ESP32-c3 Flash encryption questions
Posted: Thu Dec 28, 2023 7:20 am
Hello, I am trying to implement flash encryption on ESP32-c3-mini-1 using VSCode esp-idf 5.1.2v . I require to lock flash memory so it could not be read. I started by trying out Develop mode for a flash encryption, I followed all steps from documentation, I used Host Generated Key method: generated key, burned it, then, on menu config, changed settings according to documentation. I wrote simple code which prints on/off every second. The problem is that I think that encryption doesn't work or I don't understand how it should work. I flashed my project using and after opening terminal it seem to work. But then I tried reading flash memory using esptool on windows cmd: and well it worked, I managed to read flash content and create .bin file. Then I changed code on VScode to print "123" every second and updated firmware. Then using this I reflashed old firmware, which should print only on/off and well it worked, I managed to read and reflash data when Develop flash encryption is on, so why is that? What exactly flash encryption does?
2 question is this: documentation states that
I will add bootloader log after flashing new fw via VScode, maybe it will help:
Code: Select all
idf.py encrypted-flash monitor
Code: Select all
esptool.py --port COM54 --baud 115200 read_flash 0 0x400000 on_off.bin
Code: Select all
esptool.py --chip esp32-c3 --port COM32 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size 4MB 0x00 C:\Users\pc\Desktop\on-off.bin
2 question is this: documentation states that
. So does this mean, that in order to use Release encryption mode, which, as I understood, is secure way to lock flash, I can only use OTA to flash new firmware? It is not possible to use USB for flashing new firmware and Release mode flash encryption?In Release mode, UART bootloader cannot perform flash encryption operations. New plaintext images can ONLY be downloaded using the over-the-air (OTA) scheme which will encrypt the plaintext image before writing to flash.
I will add bootloader log after flashing new fw via VScode, maybe it will help:
Code: Select all
ESP-ROM:esp32c3-api1-20210207
Build:Feb 7 2021
rst:0x15 (USB_UART_CHIP_RESET),boot:0x9 (SPI_FAST_FLASH_BOOT)
Saved PC:0x400462dc
0x400462dc: ets_delay_us in ROM
SPIWP:0xee
mode:DIO, clock div:1
load:0x3fcd5988,len:0x1fc8
load:0x403cc710,len:0x738
load:0x403ce710,len:0x4520
entry 0x403cc710
I (78) cpu_start: Unicore app
I (78) cpu_start: Pro cpu up.
I (87) cpu_start: Pro cpu start user code
I (87) cpu_start: cpu freq: 160000000 Hz
I (87) cpu_start: Application information:
I (90) cpu_start: Project name: blink
I (95) cpu_start: App version: 1
I (99) cpu_start: Compile time: Dec 27 2023 16:04:34
I (105) cpu_start: ELF file SHA256: ec29554d8517fb3a...
I (111) cpu_start: ESP-IDF: v5.1.2
I (116) cpu_start: Min chip rev: v0.3
I (120) cpu_start: Max chip rev: v0.99
I (125) cpu_start: Chip rev: v0.4
I (130) heap_init: Initializing. RAM available for dynamic allocation:
I (137) heap_init: At 3FC8EF30 len 000310D0 (196 KiB): DRAM
I (143) heap_init: At 3FCC0000 len 0001C710 (113 KiB): DRAM/RETENTION
I (151) heap_init: At 3FCDC710 len 00002950 (10 KiB): DRAM/RETENTION/STACK
I (158) heap_init: At 50000010 len 00001FD8 (7 KiB): RTCRAM
I (165) spi_flash: detected chip: generic
I (169) spi_flash: flash io: dio
W (173) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the size in the binary image header.
W (186) flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)
I (194) sleep: Configure to isolate all GPIO pins in sleep state
I (200) sleep: Enable automatic switching of GPIO sleep configuration
I (207) app_start: Starting scheduler on CPU0
I (212) main_task: Started on CPU0
I (216) main_task: Calling app_main()
E (220) nvs: CONFIG_NVS_ENCRYPTION is enabled, but no partition with subtype nvs_keys found in the partition table.
[ 232][E][esp32-hal-misc.c:300] initArduino(): Failed to initialize NVS! Error: 4294967295
I (251) main_task: Returned from app_main()
I (251) gpio: GPIO[7]| InputEn: 1| OutputEn: 1| OpenDrain: 0| Pullup: 0| Pulldown: 0| Intr:0
I (254) gpio: GPIO[6]| InputEn: 1| OutputEn: 1| OpenDrain: 0| Pullup: 0| Pulldown: 0| Intr:0
I (263) uart: queue free spaces: 20
on
off