Encryption via espsecure.py
Posted: Fri Mar 08, 2024 10:07 am
Hello fellow ESP enthusiasts. I'm fairly new to this game and I'm struggling to attain some detail around encryption from the datasheets, as thorough as they are! I'm using a ESP32-WROOM-32, chip revision 1, my company is intending to start production in a few weeks, I need to use the following process (or similar) to protect our firmware.
What I'm trying to do
1. BURN a known encryption key to BLOCK1 from file via espefuse.py burn_key so that it is not auto-generated on boot
2. Enable encryption in development mode via menuconfig, then build and upload as normal (via PIO)
3. Use espsecure.py to encrypt binaries via encrypt_flash_data
4. Flash encrypted data via esptool.py write_flash
5. BURN write protection on FLASH_CRYPT_CNT via CONFIG_FLASH_ENCRYPTION_DISABLE_PLAINTEXT so encryption can't be disabled.
The reason for this workaround is I want to protect my firmware from being read or modified, wireless comms are disabled so no OTA, but I also need to update it if necessary (3 plain text flashes aren't sufficient as in release mode). My preference would have been a straightforward read/write protect system but it doesn't seem like that's an option.
Issues / Misunderstandings
1. Do I need to first combine the (firmware?)bootloader and firmware binaries and then encrypt them as one? The link below doesn't make this clear.
https://docs.espressif.com/projects/esp ... erated-key
2. When in production, it is not professional or convenient to use VS Code and PIO for uploading. Can I replace step 2 by combining the bootloader.bin and firmware.bin files and flashing them using write_flash to initialise the encryption?
Thanks in advance, appreciate your support team
What I'm trying to do
1. BURN a known encryption key to BLOCK1 from file via espefuse.py burn_key so that it is not auto-generated on boot
2. Enable encryption in development mode via menuconfig, then build and upload as normal (via PIO)
3. Use espsecure.py to encrypt binaries via encrypt_flash_data
4. Flash encrypted data via esptool.py write_flash
5. BURN write protection on FLASH_CRYPT_CNT via CONFIG_FLASH_ENCRYPTION_DISABLE_PLAINTEXT so encryption can't be disabled.
The reason for this workaround is I want to protect my firmware from being read or modified, wireless comms are disabled so no OTA, but I also need to update it if necessary (3 plain text flashes aren't sufficient as in release mode). My preference would have been a straightforward read/write protect system but it doesn't seem like that's an option.
Issues / Misunderstandings
1. Do I need to first combine the (firmware?)bootloader and firmware binaries and then encrypt them as one? The link below doesn't make this clear.
https://docs.espressif.com/projects/esp ... erated-key
2. When in production, it is not professional or convenient to use VS Code and PIO for uploading. Can I replace step 2 by combining the bootloader.bin and firmware.bin files and flashing them using write_flash to initialise the encryption?
Thanks in advance, appreciate your support team