Protection on the flash read

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Protection on the flash read

Postby ESP_Angus » Mon Mar 09, 2020 4:08 am

bonmotwang wrote:
Fri Mar 06, 2020 4:49 pm
After reading more about the encryption.
Development Mode should work for me.
Your understanding of how flash encryption works in Release mode is correct, but development mode is not secure and is not suitable for your use case

In development mode, it's possible to upload new code which runs on the device (as the encryption happens inside the ESP32 during the upload process, using the secret key). An attacker can upload a small bootloader program that dumps the rest of the flash contents to UART (decrypted, because this is running in the bootloader mode) or otherwise releases it.

For production use, you need to enable flash encryption in Release Mode.


Angus

bonmotwang
Posts: 42
Joined: Fri Apr 12, 2019 4:25 pm
Location: Canada

Re: Protection on the flash read

Postby bonmotwang » Mon Mar 09, 2020 9:23 am

Thanks Angus. Now I understand!
A couple more questions:
1) After I set the module to release mode can I change it back to development mode or plain text mode?
2) I am trying to avoid OTA in production. Is it possible? Thanks again

mohasrj
Posts: 33
Joined: Mon Jan 20, 2020 9:38 am

Re: Protection on the flash read

Postby mohasrj » Wed Apr 01, 2020 9:47 am

hi ,

please some one can help me ?

i have problem, when i enabled flah encryption development mode, the size of bootloader (0x7000 = 28672 BYTE) increase , so to solve that i increase the partition table offset from 0x8000 to 0x10000, that work in the first boot, but when i reset esp32 i have this error in TERMINAL :
Attachments
flash.PNG
pic
flash.PNG (233.64 KiB) Viewed 5048 times

Who is online

Users browsing this forum: Baidu [Spider], Google [Bot] and 94 guests