ESP32-c3 Flash encryption questions

DominykasPiko
Posts: 3
Joined: Tue Dec 19, 2023 6:59 am

ESP32-c3 Flash encryption questions

Postby DominykasPiko » Thu Dec 28, 2023 7:20 am

Hello, I am trying to implement flash encryption on ESP32-c3-mini-1 using VSCode esp-idf 5.1.2v . I require to lock flash memory so it could not be read. I started by trying out Develop mode for a flash encryption, I followed all steps from documentation, I used Host Generated Key method: generated key, burned it, then, on menu config, changed settings according to documentation. I wrote simple code which prints on/off every second. The problem is that I think that encryption doesn't work or I don't understand how it should work. I flashed my project using

Code: Select all

 idf.py encrypted-flash monitor
and after opening terminal it seem to work. But then I tried reading flash memory using esptool on windows cmd:

Code: Select all

esptool.py --port COM54 --baud 115200 read_flash 0 0x400000 on_off.bin
and well it worked, I managed to read flash content and create .bin file. Then I changed code on VScode to print "123" every second and updated firmware. Then using this

Code: Select all

esptool.py --chip esp32-c3 --port COM32 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size 4MB 0x00 C:\Users\pc\Desktop\on-off.bin
I reflashed old firmware, which should print only on/off and well it worked, I managed to read and reflash data when Develop flash encryption is on, so why is that? What exactly flash encryption does?

2 question is this: documentation states that
In Release mode, UART bootloader cannot perform flash encryption operations. New plaintext images can ONLY be downloaded using the over-the-air (OTA) scheme which will encrypt the plaintext image before writing to flash.
. So does this mean, that in order to use Release encryption mode, which, as I understood, is secure way to lock flash, I can only use OTA to flash new firmware? It is not possible to use USB for flashing new firmware and Release mode flash encryption?
I will add bootloader log after flashing new fw via VScode, maybe it will help:

Code: Select all

ESP-ROM:esp32c3-api1-20210207
Build:Feb  7 2021
rst:0x15 (USB_UART_CHIP_RESET),boot:0x9 (SPI_FAST_FLASH_BOOT)
Saved PC:0x400462dc
0x400462dc: ets_delay_us in ROM

SPIWP:0xee
mode:DIO, clock div:1
load:0x3fcd5988,len:0x1fc8
load:0x403cc710,len:0x738
load:0x403ce710,len:0x4520
entry 0x403cc710
I (78) cpu_start: Unicore app
I (78) cpu_start: Pro cpu up.
I (87) cpu_start: Pro cpu start user code
I (87) cpu_start: cpu freq: 160000000 Hz
I (87) cpu_start: Application information:
I (90) cpu_start: Project name:     blink
I (95) cpu_start: App version:      1
I (99) cpu_start: Compile time:     Dec 27 2023 16:04:34
I (105) cpu_start: ELF file SHA256:  ec29554d8517fb3a...
I (111) cpu_start: ESP-IDF:          v5.1.2
I (116) cpu_start: Min chip rev:     v0.3
I (120) cpu_start: Max chip rev:     v0.99 
I (125) cpu_start: Chip rev:         v0.4
I (130) heap_init: Initializing. RAM available for dynamic allocation:
I (137) heap_init: At 3FC8EF30 len 000310D0 (196 KiB): DRAM
I (143) heap_init: At 3FCC0000 len 0001C710 (113 KiB): DRAM/RETENTION
I (151) heap_init: At 3FCDC710 len 00002950 (10 KiB): DRAM/RETENTION/STACK
I (158) heap_init: At 50000010 len 00001FD8 (7 KiB): RTCRAM
I (165) spi_flash: detected chip: generic
I (169) spi_flash: flash io: dio
W (173) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the size in the binary image header.
W (186) flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)
I (194) sleep: Configure to isolate all GPIO pins in sleep state
I (200) sleep: Enable automatic switching of GPIO sleep configuration
I (207) app_start: Starting scheduler on CPU0
I (212) main_task: Started on CPU0
I (216) main_task: Calling app_main()
E (220) nvs: CONFIG_NVS_ENCRYPTION is enabled, but no partition with subtype nvs_keys found in the partition table.
[   232][E][esp32-hal-misc.c:300] initArduino(): Failed to initialize NVS! Error: 4294967295
I (251) main_task: Returned from app_main()
I (251) gpio: GPIO[7]| InputEn: 1| OutputEn: 1| OpenDrain: 0| Pullup: 0| Pulldown: 0| Intr:0
I (254) gpio: GPIO[6]| InputEn: 1| OutputEn: 1| OpenDrain: 0| Pullup: 0| Pulldown: 0| Intr:0 
I (263) uart: queue free spaces: 20
on
off

Who is online

Users browsing this forum: Google [Bot] and 80 guests