How secure is the flash in modules where it's embedded?
Posted: Mon Mar 18, 2019 12:44 pm
by willemmerson
I have been reading about secure boot and secure flash in the documentation, but I don't understand why this is necessary for modules such as ESP32-WROOM where the flash is inside the module itself. How accessible is this to an attacker?
Re: How secure is the flash in modules where it's embedded?
Posted: Tue Mar 19, 2019 3:22 am
by ESP_Angus
The flash in the modules is very readily available to an attacker with physical access, in a few ways:
- All of the ESP32 pins connected to the SPI flash chip are also broken out on the module pins.
- The ESP32 "ROM bootloader" mode (used for flashing with esptool.py) allows reading out the flash contents over serial.
- The metal "RF can" on this type of module can be removed with a hot air soldering station and a steady hand, at which point the flash chip itself is exposed.
Enabling flash encryption and secure boot protects against this kind of exposure.