Regarding Flash Encryption
Posted: Tue Aug 29, 2017 6:25 am
In Pre-generated key Flash encryption I have few queries below : request help in understanding the same :
At broad level following are the steps I need to follow : Please correct me If I am wrong
1. Pre -generate Key using the script at esptool folder espsecure.py
2. Burning Flash encryption key
Can I flash the key through ESP32 download Tool or I need to do it only through Commandprompt
Where should I select "my_flash_encryption_key.bin" in ESP32 Download tool ?
should I select it at DeviceMasterKeyfolder path ?
Can I generate the key second time and flash it again , using same command prompt or download tool ? Can the key be overwritten ?
First flash plain text :
1. make menuconfig - > enable flash encryption - > make
2. app.bin, bootloader.bin and partition table.bin
3. make flash or flash through download tool
boot loader would encrypt all the partitons with pre burned key
Reflashing : Generate Encrypted app-bin using the my_flash_encryption_key.bin and flash through download tool
As per the document I see if Flags in partition table is set to "encrypt" , that will be encrypted. Is there a similar flag to disable an app partition from flash encryption?
Are my steps correct ?
At broad level following are the steps I need to follow : Please correct me If I am wrong
1. Pre -generate Key using the script at esptool folder espsecure.py
2. Burning Flash encryption key
Can I flash the key through ESP32 download Tool or I need to do it only through Commandprompt
Where should I select "my_flash_encryption_key.bin" in ESP32 Download tool ?
should I select it at DeviceMasterKeyfolder path ?
Can I generate the key second time and flash it again , using same command prompt or download tool ? Can the key be overwritten ?
First flash plain text :
1. make menuconfig - > enable flash encryption - > make
2. app.bin, bootloader.bin and partition table.bin
3. make flash or flash through download tool
boot loader would encrypt all the partitons with pre burned key
Reflashing : Generate Encrypted app-bin using the my_flash_encryption_key.bin and flash through download tool
As per the document I see if Flags in partition table is set to "encrypt" , that will be encrypted. Is there a similar flag to disable an app partition from flash encryption?
Are my steps correct ?