I'm working on flash encryption for alot of time.
First i just used esptool and a blog about flash encryption from medium. In that blog they only asked me to burn flash_crypt_cnt and flash_crypt_config. This solved the purpose for me and i wasnt able to read the flash using esptool read flash function. So it was all good.
Later i started deep diving into flash encryption using esp-idf.
I got to know about two modes, development and release mode and was able to perform encryption.
I use uart to flash esp32 and will need it even after enabling flash encryption to reflash encrypted firmware unlimited times.
Im having some doubts:
1)What does disable_dl_encrypt and disable_dl_decrypt does?
- according to me disable_dl_encrypt=false help me to flash plaintext using espidf which gets encrypted everytime. Also when it is false and i flash unencrypted firmware using esptool, it gives me invalid header error but if i flash encrypted firmware using esptool it works alright. Why is that do? Why cant i flash plaintext via esptool?
- when performing encryption via espidf, it automatically make disable_dl_decrypt=true. But i have seen that the functioning is still same if if value is true or false. Like im still not able to read the flash using esptool read flash function.
So what actually is it?
2) what is flash_crypt_config? If i set value of it as 0xf it means esp32 will apply this config to encrypt the plaintext. But when i use esptool to encrypt plaintext and then flash the encrypted firmware on flash it works! Does esptool encrypt data function also assume config value as 0xf and encrypt accordingly?
Help with flash encryption
-
ESP_rrtandler
- Posts: 23
- Joined: Wed May 31, 2023 6:54 pm
Re: Help with flash encryption
1)What does disable_dl_encrypt and disable_dl_decrypt does?
These 2 options disable encryption/decryption performed directly on the target chip (using the key and encryption algorithm settings taken from target chip). In other words, once you enable these options, you have to work with encrypted images on your host (PC) and ensure your firmware is encrypted using same key and same encryption algorithm settings before it is flashed.
what is flash_crypt_config?
It is configuration of encryption algorithm. Same value has to be burned into the eFuse on the target chip and same value has to be used when you are encrypting the image on your host before flashing.
Some notes:
If you have the target configured for flash encryption in development mode, then you usually do not set disable_dl_encrypt and disable_dl_decrypt. It effectively keeps the possibility to flash plaintext images and the actual encryption is performed by the ROM code on the target using secret keys and algorithm configuration present (either flashed in advance or generated) on the target.
On the other side, if you have target in release mode, the ROM encryption / decryption on the target are disabled (release mode sets both disable_dl_encrypt and disable_dl_decrypt). Thus you may be able flash pre-encrypted image only. In that case, you have to have the same secret keys available on your host (PC) and use the same algorithm configuration value (flash_crypt_config). So if you plan to re-flash the target multiple times in release mode, the first step before first flashing is to generate the secret keys outside the target and flash them to the target (as opposite to the possibility of generating the secret keys directly on the target and using it to one-time production flashing). If you want to use different than default value of flash_crypt_config (0xF), when self encrypting the flash image, use parameter --flash-crypt-conf
You can find more detailed documentation here: https://docs.espressif.com/projects/esp ... ption.html
And example also in examples/security/flash_encryption
These 2 options disable encryption/decryption performed directly on the target chip (using the key and encryption algorithm settings taken from target chip). In other words, once you enable these options, you have to work with encrypted images on your host (PC) and ensure your firmware is encrypted using same key and same encryption algorithm settings before it is flashed.
what is flash_crypt_config?
It is configuration of encryption algorithm. Same value has to be burned into the eFuse on the target chip and same value has to be used when you are encrypting the image on your host before flashing.
Some notes:
If you have the target configured for flash encryption in development mode, then you usually do not set disable_dl_encrypt and disable_dl_decrypt. It effectively keeps the possibility to flash plaintext images and the actual encryption is performed by the ROM code on the target using secret keys and algorithm configuration present (either flashed in advance or generated) on the target.
On the other side, if you have target in release mode, the ROM encryption / decryption on the target are disabled (release mode sets both disable_dl_encrypt and disable_dl_decrypt). Thus you may be able flash pre-encrypted image only. In that case, you have to have the same secret keys available on your host (PC) and use the same algorithm configuration value (flash_crypt_config). So if you plan to re-flash the target multiple times in release mode, the first step before first flashing is to generate the secret keys outside the target and flash them to the target (as opposite to the possibility of generating the secret keys directly on the target and using it to one-time production flashing). If you want to use different than default value of flash_crypt_config (0xF), when self encrypting the flash image, use parameter --flash-crypt-conf
Code: Select all
Usage: idf.py secure-encrypt-flash-data [OPTIONS] PLAINTEXT_FILE
Encrypt some data suitable for encrypted flash (using known key).
Options:
-C, --project-dir PATH Project directory.
-x, --aes-xts Encrypt data using AES-XTS if chip supports it.
-k, --keyfile TEXT File with flash encryption key.
-o, --output TEXT Output file for encrypted data.
-a, --address TEXT Address offset in flash where file will be flashed.
--flash-crypt-conf TEXT Override FLASH_CRYPT_CONF eFuse value (default is
0XF).
--help Show this message and exit.You can find more detailed documentation here: https://docs.espressif.com/projects/esp ... ption.html
And example also in examples/security/flash_encryption
-
atishaygupta123
- Posts: 5
- Joined: Mon Aug 28, 2023 10:11 am
Re: Help with flash encryption
So you mean if disable_dl_decryption is 0 then if i flash a encrypted firmware on flash it will be decrypted on flashing by hardware and saved as plaintext? So i can read the flash using esptool by read flash command?? If yes then how and using which command?
Also, theres a command in esp-idf - idf.py encrypted-flash. I want to confirm that this command will tell the esp32 that it has to encrypt the data i am flashing on you internally? Also does esptool has this command so that i can flash plaintext using esptool directly in development mode?
If disable_dl_decrypt is 0 and an attacker gets my esp32 which has uart bootloader mode on, is there some way he can read the firmware by sending some decrypted-flash command in esp-idf??
Also, theres a command in esp-idf - idf.py encrypted-flash. I want to confirm that this command will tell the esp32 that it has to encrypt the data i am flashing on you internally? Also does esptool has this command so that i can flash plaintext using esptool directly in development mode?
If disable_dl_decrypt is 0 and an attacker gets my esp32 which has uart bootloader mode on, is there some way he can read the firmware by sending some decrypted-flash command in esp-idf??
Who is online
Users browsing this forum: No registered users and 314 guests