forked from espressif/esp-idf
bootloader: add flash encryption support for C3
Adds flash encryption support for C3 and updates docs for S2 & C3
This commit is contained in:
Marius Vikhammer
@@ -105,29 +105,62 @@ The flash encryption operation is controlled by various eFuses available on {IDF
|
||||
- 256
|
||||
- Yes
|
||||
- x
|
||||
* - ``EFUSE_KEY_PURPOSE_N``
|
||||
* - ``KEY_PURPOSE_N``
|
||||
- Controls the purpose of eFuse block ``KEYN``, where N is between 0 and 5. Possible values: ``2`` for ``XTS_AES_256_KEY_1`` , ``3`` for ``XTS_AES_256_KEY_2``, and ``4`` for ``XTS_AES_128_KEY``. Final AES key is derived based on the value of one or two of these purpose eFuses. For a detailed description of the possible combinations see `{IDF_TARGET_NAME} Technical Reference Manual <{IDF_TARGET_TRM_EN_URL}>`_, chapter Flash Encryption.
|
||||
- 4
|
||||
- Yes
|
||||
- 0
|
||||
* - ``EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT``
|
||||
* - ``DIS_DOWNLOAD_MANUAL_ENCRYPT``
|
||||
- If set, disables flash encryption when in download bootmodes.
|
||||
- 1
|
||||
- Yes
|
||||
- 0
|
||||
* - ``EFUSE_SPI_BOOT_CRYPT_CNT``
|
||||
* - ``SPI_BOOT_CRYPT_CNT``
|
||||
- Enables encryption and decryption, when an SPI boot mode is set. Feature is enabled if 1 or 3 bits are set in the eFuse, disabled otherwise.
|
||||
- 3
|
||||
- Yes
|
||||
- 0
|
||||
|
||||
Read and write access to eFuse bits is controlled by appropriate fields in the registers ``EFUSE_WR_DIS`` and ``EFUSE_RD_DIS``. For more information on {IDF_TARGET_NAME} eFuses, see :doc:`eFuse manager <../api-reference/system/efuse>`.
|
||||
.. only:: esp32c3
|
||||
|
||||
.. list-table:: eFuses Used in Flash Encryption
|
||||
:widths: 25 40 10 15 10
|
||||
:header-rows: 0
|
||||
|
||||
* - **eFuse**
|
||||
- **Description**
|
||||
- **Bit Depth**
|
||||
- **Locking for Reading/Writing Available**
|
||||
- **Default Value**
|
||||
* - ``KEYN``
|
||||
- AES key storage. N is between 0 and 5.
|
||||
- 256
|
||||
- Yes
|
||||
- x
|
||||
* - ``KEY_PURPOSE_N``
|
||||
- Controls the purpose of eFuse block ``KEYN``, where N is between 0 and 5. For flash encryption the only valid value is `XTS_AES_128_KEY`.
|
||||
- 4
|
||||
- Yes
|
||||
- 0
|
||||
* - ``DIS_DOWNLOAD_MANUAL_ENCRYPT``
|
||||
- If set, disables flash encryption when in download bootmodes.
|
||||
- 1
|
||||
- Yes
|
||||
- 0
|
||||
* - ``SPI_BOOT_CRYPT_CNT``
|
||||
- Enables encryption and decryption, when an SPI boot mode is set. Feature is enabled if 1 or 3 bits are set in the eFuse, disabled otherwise.
|
||||
- 3
|
||||
- Yes
|
||||
- 0
|
||||
|
||||
|
||||
Read and write access to eFuse bits is controlled by appropriate fields in the registers ``WR_DIS`` and ``RD_DIS``. For more information on {IDF_TARGET_NAME} eFuses, see :doc:`eFuse manager <../api-reference/system/efuse>`.
|
||||
|
||||
|
||||
Flash Encryption Process
|
||||
------------------------
|
||||
|
||||
{IDF_TARGET_CRYPT_CNT:default="EFUSE_SPI_BOOT_CRYPT_CNT",esp32="FLASH_CRYPT_CNT",esp32s2="EFUSE_SPI_BOOT_CRYPT_CNT"}
|
||||
{IDF_TARGET_CRYPT_CNT:default="EFUSE_SPI_BOOT_CRYPT_CNT",esp32="FLASH_CRYPT_CNT",esp32s2="EFUSE_SPI_BOOT_CRYPT_CNT",esp32c3="SPI_BOOT_CRYPT_CNT"}
|
||||
|
||||
Assuming that the eFuse values are in their default states and the firmware bootloader is compiled to support flash encryption, the flash encryption process executes as shown below:
|
||||
|
||||
@@ -153,20 +186,37 @@ Assuming that the eFuse values are in their default states and the firmware boot
|
||||
|
||||
1. On the first power-on reset, all data in flash is un-encrypted (plaintext). The ROM bootloader loads the firmware bootloader.
|
||||
|
||||
2. Firmware bootloader reads the ``EFUSE_SPI_BOOT_CRYPT_CNT`` eFuse value (``0b00000000``). Since the value is ``0`` (even number of bits set), it configures and enables the flash encryption block. For more information on the flash encryption block, see `{IDF_TARGET_NAME} Technical Reference Manual <{IDF_TARGET_TRM_EN_URL}>`_.
