how to use read-protected eFuse ?

ossandust
Posts: 2
Joined: Sat Nov 12, 2022 7:30 pm

how to use read-protected eFuse ?

Postby ossandust » Sat Nov 12, 2022 7:50 pm

Apparently I am misunderstanding the use of ESP32 eFuses.
I want to store some unique identifier in block3 of the ESP32 eFuses, and protect this data from being copied to another ESP32 board (which would make it non-unique). But apparently making the block read-protected also stops me from reading the data within my firmware code.
Documentation says "Read protection prevents software from reading eFuse fields, only hardware can access such eFuses". I would have thought this means that software using the system API can no longer access the eFuse content, but the embedded application would count as "hardware", having access to the read-protected data. However all returned data is 0 after read protecting.
What's the use of read-protected eFuse bits when you can't read them in your application firmware? Or is there a way (other then REG_GET_FIELD() ) to access these eFuses in your sketch?

ESP_Sprite
Posts: 9708
Joined: Thu Nov 26, 2015 4:08 am

Re: how to use read-protected eFuse ?

Postby ESP_Sprite » Sun Nov 13, 2022 1:06 pm

It's literally that: if the eFuse-bits are used in some fashion by the hardware, it can still read it. Specifically, some crypto keys can be used by flash encryption: making the keys read-protected means the key that encrypts the flash can never be read back, but the encrypted flash can still be read/written as the encryption hardware does have access to the key.

ossandust
Posts: 2
Joined: Sat Nov 12, 2022 7:30 pm

Re: how to use read-protected eFuse ?

Postby ossandust » Sun Nov 13, 2022 1:42 pm

Ok, thanks for the clarification. I was under the impression that things like flash encryption keys were stored in block1, based on the following info I found online :
The eFuses controller is in charge to manage the eFuses arrays and has 4 eFuses blocks, each one is 256 bits length (not all bits are available):
EFUSE_BLK0 is used entirely for system purposes,
EFUSE_BLK1 is used for Flash Encryption Key (FEK),
EFUSE_BLK2 is used for Secure Boot Key (SBK),
EFUSE_BLK3 can be partially reserved for the custom MAC address, or used entirely for user application.

That's why I found it hard to believe that block 3, intended for user application, can be read-protected, while a user application would not be able to do anything with that read-protected data... :?:

ESP_Sprite
Posts: 9708
Joined: Thu Nov 26, 2015 4:08 am

Re: how to use read-protected eFuse ?

Postby ESP_Sprite » Mon Nov 14, 2022 1:48 am

I imagine it's simply a feature that all blocks have, to make things more orthogonal, regardless of if it makes sense for that particular block or not.

Jonathan2892
Posts: 45
Joined: Tue Dec 07, 2021 4:04 pm

Re: how to use read-protected eFuse ?

Postby Jonathan2892 » Mon Jun 03, 2024 3:31 pm

Hi,

does that mean, that after read-protecting all efuses it is impossible to read the MAC with esp_efuse_mac_get_default() ?
Is there any way to get the MAC? I mean WIFI need it to connect to a network or not? So there may be a way to get the mac-address after the WIFI hardware got it from the efuses?

Best

Who is online

Users browsing this forum: No registered users and 23 guests