Prevent Modification of NVS Data

GerryTitan · Postby **GerryTitan** » Tue Aug 20, 2019 2:23 pm

Hello,

Is there a way to prevent unauthorized modification of data in the NVS partition (for example, via esptool write_flash)?

Thanks.

jcsbanks · Postby **jcsbanks** » Tue Aug 20, 2019 6:54 pm

You could encrypt it.

GerryTitan · Postby **GerryTitan** » Tue Aug 20, 2019 9:08 pm

jcsbanks wrote: ↑
Tue Aug 20, 2019 6:54 pm
You could encrypt it.

That's true, but there is still the possibility that an attacker can modify/corrupt the data, right?

WiFive · Postby **WiFive** » Tue Aug 20, 2019 9:30 pm

If NVS encryption is not used, it is possible for anyone with physical access to the flash chip to alter, erase, or add key-value pairs. With NVS encryption enabled, it is not possible to alter or add a key-value pair and get recognized as a valid pair without knowing corresponding NVS encryption keys. However, there is no tamper-resistance against the erase operation.

GerryTitan · Postby **GerryTitan** » Tue Aug 20, 2019 10:07 pm

Is it possible to just disable the UART interface to the chip so that physical tampering is impossible?

WiFive · Postby **WiFive** » Wed Aug 21, 2019 12:08 am

No, and even if you did it would be possible to connect directly to the flash chip. For some physical protection you'd have to encapsulate.

GerryTitan · Postby **GerryTitan** » Wed Aug 21, 2019 12:20 am

Okay, thank you for the explanation. I guess apps should just be robust enough to anticipate tampering/erasing of NVS data. I will consider this for the future.

Prevent Modification of NVS Data

Prevent Modification of NVS Data

Re: Prevent Modification of NVS Data

Re: Prevent Modification of NVS Data

Re: Prevent Modification of NVS Data

Re: Prevent Modification of NVS Data

Re: Prevent Modification of NVS Data

Re: Prevent Modification of NVS Data

Who is online

About Us

Extra

Information