Page 1 of 1
Keep JTAG enabled alongside flash encryption
Posted: Tue Feb 06, 2024 10:24 am
by Wasabinary
Hi,
I am currently looking for a way to keep JTAG enabled when flash encryption is also enabled in release mode. Basically, I would like to be able to erase the flash completely, and then reprogram it even if the flash encryption is used. Is there any way to do that?
Re: Keep JTAG enabled alongside flash encryption
Posted: Wed Feb 07, 2024 3:25 am
by ESP_Sprite
You can, but it makes flash encryption useless as an attacker can also still use JTAG to read out your flash. You'd need to disable JTAG plus some some firmware to re-enable JTAG when needed, newer chips have the
HMAC peripheral to help with that.
Re: Keep JTAG enabled alongside flash encryption
Posted: Wed Feb 07, 2024 7:32 am
by Wasabinary
Thank you for your answer. You said flash encryption would be useless as the attacker could read the flash through JTAG, but if flash encryption is enabled, he would not be able to decrypt it, right?
Re: Keep JTAG enabled alongside flash encryption
Posted: Thu Feb 08, 2024 2:18 am
by ESP_Sprite
The thing is that the external flash is encrypted, but the (internal) flash cache needs to decrypt it for the CPU to be able to read the unencrypted data and instructions. However, JTAG enables you to fully control the CPU, which includes reading (decrypted) bytes through the flash cache. Cryptographically speaking, it allows you to use the flash cache as an oracle.