ESP32 Forum

Good afternoon,

I have a question concerning the Flash Encryption process running under the Esp32S3.
I don't understand exactly the difference between the Development Mode and the Release Mode because of the following sentences :

1) For Development Mode, the firmware bootloader allows the UART bootloader to re-flash encrypted binaries.

2) For Release Mode, the firmware bootloader sets all the eFuse bits set under development mode as well as DIS_DOWNLOAD_MANUAL_ENCRYPT. => Which disables flash encryption operation when running in UART bootloader boot mode.

3) In the Development Mode Part : If you update your application code (done in plaintext) and want to re-flash it, you will need to encrypt it before flashing. To encrypt the application and flash it in one step, run: idf.py encrypted-app-flash monitor.

So my questions are the following :
1) In development mode, is it possible to reflash non-encrypted firmware in the flash ? If the answer is yes, does it mean that :
A) The Esp32S3 can automatically use the key stored in the eFuses (Because it has been put inside the 1st time) and encrypt the FW when flashing (In the UART bootloader) ?
B) Or does it mean that the UART bootloader is able to flash non encrypted FW in the flash and then encrypt it at boot (The same way as the 1st time the FW is flashed )?

2) In development mode, is it possible to reflash encrypted FW only ?
3) In Release mode, is it possible to reflash encrypted FW ? Or do we have to use OTA in order to flash the FW again ?

Could you please help me to understand exactly the difference between these two modes ?

Best regards,
Thomas TRUILHE

1)It is possible to reflash non-encrypted firmware in development mode.
a)The ESP32-S3 can automatically use the key stored in the eFuses to encrypt the firmware when flashing via the UART bootloader.
b)The UART bootloader can also flash non-encrypted firmware directly into the flash memory.
2)you can flash both encrypted and non-encrypted firmware in development mode.The development mode is designed to be flexible for development purposes. This means that you can reflash the device with both encrypted and non-encrypted firmware.
3) In Release mode, you cannot use the UART bootloader to flash firmware.

Good morning,

thank you for your answer.

Do you think that in development mode, user has the possibility to reflash encrypted and nonencrypted FW unlimitedly ?
Especially in the case where non encrypted FW is reflashed directly into the FLASH memory ?

In release mode, does this mean that you can just reflash the FW via OTA ?

Best regards,
Thomas TRUILHE

Hello,

1) In development mode, is it possible to reflash non-encrypted firmware in the flash ? If the answer is yes, does it mean that :
A) The Esp32S3 can automatically use the key stored in the eFuses (Because it has been put inside the 1st time) and encrypt the FW when flashing (In the UART bootloader) ?
B) Or does it mean that the UART bootloader is able to flash non encrypted FW in the flash and then encrypt it at boot (The same way as the 1st time the FW is flashed )?

If the flash encryption is enabled on the device (flash crypt count field with odd number of 1's bit count) then the device can only boot encrypted artifacts. For development mode, the artifacts can be encrypted using the flash enc peripheral before writing the contents to flash. So, while writing data from UART loader the contents will be encrypted on the device and then written to flash. Refer: https://docs.espressif.com/projects/esp ... partitions

2) In development mode, is it possible to reflash encrypted FW only ?

Development mode with flash encryption enabled case allows only encrypted artifacts on the flash. In development mode, there is one chance to disable the flash encryption (by updating the flash crypt count field), that can revert the device settings back to allow plain-text artifacts (normal behaviour).

3) In Release mode, is it possible to reflash encrypted FW ? Or do we have to use OTA in order to flash the FW again ?

Release mode hardens all settings, disables unwanted debug/download modes. So OTA update is the only way to reflash newer application on device.

Could you please help me to understand exactly the difference between these two modes ?

Development mode allows to reflash (like normal workflow) the device and experiment with your application. You may prefer it for the development phase. Release mode can be enabled once the production firmware is ready and device can be shipped out.

Hope this helps!