Page 1 of 1

[solved] Security -- Flash Encryption/Secure Boot together?? s3 V2

Posted: Thu May 25, 2023 7:44 pm
by KeithInAsia
I am able to create a device with Flash Encryption and a device with Secure Boot, but I have been unable to create them together.

I have read all the documents I can get my hands on a dozen times and I just don't see the clear way forward on this.

Any suggestions on how to get both working together?

Is there an order of operations that I need to know?

I'm working on an s3 with V2.

Thanks for the help out there.... Keith

Re: Security -- Flash Encryption/Secure Boot together?? s3 V2

Posted: Fri May 26, 2023 10:18 am
by KeithInAsia
I must be close to the solution, but the final details are pretty challenging. If someone knows the path and wants to consult with me on it -- contact me. I'll throw some resources at it. Thanks.

Re: Security -- Flash Encryption/Secure Boot together?? s3 V2

Posted: Tue May 30, 2023 10:34 am
by KeithInAsia
I found a big problem in my build.... I'm running an esp32s3 N16R8 on the 4.4.1 release. I'm also using Octal PSRAM. There is a bug that doesn't allow Flash Encryption to work. Installing patch now to correct for that bug. Here is a link to that report with a link to the patch at the bottom of that page:

https://github.com/espressif/esp-idf/issues/9244

Re: Security -- Flash Encryption/Secure Boot together?? s3 V2

Posted: Wed May 31, 2023 8:12 pm
by KeithInAsia
OK -- I figured it all out. I am successful at combining Flash Encryption with Secure Boot V2 on the Esp32s3 N16R8 in the IDF 4.4.1.

In all, I will have burned through 5 DevKitC clones.

This only took me two weeks....

Keith

Re: [solved] Security -- Flash Encryption/Secure Boot together?? s3 V2

Posted: Mon Jun 03, 2024 10:17 am
by DrMickeyLauer
@KeythInAsia: Excellent, can we get you to do a writeup? I'm sure it would be interesting for many other people to read.