Hi,
I'm starting to use secure bootloader with the purpose that firmware will run only on my hardware.
The first test I have done, is to dump the memory from address 0 of a module with secure boot and signed app and flash it to a brand new module.
I was expecting that the firmware won't boot. I was wrong! The board boot without problem and activate secure boot on the new module.
So If someone will clone my hardware, he can just dump the memory and use it on a cloned hardware.
My question is: how can I achieve the goal of a firmware that will boot only on my hardware?
Thank you
Secure boot not so secure....
Re: Secure boot not so secure....
Hi lodogg,
To prevent recovering the firmware from a device (which would allow it to be cloned onto another device), enable Flash Encryption.
For production configurations we recommend using Flash Encryption and Secure Boot together.
Please consult the ESP-IDF documentation for more details:
https://docs.espressif.com/projects/esp ... -boot.html
https://docs.espressif.com/projects/esp ... ption.html
The intention of Secure Boot is to ensure that only trusted firmware is run on the hardware (ie it's not possible to change the firmware of a device once secure boot is enabled).
To prevent recovering the firmware from a device (which would allow it to be cloned onto another device), enable Flash Encryption.
For production configurations we recommend using Flash Encryption and Secure Boot together.
Please consult the ESP-IDF documentation for more details:
https://docs.espressif.com/projects/esp ... -boot.html
https://docs.espressif.com/projects/esp ... ption.html
Who is online
Users browsing this forum: Google [Bot] and 172 guests