This document provides introduction to Flash encryption concept on ESP32 and demonstrates how this feature can be used during development as well as production by the user using a sample example. The primary intention of the document is to act as a quick start guide to test and verify flash encryption operations.
The details of the flash encryption block can be found in the ESP32 Technical reference manual. When flash encryption is enabled, physical readout of the SPI flash is not sufficient to recover most flash contents. Encryption is applied by flashing the ESP32 with plaintext data, and if encryption is enabled the bootloader encrypts the data in place on first boot. Flash encryption is separate from the Secure Boot feature, and you can use flash encryption without enabling secure boot.
However, for a secure environment both should be used simultaneously. Enabling flash encryption limits the options for further updates of the ESP Make sure to read this document including Limitations of Flash Encryption and understand the implications of enabling flash encryption. The flash encryption operation is controlled by various eFuses available on ESP Below is the list of eFuse and their description:. Assuming the eFuse values are in default state and second stage bootloader is compiled to support flash encryption, the flash encryption process executes as below:.
On first power-on reset, all data in flash is un-encrypted plaintext. This operation is performed in hardware and the key can not be accessed by software. Next the flash encryption block will encrypt the flash contents based on partition table flag value. Encrypting in-place can take some time up to a minute for large partitions. The second stage bootloader then reboots the device to start executing encrypted image.
It will transparently decrypt the flash contents and load into IRAM. During development stage there is a frequent need to program different plaintext flash images and test the flash encryption process. This requires UART download mode to be able to load new plaintext images as many number of times as required.
However during manufacturing or production UART download mode should not be allowed to access flash contents due to security reason. Hence this requires two different ESP32 configurations: one for development and other for production. Following section describes Development Mode and Release Mode for flash encryption and a step by step process to use them.
It is possible to run flash encryption process for development using either ESP32 internally generated key or external host generated keys.
Following steps needs to be done to test flash encryption process:. This sample application will print the status of flash encryption: enabled or disabled.Once programmed, or blown, the contents cannot be changed and the contents are retained after power is removed. Fundamentally, an eFuse is a single bit of non-volatile memory with the restriction that once an eFuse bit is programmed to 1, it can never be reverted to 0.
Software can instruct the eFuse Controller to program each bit for each system parameter as needed. Some of these system parameters can be read by software using the eFuse Controller or directly used by hardware modules. Espressif provides a complete online documentation dedicated to this feature here. The technical reference manual has also a chapter dedicated to the eFuses Controller chapter The eFuses controller is in charge to manage the eFuses arrays and has 4 eFuses blocks, each one is bits length not all bits are available :.
Secure boot is the guardian of the firmware authenticity and integrity stored into the external SPI Flash memory. It is easy for an attacker to modify the content of an external flash, to run its malicious code on the ESP The secure boot is present to protect against this kind of firmware modification. The Secure boot creates a chain of trust from the BootROM to the bootloader until the application firmware.
It guarantees the code running on the device is genuine and cannot be modified without signing the binaries using a secret key. The device will not execute unsigned binaries otherwise.
Secure boot is normally set during production at the factoryconsidered as a secure environment. This key has to be kept confidential to be sure an attacker cannot create a new bootloader image. It is also a good idea to have a unique key per device, to reduce the scalability if one secure boot key is leaked or recovered. The private key has to be kept confidential.
Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction
The public key will be included at the end of the bootloader image. This key will be in charge to verify the signature of the app image. At the address 0x0 in the SPI flash layout, a bytes digest has to be flashed. The output digest is bytes of data is composed by bytes of random, followed by the 64 bytes SHA digest computed such as:. I respect the documentation to enable the secure boot feature on a new ESP32 board manually, using these commands:.
The ESP32 will now authenticate the bootloader after each reset, the software then verifies the app and the code is running. When flash encryption is enabled, physical readout of the SPI flash is not sufficient to recover most flash contents. Flash encryption is normally set during production at the factoryconsidered as a secure environment.
The flash encryption key is stored in eFuses internal to the chip, and is protected from software access. This means every 32 byte block two consecutive 16 byte AES blocks is encrypted with a unique key derived from the flash encryption key. Flash access is transparent via the flash cache-mapping feature of ESP32 — any flash regions, which are mapped to the address space, will be transparently decrypted when read.
In case of recovery, I should be able to encrypt a new bootloader or decrypt the entire firmware. According to my reverse, in EFUSE block0, the first 32bits-word correspond to the security configuration:. All images are signed, encrypted and flashed one by one into the ESP32 I do that manually to acquire information regarding the flash encryption process :.
