change(nvs_sec_provider): Change NVS encryption's default efuse HMAC key ID to -1

Author: Harshal5

components/nvs_sec_provider/Kconfig

@@ -32,8 +32,8 @@ menu "NVS Security Provider"
     config NVS_SEC_HMAC_EFUSE_KEY_ID
         int "eFuse key ID storing the HMAC key"
         depends on NVS_SEC_KEY_PROTECT_USING_HMAC
-        range 0 6
-        default 6
+        range -1 5
+        default -1
         help
             eFuse block key ID storing the HMAC key for deriving the NVS encryption keys
 

components/nvs_sec_provider/nvs_bootloader_sec_provider.c

@@ -96,7 +96,7 @@ esp_err_t nvs_sec_provider_register_flash_enc(const nvs_sec_config_flash_enc_t *
 
 static nvs_sec_config_hmac_t nvs_sec_config_hmac_scheme_data;
 
-#if CONFIG_NVS_SEC_HMAC_EFUSE_KEY_ID > 5
+#if CONFIG_NVS_SEC_HMAC_EFUSE_KEY_ID < 0
 #error "NVS Encryption (HMAC): Configured eFuse block (CONFIG_NVS_SEC_HMAC_EFUSE_KEY_ID) out of range!"
 #endif
 

components/nvs_sec_provider/nvs_sec_provider.c

@@ -107,7 +107,7 @@ ESP_SYSTEM_INIT_FN(nvs_sec_provider_register_flash_enc_scheme, SECONDARY, BIT(0)
 
 #if SOC_HMAC_SUPPORTED
 
-#if CONFIG_NVS_SEC_HMAC_EFUSE_KEY_ID > 5
+#if CONFIG_NVS_SEC_HMAC_EFUSE_KEY_ID < 0
 #error "NVS Encryption (HMAC): Configured eFuse block (CONFIG_NVS_SEC_HMAC_EFUSE_KEY_ID) out of range!"
 #endif
 

docs/en/api-reference/storage/nvs_encryption.rst

@@ -121,7 +121,7 @@ It is possible for an application to use different keys for different NVS partit
 
     .. note::
 
-        The valid range for the config :ref:`CONFIG_NVS_SEC_HMAC_EFUSE_KEY_ID` is from ``0`` (:cpp:enumerator:`hmac_key_id_t::HMAC_KEY0`) to ``5`` (:cpp:enumerator:`hmac_key_id_t::HMAC_KEY5`). By default, the config is set to ``6`` (:cpp:enumerator:`hmac_key_id_t::HMAC_KEY_MAX`), which have to be configured before building the user application.
+        The valid range for the config :ref:`CONFIG_NVS_SEC_HMAC_EFUSE_KEY_ID` is from ``0`` (:cpp:enumerator:`hmac_key_id_t::HMAC_KEY0`) to ``5`` (:cpp:enumerator:`hmac_key_id_t::HMAC_KEY5`). By default, the config is set to ``-1``, which have to be configured before building the user application.
 
     - If no key is found, a key is generated internally and stored at the eFuse block specified at :ref:`CONFIG_NVS_SEC_HMAC_EFUSE_KEY_ID`.
     - If a key is found with the purpose :cpp:enumerator:`esp_efuse_purpose_t::ESP_EFUSE_KEY_PURPOSE_HMAC_UP`, the same is used for the derivation of the XTS encryption keys.

docs/zh_CN/api-reference/storage/nvs_encryption.rst

@@ -121,7 +121,7 @@ NVS 密钥分区
 
     .. note::
 
-        :ref:`CONFIG_NVS_SEC_HMAC_EFUSE_KEY_ID` 配置的有效范围为 ``0`` (:cpp:enumerator:`hmac_key_id_t::HMAC_KEY0`) 到 ``5`` (:cpp:enumerator:`hmac_key_id_t::HMAC_KEY5`)。默认情况下该配置为 ``6`` (:cpp:enumerator:`hmac_key_id_t::HMAC_KEY_MAX`)，须在构建用户应用程序之前进行修改。
+        :ref:`CONFIG_NVS_SEC_HMAC_EFUSE_KEY_ID` 配置的有效范围为 ``0`` (:cpp:enumerator:`hmac_key_id_t::HMAC_KEY0`) 到 ``5`` (:cpp:enumerator:`hmac_key_id_t::HMAC_KEY5`)。默认情况下该配置为 ``-1``，须在构建用户应用程序之前进行修改。
 
     - 如果找不到密钥，会内部生成一个密钥，并储存在 :ref:`CONFIG_NVS_SEC_HMAC_EFUSE_KEY_ID` 指定的 eFuse 块中。
     - 如果找到用于 :cpp:enumerator:`esp_efuse_purpose_t::ESP_EFUSE_KEY_PURPOSE_HMAC_UP` 的密钥，该密钥也会用于 XTS 加密密钥的生成。