|
||||
2. Firmware bootloader reads the ``SPI_BOOT_CRYPT_CNT`` eFuse value (``0b000``). Since the value is ``0`` (even number of bits set), it configures and enables the flash encryption block. For more information on the flash encryption block, see `{IDF_TARGET_NAME} Technical Reference Manual <{IDF_TARGET_TRM_EN_URL}>`_.
|
||||
|
||||
3. Flash encryption block generates an 256 bit or 512 bit key, depending on the value of :ref:`Size of generated AES-XTS key <CONFIG_SECURE_FLASH_ENCRYPTION_KEYSIZE>`, and writes it into respectively one or two `KEYN` eFuses. The software also updates the ``EFUSE_KEY_PURPOSE_N`` for the blocks where the keys where stored. This operation is done entirely by hardware, and the key cannot be accessed via software.
|
||||
3. Flash encryption block generates an 256 bit or 512 bit key, depending on the value of :ref:`Size of generated AES-XTS key <CONFIG_SECURE_FLASH_ENCRYPTION_KEYSIZE>`, and writes it into respectively one or two `KEYN` eFuses. The software also updates the ``KEY_PURPOSE_N`` for the blocks where the keys where stored. This operation is done entirely by hardware, and the key cannot be accessed via software.
|
||||
|
||||
4. Flash encryption block encrypts the flash contents - partitions encrypted by default and the ones marked as ``encrypted``. Encrypting in-place can take time, up to a minute for large partitions.
|
||||
|
||||
5. Firmware bootloader sets the first available bit in ``EFUSE_SPI_BOOT_CRYPT_CNT`` (0b00000001) to mark the flash contents as encrypted. Odd number of bits is set.
|
||||
5. Firmware bootloader sets the first available bit in ``SPI_BOOT_CRYPT_CNT`` (0b001) to mark the flash contents as encrypted. Odd number of bits is set.
|
||||
|
||||
6. For :ref:`flash-enc-development-mode`, the firmware bootloader allows the UART bootloader to re-flash encrypted binaries. Also, the ``EFUSE_SPI_BOOT_CRYPT_CNT`` eFuse bits are NOT write-protected.
|
||||
6. For :ref:`flash-enc-development-mode`, the firmware bootloader allows the UART bootloader to re-flash encrypted binaries. Also, the ``SPI_BOOT_CRYPT_CNT`` eFuse bits are NOT write-protected. In addition, the firmware bootloader by default sets the eFuse bits ``DIS_BOOT_REMAP``, ``DIS_DOWNLOAD_ICACHE``, ``DIS_DOWNLOAD_DCACHE``, ``HARD_DIS_JTAG`` and ``DIS_LEGACY_SPI_BOOT``.
|
||||
|
||||
7. For :ref:`flash-enc-release-mode`, the firmware bootloader sets the eFuse bits ``EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT``, ``EFUSE_DIS_BOOT_REMAP``, ``EFUSE_DIS_DOWNLOAD_ICACHE`` and ``EFUSE_DIS_DOWNLOAD_DCACHE``. It also write-protects the ``EFUSE_SPI_BOOT_CRYPT_CNT`` eFuse bits. To modify this behavior, see :ref:`uart-bootloader-encryption`.
|
||||
7. For :ref:`flash-enc-release-mode`, the firmware bootloader sets all the eFuse bits set under development mode as well as ``DIS_DOWNLOAD_MANUAL_ENCRYPT``. It also write-protects the ``SPI_BOOT_CRYPT_CNT`` eFuse bits. To modify this behavior, see :ref:`uart-bootloader-encryption`.
|
||||
|
||||
8. The device is then rebooted to start executing the encrypted image. The firmware bootloader calls the flash decryption block to decrypt the flash contents and then loads the decrypted contents into IRAM.
|
||||
|
||||
.. only:: esp32c3
|
||||
|
||||
1. On the first power-on reset, all data in flash is un-encrypted (plaintext). The ROM bootloader loads the firmware bootloader.
|
||||
|
||||
2. Firmware bootloader reads the ``SPI_BOOT_CRYPT_CNT`` eFuse value (``0b000``). Since the value is ``0`` (even number of bits set), it configures and enables the flash encryption block. For more information on the flash encryption block, see `{IDF_TARGET_NAME} Technical Reference Manual <{IDF_TARGET_TRM_EN_URL}>`_.
|
||||
|
||||
3. Flash encryption block generates an 256 bit key and writes it into a `KEYN` eFuse. The software also updates the ``KEY_PURPOSE_N`` for the block where the key where stored. This operation is done entirely by hardware, and the key cannot be accessed via software.
|
||||
|
||||
4. Flash encryption block encrypts the flash contents - partitions encrypted by default and the ones marked as ``encrypted``. Encrypting in-place can take time, up to a minute for large partitions.
|
||||
|
||||
5. Firmware bootloader sets the first available bit in ``SPI_BOOT_CRYPT_CNT`` (0b001) to mark the flash contents as encrypted. Odd number of bits is set.
