Page 1 of 1

Help with flash encryption

Posted: Sun Oct 27, 2024 6:36 pm
by atishaygupta123
I'm working on flash encryption for alot of time.

First i just used esptool and a blog about flash encryption from medium. In that blog they only asked me to burn flash_crypt_cnt and flash_crypt_config. This solved the purpose for me and i wasnt able to read the flash using esptool read flash function. So it was all good.

Later i started deep diving into flash encryption using esp-idf.
I got to know about two modes, development and release mode and was able to perform encryption.

I use uart to flash esp32 and will need it even after enabling flash encryption to reflash encrypted firmware unlimited times.

Im having some doubts:

1)What does disable_dl_encrypt and disable_dl_decrypt does?

- according to me disable_dl_encrypt=false help me to flash plaintext using espidf which gets encrypted everytime. Also when it is false and i flash unencrypted firmware using esptool, it gives me invalid header error but if i flash encrypted firmware using esptool it works alright. Why is that do? Why cant i flash plaintext via esptool?

- when performing encryption via espidf, it automatically make disable_dl_decrypt=true. But i have seen that the functioning is still same if if value is true or false. Like im still not able to read the flash using esptool read flash function.
So what actually is it?

2) what is flash_crypt_config? If i set value of it as 0xf it means esp32 will apply this config to encrypt the plaintext. But when i use esptool to encrypt plaintext and then flash the encrypted firmware on flash it works! Does esptool encrypt data function also assume config value as 0xf and encrypt accordingly?