Security Advantage of Limiting Serial Updates for Flash Encryption

[GerryTitan]

Hi all,

This may seem like a trivial matter to most of you. For some reason, I'm just having trouble wrapping my head around it.

My question is this: what is the inherent security advantage to placing a limit on (plaintext) serial updates once flash encryption is enabled? It seems to me that with flash encryption, we merely want to prevent unauthorized read access to the firmware and bootloader, so I don't understand where imposing a limit to flash updates fits in.

Again, my gut feeling tells me that I am missing something quite obvious. Any feedback is well appreciated.

Thanks!

[WiFive]

If you can upload plaintext and it ends up encrypted in flash then you can potentially use that to weaken or defeat the encryption and you can emulate the flash chip to make this easier. Actually you could probably also use a timing attack to defeat secure boot and run a malicious firmware (because you can encrypt it) and use it to decrypt the whole flash. Once you have the flash dump you can recover secret keys, user data, and the binary firmware. If you want to run a patched firmware you just have to replace the esp32 chip/module to control secure boot.

[GerryTitan]

This makes complete sense. Thank you!