Questions regarding flash encryption and Secure Boot
Re: Questions regarding flash encryption and Secure Boot
There is a factory image in the default ota partition table but it is not required and with big apps there is not much room for it on 4mb flash.
He meant if the devices have unique flash encryption keys which is much more secure since you can't "break one break em all".
He meant if the devices have unique flash encryption keys which is much more secure since you can't "break one break em all".
Re: Questions regarding flash encryption and Secure Boot
You're right. Fortunately mine isn't. And even if it was, I could simply buy more flash memory.WiFive wrote:There is a factory image in the default ota partition table but it is not required and with big apps there is not much room for it on 4mb flash.
Who said I wasn't going to use a unique flash encryption key? My idea is to make individual keys for each device and have a DB of keys for all the devices. It won't be expensive (1 TB HDDs can be purchased for 50 €).WiFive wrote:He meant if the devices have unique flash encryption keys which is much more secure since you can't "break one break em all".
Re: Questions regarding flash encryption and Secure Boot
Yes so you could also encrypt the binary on the fly as you serve it to a specific client and hopefully all your devices don't update at once.
But you did say "storing the binary pre-encrypted in the server".
But you did say "storing the binary pre-encrypted in the server".
Re: Questions regarding flash encryption and Secure Boot
Oh, sorry, I’ve just realized about the implications of storing the binary pre-encrypted in the server. My bad. I’ll probably just use the HTTPS method.WiFive wrote:But you did say "storing the binary pre-encrypted in the server".
Re: Questions regarding flash encryption and Secure Boot
@ESP_Angus Hello, I have some questions on the security of esp ota updates.. As I know we have two ways to protect codes, one is secure boot and the other is flash encryption , but if I use ota , I have to put the signed(if the secure boot is enabled) bin on the server, then the bin on the server is easy to leak,even if I use the https... Do you have some suggestions about that? can secure boot protect this?
Re: Questions regarding flash encryption and Secure Boot
No you would need to add another layer of encryption on the bin file and store the shared decryption key on all the devices.
Re: Questions regarding flash encryption and Secure Boot
Thanks for your response,WiFive wrote:No you would need to add another layer of encryption on the bin file and store the shared decryption key on all the devices.
You give me some inspirations, I think I can do that like this
1. flash a shared decryption key to the devices when I give them out.
2. do decrypt in the ota bin file ,when update is over ,the app file code read the 1 step key from flash , then the devices that did not have the key will not boot up.
but if someone find the key in the flash, that will not work too..
Is my understanding right ? how to solve that?
Re: Questions regarding flash encryption and Secure Boot
If you use flash encryption, secure boot, encrypted ota bin and ssl all together it should be secure.
Re: Questions regarding flash encryption and Secure Boot
As WiFive says, using flash encryption & secure boot together provides local physical firmware security. To protect data in transit over the network, you need additional steps.
To prevent OTA updates being downloaded by unauthorised parties, I'd recommend using HTTPS and some kind of authentication method based on a private key or other secret stored in the client ESP32 - either TLS Client Certificate auth, or some kind of secret device ID which is not broadcast but stored encrypted in the ESP32 flash.
The ESP32 identifies itself to the server over HTTPS, and then the sends provides the .bin image using TLS to encrypt the data transfer.
To prevent OTA updates being downloaded by unauthorised parties, I'd recommend using HTTPS and some kind of authentication method based on a private key or other secret stored in the client ESP32 - either TLS Client Certificate auth, or some kind of secret device ID which is not broadcast but stored encrypted in the ESP32 flash.
The ESP32 identifies itself to the server over HTTPS, and then the sends provides the .bin image using TLS to encrypt the data transfer.
Re: Questions regarding flash encryption and Secure Boot
Server can potentially be backdoored to get unencrypted bin file so encrypted ota bin is still better.
Who is online
Users browsing this forum: No registered users and 97 guests