The intent is to have the ESP32s encrypted with pregenerated keys in Release Mode but still have the ability to flash it over serial.
The `encrypted-app-flash` command demands that CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT should be enabled. Is it possible to make that work ? Alternatively, what would be the most secure set of settings that will allow the device to be flashed over serial ?
Advice for encryption setting
-
- Posts: 190
- Joined: Wed Jan 24, 2018 6:51 am
Re: Advice for encryption setting
Please see discussion from https://esp32.com/viewtopic.php?f=13&t=30474
Mahavir
https://github.com/mahavirj/
https://github.com/mahavirj/
Re: Advice for encryption setting
I just saw that. It's still not clear to me how I should configure idf for that.ESP_Mahavir wrote: ↑Thu Nov 17, 2022 2:18 pmPlease see discussion from https://esp32.com/viewtopic.php?f=13&t=30474
Or am I supposed to directly deal with the efuses ?
-
- Posts: 190
- Joined: Wed Jan 24, 2018 6:51 am
Re: Advice for encryption setting
So there is no support for such a mode but based on the discussion thread I had pointed, it is possible to achieve it.The intent is to have the ESP32s encrypted with pregenerated keys in Release Mode but still have the ability to flash it over serial.
Simplest way that I could suggest is:
1. Enable flash encryption in "Development mode"
2. Use customised version of the API `esp_flash_encryption_set_release_mode` to only enable selective EFuses as per your requirement from the application
Code for this API you may refer at: https://github.com/espressif/esp-idf/bl ... ypt.c#L166
Things that you will have to modify are:
1. Skip programming the field `ESP_EFUSE_DISABLE_DL_ENCRYPT`
2. Skip disabling the UART DL mode (i.e., comment out the call to `esp_efuse_disable_rom_download_mode` API)
3. Disable non-required debug interfaces (e.g., JTAG). Please refer to EFuse component for the relevant API.
You may experiment under emulator first, we have port for ESP32 in Qemu available.
Hope this helps!
Mahavir
https://github.com/mahavirj/
https://github.com/mahavirj/
Who is online
Users browsing this forum: No registered users and 225 guests