ESP32 Forum

ESP32 Official Forum
http://esp32.io/

How secure is using Flash Encryption in Release mode without Secure Boot?

http://esp32.io/viewtopic.php?f=5&t=33076

Page 1 of 1

How secure is using Flash Encryption in Release mode without Secure Boot?

Posted: Mon Apr 10, 2023 6:46 pm
by __xwtk
Hey there. After spending a while on reading the documentation about Flash Encryption + Secure Boot, I found a line which says that device firmware may still be modified even with Flash Encryption, and to use Secure Boot to prevent that.

The setup is the following:
> Flash Encryption with Release mode
> HTTPS OTA Update only with pre-set certificate validation

Short said, the device only can update using the firmware provided by the server.

Also can Secure Boot be enabled on such a device with Flash Encryption in Release mode? (I am sure it is not but asking just in case)

Re: How secure is using Flash Encryption in Release mode without Secure Boot?

Posted: Tue May 16, 2023 6:58 am
by ESP_Zombie
Hi __xwtk

In this way, you can try OTA a new_app.bin with software secure boot. For details, please refer to this link https://docs.espressif.com/projects/esp ... ecure-boot

Re: How secure is using Flash Encryption in Release mode without Secure Boot?

Posted: Sat Jun 03, 2023 8:00 am
by __xwtk
ESP_Zombie wrote:
Tue May 16, 2023 6:58 am
 Hi __xwtk

In this way, you can try OTA a new_app.bin with software secure boot. For details, please refer to this link https://docs.espressif.com/projects/esp ... ecure-boot
Great thank you very much!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/