Thanks for the quick response!
I think, that other developers will be happy to see this brief description of fuses and your answer in the documentation in one place under the heading "When the chip is fully protected." That there was no need to collect crumbs of knowledge on the large text of all documentation.
Sending encrypted flash content via esptool.py
Re: Sending encrypted flash content via esptool.py
Regarding OTA, is it possible to upload pre-encrypted image? (Since the point is not leaking the firmware binary).ESP_Angus wrote: ↑Wed Sep 19, 2018 7:38 amOK. If your main concern is not leaking the firmware binary, and you don't use secure boot, then this makes sense.davdav wrote: Yes I'm aware of that, but the device we produce have the same firrmware. Therefore, from a "probability point of view" having a pre-generated key or let esp32 to burn its key it doesn't matter because, choosen one device, once you have find the key and you got the firmware of the "product". For sure if we are going to have another product we will pre-generate another key.
Re: Sending encrypted flash content via esptool.py
Hi, I'm struggling with this too. My main goal is to protect the firmware, but I want to be able to reflash the devices so I need to burn the key.
I'm thinking about putting the key itself inside the bootloader as the easiest method, but I'm not sure if I can just copy the component, I'm on 3.2 and copying `bootloader` to `components` works, but it doesn't work with bootloader_support (which I need for this. This also allows me to use a button which goes high instead of low when pressed to do a factory reset).
The alternative is to burn the keys and here comes a question:
Let's say I burn SB key and FE key, and the minimal amount of efuses, then flash the encrypted partitions: will the rest of efuses get burned on first boot?
I'm also thinking about adding the burn efuse functionality to a custom flash tool I have written in cpp so I can also run some tests but I'm confused with this: https://esp32.com/viewtopic.php?f=13&t=16083
Burning keys and then flashing is a bit tricky right now, I think it would be nice to have a more straight forward solution for those who can't do OTA easily and don't need full security.
I'm thinking about putting the key itself inside the bootloader as the easiest method, but I'm not sure if I can just copy the component, I'm on 3.2 and copying `bootloader` to `components` works, but it doesn't work with bootloader_support (which I need for this. This also allows me to use a button which goes high instead of low when pressed to do a factory reset).
The alternative is to burn the keys and here comes a question:
Let's say I burn SB key and FE key, and the minimal amount of efuses, then flash the encrypted partitions: will the rest of efuses get burned on first boot?
I'm also thinking about adding the burn efuse functionality to a custom flash tool I have written in cpp so I can also run some tests but I'm confused with this: https://esp32.com/viewtopic.php?f=13&t=16083
Burning keys and then flashing is a bit tricky right now, I think it would be nice to have a more straight forward solution for those who can't do OTA easily and don't need full security.
Who is online
Users browsing this forum: No registered users and 77 guests