|
||||
|
||||
6. For :ref:`flash-enc-development-mode`, the firmware bootloader allows the UART bootloader to re-flash encrypted binaries. Also, the ``SPI_BOOT_CRYPT_CNT`` eFuse bits are NOT write-protected. In addition, the firmware bootloader by default sets the eFuse bits ``DIS_DOWNLOAD_ICACHE``, ``DIS_PAD_JTAG``, ``DIS_USB_JTAG`` and ``DIS_LEGACY_SPI_BOOT``.
|
||||
|
||||
7. For :ref:`flash-enc-release-mode`, the firmware bootloader sets all the eFuse bits set under development mode as well as ``DIS_DOWNLOAD_MANUAL_ENCRYPT``. It also write-protects the ``SPI_BOOT_CRYPT_CNT`` eFuse bits. To modify this behavior, see :ref:`uart-bootloader-encryption`.
|
||||
|
||||
8. The device is then rebooted to start executing the encrypted image. The firmware bootloader calls the flash decryption block to decrypt the flash contents and then loads the decrypted contents into IRAM.
|
||||
|
||||
During the development stage, there is a frequent need to program different plaintext flash images and test the flash encryption process. This requires that Firmware Download mode is able to load new plaintext images as many times as it might be needed. However, during manufacturing or production stages, Firmware Download mode should not be allowed to access flash contents for security reasons.
|
||||
|
||||
@@ -218,7 +268,11 @@ To test flash encryption process, take the following steps:
|
||||
|
||||
.. only:: esp32
|
||||
|
||||
Enabling flash encryption will increase the size of bootloader, which might require updating partition table offset. See :ref:`secure-boot-bootloader-size`
|
||||
Enabling flash encryption will increase the size of bootloader, which might require updating partition table offset. See :ref:`secure-boot-bootloader-size` for secure-boot-v1 or :ref:`secure-boot-v2-bootloader-size` for secure-boot-v2.
|
||||
|
||||
.. only:: not esp32
|
||||
|
||||
Enabling flash encryption will increase the size of bootloader, which might require updating partition table offset. See :ref:`secure-boot-v2-bootloader-size`.
|
||||
|
||||
3. Run the command given below to build and flash the complete image.
|
||||
|
||||
@@ -230,144 +284,16 @@ To test flash encryption process, take the following steps:
|
||||
|
||||
A sample output of the first {IDF_TARGET_NAME} boot after enabling flash encryption is given below:
|
||||
|
||||
.. code-block:: bash
|
||||
.. include:: {IDF_TARGET_TOOLCHAIN_NAME}_log.inc
|
||||
:start-after: first_boot_enc
|
||||
:end-before: ------
|
||||
|
||||
--- idf_monitor on /dev/cu.SLAB_USBtoUART 115200 ---
|
||||
--- Quit: Ctrl+] | Menu: Ctrl+T | Help: Ctrl+T followed by Ctrl+H ---
|
||||
ets Jun 8 2016 00:22:57
|
||||
|
||||
rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
|
||||
configsip: 0, SPIWP:0xee
|
||||
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
|
||||
mode:DIO, clock div:2
|
||||
load:0x3fff0018,len:4
|
||||
load:0x3fff001c,len:8452
|
||||
load:0x40078000,len:13608
|
||||
load:0x40080400,len:6664
|
||||
entry 0x40080764
|
||||
I (28) boot: ESP-IDF v4.0-dev-850-gc4447462d-dirty 2nd stage bootloader
|
||||
I (29) boot: compile time 15:37:14
|
||||
I (30) boot: Enabling RNG early entropy source...
|
||||
I (35) boot: SPI Speed : 40MHz
|
||||
I (39) boot: SPI Mode : DIO
|
||||
I (43) boot: SPI Flash Size : 4MB
|
||||
I (47) boot: Partition Table:
|
||||
I (51) boot: ## Label Usage Type ST Offset Length
|
||||
I (58) boot: 0 nvs WiFi data 01 02 0000a000 00006000
|
||||
I (66) boot: 1 phy_init RF data 01 01 00010000 00001000
|
||||
I (73) boot: 2 factory factory app 00 00 00020000 00100000
|
||||
I (81) boot: End of partition table
|
||||
I (85) esp_image: segment 0: paddr=0x00020020 vaddr=0x3f400020 size=0x0808c ( 32908) map
|
||||
I (105) esp_image: segment 1: paddr=0x000280b4 vaddr=0x3ffb0000 size=0x01ea4 ( 7844) load
|
||||
I (109) esp_image: segment 2: paddr=0x00029f60 vaddr=0x40080000 size=0x00400 ( 1024) load
|
||||
0x40080000: _WindowOverflow4 at esp-idf/esp-idf/components/freertos/xtensa_vectors.S:1778
|
||||
|
||||
I (114) esp_image: segment 3: paddr=0x0002a368 vaddr=0x40080400 size=0x05ca8 ( 23720) load
|
||||
I (132) esp_image: segment 4: paddr=0x00030018 vaddr=0x400d0018 size=0x126a8 ( 75432) map
|
||||
0x400d0018: _flash_cache_start at ??:?
