ESP32 flash encryption enabled by Mongoose OS

novlean
Posts: 9
Joined: Fri May 19, 2017 4:27 pm

ESP32 flash encryption enabled by Mongoose OS

Postby novlean » Fri May 19, 2017 4:32 pm

ESP32 chip comes with built-in security features, one of which is a transparent SPI flash encryption. That feature is critical for securing device's cloud access.
By default, an ESP32 firmware is kept in plain text form on flash:

Code: Select all

# Dump initial 2k of filesystem area to stdout
mos flash-read --arch esp32 0x190000 2000 -  
The flash-read command dumps the flash memory into a file and the output can show that the content is not encrypted. Therefore, sensitive information like TLS private keys could be easily stolen from the flash, since the part of the device's file system is not encrypted.

In order to enable flash encryption, use the Mongoose OS -> https://mongoose-os.com/blog/mongoose-o ... ncryption/

ESP_Sprite
Posts: 9709
Joined: Thu Nov 26, 2015 4:08 am

Re: ESP32 flash encryption enabled by Mongoose OS

Postby ESP_Sprite » Sat May 20, 2017 10:13 am

Thanks for the information, but your implied assertion that only Mongoose supports flash encryption is incorrect. We've supported this since very early in the esp-idf release process: Documentation.

sergey.lyubka
Posts: 12
Joined: Wed Dec 28, 2016 10:55 am

Re: ESP32 flash encryption enabled by Mongoose OS

Postby sergey.lyubka » Mon May 22, 2017 1:03 pm

Yes indeed!

Mongoose OS implementation is based on ESP-IDF, in fact we've submitted some patches during our work that has been integrated into ESP-IDF. The point is: Mongoose OS makes flash encryption process very easy - that's a single command. Otherwise, it is not trivial to do in a real firmware.

Who is online

Users browsing this forum: No registered users and 36 guests