Hi,
I am trying to wrap my head around flash encryption reading the documentation. My understanding is that the ESP32 hardware AES engine generates an encryption key (symmetric encryption, I suppose?) which is stored inside the chip on eFuses in an unmodifiable way. Is this correct?
What I don't understand is, the flash memory is encrypted so that it cannot be read off as plain text, but even if so, what prevents an attacker from reading the encryption key from the eFuses by probing etc? What makes it readable only to the encryption/decryption engine but to nobody else?
I don't know if this is a somewhat obvious question but I could not find an answer I could understand anywhere.
Thanks.
How is the flash encryption key stored?
-
- Posts: 9769
- Joined: Thu Nov 26, 2015 4:08 am
Re: How is the flash encryption key stored?
Your first interpretation is indeed correct.
The link between the eFuses and the CPU is effectively broken when the efuse read disable bit is blown; the only thing having access to those efuse values is the encryption/decryption engine, and that does not have a way for the CPU to get to the encryption key either.
The key could indeed theoretically be retrieved by an attacker by probing at the physical efuses, but note that this is not trivial: it requires decapping the chip, lapping off layers until you arrive at the efuses, then reading them out electrically (as they likely are not readable optically) and finally figuring out how the eFuse layout corresponds to the actual physical location of the eFuses. Attacks like this are generally seen as specialist, expensive and time-intense enough not to be worth it for consumer products. (Especially as our security ecosystem uses asymmetric encryption elsewhere: knowing the contents of one product does not allow you to create a firmware update that is accepted by others, for instance.)
The link between the eFuses and the CPU is effectively broken when the efuse read disable bit is blown; the only thing having access to those efuse values is the encryption/decryption engine, and that does not have a way for the CPU to get to the encryption key either.
The key could indeed theoretically be retrieved by an attacker by probing at the physical efuses, but note that this is not trivial: it requires decapping the chip, lapping off layers until you arrive at the efuses, then reading them out electrically (as they likely are not readable optically) and finally figuring out how the eFuse layout corresponds to the actual physical location of the eFuses. Attacks like this are generally seen as specialist, expensive and time-intense enough not to be worth it for consumer products. (Especially as our security ecosystem uses asymmetric encryption elsewhere: knowing the contents of one product does not allow you to create a firmware update that is accepted by others, for instance.)
-
- Posts: 4
- Joined: Fri Jun 12, 2020 9:14 pm
Re: How is the flash encryption key stored?
Sorry I couldn't reply earlier. Thanks for the clarification, makes more sense now.
Who is online
Users browsing this forum: jimmy98035@gmail.com and 84 guests