|
||||
|
||||
I (159) esp_image: segment 5: paddr=0x000426c8 vaddr=0x400860a8 size=0x01f4c ( 8012) load
|
||||
0x400860a8: prvAddNewTaskToReadyList at esp-idf/esp-idf/components/freertos/tasks.c:4561
|
||||
|
||||
I (168) boot: Loaded app from partition at offset 0x20000
|
||||
I (168) boot: Checking flash encryption...
|
||||
I (168) flash_encrypt: Generating new flash encryption key...
|
||||
I (187) flash_encrypt: Read & write protecting new key...
|
||||
I (187) flash_encrypt: Setting CRYPT_CONFIG efuse to 0xF
|
||||
W (188) flash_encrypt: Not disabling UART bootloader encryption
|
||||
I (195) flash_encrypt: Disable UART bootloader decryption...
|
||||
I (201) flash_encrypt: Disable UART bootloader MMU cache...
|
||||
I (208) flash_encrypt: Disable JTAG...
|
||||
I (212) flash_encrypt: Disable ROM BASIC interpreter fallback...
|
||||
I (219) esp_image: segment 0: paddr=0x00001020 vaddr=0x3fff0018 size=0x00004 ( 4)
|
||||
I (227) esp_image: segment 1: paddr=0x0000102c vaddr=0x3fff001c size=0x02104 ( 8452)
|
||||
I (239) esp_image: segment 2: paddr=0x00003138 vaddr=0x40078000 size=0x03528 ( 13608)
|
||||
I (249) esp_image: segment 3: paddr=0x00006668 vaddr=0x40080400 size=0x01a08 ( 6664)
|
||||
I (657) esp_image: segment 0: paddr=0x00020020 vaddr=0x3f400020 size=0x0808c ( 32908) map
|
||||
I (669) esp_image: segment 1: paddr=0x000280b4 vaddr=0x3ffb0000 size=0x01ea4 ( 7844)
|
||||
I (672) esp_image: segment 2: paddr=0x00029f60 vaddr=0x40080000 size=0x00400 ( 1024)
|
||||
0x40080000: _WindowOverflow4 at esp-idf/esp-idf/components/freertos/xtensa_vectors.S:1778
|
||||
|
||||
I (676) esp_image: segment 3: paddr=0x0002a368 vaddr=0x40080400 size=0x05ca8 ( 23720)
|
||||
I (692) esp_image: segment 4: paddr=0x00030018 vaddr=0x400d0018 size=0x126a8 ( 75432) map
|
||||
0x400d0018: _flash_cache_start at ??:?
|
||||
|
||||
I (719) esp_image: segment 5: paddr=0x000426c8 vaddr=0x400860a8 size=0x01f4c ( 8012)
|
||||
0x400860a8: prvAddNewTaskToReadyList at esp-idf/esp-idf/components/freertos/tasks.c:4561
|
||||
|
||||
I (722) flash_encrypt: Encrypting partition 2 at offset 0x20000...
|
||||
I (13229) flash_encrypt: Flash encryption completed
|
||||
I (13229) boot: Resetting with flash encryption enabled...
|
||||
|
||||
A sample output of subsequent {IDF_TARGET_NAME} boots just mentions that flash encryption is already enabled:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
|
||||
configsip: 0, SPIWP:0xee
|
||||
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
|
||||
mode:DIO, clock div:2
|
||||
load:0x3fff0018,len:4
|
||||
load:0x3fff001c,len:8452
|
||||
load:0x40078000,len:13652
|
||||
ho 0 tail 12 room 4
|
||||
load:0x40080400,len:6664
|
||||
entry 0x40080764
|
||||
I (30) boot: ESP-IDF v4.0-dev-850-gc4447462d-dirty 2nd stage bootloader
|
||||
I (30) boot: compile time 16:32:53
|
||||
I (31) boot: Enabling RNG early entropy source...
|
||||
I (37) boot: SPI Speed : 40MHz
|
||||
I (41) boot: SPI Mode : DIO
|
||||
I (45) boot: SPI Flash Size : 4MB
|
||||
I (49) boot: Partition Table:
|
||||
I (52) boot: ## Label Usage Type ST Offset Length
|
||||
I (60) boot: 0 nvs WiFi data 01 02 0000a000 00006000
|
||||
I (67) boot: 1 phy_init RF data 01 01 00010000 00001000
|
||||
I (75) boot: 2 factory factory app 00 00 00020000 00100000
|
||||
I (82) boot: End of partition table
|
||||
I (86) esp_image: segment 0: paddr=0x00020020 vaddr=0x3f400020 size=0x0808c ( 32908) map
|
||||
I (107) esp_image: segment 1: paddr=0x000280b4 vaddr=0x3ffb0000 size=0x01ea4 ( 7844) load
|
||||
I (111) esp_image: segment 2: paddr=0x00029f60 vaddr=0x40080000 size=0x00400 ( 1024) load
|
||||
0x40080000: _WindowOverflow4 at esp-idf/esp-idf/components/freertos/xtensa_vectors.S:1778
|
||||
|
||||
I (116) esp_image: segment 3: paddr=0x0002a368 vaddr=0x40080400 size=0x05ca8 ( 23720) load
|
||||
I (134) esp_image: segment 4: paddr=0x00030018 vaddr=0x400d0018 size=0x126a8 ( 75432) map
|
||||
0x400d0018: _flash_cache_start at ??:?
