Destroy key stored in eFuse block

eitell
Posts: 5
Joined: Tue Sep 12, 2023 3:49 pm

Destroy key stored in eFuse block

Postby eitell » Sun Oct 08, 2023 9:05 pm

We want write all eFuse bits to one and completely destroy the key stored in an eFuse block as an additional layer of protection in case of tampering. But writing anything to a Reed-Solomon-encoded block using the provided API will cause an encoding error.

At this point we are really not interested in maintaining data integrity, only filling all bits with `1`.

Is possible to ignore the encoding-checking of the key blocks and force-write the remaining bits to one?

Thank you,

Konstantin
Posts: 13
Joined: Tue Feb 05, 2019 7:31 am

Re: Destroy key stored in eFuse block

Postby Konstantin » Tue Oct 10, 2023 8:23 am

Hi @eitell!

There might be some solutions:
- an efuse block is already read-protected - Software can not read it anyway, so it is safe to keep it. If you still want to destroy data see below.
- an efuse block is write-protected - The data in this block can not be changed.
- an efuse block is not write-protected - For now we do not have an API to do it because the current efuse APIs check repeat burns into RS blocks but there is a way. You can do it like that see the snippet below. I will create a new API - esp_efuse_destroy_block().

Code: Select all

uint8_t all_once[8*4];
memset(all_once, 0xFF, sizeof(all_once));
memcpy((void *)EFUSE_PGM_DATA0_REG, (void *)all_once, sizeof(all_once));
efuse_hal_clear_program_registers();
if (esp_efuse_get_coding_scheme(num_block) == EFUSE_CODING_SCHEME_RS) {
    uint8_t block_rs[12];
    efuse_hal_rs_calculate(all_once, block_rs);
    hal_memcpy((void *)EFUSE_PGM_CHECK_VALUE0_REG, block_rs, sizeof(block_rs));
}
efuse_hal_program(num_block);

Who is online

Users browsing this forum: No registered users and 95 guests