S imple P ower A nalysis is a useful technique to reverse some hardware processing:. This HW activity is probably the eFuses Controller initialisation, and a load of the eFuses values in some dedicated buffer memory, to be used by the Flash controller for further steps.
I will use the dump command previously presented:. Here is a scope screen when the readout of RW protected eFuses is successful:. Unfortunately, some error bytes are present into the previous dumped values probably provoked by the perturbation during the E-Fuses controller initialisation?
Difficult to say without access to sensitive design information. After a short fault session, the log file contains 30 dumped values but no one is corresponding to the exact real key value.Users browsing this forum: Bing [Bot] and 40 guests. Espressif Systems is a fabless semiconductor company providing cutting-edge low power WiFi SoCs and wireless solutions for wireless communications and Internet of Things applications.
Skip to content. Code: Select all espefuse.
I was able to use the same settings you have here including partition table and enable secure boot on a fresh chip just now, running the current Github master branch 77eae33a7. The "secure boot check fail" message you are getting indicates that the initial secure boot check on the bootloader. The efuse summary indicates that the bootloader. This shouldn't happen until after the bootloader has verified there's a path to boot a valid app, although as mentioned above it's failing at an earlier stage now.
The early log lines like "load:0x,len" suggest that the bootloader image is being read successfully from flash, as well, so it hasn't become corrupted or accidentally replaced with a plaintext copy. Are you able to share your bootloader.
Markus Becker wrote: This caused a reset after flashing the bootloader, before flashing the app - which is bad, right? Markus Becker wrote: On the other hand that does not explain to me how that could cause the bootloader fail to be verified. The board in use is self made. In seldom cases flashing aborted with errors. Firmware OTA can be done wireless or from a file on sd-card. Again, that failed sometimes.
This all can have different reasons. I think there are several very good reasons to have encrypted flash and secure boot in place, maybe we see one of those right now, as we do not need an attacker to change flash content in an irregular way, if we have a bug in our app I'm now preparing the next try - to get most out of it, how should I adjust bootloader config I saw a message, indicating bootloader could get too large?
Last time, I did not 'make monitor' to avoid interrupting flash encryption half way. On the other hand monitoring output might well be the key to finding the cause Which settings and procedure would you suggest?
Angus regarding sdkconfig: there is nothing secret in it, but I find it wrong to embed it into the message here, seem to be unable to attach it and can not reach you by email. Would you please email me, so I can answer? Sorry for my incompetence Markus. Jump to. Who is online Users browsing this forum: Bing [Bot] and 40 guests.
All times are UTC Top. About Us Espressif Systems is a fabless semiconductor company providing cutting-edge low power WiFi SoCs and wireless solutions for wireless communications and Internet of Things applications.
Espressif ESP Available now!GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Mongoose OS implements ESP32 flash encryption
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community. Already on GitHub? Sign in to your account. Flash Frequency: 40Mhz Upload Speed: Hi, I'm trying to enable Flash Encryption. See my instructions in Is it possible to set the fuses for the flash encryption in arduino or maybe with the espefuse. OK i have now changed the sdkconfig in the "make menuconfig". I changed the Security features and did Enable flash encryption on boot.
Then i started ardino, built and uploaded it. You enable encryption by running espefuse. Did you read the documentation thoroughly? But the bootloader trys to decrypt a unencrypted firmware. That simply ends up with Error message I would be glad to hear if it is somehow it would be possible to copy some files into the Arduino-esp32 to make it work.
Getting error seems like some progress. Follow the serial reflashing procedure from that point and see if it will encrypt on its own. Flash encryption is still disabled. Um, Ok. Then don't do that. Just flash the esp-idf OTA example with the encryption turned on. Then you can put whatever you want on there. There may very well be something in the arduino-esp32 code that overrides the sdkconfig setting, and that is probably a reasonable security feature to keep people that don't understand the consequences from bricking their devices.
So far so good, esp-idf flash encryption worked out with our own flash encryption key, which we stored on our PC. Now the will be a. If i use Arduino-IDE to compile and upload my arduino-esp32 sketch, in which directory can i find the. I am asking, because I wanna try to encrypt that file directly without using the arduino as an idf component. If you turn on verbose output during compilation in the preferences, you will see the location in a few places. You could also get a list of mac addresses that way.
Today I took the. Flashed the. Buffalchill that is probably the only way that flash encryption will be available for Arduino users. Since it's not for everyone and could cause any novice an issue, it would require you to run Arduino as IDF component. I don't know whether the partition table has been encrypted or not, but maybe you initially uploaded a partition table without spiffs? Maybe it just needs a format though that should give you a different error?