|
||||
|
||||
I (162) esp_image: segment 5: paddr=0x000426c8 vaddr=0x400860a8 size=0x01f4c ( 8012) load
|
||||
0x400860a8: prvAddNewTaskToReadyList at esp-idf/esp-idf/components/freertos/tasks.c:4561
|
||||
|
||||
I (171) boot: Loaded app from partition at offset 0x20000
|
||||
I (171) boot: Checking flash encryption...
|
||||
I (171) flash_encrypt: flash encryption is enabled (3 plaintext flashes left)
|
||||
I (178) boot: Disabling RNG early entropy source...
|
||||
I (184) cpu_start: Pro cpu up.
|
||||
I (188) cpu_start: Application information:
|
||||
I (193) cpu_start: Project name: flash-encryption
|
||||
I (198) cpu_start: App version: v4.0-dev-850-gc4447462d-dirty
|
||||
I (205) cpu_start: Compile time: Jun 17 2019 16:32:52
|
||||
I (211) cpu_start: ELF file SHA256: 8770c886bdf561a7...
|
||||
I (217) cpu_start: ESP-IDF: v4.0-dev-850-gc4447462d-dirty
|
||||
I (224) cpu_start: Starting app cpu, entry point is 0x40080e4c
|
||||
0x40080e4c: call_start_cpu1 at esp-idf/esp-idf/components/{IDF_TARGET_PATH_NAME}/cpu_start.c:265
|
||||
|
||||
I (0) cpu_start: App cpu up.
|
||||
I (235) heap_init: Initializing. RAM available for dynamic allocation:
|
||||
I (241) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
|
||||
I (247) heap_init: At 3FFB2EC8 len 0002D138 (180 KiB): DRAM
|
||||
I (254) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM
|
||||
I (260) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
|
||||
I (266) heap_init: At 40087FF4 len 0001800C (96 KiB): IRAM
|
||||
I (273) cpu_start: Pro cpu start user code
|
||||
I (291) cpu_start: Starting scheduler on PRO CPU.
|
||||
I (0) cpu_start: Starting scheduler on APP CPU.
|
||||
|
||||
Sample program to check Flash Encryption
|
||||
This is ESP32 chip with 2 CPU cores, WiFi/BT/BLE, silicon revision 1, 4MB external flash
|
||||
Flash encryption feature is enabled
|
||||
Flash encryption mode is DEVELOPMENT
|
||||
Flash in encrypted mode with flash_crypt_cnt = 1
|
||||
Halting...
|
||||
.. include:: {IDF_TARGET_TOOLCHAIN_NAME}_log.inc
|
||||
:start-after: already_en_enc
|
||||
:end-before: ------
|
||||
|
||||
At this stage, if you need to update and re-flash binaries, see :ref:`encrypt-partitions`.
|
||||
|
||||
@@ -395,13 +321,31 @@ To use a host generated key, take the following steps:
|
||||
|
||||
espsecure.py generate_flash_encryption_key my_flash_encryption_key.bin
|
||||
|
||||
3. **Before the first encrypted boot**, burn the key into your device's BLOCK1 eFuse using the command below. This action can be done **only once**.
|
||||
3. **Before the first encrypted boot**, burn the key into your device's eFuse using the command below. This action can be done **only once**.
|
||||
|
||||
.. only:: esp32
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
espefuse.py --port PORT burn_key flash_encryption my_flash_encryption_key.bin
|
||||
|
||||
If the key is not burned and the device is started after enabling flash encryption, the {IDF_TARGET_NAME} will generate a random key that software cannot access or modify.
|
||||
.. only:: esp32s2
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key.bin KEYPURPOSE
|
||||
|
||||
where `BLOCK` is a free keyblock between `BLOCK_KEY0` and `BLOCK_KEY5`. And `KEYPURPOSE` is either `AES_256_KEY_1`, `XTS_AES_256_KEY_2`, `XTS_AES_128_KEY`. See `{IDF_TARGET_NAME} Technical Reference Manual <{IDF_TARGET_TRM_EN_URL}>`_ for a description of the key purposes.
|
||||
|
||||
.. only:: esp32c3
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
espefuse.py --port PORT burn_key BLOCK my_flash_encryption_key.bin XTS_AES_128_KEY
|
||||
|
||||
where `BLOCK` is a free keyblock between `BLOCK_KEY0` and `BLOCK_KEY5`.
|
||||
|
||||
If the key is not burned and the device is started after enabling flash encryption, the {IDF_TARGET_NAME} will generate a random key that software cannot access or modify.
