How secure is the flash in modules where it's embedded?

willemmerson
Posts: 40
Joined: Mon Mar 18, 2019 12:34 pm

How secure is the flash in modules where it's embedded?

Postby willemmerson » Mon Mar 18, 2019 12:44 pm

I have been reading about secure boot and secure flash in the documentation, but I don't understand why this is necessary for modules such as ESP32-WROOM where the flash is inside the module itself. How accessible is this to an attacker?

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: How secure is the flash in modules where it's embedded?

Postby ESP_Angus » Tue Mar 19, 2019 3:22 am

The flash in the modules is very readily available to an attacker with physical access, in a few ways:
  • All of the ESP32 pins connected to the SPI flash chip are also broken out on the module pins.
  • The ESP32 "ROM bootloader" mode (used for flashing with esptool.py) allows reading out the flash contents over serial.
  • The metal "RF can" on this type of module can be removed with a hot air soldering station and a steady hand, at which point the flash chip itself is exposed.
Enabling flash encryption and secure boot protects against this kind of exposure.

Who is online

Users browsing this forum: No registered users and 59 guests