ESP32 Efuses

[jampaul97]

Hello.
I need to save a key (not secret) to the ESP.
I don't need either the Flash Encryption or the Secure Boot features.
I can write the key to BLK1, BLK2, and BKL3(will do all 3 because my key is long). I have already done this and I successfully read my key on my firmware.
I also write-protected those e-fuses, and I don't care if someone can read them either from a PC or a firmware.
I am just treating them as one-time programmable memory space, that I can store something that will NEVER change
My question is: Is it ok to do that? Will there be any negative effects by reading those e-fuses on every boot? If I read protect them will my firmware be able to read them?

The steps I have take are :

Code: Select all

espefuse  burn_key BLK1 part_1.bin --no-protect-key
espefuse  secure_boot BLK2 part_2.bin --no-protect-key
espefuse  burn_key BLK3 part_3.bin --no-protect-key

Then I write protected them

Code: Select all

espefuse --port COM16 write_protect_efuse BLK1
espefuse --port COM16 write_protect_efuse BLK2
espefuse --port COM16 write_protect_efuse BLK3

[gb.123]

Is it ok to do that?

I think its a design flaw (imho)... If you dont mind the keys being read, why not store it in your program itself and check for it while the program boots ?
(unless you are using this as a digest again)... there should be no 'negative' effect though as far as esp32 is cnocerned.

If I read protect them will my firmware be able to read them?

I dont think so.

PS: I think BlOCK1 (Flash Encryption) key cannot be read after burning its efuse. Block 2 & 3 can be read.