|
||||
|
||||
4. In :ref:`project-configuration-menu`, do the following:
|
||||
|
||||
@@ -412,7 +356,11 @@ To use a host generated key, take the following steps:
|
||||
|
||||
.. only:: esp32
|
||||
|
||||
Enabling flash encryption will increase the size of bootloader, which might require updating partition table offset. See :ref:`secure-boot-bootloader-size`
|
||||
Enabling flash encryption will increase the size of bootloader, which might require updating partition table offset. See :ref:`secure-boot-bootloader-size` for secure-boot-v1 or :ref:`secure-boot-v2-bootloader-size` for secure-boot-v2.
|
||||
|
||||
.. only:: not esp32
|
||||
|
||||
Enabling flash encryption will increase the size of bootloader, which might require updating partition table offset. See :ref:`secure-boot-v2-bootloader-size`.
|
||||
|
||||
5. Run the command given below to build and flash the complete.
|
||||
|
||||
@@ -462,14 +410,18 @@ To use this mode, take the following steps:
|
||||
|
||||
- :ref:`Enable flash encryption on boot <CONFIG_SECURE_FLASH_ENC_ENABLED>`
|
||||
:esp32: - :ref:`Select Release mode <CONFIG_SECURE_FLASH_ENCRYPTION_MODE>` (Note that once Release mode is selected, the ``download_dis_encrypt`` and ``download_dis_decrypt`` eFuse bits will be burned to disable UART bootloader access to flash contents)
|
||||
:esp32s2: - :ref:`Select Release mode <CONFIG_SECURE_FLASH_ENCRYPTION_MODE>` (Note that once Release mode is selected, the ``EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT`` eFuse bit will be burned to disable UART bootloader access to flash contents)
|
||||
:not esp32: - :ref:`Select Release mode <CONFIG_SECURE_FLASH_ENCRYPTION_MODE>` (Note that once Release mode is selected, the ``EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT`` eFuse bit will be burned to disable UART bootloader access to flash contents)
|
||||
:esp32s2: - Set :ref:`Size of generated AES-XTS key <CONFIG_SECURE_FLASH_ENCRYPTION_KEYSIZE>`
|
||||
- :ref:`Select the appropriate bootloader log verbosity <CONFIG_BOOTLOADER_LOG_LEVEL>`
|
||||
- Save the configuration and exit.
|
||||
|
||||
.. only:: esp32
|
||||
|
||||
Enabling flash encryption will increase the size of bootloader, which might require updating partition table offset. See :ref:`secure-boot-bootloader-size`
|
||||
Enabling flash encryption will increase the size of bootloader, which might require updating partition table offset. See :ref:`secure-boot-bootloader-size` for secure-boot-v1 or :ref:`secure-boot-v2-bootloader-size` for secure-boot-v2.
|
||||
|
||||
.. only:: not esp32
|
||||
|
||||
Enabling flash encryption will increase the size of bootloader, which might require updating partition table offset. See :ref:`secure-boot-v2-bootloader-size`.
|
||||
|
||||
3. Run the command given below to build and flash the complete image.
|
||||
|
||||
@@ -495,9 +447,8 @@ When using Flash Encryption in production:
|
||||
|
||||
- Do not reuse the same flash encryption key between multiple devices. This means that an attacker who copies encrypted data from one device cannot transfer it to a second device.
|
||||
:esp32: - When using ESP32 V3, if the UART ROM Download Mode is not needed for a production device then it should be disabled to provide an extra level of protection. Do this by calling :cpp:func:`esp_efuse_disable_rom_download_mode` during application startup. Alternatively, configure the project :ref:`CONFIG_ESP32_REV_MIN` level to 3 (targeting ESP32 V3 only) and enable :ref:`CONFIG_SECURE_DISABLE_ROM_DL_MODE`. The ability to disable ROM Download Mode is not available on earlier ESP32 versions.
|
||||
:esp32s2: - The UART ROM Download Mode should be disabled entirely if it is not needed, or permanently set to "Secure Download Mode" otherwise. Secure Download Mode permanently limits the available commands to basic flash read and write only. The default behaviour is to set Secure Download Mode on first boot in Release mode. To disable Download Mode entirely, enable configuration option :ref:`CONFIG_SECURE_DISABLE_ROM_DL_MODE` or call :cpp:func:`esp_efuse_disable_rom_download_mode` at runtime.
|
||||
:esp32: - Enable :doc:`Secure Boot <secure-boot-v2>` as an extra layer of protection, and to prevent an attacker from selectively corrupting any part of the flash before boot.
|
||||
:esp32s2: - Enable Secure Boot as an extra layer of protection, and to prevent an attacker from selectively corrupting any part of the flash before boot.
|
||||
:not esp32: - The UART ROM Download Mode should be disabled entirely if it is not needed, or permanently set to "Secure Download Mode" otherwise. Secure Download Mode permanently limits the available commands to basic flash read and write only. The default behaviour is to set Secure Download Mode on first boot in Release mode. To disable Download Mode entirely, enable configuration option :ref:`CONFIG_SECURE_DISABLE_ROM_DL_MODE` or call :cpp:func:`esp_efuse_disable_rom_download_mode` at runtime.
|
||||
- Enable :doc:`Secure Boot <secure-boot-v2>` as an extra layer of protection, and to prevent an attacker from selectively corrupting any part of the flash before boot.