Here's some quick code to show the spiffs location:.Secure Boot is a feature for ensuring only your code can run on the chip. Data loaded from flash is verified on each reset. Secure Boot is separate from the Flash Encryption feature, and you can use secure boot without encrypting the flash contents. However, for a secure environment both should be used simultaneously. Enabling secure boot limits your options for further updates of your ESP Make sure to read this document throughly and understand the implications of enabling secure boot.
Most data is stored in flash. Flash access does not need to be protected from physical access in order for secure boot to function, because critical data is stored non-software-accessible in Efuses internal to the chip. This is a high level overview of the secure boot process. Further in-depth details are supplied under Technical Details :.
Secure Boot defaults to signing images and partition table data during the build process. The software bootloader image is built by esp-idf with secure boot support enabled and the public key signature verification portion of the secure boot signing key compiled in. This software bootloader image is flashed at offset 0x The digest is derived from the key, an IV, and the bootloader image contents.
The software bootloader then becomes protected the chip will only boot a bootloader image if the digest matches. On subsequent boots the ROM bootloader sees that the secure boot efuse is burned, reads the saved digest at 0x0 and uses hardware secure boot support to compare it with a newly calculated digest.
If the digest does not match then booting will not continue. The digest and comparison are performed entirely by hardware, and the calculated digest is not readable by software. For technical details see Secure Boot Hardware Support. When running in secure boot mode, the software bootloader uses the secure boot signing key the public key of which is embedded in the bootloader itself, and therefore validated as part of the bootloader to verify the signature appended to all subsequent partition tables and app images before they are booted.
The bootloader can generate this key itself from the internal hardware random number generator, the user does not need to supply it it is optionally possible to supply this key, see Re-Flashable Software Bootloader.Users browsing this forum: Google [Bot] and 38 guests. Espressif Systems is a fabless semiconductor company providing cutting-edge low power WiFi SoCs and wireless solutions for wireless communications and Internet of Things applications.
Skip to content. Flash Encryption - First boot and random key generated. The production is in China and we are from another countryso the first firmware for the ESP32 will be pass in a factory on China by a test jig. After the first boot yet at the factory the calibration parameters will be recorded in the flash by NVS. Why this questions?
Last edited by Berlese on Fri Apr 05, pm, edited 1 time in total. Is there any part of the production process that you can trust, for the purposes of enabling flash encryption correctly? It sounds like you're not giving your production firmware to the third party factory, instead they're flashing a test firmware and then production firmware is flashed at a second trusted location.
Is that right? Option 1: If this is the case then the very simplest option is to completely re-flash the device via serial at the second location, with new bootloader. Then it will reset to enable flash encryption. But this may be unnecessarily fiddly due to the need to flash via serial.
Option 2: If you want to do this second stage via OTA only, and you have a controlled environment no risk of power failures or other interruptionsthen I would recommend writing a custom routine to also download and overwrite the factory bootloader. Option 3: If Option 2 isn't viable for some reason then you can probably do something like: Patch bootloader to skip the "enable flash encryption" steps if there is no flash encryption key set in efuse yet, so it keeps behaving like the plaintext bootloader until there is a key set.
The bootloader will then see there is a key and enable the default "first boot" flash encryption logic, including encrypting the flash contents. This approach still needs a controlled environment though, as a power failure during this initial "encrypt itself" step will leave the device bricked. Option 4: doing the encryption through OTA and using the follow libs:. I have no words to thank you! Your answer was amazing and very completely.
Who is online Users browsing this forum: Google [Bot] and 38 guests. All times are UTC Top. About Us Espressif Systems is a fabless semiconductor company providing cutting-edge low power WiFi SoCs and wireless solutions for wireless communications and Internet of Things applications. Espressif ESP Available now!Hello, I want to prevent my code against flash reading. Where did you see a guide for Arduino-ESP32? All I see is a very long issue with homebrew solutions which might or might not brick your ESP32 if it goes wrong.
I am looking for a example that is working. Could you help me? But it has to exist in the first place. In my opinion is what I need is only the flash encryption in development mode. In this case it is possible to flash the chip again with a new sketch, but the sketch is encrypted and the secret key is protected.
What do you think about? Burn with espfuse. Maybe change Partition Table, to prevent errors because the bigger bootloader? But i am not sure how this work. Is that the right way to protect my code against read access? How can I enable this? I am using the arduine framework on PalttformIO. Is a manual or a code example available? Best regards Tom.
ESP32 secure boot still not supported? Tom01 March 26,pm 3. Tom01 March 27,am 5. Hello, my goal is only to protect my code against flash reading. Tom01 March 27,am 6. Tom01 March 27,am 7.
Tom01 March 27,am 8. Picture to Point 4 - Partition Table: I think I need a custom partition with the settings of the arduino default. FoxTerrier April 18,pm 9.