Hi,
I am currently looking for a way to keep JTAG enabled when flash encryption is also enabled in release mode. Basically, I would like to be able to erase the flash completely, and then reprogram it even if the flash encryption is used. Is there any way to do that?
Keep JTAG enabled alongside flash encryption
-
Wasabinary
- Posts: 13
- Joined: Fri Apr 23, 2021 10:09 am
-
ESP_Sprite
- Posts: 9582
- Joined: Thu Nov 26, 2015 4:08 am
Re: Keep JTAG enabled alongside flash encryption
You can, but it makes flash encryption useless as an attacker can also still use JTAG to read out your flash. You'd need to disable JTAG plus some some firmware to re-enable JTAG when needed, newer chips have the HMAC peripheral to help with that.
-
Wasabinary
- Posts: 13
- Joined: Fri Apr 23, 2021 10:09 am
Re: Keep JTAG enabled alongside flash encryption
Thank you for your answer. You said flash encryption would be useless as the attacker could read the flash through JTAG, but if flash encryption is enabled, he would not be able to decrypt it, right?
-
ESP_Sprite
- Posts: 9582
- Joined: Thu Nov 26, 2015 4:08 am
Re: Keep JTAG enabled alongside flash encryption
The thing is that the external flash is encrypted, but the (internal) flash cache needs to decrypt it for the CPU to be able to read the unencrypted data and instructions. However, JTAG enables you to fully control the CPU, which includes reading (decrypted) bytes through the flash cache. Cryptographically speaking, it allows you to use the flash cache as an oracle.
Who is online
Users browsing this forum: No registered users and 191 guests