|
||||
|
||||
Possible Failures
|
||||
-----------------
|
||||
@@ -506,6 +457,8 @@ Once flash encryption is enabled, the ``{IDF_TARGET_CRYPT_CNT}`` eFuse value wil
|
||||
|
||||
1. If the bootloader partition is re-flashed with a **plaintext firmware bootloader image**, the ROM bootloader will fail to load the firmware bootloader resulting in the following failure:
|
||||
|
||||
.. only:: esp32
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
rst:0x3 (SW_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
|
||||
@@ -533,6 +486,23 @@ Once flash encryption is enabled, the ``{IDF_TARGET_CRYPT_CNT}`` eFuse value wil
|
||||
ets_main.c 371
|
||||
ets Jun 8 2016 00:22:57
|
||||
|
||||
.. only:: not esp32
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
rst:0x3 (SW_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
|
||||
invalid header: 0xb414f76b
|
||||
invalid header: 0xb414f76b
|
||||
invalid header: 0xb414f76b
|
||||
invalid header: 0xb414f76b
|
||||
invalid header: 0xb414f76b
|
||||
invalid header: 0xb414f76b
|
||||
invalid header: 0xb414f76b
|
||||
|
||||
.. note::
|
||||
|
||||
The value of invalid header will be different for every application.
|
||||
|
||||
.. note::
|
||||
|
||||
This error also appears if the flash contents are erased or corrupted.
|
||||
@@ -690,13 +660,13 @@ For general information about ESP-IDF OTA updates, please refer to :doc:`OTA <..
|
||||
Disabling Flash Encryption
|
||||
--------------------------
|
||||
|
||||
If flash encryption was enabled accidentally, flashing of plaintext data will soft-brick the {IDF_TARGET_NAME}. The device will reboot continuously, printing the error ``flash read err, 1000``.
|
||||
If flash encryption was enabled accidentally, flashing of plaintext data will soft-brick the {IDF_TARGET_NAME}. The device will reboot continuously, printing the error ``flash read err, 1000`` or ``invalid header: 0xXXXXXX``.
|
||||
|
||||
.. only:: esp32
|
||||
|
||||
For flash encryption in Development mode, encryption can be disabled by burning the ``{IDF_TARGET_CRYPT_CNT}`` eFuse. It can only be done three times per chip by taking the following steps:
|
||||
|
||||
.. only:: esp32s2
|
||||
.. only:: esp32s2 or esp32c3
|
||||
|
||||
For flash encryption in Development mode, encryption can be disabled by burning the ``{IDF_TARGET_CRYPT_CNT}`` eFuse. It can only be done one time per chip by taking the following steps:
|
||||
|
||||
@@ -723,6 +693,8 @@ Key Points About Flash Encryption
|
||||
|
||||
:esp32s2: - Flash memory contents are encrypted using XTS-AES-128 or XTS-AES-256. The flash encryption key is 256 bits and 512 bits respectively and stored one or two ``KEYN`` eFuses internal to the chip and, by default, is protected from software access.
|
||||
|
||||
:esp32c3: - Flash memory contents are encrypted using XTS-AES-128. The flash encryption key is 256 bits and stored one``KEYN`` eFuse internal to the chip and, by default, is protected from software access.
|
||||
|
||||
- Flash access is transparent via the flash cache mapping feature of {IDF_TARGET_NAME} - any flash regions which are mapped to the address space will be transparently decrypted when read.
|
||||
|
||||
Some data partitions might need to remain unencrypted for ease of access or might require the use of flash-friendly update algorithms which are ineffective if the data is encrypted. NVS partitions for non-volatile storage cannot be encrypted since the NVS library is not directly compatible with flash encryption. For details, refer to :ref:`NVS Encryption <nvs_encryption>`.
|
||||
@@ -733,7 +705,11 @@ Key Points About Flash Encryption
|
||||
|
||||
.. only:: esp32
|
||||
|
||||
The firmware bootloader app binary ``bootloader.bin`` might become too large if both secure boot and flash encryption are enabled. See :ref:`secure-boot-bootloader-size`.
|
||||
Enabling flash encryption will increase the size of bootloader, which might require updating partition table offset. See :ref:`secure-boot-bootloader-size` for secure-boot-v1 or :ref:`secure-boot-v2-bootloader-size` for secure-boot-v2.
|
||||
|
||||
.. only:: not esp32
|
||||
|
||||
Enabling flash encryption will increase the size of bootloader, which might require updating partition table offset. See :ref:`secure-boot-v2-bootloader-size`.
|
||||
|
||||
.. important::
|
||||
|
||||
@@ -752,8 +728,7 @@ Flash encryption protects firmware against unauthorised readout and modification
|
||||
- Not all data is stored encrypted. If storing data on flash, check if the method you are using (library, API, etc.) supports flash encryption.
|
||||
- Flash encryption does not prevent an attacker from understanding the high-level layout of the flash. This is because the same AES key is used for every pair of adjacent 16 byte AES blocks. When these adjacent 16 byte blocks contain identical content (such as empty or padding areas), these blocks will encrypt to produce matching pairs of encrypted blocks. This may allow an attacker to make high-level comparisons between encrypted devices (i.e. to tell if two devices are probably running the same firmware version).
