ESP32-S3: Permanently disabling UART ROM download mode

skiddd
Posts: 11
Joined: Sat May 28, 2022 8:58 am

ESP32-S3: Permanently disabling UART ROM download mode

Postby skiddd » Wed Jun 15, 2022 2:01 am

Greetings esteemed colleagues,

I am trying to configure Secure Boot V2 via the Project Configuration Menu. I want to set UART ROM download mode to “Permanently disabled”. My first question is, will this also prevent firmware flashing via the USB Serial/JTAG connection?

I understand that in order to make the attack surface smaller, I should permanently disable JTAG and UART ROM download mode. However my concern is how can I legitimately reprogram the device in case an OTA update might semi-brick the device in the future?

Is entering DFU via GPIO0 still an option for the built-in USB Serial/JTAG even after all the suggested EFUSES are burned following the Secure Boot V2 documentation?

Best Regards

ESP_Sprite
Posts: 9759
Joined: Thu Nov 26, 2015 4:08 am

Re: ESP32-S3: Permanently disabling UART ROM download mode

Postby ESP_Sprite » Wed Jun 15, 2022 4:13 am

Yes, it will disable that. The way to get out of a bad OTA would be to either use rollback or a physical button that boots into a factory partition so the OTA can be retried.

skiddd
Posts: 11
Joined: Sat May 28, 2022 8:58 am

Re: ESP32-S3: Permanently disabling UART ROM download mode

Postby skiddd » Wed Jun 15, 2022 3:51 pm

Thank you for the clarifications on this matter.

Who is online

Users browsing this forum: No registered users and 48 guests