How to prevent flash data readout, but allow flash instruction execution
Posted: Mon Mar 25, 2019 12:48 pm
Hi,
Using encrypted flash is the way to go to protect my firmware but if I deploy my encrypted app, which contains a scripting language (e.g. micropython), it will be (I think) possible to readout my flash contents from within the scripting language when running on the ESP32, unless I do 1 or 2 things
1. Wherever the scripting language allows raw memory access (e.g. a flash_read API etc, embedded asm) I disable that in the scripting language's source. (So I better be able to catch all occurrences..)
and/or
2. Set some kind of ESP32 MMU setting that allows the CPU to execute instructions in a region (or all of flash) but disallows data read instructions...
Is #2 actually possible from an ESP32 MMU point of view? If so I guess some co-operation with the linker to place constants in a data readable portion might be required?
Is there a better way todo this?
Thanks
Using encrypted flash is the way to go to protect my firmware but if I deploy my encrypted app, which contains a scripting language (e.g. micropython), it will be (I think) possible to readout my flash contents from within the scripting language when running on the ESP32, unless I do 1 or 2 things
1. Wherever the scripting language allows raw memory access (e.g. a flash_read API etc, embedded asm) I disable that in the scripting language's source. (So I better be able to catch all occurrences..)
and/or
2. Set some kind of ESP32 MMU setting that allows the CPU to execute instructions in a region (or all of flash) but disallows data read instructions...
Is #2 actually possible from an ESP32 MMU point of view? If so I guess some co-operation with the linker to place constants in a data readable portion might be required?
Is there a better way todo this?
Thanks