Flash Encryption

[lildenty]

Hi Guys.

I’m not sure if I’m on the right track.

Once I start using flash encrypting.

Am I able to reflash my program if I’m to update it.

And would I be able to reflash a new SPIFFs image aswell ?

As I just want to protect the ESP from
Having the source code downloaded.

Am I on the right track. Or do you suggest doing something else.


Thanks In advance

Jonathan

[ESP_Sprite]

Note that you can't download the source code even from an unprotected ESP32; all that's in the flash is the compiled binary of your program. (Given we're talking about an ESP-IDF or Arduino project.(

[lildenty]

Note that you can't download the source code even from an unprotected ESP32; all that's in the flash is the compiled binary of your program.

can you download the compiled binary?
And run it through a decompiler tho ?

so whats the overall benefits of the flash encryption ?

[ESP_Sprite]

Sure, you could, and you could run it through a 'decompiler', but that would hardly give you back the original source code. There certainly is merit to flash encryption, just wanted to correct any notion you would be able to retrieve the original sources from the flash at all.

[lildenty]

So once I use flash encryption. I can not reflash it via UART. (I can update it via OTA) is what im reading. is that correct ?

[lildenty]

or if i knew the flash key.. and generate it myself. i can upload an pre encrypted image via uart ?
just means i have to manage the keys myself (best pratice is different key for each device)

[ESP_Angus]

Hi lildenty,

That's correct.

In ESP-IDF V4.0 and newer we have something called "Development mode", which does allow reflashing of the binary even without knowing the key. However this setup is for debugging a firmware with flash encryption enabled, it's not suitable for production (because someone can flash a small binary that dumps the rest of the flash contents in plaintext.)

With Flash Encryption Release mode (which is the only mode before ESP-IDF V4.0), you would need a copy of the device key in order to read or write the flash - by encrypting or decrypting on the host using the key. Or you can OTA update, as noted.

Angus

[lildenty]

Awesome.

so overall understanding is.

So if I manage my own keys. I can reflash the esp32 as many times as i want.

as there any examples of this process kicking about you could point me to.

Thanks

Denty

[ESP_Angus]

Hi Denty,

Yes. We used to document this in ESP-IDF v3.x, but it was replaced when "Development mode" was introduced as that method is actually easier to do (fully integrated with the build system, so less fiddling around pre-encrypting all the binaries on the host).

You can see the steps for generating and burning a key in the v3.x docs. If you do this before first boot, the bootloader will use that key instead of generating a random one:
https://docs.espressif.com/projects/esp ... yption-key

(We've had a request to re-introduce these sections in the newer IDF docs and we plan to do that also, but it needs some restructuring first so we haven't had time yet.)