USB-OTG and Secure Boot V2

[aygh4266]

Hello everyone,

I have a general question regarding USB-OTG and Secure Boot V2 on esp32s3.
So according to espressif documentation: enabling the Secure Boot disables the USB-OTG Stack in the ROM.

So my question: will the USB-OTG Stack be disable temporary and only during the validation of the signature or will it be permanet disabled?
I mean, is any communication via USB-OTG after enabling SBV2 not possible anymore ? Or is it only not available only during the verification and validation process ?

So I did a simple example and tried to send a string "Hello" via USB and it has been sent. That means the USB-OTG is not disabled.

Screenshot:

[ESP_Sprite]

So my question: will the USB-OTG Stack be disable temporary and only during the validation of the signature or will it be permanet disabled?
I mean, is any communication via USB-OTG after enabling SBV2 not possible anymore ? Or is it only not available only during the verification and validation process ?

It will be disabled permanently. The issue is that the USB-OTG driver in ROM is a fairly large attack surface which we cannot patch, and we cannot guarantee there are no bugs in there.

Do note that this may impact less than you may think. USB-OTG can still be used in an application (as it doesn't use the ROM driver), and by default on the S3, the bootloader uses USB-serial-JTAG and not USB-OTG on the USB pins.

[aygh4266]

So my question: will the USB-OTG Stack be disable temporary and only during the validation of the signature or will it be permanet disabled?
I mean, is any communication via USB-OTG after enabling SBV2 not possible anymore ? Or is it only not available only during the verification and validation process ?

It will be disabled permanently. The issue is that the USB-OTG driver in ROM is a fairly large attack surface which we cannot patch, and we cannot guarantee there are no bugs in there.

Do note that this may impact less than you may think. USB-OTG can still be used in an application (as it doesn't use the ROM driver), and by default on the S3, the bootloader uses USB-serial-JTAG and not USB-OTG on the USB pins.

First of all thank you very much for your quick reply. I tried to send a string "Hello" via USB using the tinyUSB stack and it worked. I attached a screenshot in my upper comment.

I also have read that by default, enabling Flash Encryption and/or Secure Boot will disable JTAG debugging. On first boot, the bootloader will burn an eFuse bit to permanently disable JTAG at the same time it enables the other features.

I am a little bit confused, how the USB-serial-JTAG can work after that ?

[ESP_Sprite]

I also have read that by default, enabling Flash Encryption and/or Secure Boot will disable JTAG debugging. On first boot, the bootloader will burn an eFuse bit to permanently disable JTAG at the same time it enables the other features.

I am a little bit confused, how the USB-serial-JTAG can work after that ?

The JTAG bit will not work; you can try to connect to it but it won't see the CPU. The USB-to-serial bit will still function as a serial port.

[aygh4266]

The JTAG bit will not work; you can try to connect to it but it won't see the CPU. The USB-to-serial bit will still function as a serial port.

Ok thanks.
But since the USB-OTG is disabled, I can communicate only with PC and send data over usb-serial.
Am I able to write data from esp32s3 to a smartphone or a usb-stick after enabling SBV2 ? I don't think I will be able to do this, since both of the devices must use USB-OTG and the esp32 must act as usb-host.

[ESP_Sprite]

Am I able to write data from esp32s3 to a smartphone or a usb-stick after enabling SBV2 ? I don't think I will be able to do this, since both of the devices must use USB-OTG and the esp32 must act as usb-host.

No, but you're not able to do that anyway without an app that does that for you as the bootloader does not do usb-host.