ESP32-S3: Permanently disabling UART ROM download mode
Posted: Wed Jun 15, 2022 2:01 am
Greetings esteemed colleagues,
I am trying to configure Secure Boot V2 via the Project Configuration Menu. I want to set UART ROM download mode to “Permanently disabled”. My first question is, will this also prevent firmware flashing via the USB Serial/JTAG connection?
I understand that in order to make the attack surface smaller, I should permanently disable JTAG and UART ROM download mode. However my concern is how can I legitimately reprogram the device in case an OTA update might semi-brick the device in the future?
Is entering DFU via GPIO0 still an option for the built-in USB Serial/JTAG even after all the suggested EFUSES are burned following the Secure Boot V2 documentation?
Best Regards
I am trying to configure Secure Boot V2 via the Project Configuration Menu. I want to set UART ROM download mode to “Permanently disabled”. My first question is, will this also prevent firmware flashing via the USB Serial/JTAG connection?
I understand that in order to make the attack surface smaller, I should permanently disable JTAG and UART ROM download mode. However my concern is how can I legitimately reprogram the device in case an OTA update might semi-brick the device in the future?
Is entering DFU via GPIO0 still an option for the built-in USB Serial/JTAG even after all the suggested EFUSES are burned following the Secure Boot V2 documentation?
Best Regards