Hello all,
I'm developing a product based on ESP32-S module, this product needs to have OTA updates, flash-encryption and secure boot. The OTA part is already working with https and Token based authentication, so it's quite secure. Now I need to secure the actual hardware, so that no one can clone the flash to obtain the firmware neither be able to upload a custom firmware to it, and for that I pretend to use secure boot and flash encryption.
However, after reading the documentation, secure boot and flash encryption seems to be closely related, and I can even protect the board from unapproved uploads using only flash encryiption. For that, I would burn an AES-256 encryption key to flash_encryption eFuse and protect FLASH_CRYPT_CNT against Write, so it's impossible to anyone to uppload any code to the board, unless the firmware is encrypted with the same key as the one that was burned at flash_encryption eFuse.
Are my considerations correct? If so, is there a need to use Secure boot? This setup is also secure for OTA updates?
My idea is to first flash an basic firmware, burn the eFuses, and after activate/deactivate the devices using OTA.
Thanks in advance,
Gabriel Gardin.
Secure boot vs Flash Encryption
Who is online
Users browsing this forum: Corand, Google [Bot] and 243 guests