Esp32S3 : Flash Encryption Question.
Posted: Tue May 28, 2024 1:56 pm
Good afternoon,
I have a question concerning the Flash Encryption process running under the Esp32S3.
I don't understand exactly the difference between the Development Mode and the Release Mode because of the following sentences :
1) For Development Mode, the firmware bootloader allows the UART bootloader to re-flash encrypted binaries.
2) For Release Mode, the firmware bootloader sets all the eFuse bits set under development mode as well as DIS_DOWNLOAD_MANUAL_ENCRYPT. => Which disables flash encryption operation when running in UART bootloader boot mode.
3) In the Development Mode Part : If you update your application code (done in plaintext) and want to re-flash it, you will need to encrypt it before flashing. To encrypt the application and flash it in one step, run: idf.py encrypted-app-flash monitor.
So my questions are the following :
1) In development mode, is it possible to reflash non-encrypted firmware in the flash ? If the answer is yes, does it mean that :
A) The Esp32S3 can automatically use the key stored in the eFuses (Because it has been put inside the 1st time) and encrypt the FW when flashing (In the UART bootloader) ?
B) Or does it mean that the UART bootloader is able to flash non encrypted FW in the flash and then encrypt it at boot (The same way as the 1st time the FW is flashed )?
2) In development mode, is it possible to reflash encrypted FW only ?
3) In Release mode, is it possible to reflash encrypted FW ? Or do we have to use OTA in order to flash the FW again ?
Could you please help me to understand exactly the difference between these two modes ?
Best regards,
Thomas TRUILHE
I have a question concerning the Flash Encryption process running under the Esp32S3.
I don't understand exactly the difference between the Development Mode and the Release Mode because of the following sentences :
1) For Development Mode, the firmware bootloader allows the UART bootloader to re-flash encrypted binaries.
2) For Release Mode, the firmware bootloader sets all the eFuse bits set under development mode as well as DIS_DOWNLOAD_MANUAL_ENCRYPT. => Which disables flash encryption operation when running in UART bootloader boot mode.
3) In the Development Mode Part : If you update your application code (done in plaintext) and want to re-flash it, you will need to encrypt it before flashing. To encrypt the application and flash it in one step, run: idf.py encrypted-app-flash monitor.
So my questions are the following :
1) In development mode, is it possible to reflash non-encrypted firmware in the flash ? If the answer is yes, does it mean that :
A) The Esp32S3 can automatically use the key stored in the eFuses (Because it has been put inside the 1st time) and encrypt the FW when flashing (In the UART bootloader) ?
B) Or does it mean that the UART bootloader is able to flash non encrypted FW in the flash and then encrypt it at boot (The same way as the 1st time the FW is flashed )?
2) In development mode, is it possible to reflash encrypted FW only ?
3) In Release mode, is it possible to reflash encrypted FW ? Or do we have to use OTA in order to flash the FW again ?
Could you please help me to understand exactly the difference between these two modes ?
Best regards,
Thomas TRUILHE