Good afternoon,
In the componay I am working for, we are designing an electronic board using an Esp32S3.
The Esp32S3 chip will be flashed via USB in production (With a firmware from the company).
1) Could you please explain me if there is a tool or a technical mean to read the firmware from the chip back ?
If the answer is yes, is there a way to "lock" this operation ? I would like to prevent the firmware from being read back.
I would not like someone to extract the program from the chip in order to flash other cards/chips.
Do you have any informations please ?
2) After the chip has been flashed in production (via USB), could you please explain me if there is a mean to protect
the chip from being reflashed (flashed again) via USB ? My goal would be to prevent somebody to flash the chip with a firmware from another company (After it has been flashed in production). I would like the chip to be flashed again only with firmware from our company. Is it possible ? Maybe there a way to prevent the chip from being flashed again until a special process has been done ?
Do you have any informations please ?
Thank you for your help,
Best regards,
Thomas TRUILHE
ESP32S3 - How to prevent the Esp32 chip from being reflashed via USB after the first USB flash ?
-
ThomasESP32
- Posts: 214
- Joined: Thu Jul 14, 2022 5:15 am
-
MicroController
- Posts: 1605
- Joined: Mon Oct 17, 2022 7:38 pm
- Location: Europe, Germany
-
ThomasESP32
- Posts: 214
- Joined: Thu Jul 14, 2022 5:15 am
Re: ESP32S3 - How to prevent the Esp32 chip from being reflashed via USB after the first USB flash ?
Good morning,
I have read the first document you have sent and more preceisely the Development Mode Flash Encryption.
At the moment, I have many questions on this part. Could you please explain me the following points ?
1) It is written : "After encrypt, physical readout of flash will not be sufficient to recover most flash content" => Does this mean that there is a mean/a tool that can normally be used to extract the firmware from a chip ? Maybe that can be used to obtain .bin files from some partition ? If the answer is yes, what is this tool please ?
2) Concerning the eFuse : FLASH_CRYPT_CONFIG : Do you know what are the possible values and how they are used ? What are the different configurations please ?
3) Concerning the flag DISABLE_DL_ENCRYPT : Disable firm encryption operation while running in Firmware Download Mode => What is the firmware download mode exactly ? What is the difference between this mode and UART firmware download mode ? Is it the same ? What does this flag mean exactly ?
4) Concerning the eFuse DISABLE_DL_DECRYPT : Disable firmware decrypt while running in Firmware UART Download Mode => What does this mean exactly ? I see that this eFuse is set in Development mode but I don't understand how it works.
5) FLASH_CRYPT_CNT : There is a comment in the documentation : With each successive unencrypted flash update (e.g., flashing a new unencrypted binary) and encryption of the flash (via the Enable flash encryption on boot option), the next MSB of FLASH_CRYPT_CNT is set. => Does this mean that the firmware can be flashed in plaintext many time via UART and encrypted at first boot ? Beacuse there is a max amount of bits in the eFuse, is there a max number of download/encrypt operation ?
6) Concerning all the eFuses that are described in the document, I can see that they can be Read or Write protected. Is it a protection that can be used to access the registers from the firmware ? From the outside ?
I thought that the eFuses can be written (Burned) only one time => Maybe it is not the same for all the eFuses ???
7) In Encryption Development Mode, there is the possibility that the Esp32 generates a Key itself and writes it in the flash_encryption eFuse. Can this key (eFuse) be modified after that ? In this case, how to reflash a new firmware without knowing the key that has been placed in the flash_encryption eFuse ? (This question because it is written that the key cannot be accessed by software as the write and read protection bits are set and that the key cannot be accessed by software).
Does this mean finally that in development mode, user cannot download a firmware in plaintext more than one time in the chip via UART ?? How does this work exactly ??
8) So finally, in flash encryption Development Mode, is it still possible to download firmwares in plaintet via UART after the first encryption has been done ?
Thank you for your answers,
it is not very clear for me.
Best regards,
Thomas TRUILHE
I have read the first document you have sent and more preceisely the Development Mode Flash Encryption.
At the moment, I have many questions on this part. Could you please explain me the following points ?
1) It is written : "After encrypt, physical readout of flash will not be sufficient to recover most flash content" => Does this mean that there is a mean/a tool that can normally be used to extract the firmware from a chip ? Maybe that can be used to obtain .bin files from some partition ? If the answer is yes, what is this tool please ?
2) Concerning the eFuse : FLASH_CRYPT_CONFIG : Do you know what are the possible values and how they are used ? What are the different configurations please ?
3) Concerning the flag DISABLE_DL_ENCRYPT : Disable firm encryption operation while running in Firmware Download Mode => What is the firmware download mode exactly ? What is the difference between this mode and UART firmware download mode ? Is it the same ? What does this flag mean exactly ?
4) Concerning the eFuse DISABLE_DL_DECRYPT : Disable firmware decrypt while running in Firmware UART Download Mode => What does this mean exactly ? I see that this eFuse is set in Development mode but I don't understand how it works.
5) FLASH_CRYPT_CNT : There is a comment in the documentation : With each successive unencrypted flash update (e.g., flashing a new unencrypted binary) and encryption of the flash (via the Enable flash encryption on boot option), the next MSB of FLASH_CRYPT_CNT is set. => Does this mean that the firmware can be flashed in plaintext many time via UART and encrypted at first boot ? Beacuse there is a max amount of bits in the eFuse, is there a max number of download/encrypt operation ?
6) Concerning all the eFuses that are described in the document, I can see that they can be Read or Write protected. Is it a protection that can be used to access the registers from the firmware ? From the outside ?
I thought that the eFuses can be written (Burned) only one time => Maybe it is not the same for all the eFuses ???
7) In Encryption Development Mode, there is the possibility that the Esp32 generates a Key itself and writes it in the flash_encryption eFuse. Can this key (eFuse) be modified after that ? In this case, how to reflash a new firmware without knowing the key that has been placed in the flash_encryption eFuse ? (This question because it is written that the key cannot be accessed by software as the write and read protection bits are set and that the key cannot be accessed by software).
Does this mean finally that in development mode, user cannot download a firmware in plaintext more than one time in the chip via UART ?? How does this work exactly ??
8) So finally, in flash encryption Development Mode, is it still possible to download firmwares in plaintet via UART after the first encryption has been done ?
Thank you for your answers,
it is not very clear for me.
Best regards,
Thomas TRUILHE
Who is online
Users browsing this forum: No registered users and 69 guests