Using Flash Encryption without Secure Boot

User avatar
brp80000
Posts: 138
Joined: Thu Oct 04, 2018 7:13 pm

Using Flash Encryption without Secure Boot

Postby brp80000 » Fri Jan 25, 2019 12:59 pm

I want to use Flash Encryption without Secure Boot. Otherwise, I get a very complex process of manufacturing products. I flash my encryption app and encryption key and etcetera ... and i am make write protect efuse by
espefuse.py --port PORT write_protect_efuse FLASH_CRYPT_CNT
What could be the vulnerability of such code?
Do I need still to use a secure bootloader?

jcsbanks
Posts: 305
Joined: Tue Mar 28, 2017 8:03 pm

Re: Using Flash Encryption without Secure Boot

Postby jcsbanks » Sat Jan 26, 2019 8:17 pm

Without secure boot a hacker could flash executable code that could read out decrypted flash?

User avatar
brp80000
Posts: 138
Joined: Thu Oct 04, 2018 7:13 pm

Re: Using Flash Encryption without Secure Boot

Postby brp80000 » Sun Jan 27, 2019 6:35 am

I'm interested in what can a hacker if i write protect efuse FLASH_CRYPT_CNT

jcsbanks
Posts: 305
Joined: Tue Mar 28, 2017 8:03 pm

Re: Using Flash Encryption without Secure Boot

Postby jcsbanks » Sun Jan 27, 2019 9:01 am

Sorry, missed the write protect bit. It seems that would prevent you writing a modified stub to RAM and executing an exploit on it, but you never want to update devices ever again? It feels brave when more heavily resourced embedded products than mine in my sector get 10 update versions in 5 years, for issues unforseen. What if a security weakness that could read flash is found then all your devices in the field would remain vulnerable? Maybe depends on your market.

User avatar
brp80000
Posts: 138
Joined: Thu Oct 04, 2018 7:13 pm

Re: Using Flash Encryption without Secure Boot

Postby brp80000 » Sun Jan 27, 2019 1:39 pm

My devices get updates via OTA, so there's no problem. I was just wondering if I could understand the point of using secure bootloader when blocking write to this fuse. As a result, I don't see the need for secure bootloader in this case, but I decided to use secure bootloader in my project (with a fixed key). Because it does not complicate the production process and adds a bit of security. Otherwise, it takes about 2 minutes to create a new key and recompile the project for each device.
Also I use Flash Encryption (with fixed key) one for all devices. And transfer of already encrypted OTA data without further decryption when writing to flash.
Additionally, I use my encryption method for OTA files with decryption on the fly, when receiving OTA blocks. Also I add some individual information after the main OTA code (for example Mac address) to check it every time the device starts. Thus, it prevents copying the OTA partition between my devices.
I'm probably a maniac, but it works.))

Who is online

Users browsing this forum: Baidu [Spider] and 179 guests