ESP32 Efuses

jampaul97
Posts: 1
Joined: Sun Nov 14, 2021 7:16 am

ESP32 Efuses

Postby jampaul97 » Sun Nov 14, 2021 7:28 am

Hello.
I need to save a key (not secret) to the ESP.
I don't need either the Flash Encryption or the Secure Boot features.
I can write the key to BLK1, BLK2, and BKL3(will do all 3 because my key is long). I have already done this and I successfully read my key on my firmware.
I also write-protected those e-fuses, and I don't care if someone can read them either from a PC or a firmware.
I am just treating them as one-time programmable memory space, that I can store something that will NEVER change
My question is: Is it ok to do that? Will there be any negative effects by reading those e-fuses on every boot? If I read protect them will my firmware be able to read them?

The steps I have take are :

Code: Select all

espefuse  burn_key BLK1 part_1.bin --no-protect-key
espefuse  secure_boot BLK2 part_2.bin --no-protect-key
espefuse  burn_key BLK3 part_3.bin --no-protect-key
Then I write protected them

Code: Select all

espefuse --port COM16 write_protect_efuse BLK1
espefuse --port COM16 write_protect_efuse BLK2
espefuse --port COM16 write_protect_efuse BLK3

gb.123
Posts: 32
Joined: Thu May 20, 2021 9:56 pm

Re: ESP32 Efuses

Postby gb.123 » Thu Feb 17, 2022 7:11 pm

Is it ok to do that?
I think its a design flaw (imho)... If you dont mind the keys being read, why not store it in your program itself and check for it while the program boots ?
(unless you are using this as a digest again)... there should be no 'negative' effect though as far as esp32 is cnocerned.
If I read protect them will my firmware be able to read them?
I dont think so.

PS: I think BlOCK1 (Flash Encryption) key cannot be read after burning its efuse. Block 2 & 3 can be read.

Who is online

Users browsing this forum: No registered users and 227 guests