Protection on the flash read

[ESP_Angus]

After reading more about the encryption.
Development Mode should work for me.

Your understanding of how flash encryption works in Release mode is correct, but development mode is not secure and is not suitable for your use case

In development mode, it's possible to upload new code which runs on the device (as the encryption happens inside the ESP32 during the upload process, using the secret key). An attacker can upload a small bootloader program that dumps the rest of the flash contents to UART (decrypted, because this is running in the bootloader mode) or otherwise releases it.

For production use, you need to enable flash encryption in Release Mode.


Angus

[bonmotwang]

Thanks Angus. Now I understand!
A couple more questions:
1) After I set the module to release mode can I change it back to development mode or plain text mode?
2) I am trying to avoid OTA in production. Is it possible? Thanks again

[mohasrj]

hi ,

please some one can help me ?

i have problem, when i enabled flah encryption development mode, the size of bootloader (0x7000 = 28672 BYTE) increase , so to solve that i increase the partition table offset from 0x8000 to 0x10000, that work in the first boot, but when i reset esp32 i have this error in TERMINAL :