Secure boot ESP32S3

[baotd_innova]

Hi,

I need to enable secure boot and encrypt flash using code, not modify in menuconfig.
I found a virtual efuse example. Does esp-idf provide an API to write new efuses to secure boot and encrypt flash?

Thanks for your support!
Best Regards,
Bao Doan.

[esp_nilesh_kale]

Hi Bao Doan,

It's important to note that enabling secure boot and flash encryption solely through code without modifying menuconfig is not entirely possible. The reason is that these features require specific configurations and code to be included in your project, which are only pulled in when you enable them via menuconfig.

While you can use APIs like esp_secure_boot_enable_secure_boot() and esp_flash_encryption_enable() to burn the related eFuses, these APIs alone do not fully enable the features. The bootloader plays a crucial role in initiating these features from the very start, and this is tightly integrated with the configurations set in menuconfig.

For a complete and secure implementation, I recommend enabling these features through menuconfig and following the guidelines provided in the official documentation. You can refer to the detailed documentation on security features here: ESP-IDF Security Documentation.

[baotd_innova]

I understand, thanks.