|
||||
:esp32: - For the same reason, an attacker can always tell when a pair of adjacent 16 byte blocks (32 byte aligned) contain two identical 16 byte sequences. Keep this in mind if storing sensitive data on the flash, design your flash storage so this doesn't happen (using a counter byte or some other non-identical value every 16 bytes is sufficient). :ref:`NVS Encryption <nvs_encryption>` deals with this and is suitable for many uses.
|
||||
:esp32: - Flash encryption alone may not prevent an attacker from modifying the firmware of the device. To prevent unauthorised firmware from running on the device, use flash encryption in combination with :doc:`Secure Boot <secure-boot-v2>`.
|
||||
:esp32s2: - Flash encryption alone may not prevent an attacker from modifying the firmware of the device. To prevent unauthorised firmware from running on the device, use flash encryption in combination with Secure Boot.
|
||||
- Flash encryption alone may not prevent an attacker from modifying the firmware of the device. To prevent unauthorised firmware from running on the device, use flash encryption in combination with :doc:`Secure Boot <secure-boot-v2>`.
|
||||
|
||||
.. _flash-encryption-and-secure-boot:
|
||||
|
||||
@@ -816,9 +791,16 @@ On the first boot, the flash encryption process burns by default the following e
|
||||
- ``DISABLE_DL_DECRYPT`` which disables transparent flash decryption when running in UART bootloader mode, even if the eFuse ``FLASH_CRYPT_CNT`` is set to enable it in normal operation.
|
||||
- ``DISABLE_DL_CACHE`` which disables the entire MMU flash cache when running in UART bootloader mode.
|
||||
|
||||
.. only:: esp32s2
|
||||
.. only:: esp32s2 or esp32c3
|
||||
|
||||
- ``EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT`` flash encryption operation when running in UART bootloader boot mode.
|
||||
.. list::
|
||||
|
||||
- ``DIS_DOWNLOAD_MANUAL_ENCRYPT`` which disables flash encryption operation when running in UART bootloader boot mode.
|
||||
:esp32s2: - ``DIS_DOWNLOAD_ICACHE`` and ``DIS_DOWNLOAD_DCACHE`` which disables the entire MMU flash cache when running in UART bootloader mode.
|
||||
:esp32c3: - ``DIS_DOWNLOAD_ICACHE`` which disables the entire MMU flash cache when running in UART bootloader mode.
|
||||
:esp32s2: - ``HARD_DIS_JTAG`` which disables JTAG.
|
||||
:esp32c3: - ``DIS_PAD_JTAG`` and ``DIS_USB_JTAG`` which disables JTAG.
|
||||
- ``DIS_LEGACY_SPI_BOOT`` which disables Legacy SPI boot mode
|
||||
|
||||
However, before the first boot you can choose to keep any of these features enabled by burning only selected eFuses and write-protect the rest of eFuses with unset value 0. For example:
|
||||
|
||||
@@ -829,6 +811,13 @@ However, before the first boot you can choose to keep any of these features enab
|
||||
espefuse.py --port PORT burn_efuse DISABLE_DL_DECRYPT
|
||||
espefuse.py --port PORT write_protect_efuse DISABLE_DL_ENCRYPT
|
||||
|
||||
.. only:: esp32s2 or esp32c3
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
espefuse.py --port PORT burn_efuse DIS_DOWNLOAD_MANUAL_ENCRYPT
|
||||
espefuse.py --port PORT write_protect_efuse DIS_DOWNLOAD_MANUAL_ENCRYPT
|
||||
|
||||
.. note::
|
||||
|
||||
Set all appropriate bits before write-protecting!
|
||||
@@ -921,3 +910,17 @@ The following sections provide some reference information about the operation of
|
||||
- The flash encryption key is stored in one or two ``KEYN`` eFuses and, by default, is protected from further writes or software readout.
|
||||
|
||||
- To see the full flash encryption algorithm implemented in Python, refer to the `_flash_encryption_operation()` function in the ``espsecure.py`` source code.
|
||||
|
||||
.. only:: esp32c3
|
||||
|
||||
.. _flash-encryption-algorithm:
|
||||
|
||||
Flash Encryption Algorithm
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
- {IDF_TARGET_NAME} use the XTS-AES block chiper mode with 256 bit size for flash encryption.
|
||||
|
||||
- XTS-AES is a block chiper mode specifically designed for disc encryption and addresses the weaknesses other potential modes (e.g. AES-CTR) have for this use case. A detailed description of the XTS-AES algorithm can be found in `IEEE Std 1619-2007 <https://ieeexplore.ieee.org/document/4493450>`_.
|
||||
|
||||
- The flash encryption key is stored in one ``KEYN`` eFuse and, by default, is protected from further writes or software readout.
|
||||
|
||||
- To see the full flash encryption algorithm implemented in Python, refer to the `_flash_encryption_operation()` function in the ``espsecure.py`` source code.
|
||||
Reference in New Issue
Block a user