Licensed Firmware, per MCU

[MindReader32]

I am planning to use encrypted flash to protect my IP.
I am planning to use secure boot to protect the device.

I'm currently using a WROOM-32 module.

What I don't want is to allow a bit2bit copy of the (encrypted) flash to enable the original licensed device firmware/data to be copied to a secondary WROOM-32 module.

I've not yet found anything that precludes this from 'working'.

Can/are there 'user' efuses to help avoid 'transfer' of the firmware?

Thanks in advance.

[ESP_Sprite]

Secure boot and encrypted flash should stop this. Encrypted flash, by default, uses a random key that is generated when the device is flashed in the factory; this key is stored on EFuses internal to the ESP32 and is not accessible to the firmware. It is used by the flash access hardware to decrypt and encrypt the flash, however. If you then take the raw flash contents and copy it to the flash on a different ESP32, that ESP32 won't boot because it does not know the decryption key for the flash.

[MindReader32]

Thank you for letting me know. After your comment and re-reading the docs I've found this, for future reference:

https://docs.espressif.com/projects/esp ... ialisation

On first boot, the bootloader sees FLASH_CRYPT_CNT efuse is set to 0 (factory default) so it generates a flash encryption key using the hardware random number generator. This key is stored in efuse. The key is read and write protected against further software access.

All of the encrypted partitions are then encrypted in-place by the bootloader. Encrypting in-place can take some time (up to a minute for large partitions.)

[MindReader32]

I'm having trouble understanding exactly what might be exposed, or what I need todo, if I'm using flash encryption and try to do an OTA update (via HTTPS).
The binary downloaded can't be encrypted if every ESP32 has it's own unique decryption key, so, it must come down unencrypted (apart from the SSL) and then be encrypted on the device. Does that mean there is a window between downloading the binary to the partition and the subsequent reboot and flash re-encrytion ? Or is the ota partition data encrypted on the fly as the ota binary is downloaded?

Instead of the above I (guess) I should use a pre-generated key and load that onto all my ESP32's rather than use the per-MCU factory set one?

This pre-generated key is also safe from firmware readout in the efuses ?

Or have I missed something?

Thanks
Wayne

[ESP_igrr]

Hi Wayne, your understanding is correct. The OTA binary is stored on the server unencrypted, and is downloaded over a TLS encrypted connection (e.g. HTTPS). The server will usually also authenticate the client before allowing to download the binary. On the client (esp32), chunks of binary received over TLS are decrypted, and then written to flash. In the process of writing to flash, these chunks are encrypted by the flash encryption hardware (encryption key is not known to software). So the data gets written to flash in encrypted form.

You could take the approach with pre-generated keys and encrypt binaries on the server. However in this case, encryption keys also need to be stored in production environment and on the server. In both cases there is a chance for the keys to be compromised. When keys are generated on the device itself, they are generated by hardware and can not be read out.

[jcsbanks]

What is a good unique identifier to use for authentication in this process? A public part of the self generated key used for flash encryption?

[WiFive]

There is no public part. You could use a salted hash of the Mac address or serial number or a provisioned token or certificate.