Chris wrote:
I have a problem understanding on how to protect the firmware read from flash through the serial port
and the jtag..
What efuses should I burn ? is that operation reversible ?
thanks
Chris
ESP_Angus wrote:
You can't protect the flash from physical readout completely, because it's external to the chip in most cases. Even if the ESP32 disables readout we can't prevent the attacker from just connecting SPI probes to the flash chip (or the embedded flash pins for ESP32-D2 & ESP32-D4).
However you can protect the flash from unauthorised decryption, and disable JTAG, and this keeps the flash contents secure from an attacker with physical access.
There are two efuses DISABLE_DL_DECRYPT & DISABLE_DL_CACHE which disable decryption and flash cache (which can also decrypt) when the serial bootloader mode is running. These are burned by default on first boot when flash encryption is enabled, but you can also burn them manually.
The efuse JTAG_DISABLE will disable the JTAG peripheral. Also burned by default on first boot when either flash encryption or secure boot is enabled.
Enabling secure boot & flash encryption will mean the chip only boots authenticated firmware, and the contents of the flash becomes encrypted (and only readable by software running from the aforementioned authenticated firmware).
You can use the espefuse tool to view the state of each efuse and burn efuses manually, but if you use the default flash encryption & secure boot settings then they will be burned on first boot automatically.
(Moderator's note: This post is content from PM, has been reformatted to be easier to follow)