How secure is the flash in modules where it's embedded?
-
- Posts: 40
- Joined: Mon Mar 18, 2019 12:34 pm
How secure is the flash in modules where it's embedded?
I have been reading about secure boot and secure flash in the documentation, but I don't understand why this is necessary for modules such as ESP32-WROOM where the flash is inside the module itself. How accessible is this to an attacker?
Re: How secure is the flash in modules where it's embedded?
The flash in the modules is very readily available to an attacker with physical access, in a few ways:
- All of the ESP32 pins connected to the SPI flash chip are also broken out on the module pins.
- The ESP32 "ROM bootloader" mode (used for flashing with esptool.py) allows reading out the flash contents over serial.
- The metal "RF can" on this type of module can be removed with a hot air soldering station and a steady hand, at which point the flash chip itself is exposed.
Who is online
Users browsing this forum: No registered users and 59 guests