Page 1 of 1

how to use read-protected eFuse ?

Posted: Sat Nov 12, 2022 7:50 pm
by ossandust
Apparently I am misunderstanding the use of ESP32 eFuses.
I want to store some unique identifier in block3 of the ESP32 eFuses, and protect this data from being copied to another ESP32 board (which would make it non-unique). But apparently making the block read-protected also stops me from reading the data within my firmware code.
Documentation says "Read protection prevents software from reading eFuse fields, only hardware can access such eFuses". I would have thought this means that software using the system API can no longer access the eFuse content, but the embedded application would count as "hardware", having access to the read-protected data. However all returned data is 0 after read protecting.
What's the use of read-protected eFuse bits when you can't read them in your application firmware? Or is there a way (other then REG_GET_FIELD() ) to access these eFuses in your sketch?

Re: how to use read-protected eFuse ?

Posted: Sun Nov 13, 2022 1:06 pm
by ESP_Sprite
It's literally that: if the eFuse-bits are used in some fashion by the hardware, it can still read it. Specifically, some crypto keys can be used by flash encryption: making the keys read-protected means the key that encrypts the flash can never be read back, but the encrypted flash can still be read/written as the encryption hardware does have access to the key.

Re: how to use read-protected eFuse ?

Posted: Sun Nov 13, 2022 1:42 pm
by ossandust
Ok, thanks for the clarification. I was under the impression that things like flash encryption keys were stored in block1, based on the following info I found online :
The eFuses controller is in charge to manage the eFuses arrays and has 4 eFuses blocks, each one is 256 bits length (not all bits are available):
EFUSE_BLK0 is used entirely for system purposes,
EFUSE_BLK1 is used for Flash Encryption Key (FEK),
EFUSE_BLK2 is used for Secure Boot Key (SBK),
EFUSE_BLK3 can be partially reserved for the custom MAC address, or used entirely for user application.

That's why I found it hard to believe that block 3, intended for user application, can be read-protected, while a user application would not be able to do anything with that read-protected data... :?:

Re: how to use read-protected eFuse ?

Posted: Mon Nov 14, 2022 1:48 am
by ESP_Sprite
I imagine it's simply a feature that all blocks have, to make things more orthogonal, regardless of if it makes sense for that particular block or not.

Re: how to use read-protected eFuse ?

Posted: Mon Jun 03, 2024 3:31 pm
by Jonathan2892
Hi,

does that mean, that after read-protecting all efuses it is impossible to read the MAC with esp_efuse_mac_get_default() ?
Is there any way to get the MAC? I mean WIFI need it to connect to a network or not? So there may be a way to get the mac-address after the WIFI hardware got it from the efuses?

Best