Hello all,
I'm developing a product based on ESP32-S module, this product needs to have OTA updates, flash-encryption and secure boot. The OTA part is already working with https and Token based authentication, so it's quite secure. Now I need to secure the actual hardware, so that no one can clone the flash to obtain the firmware neither be able to upload a custom firmware to it, and for that I pretend to use secure boot and flash encryption.
However, after reading the documentation, secure boot and flash encryption seems to be closely related, and I can even protect the board from unapproved uploads using only flash encryiption. For that, I would burn an AES-256 encryption key to flash_encryption eFuse and protect FLASH_CRYPT_CNT against Write, so it's impossible to anyone to uppload any code to the board, unless the firmware is encrypted with the same key as the one that was burned at flash_encryption eFuse.
Are my considerations correct? If so, is there a need to use Secure boot? This setup is also secure for OTA updates?
My idea is to first flash an basic firmware, burn the eFuses, and after activate/deactivate the devices using OTA.
Thanks in advance,
Gabriel Gardin.
Secure boot vs Flash Encryption
Return to “General Discussion”
Jump to
- English Forum
- Explore
- News
- General Discussion
- FAQ
- Documentation
- Documentation
- Sample Code
- Discussion Forum
- Hardware
- ESP-IDF
- ESP-BOX
- ESP-ADF
- ESP-MDF
- ESP-WHO
- ESP-SkaiNet
- ESP32 Arduino
- IDEs for ESP-IDF
- ESP-AT
- ESP IoT Solution
- ESP RainMaker
- Rust
- ESP8266
- Report Bugs
- Showcase
- Chinese Forum 中文社区
- 活动区
- 乐鑫活动专区
- 讨论区
- 全国大学生物联网设计竞赛乐鑫答疑专区
- ESP-IDF 中文讨论版
- 《ESP32-C3 物联网工程开发实战》书籍讨论版
- 中文文档讨论版
- ESP-AT 中文讨论版
- ESP-BOX 中文讨论版
- ESP IoT Solution 中文讨论版
- ESP-ADF 中文讨论版
- ESP Mesh 中文讨论版
- ESP Cloud 中文讨论版
- ESP-WHO 中文讨论版
- ESP-SkaiNet 中文讨论版
- ESP 生产支持讨论版
- 硬件问题讨论
- 项目展示
Who is online
Users browsing this forum: No registered users and 364 guests
- All times are UTC
- Top
- Delete cookies
About Us
Espressif Systems is a fabless semiconductor company providing cutting-edge low power WiFi SoCs and wireless solutions for wireless communications and Internet of Things applications. ESP8266EX and ESP32 are some of our products.