ESP32 Forum

为了进行加密需要使用一个唯一且不能被修改的序号作为key进行加密算法运算，esp32有相关的参数吗？

(Sorry for the trouble of replying in English.)

The ESP32 efuse contains a MAC address region which is programmed at the factory, and is unique. The esp_read_mac(buf, ESP_MAC_WIFI_STA) function will return this MAC address copied from efuse. The other MAC address types are derived from the STA address.

MAC address efuse is writeable by default so can be changed (bits can be set from 0 to 1), but the command "espefuse.py write_protect_efuse MAC" can be used to write-protect this efuse over the serial port. Or you can burn the write protect bits of this efuse from firmware (consult the Technical Reference Manual for details of efuse bits.)

If you need a secret value which is not broadcast to other devices, efuse BLK3 is available for user applications. You can burn a custom key into this efuse region and then write-disable it to prevent further modification. The esp_random() function can be used to generate random numbers for a key (you should do this while Wifi or Bluetooth stack are running).

Angus

I was also trying to determine how to use our IEEE allocated MAC block for the devices. The docs seemed to indicate that once you change the efuse bits from 0 to 1, they could not be changed back to 0. How would you go about changing the factory programmed efuse MAC bits if the 1's cannot be changed?

Robin

RobinC wrote:I was also trying to determine how to use our IEEE allocated MAC block for the devices.

You can't arbitrarily set the efuse assigned MAC addresses (apart from burning 0s to 1s), but you can set your own MAC address in software.

EDIT: For Wifi you can use esp_wifi_set_mac(), other interfaces involve modifying esp_read_mac() as mentioned below.

All of the MAC address assignment comes down to the esp_read_mac() function in components/esp32/system_api.c. You can replace this function in order to derive MAC addresses however you like (one suggestion would be to still use esp_efuse_read_mac() to return the full MAC, and then replace the IEEE OUI prefix and possibly some more initial prefix bytes with your own - this way you don't need to store a separate unique address to the one already saved in efuse at the factory.)

We don't currently have support for overriding the MAC derivation for ethernet or Bluetooth in IDF without manually editing this function.

如果不是出厂固话，而是可以自行烧写的序号，类似efuse，如何杜绝别人把两片esp32写入同样的信息，而达到破解的目的，我完全可以读取正常授权的芯片中的efuse配置烧写到一个新的esp32中，达到破解的目的

I suppose one could use another free area within efuse to store the mac and point the mac read functions there. This would prevent people from changing the mac.

Robin

There is also the Flash 64bits UniqueID that can be used, but, of course, it is not writtable.