How secure is using Flash Encryption in Release mode without Secure Boot?

__xwtk
Posts: 4
Joined: Mon Feb 21, 2022 5:05 pm

How secure is using Flash Encryption in Release mode without Secure Boot?

Postby __xwtk » Mon Apr 10, 2023 6:46 pm

Hey there. After spending a while on reading the documentation about Flash Encryption + Secure Boot, I found a line which says that device firmware may still be modified even with Flash Encryption, and to use Secure Boot to prevent that.

The setup is the following:
> Flash Encryption with Release mode
> HTTPS OTA Update only with pre-set certificate validation

Short said, the device only can update using the firmware provided by the server.

Also can Secure Boot be enabled on such a device with Flash Encryption in Release mode? (I am sure it is not but asking just in case)

ESP_Zombie
Posts: 20
Joined: Tue Mar 15, 2022 6:15 am

Re: How secure is using Flash Encryption in Release mode without Secure Boot?

Postby ESP_Zombie » Tue May 16, 2023 6:58 am

Hi __xwtk

In this way, you can try OTA a new_app.bin with software secure boot. For details, please refer to this link https://docs.espressif.com/projects/esp ... ecure-boot

__xwtk
Posts: 4
Joined: Mon Feb 21, 2022 5:05 pm

Re: How secure is using Flash Encryption in Release mode without Secure Boot?

Postby __xwtk » Sat Jun 03, 2023 8:00 am

ESP_Zombie wrote:
Tue May 16, 2023 6:58 am
Hi __xwtk

In this way, you can try OTA a new_app.bin with software secure boot. For details, please refer to this link https://docs.espressif.com/projects/esp ... ecure-boot
Great thank you very much!

Who is online

Users browsing this forum: Majestic-12 [Bot] and 26 guests