How to flash encrypted ESP32-C3

sinecola
Posts: 2
Joined: Wed May 31, 2023 10:32 am

How to flash encrypted ESP32-C3

Postby sinecola » Mon Jun 19, 2023 6:51 pm

I've enabled release mode flash encryption on my ESP32-C3 device, here are my security features:

Code: Select all

CONFIG_SECURE_BOOT_V2_RSA_SUPPORTED=y
CONFIG_SECURE_BOOT_V2_PREFERRED=y
# CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT is not set
# CONFIG_SECURE_BOOT is not set
CONFIG_SECURE_FLASH_ENC_ENABLED=y
# CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT is not set
CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE=y
CONFIG_SECURE_FLASH_HAS_WRITE_PROTECTION_CACHE=y
CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP=y
CONFIG_SECURE_ROM_DL_MODE_ENABLED=y
# CONFIG_SECURE_DISABLE_ROM_DL_MODE is not set
# CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE is not set
CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
# end of Security features
UART ROM download mode is enabled, but I have not enabled secure boot. However, when I try to update the firmware, I am encountering the following error:

"A fatal error occurred: WARNING: Detected flash encryption enabled and download manual encrypt disabled.
Flashing plaintext binary may brick your device! Use --force to override the warning."

I also attempted to update the firmware using OTA, but unfortunately, I did not configure the WiFi credentials, so that option is not available to me.

mpatarinski
Posts: 3
Joined: Mon Apr 18, 2022 1:46 pm

Re: How to flash encrypted ESP32-C3

Postby mpatarinski » Tue Oct 24, 2023 8:29 am

In this use case , you should have pre-generated and burned an AES key that you know (noted down).

If you know the key, you encrypt your firmware (user application) and write it to the external flash.

If you don't know the key and have enabled the Release mode, this means that the key is randomly generated by the ESP32 and only it knows it. Your last chance is to try to disable the flash encryption by burning the corresponding efuse. Of course , re-enabling flash encryption would not be possible

Who is online

Users browsing this forum: Google [Bot] and 120 guests