Page 1 of 1

USB-OTG and Secure Boot V2

Posted: Thu Aug 22, 2024 7:48 am
by aygh4266
Hello everyone,

I have a general question regarding USB-OTG and Secure Boot V2 on esp32s3.
So according to espressif documentation: enabling the Secure Boot disables the USB-OTG Stack in the ROM.

So my question: will the USB-OTG Stack be disable temporary and only during the validation of the signature or will it be permanet disabled?
I mean, is any communication via USB-OTG after enabling SBV2 not possible anymore ? Or is it only not available only during the verification and validation process ?

So I did a simple example and tried to send a string "Hello" via USB and it has been sent. That means the USB-OTG is not disabled.

Screenshot:

Re: USB-OTG and Secure Boot V2

Posted: Thu Aug 22, 2024 8:09 am
by ESP_Sprite
aygh4266 wrote:
Thu Aug 22, 2024 7:48 am
So my question: will the USB-OTG Stack be disable temporary and only during the validation of the signature or will it be permanet disabled?
I mean, is any communication via USB-OTG after enabling SBV2 not possible anymore ? Or is it only not available only during the verification and validation process ?
It will be disabled permanently. The issue is that the USB-OTG driver in ROM is a fairly large attack surface which we cannot patch, and we cannot guarantee there are no bugs in there.

Do note that this may impact less than you may think. USB-OTG can still be used in an application (as it doesn't use the ROM driver), and by default on the S3, the bootloader uses USB-serial-JTAG and not USB-OTG on the USB pins.

Re: USB-OTG and Secure Boot V2

Posted: Thu Aug 22, 2024 8:31 am
by aygh4266
ESP_Sprite wrote:
Thu Aug 22, 2024 8:09 am
aygh4266 wrote:
Thu Aug 22, 2024 7:48 am
So my question: will the USB-OTG Stack be disable temporary and only during the validation of the signature or will it be permanet disabled?
I mean, is any communication via USB-OTG after enabling SBV2 not possible anymore ? Or is it only not available only during the verification and validation process ?
It will be disabled permanently. The issue is that the USB-OTG driver in ROM is a fairly large attack surface which we cannot patch, and we cannot guarantee there are no bugs in there.

Do note that this may impact less than you may think. USB-OTG can still be used in an application (as it doesn't use the ROM driver), and by default on the S3, the bootloader uses USB-serial-JTAG and not USB-OTG on the USB pins.

First of all thank you very much for your quick reply. I tried to send a string "Hello" via USB using the tinyUSB stack and it worked. I attached a screenshot in my upper comment.

I also have read that by default, enabling Flash Encryption and/or Secure Boot will disable JTAG debugging. On first boot, the bootloader will burn an eFuse bit to permanently disable JTAG at the same time it enables the other features.

I am a little bit confused, how the USB-serial-JTAG can work after that ?

Re: USB-OTG and Secure Boot V2

Posted: Thu Aug 22, 2024 11:47 pm
by ESP_Sprite
aygh4266 wrote:
Thu Aug 22, 2024 8:31 am
I also have read that by default, enabling Flash Encryption and/or Secure Boot will disable JTAG debugging. On first boot, the bootloader will burn an eFuse bit to permanently disable JTAG at the same time it enables the other features.

I am a little bit confused, how the USB-serial-JTAG can work after that ?
The JTAG bit will not work; you can try to connect to it but it won't see the CPU. The USB-to-serial bit will still function as a serial port.

Re: USB-OTG and Secure Boot V2

Posted: Fri Aug 23, 2024 11:37 am
by aygh4266
ESP_Sprite wrote:
Thu Aug 22, 2024 11:47 pm

The JTAG bit will not work; you can try to connect to it but it won't see the CPU. The USB-to-serial bit will still function as a serial port.
Ok thanks.
But since the USB-OTG is disabled, I can communicate only with PC and send data over usb-serial.
Am I able to write data from esp32s3 to a smartphone or a usb-stick after enabling SBV2 ? I don't think I will be able to do this, since both of the devices must use USB-OTG and the esp32 must act as usb-host.

Re: USB-OTG and Secure Boot V2

Posted: Sun Aug 25, 2024 5:05 am
by ESP_Sprite
aygh4266 wrote:
Fri Aug 23, 2024 11:37 am
Am I able to write data from esp32s3 to a smartphone or a usb-stick after enabling SBV2 ? I don't think I will be able to do this, since both of the devices must use USB-OTG and the esp32 must act as usb-host.
No, but you're not able to do that anyway without an app that does that for you as the bootloader does not do usb-host.