Flash Encryption

lildenty
Posts: 13
Joined: Wed Sep 18, 2019 3:31 pm

Flash Encryption

Postby lildenty » Mon Nov 16, 2020 11:13 am

Hi Guys.

I’m not sure if I’m on the right track.

Once I start using flash encrypting.

Am I able to reflash my program if I’m to update it.

And would I be able to reflash a new SPIFFs image aswell ?

As I just want to protect the ESP from
Having the source code downloaded.

Am I on the right track. Or do you suggest doing something else.


Thanks In advance

Jonathan

ESP_Sprite
Posts: 9739
Joined: Thu Nov 26, 2015 4:08 am

Re: Flash Encryption

Postby ESP_Sprite » Tue Nov 17, 2020 1:11 am

Note that you can't download the source code even from an unprotected ESP32; all that's in the flash is the compiled binary of your program. (Given we're talking about an ESP-IDF or Arduino project.(

lildenty
Posts: 13
Joined: Wed Sep 18, 2019 3:31 pm

Re: Flash Encryption

Postby lildenty » Tue Nov 17, 2020 9:16 am

Note that you can't download the source code even from an unprotected ESP32; all that's in the flash is the compiled binary of your program.
can you download the compiled binary?
And run it through a decompiler tho ?

so whats the overall benefits of the flash encryption ?

ESP_Sprite
Posts: 9739
Joined: Thu Nov 26, 2015 4:08 am

Re: Flash Encryption

Postby ESP_Sprite » Tue Nov 17, 2020 12:25 pm

Sure, you could, and you could run it through a 'decompiler', but that would hardly give you back the original source code. There certainly is merit to flash encryption, just wanted to correct any notion you would be able to retrieve the original sources from the flash at all.

lildenty
Posts: 13
Joined: Wed Sep 18, 2019 3:31 pm

Re: Flash Encryption

Postby lildenty » Tue Nov 17, 2020 1:11 pm

So once I use flash encryption. I can not reflash it via UART. (I can update it via OTA) is what im reading. is that correct ?

lildenty
Posts: 13
Joined: Wed Sep 18, 2019 3:31 pm

Re: Flash Encryption

Postby lildenty » Tue Nov 17, 2020 1:12 pm

or if i knew the flash key.. and generate it myself. i can upload an pre encrypted image via uart ?
just means i have to manage the keys myself (best pratice is different key for each device)

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Flash Encryption

Postby ESP_Angus » Wed Nov 18, 2020 3:13 am

Hi lildenty,

That's correct.

In ESP-IDF V4.0 and newer we have something called "Development mode", which does allow reflashing of the binary even without knowing the key. However this setup is for debugging a firmware with flash encryption enabled, it's not suitable for production (because someone can flash a small binary that dumps the rest of the flash contents in plaintext.)

With Flash Encryption Release mode (which is the only mode before ESP-IDF V4.0), you would need a copy of the device key in order to read or write the flash - by encrypting or decrypting on the host using the key. Or you can OTA update, as noted.

Angus

lildenty
Posts: 13
Joined: Wed Sep 18, 2019 3:31 pm

Re: Flash Encryption

Postby lildenty » Wed Nov 18, 2020 1:44 pm

Awesome.

so overall understanding is.

So if I manage my own keys. I can reflash the esp32 as many times as i want.

as there any examples of this process kicking about you could point me to.

Thanks

Denty

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Flash Encryption

Postby ESP_Angus » Wed Nov 18, 2020 11:52 pm

Hi Denty,

Yes. We used to document this in ESP-IDF v3.x, but it was replaced when "Development mode" was introduced as that method is actually easier to do (fully integrated with the build system, so less fiddling around pre-encrypting all the binaries on the host).

You can see the steps for generating and burning a key in the v3.x docs. If you do this before first boot, the bootloader will use that key instead of generating a random one:
https://docs.espressif.com/projects/esp ... yption-key

(We've had a request to re-introduce these sections in the newer IDF docs and we plan to do that also, but it needs some restructuring first so we haven't had time yet.)

Who is online

Users browsing this forum: No registered users and 99 guests