vfs>`
+      -
+    * - :example:`littlefs <storage/littlefs>`
+      - Shows the use of the LittleFS component to initialize the filesystem and work with a file using POSIX functions.
+    * - :example:`semihost_vfs <storage/semihost_vfs>`
+      - Demonstrates the use of the VFS API to let an ESP-based device access a file on a JTAG-connected host using POSIX functions.

docs/en/api-reference/storage/storage-security.rst

@@ -0,0 +1,24 @@
+Storage Security
+================
+
+:link_to_translation:`zh_CN:[中文]`
+
+Overview of Available Resources
+-------------------------------
+
+Data privacy is achieved by using the :doc:`../../security/flash-encryption` feature. This mechanism is currently used by FATFS and LittleFS and is recommended for new storage type implementations based on the Partitions API.
+NVS storage uses a proprietary :doc:`NVS encryption <nvs_encryption>` implementation.
+
+Workflows focused on overall system security are described in the :doc:`Host Based Workflows <../../security/host-based-security-workflows>`.
+Workflows related to the combination of multiple secured storage components in one project are presented in the :example:`Flash Encryption Example <security/flash_encryption>`.
+
+.. list-table:: Relevant storage security examples
+    :widths: 25 75
+    :header-rows: 0
+
+    * - **Link**
+      - **Description**
+    * - :example:`nvs_encryption_hmac <security/nvs_encryption_hmac>`
+      - Demonstrates NVS encryption with an HMAC-based encryption key protection scheme.
+    * - :example:`flash_encryption <security/flash_encryption>`
+      - Provides a combined example showing the coexistence of NVS encryption, FATFS encryption, and encrypted custom data access via the Partitions API. Security related workflows for both development and production are also provided.

docs/zh_CN/api-reference/storage/index.rst

@@ -33,5 +33,6 @@
    spiffs
    vfs
    wear-levelling
+   storage-security.rst
 
 此部分 API 代码示例存放在 ESP-IDF 示例项目的 :example:`storage` 目录下。

docs/zh_CN/api-reference/storage/storage-security.rst

@@ -0,0 +1 @@
+.. include:: ../../../en/api-reference/storage/storage-security.rst