Mass production with Flash Encryption - programming the ESP32 fuses

shachar.flycatcher
Posts: 4
Joined: Mon Oct 12, 2020 7:29 am

Mass production with Flash Encryption - programming the ESP32 fuses

Postby shachar.flycatcher » Thu Feb 04, 2021 11:44 am

Hi,
I'm considering following configuration.
1) Flash Encryption used just for the factory and ota partitions (no secure boot).
2) Binaries are encrypted using Host Generated Key as described in https://docs.espressif.com/projects/esp ... erated-key.

I would like to logistically do the following:
1) All ESP32 chips are shipped from Espressif (or other "Vendor A") with fully pre-blown fuses i.e. Key + FLASH_CRYPT_CNT + whatever else needed are already programmed by Espressif.
2) All SPI chips are shipped from a bulk burning/programming facility "Vendor B" carrying the pre-encrypted binaries.
3) ESP32 + SPI chips are soldered onto our custom PCB in "Vendor C" facility, then powered on..

I reviewed related threads and I think I am aware of the downsides such as less secure scheme using a single key etc.
(Threads like:
viewtopic.php?f=2&t=7348
viewtopic.php?f=2&t=7318
)

But the point is that I was wondering if the above scheme is even possible, the emphasis being that all fuses and SPI are burnt separately and then after placing everything on the same PCB they are expected to just start working together..
The examples are more relevant to In Circuit Programming or using a module which already has ESP32 + SPI chips soldered on the same PCB.
And they show steps carried in a specific order, last step the writing of FLASH_CRYPT_CNT (presumably AFTER the SPI have been written already).

The upside for us is that only Espressif ("Vendor A") are in possession of the encryption key, SPI chips are burnt in bulk and shipped with encrypted content.
So both vendor B+C can do their work effectively and in bulk, without being exposed to the sensitive firmware.

Can you advise if the above configuration and flow will work?
Thanks,
Shachar

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: Mass production with Flash Encryption - programming the ESP32 fuses

Postby WiFive » Fri Feb 05, 2021 12:13 am

Yes it should work but you have to encrypt the bootloader too

shachar.flycatcher
Posts: 4
Joined: Mon Oct 12, 2020 7:29 am

Re: Mass production with Flash Encryption - programming the ESP32 fuses

Postby shachar.flycatcher » Sat Feb 06, 2021 7:56 am

OK sure, I will give it a go.
I was under impression that encrypting the bootloader is only done with Secure Boot but I have to reread that section in the documentation.
I will update in any case.

Who is online

Users browsing this forum: Bing [Bot] and 85 guests