ESP32 flash encryption enabled by Mongoose OS
Posted: Fri May 19, 2017 4:32 pm
ESP32 chip comes with built-in security features, one of which is a transparent SPI flash encryption. That feature is critical for securing device's cloud access.
By default, an ESP32 firmware is kept in plain text form on flash:
The flash-read command dumps the flash memory into a file and the output can show that the content is not encrypted. Therefore, sensitive information like TLS private keys could be easily stolen from the flash, since the part of the device's file system is not encrypted.
In order to enable flash encryption, use the Mongoose OS -> https://mongoose-os.com/blog/mongoose-o ... ncryption/
By default, an ESP32 firmware is kept in plain text form on flash:
Code: Select all
# Dump initial 2k of filesystem area to stdout
mos flash-read --arch esp32 0x190000 2000 -
In order to enable flash encryption, use the Mongoose OS -> https://mongoose-os.com/blog/mongoose-o ... ncryption/