ESP32 Forum

Reflashing via Pregenerated Flash Encryption Key

This method is intended to assist with development only, not for production devices. If pre-generating flash encryption for production, ensure the keys are generated from a high quality random number source and do not share the same flash encryption key across multiple devices.

espsecure.py generate_flash_encryption_key my_flash_encryption_key.bin

Generating the flash encryption key from the secure boot signing key in this way means that you only need to store one key file. However this method is not at all suitable for production devices.

human890209 wrote: ↑

Sat Sep 08, 2018 5:45 am

I'm using ESP32 Arduino with Arduino IDE, and I read the ESP-IDF Programming Guide to learn the Flash Encryption and Secure Boot.

My target is to protect my firmware codes from copier and cracker. I think Flash Encryption is what I need.

I guess the simplest way of doing that is by

Reflashing via Pregenerated Flash Encryption Key

But this Warning confuses me:

This method is intended to assist with development only, not for production devices. If pre-generating flash encryption for production, ensure the keys are generated from a high quality random number source and do not share the same flash encryption key across multiple devices.

1. A high quality random number source?

Code: Select all

espsecure.py generate_flash_encryption_key my_flash_encryption_key.bin

Is generating the key.bin with a PC a high quality random number source?

2. Do not share the same flash encryption key across multiple devices?
I understand that if two devices share the same flash encryption key, the firmware dump file from one device could be upload and run on the other device. But if the two devices are the same model and version, I think that's okay.
If different models or versions use the different encryption keys, the firmware dump could not be used on a wrong model or version. And a counterfeit which doesn't have your encryption key in its eFuse cannot decrypt and run the firmware dump from your product.

And I read another warning:

Generating the flash encryption key from the secure boot signing key in this way means that you only need to store one key file. However this method is not at all suitable for production devices.

This warns me again that multiple devices sharing the same key are not recommended.

I'm wondering WHY?
If the firmware is 100% the same what makes it different to use a unique encryption key or not?
If any of your device's encryption key is cracked, then the cracker can decrypt the dump file into a plaintext firmware. The game is over.

I'm not a cracker. If multiple devices share the same encryption key in their eFuse, could a cracker get part of the key (several bits) by force? and repeat this procedure until he gets the whole key?
Or the cracker bought 100 products and use 100 computer to test the keys, a shared encryption key indeed make it more convenient to split the tasks and shorten the time.
If so, that's unsafe indeed to share an encryption key among multiple devices.

Then how to do flash encryption with unique keys for an ESP32 Arduino user?

human890209 wrote: ↑

Sat Sep 08, 2018 5:45 am

1. A high quality random number source?

Code: Select all

espsecure.py generate_flash_encryption_key my_flash_encryption_key.bin

Is generating the key.bin with a PC a high quality random number source?

human890209 wrote: ↑

Sat Sep 08, 2018 5:45 am

2. Do not share the same flash encryption key across multiple devices?
I understand that if two devices share the same flash encryption key, the firmware dump file from one device could be upload and run on the other device. But if the two devices are the same model and version, I think that's okay.
If different models or versions use the different encryption keys, the firmware dump could not be used on a wrong model or version. And a counterfeit which doesn't have your encryption key in its eFuse cannot decrypt and run the firmware dump from your product.

And I read another warning:

Generating the flash encryption key from the secure boot signing key in this way means that you only need to store one key file. However this method is not at all suitable for production devices.

This warns me again that multiple devices sharing the same key are not recommended.

I'm wondering WHY?
If the firmware is 100% the same what makes it different to use a unique encryption key or not?
If any of your device's encryption key is cracked, then the cracker can decrypt the dump file into a plaintext firmware. The game is over.

• A leak of one device key only allows tampering, modification, or retrieval of user data from one device, not all devices.
• If an attacker has two devices side by side, one is running an older firmware with some vulnerability and the other one is running a newer firmware with no vulnerability, they can copy the older firmware onto the newer device without limitation. (Although the anti-rollback feature in IDF v3.3 will provide another way to prevent this.)
• Similar to previous attack, an attacker may be able to mix and match blocks of data stored in a data partition between multiple devices with different configurations, without needing any encryption keys.

Then how to do flash encryption with unique keys for an ESP32 Arduino user?