Good afternoon.
As i understood esp32's protect separated on two parts:
1 - My programm can be encrypted by espsecure (esptool script), and then decrypted by esp32 using key saved at block_1 fuse before.
2 - Bootloader secure it's something hard. I can't understand it at this moment.
So to secure my programm with Flash encryption i do:
1 - espsecure.py generate_flash_encryption_key key.bin
2 - espefuse.py --port /dev/ttyUSB0 burn_key flash_encryption key.bin
3 - espsecure encrypt_flash_data --keyfile key.bin --address 0x10000 -o my-app-encrypted.bin my-app.bin
4 - flash my-app-encrypted.bin to the esp32.
All's right?
If i'm fine, pls, explain about bootloader secure?
How it's works.
What to do in step by step.
I will be very grateful!
Flash encryption and boot secure with esptool
Re: Flash encryption and boot secure with esptool
No, you only do steps 3&4 to update the app.
https://docs.espressif.com/projects/esp ... ption.html
https://docs.espressif.com/projects/esp ... -boot.html
https://docs.espressif.com/projects/esp ... ption.html
https://docs.espressif.com/projects/esp ... -boot.html
Re: Flash encryption and boot secure with esptool
Sorry, i don't understand?WiFive wrote:No, you only do steps 3&4 to update the app
Can you please quote text that you did answered?
Re: Flash encryption and boot secure with esptool
Hi ctacb,
If you're pre-generating the key then the steps for flash encryption are the ones shown here:
https://docs.espressif.com/projects/esp ... yption-key
For the first boot, you generate a key and flash with espefuse.py (steps 1 & 2 in your post) then you flash a plaintext bootloader and plaintext app with "esptool.py write_flash ...". The app will encrypt its own flash on first boot (this includes the app and the bootloader).
After the first boot, to update the app again you build the new and app and then encrypt it on the host and flash the encrypted .bin file (steps 3 & 4 in your post). (This part in the docs.)
You will probably also want to enable secure boot to prevent unauthorized code being booted. This is done separately, see https://docs.espressif.com/projects/esp ... -boot.html
If you're pre-generating the key then the steps for flash encryption are the ones shown here:
https://docs.espressif.com/projects/esp ... yption-key
For the first boot, you generate a key and flash with espefuse.py (steps 1 & 2 in your post) then you flash a plaintext bootloader and plaintext app with "esptool.py write_flash ...". The app will encrypt its own flash on first boot (this includes the app and the bootloader).
After the first boot, to update the app again you build the new and app and then encrypt it on the host and flash the encrypted .bin file (steps 3 & 4 in your post). (This part in the docs.)
You will probably also want to enable secure boot to prevent unauthorized code being booted. This is done separately, see https://docs.espressif.com/projects/esp ... -boot.html
Re: Flash encryption and boot secure with esptool
Thx you ESP_Angus
Who is online
Users browsing this forum: Bing [Bot] and 98 guests