Flash encryption without menuconfig

nikola
Posts: 11
Joined: Tue Sep 04, 2018 2:36 pm

Flash encryption without menuconfig

Postby nikola » Tue Sep 04, 2018 2:47 pm

Hi,

I would like to be able to upload the firmware binary from the machine that does not have esp-idf installed but with flash encryption turned on. Can flash encryption be enabled without using menuconfig but directly by using some other tool such as esptool?

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Flash encryption without menuconfig

Postby ESP_Angus » Wed Sep 05, 2018 2:00 am

Hi nikola,

When you build the bootloader and app binaries with flash encryption enabled in menuconfig, the code to enable flash encryption is inside the bootloader and will be enabled automatically on first boot.

So the machine you flash the binary from is not particularly important, if the binary is built with flash encryption support enabled.

More details about the flash encryption process can be found in the docs:
https://docs.espressif.com/projects/esp ... ption.html

Does this answer your question?

Angus

nikola
Posts: 11
Joined: Tue Sep 04, 2018 2:36 pm

Re: Flash encryption without menuconfig

Postby nikola » Wed Sep 05, 2018 5:12 pm

Hi,

The thing is I want to be able to use Arduino framework (using Platformio) for development but to still enable flash encryption somehow.
Would adding something like

Code: Select all

#define CONFIG_FLASH_ENCRYPTION_ENABLED = "y"
do any good here?

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Flash encryption without menuconfig

Postby ESP_Angus » Thu Sep 06, 2018 2:27 am

nikola wrote:Hi,

The thing is I want to be able to use Arduino framework (using Platformio) for development but to still enable flash encryption somehow.
Would adding something like

Code: Select all

#define CONFIG_FLASH_ENCRYPTION_ENABLED = "y"
do any good here?
No. Flash encryption is unfortunately not supported when using Arduino framework as-is. If you use Arduino as a component inside ESP-IDF (I believe platform.io also supports this) then it's possible.

The key thing is to rebuild the bootloader with CONFIG_FLASH_ENCRYPTION_ENABLED=y. Arduino Core ships a precompiled bootloader, so it won't pick up the config change.

nikola
Posts: 11
Joined: Tue Sep 04, 2018 2:36 pm

Re: Flash encryption without menuconfig

Postby nikola » Thu Sep 06, 2018 1:36 pm

Yes platform.io doas support Arduino as a component, I'll use that approach then.

Thanks!

chadpham75
Posts: 48
Joined: Thu Sep 12, 2019 11:39 am

Re: Flash encryption without menuconfig

Postby chadpham75 » Wed Nov 22, 2023 7:58 am

Hi ESP_Angus,
It has been a while since I talked to you. Can you please give me some pointers?
I already know how enable the boot loader and flash encryption using ESP-IDF frame work.
Unfortunately, I just inherited a project that the previous developer was using platformio for the ESP32 developing. I saw this thread you reply to the question about 5 years ago, and until now platformio frame work still didn't have the support for the boot and flash encryption.
May I ask if you have any suggestion how can I turn on the boot and flash encryption for bootload.bin and firmware.bin as well as the other nvs sectors using esptool independently?

Who is online

Users browsing this forum: No registered users and 337 guests