Secure boot vs Flash Encryption

Gardin
Posts: 31
Joined: Fri Dec 13, 2019 4:53 pm

Secure boot vs Flash Encryption

Postby Gardin » Wed Dec 29, 2021 12:39 pm

Hello all,

I'm developing a product based on ESP32-S module, this product needs to have OTA updates, flash-encryption and secure boot. The OTA part is already working with https and Token based authentication, so it's quite secure. Now I need to secure the actual hardware, so that no one can clone the flash to obtain the firmware neither be able to upload a custom firmware to it, and for that I pretend to use secure boot and flash encryption.

However, after reading the documentation, secure boot and flash encryption seems to be closely related, and I can even protect the board from unapproved uploads using only flash encryiption. For that, I would burn an AES-256 encryption key to flash_encryption eFuse and protect FLASH_CRYPT_CNT against Write, so it's impossible to anyone to uppload any code to the board, unless the firmware is encrypted with the same key as the one that was burned at flash_encryption eFuse.

Are my considerations correct? If so, is there a need to use Secure boot? This setup is also secure for OTA updates?

My idea is to first flash an basic firmware, burn the eFuses, and after activate/deactivate the devices using OTA.

Thanks in advance,

Gabriel Gardin.

Who is online

Users browsing this forum: Muntazer and 85 guests