当前位置:网站首页>Flash encryption process and implementation of esp32
Flash encryption process and implementation of esp32
2022-07-07 23:33:00 【Little river god is tangled】
List of articles
Preface
After a project is completed , To prevent secondary burning or firmware piracy , Usually program encryption , It's like STM32 Of flash Write protection 、 only ID Program encryption is similar to .
Lexin provides us flash Encryption scheme ,flash The encryption function is used to encrypt and ESP32 Off chip for use flash The content in . Enable flash After the encryption function , Firmware will be burned in clear text , Then encrypt the data at the first startup . therefore , Physical read flash Will not be able to recover most flash Content .
One 、 Be careful
Please familiarize yourself with this article and try to do the encryption experiment , Because encryption is one-time , It may cause the module to become... Due to encryption “ Soft brick ”, After encryption , Will not be available flash_download_tool Tool for firmware burning , You'll get a hint like this :
Two 、flash The encryption process
hypothesis eFuse The value is in the default state , And the boot loader of the firmware is compiled to support flash encryption , be flash The specific process of encryption is as follows :
When the first power on reset ,flash All data in is unencrypted ( Plaintext ).ROM Boot loader loads firmware boot loader .
The boot loader of the firmware will read FLASH_CRYPT_CNT eFuse value (0b0000000). Because the value is 0( Even digit ), The boot loader for the firmware will be configured and enabled flash Encryption block , At the same time FLASH_CRYPT_CONFIG eFuse The value of is programmed to 0xF.
The boot loader of the firmware uses RNG( Random number generation ) Module generation AES-256 A key , And then write it in flash_encryption eFuse in . because flash_encryption eFuse Write and read protection bits have been set , You will not be able to access the key through the software .Flash The encryption operation is completely completed in hardware , The key cannot be accessed through software .
Flash The encryption block will encrypt flash The content of ( Boot loader for firmware 、 Applications 、 And marked with “ encryption ” Mark the partition ). In place encryption may take some time ( For large partitions, it takes up to one minute ).
The firmware boot loader will be in FLASH_CRYPT_CNT (0b0000001) Set the first available bit in to encrypt the encrypted flash Mark the content . Set an odd number of bits .
about Development mode , The firmware boot loader only sets DISABLE_DL_DECRYPT and DISABLE_DL_CACHE Of eFuse position , In order to UART Boot loader reburning encrypted binaries . Besides , FLASH_CRYPT_CNT Of eFuse Bits are not write protected .
about Release pattern , Firmware boot loader settings DISABLE_DL_ENCRYPT、DISABLE_DL_DECRYPT and DISABLE_DL_CACHE Of eFuse Position as 1, To prevent UART Boot loader decrypts flash Content . It's also write protected FLASH_CRYPT_CNT eFuse position . To modify this behavior , see also Enable UART Boot loader encryption / Decrypt .
Restart the device to start the encrypted image . The firmware boot loader calls flash Decrypt the block flash Content , Load the decrypted content into IRAM in .
In short : After the encrypted program starts , First, it will be encrypted by the program boot . Encryption takes time , After encryption is successful , Will be able to FLASH_CRYPT_CNT From 0x0 Turn into 1 or 0xf, Finally start executing the user program .
3、 ... and 、 Encryption mode
Flash There are two modes of encryption , One is the development model 、 The other is the production mode .
3.1 Development mode encryption
Since it's encryption , That must require a key , Lexin also provides us with two methods of encryption or generation of keys :
3.1.1 Use ESP32 The generated key is encrypted
Using this encryption method , The key is unique , And invisible . The key will not be saved in the system file , It will only be randomly generated and burned to efuse Partition .
Be careful :
Before doing the encryption experiment , And ensure that the module does not do any encryption , The query instruction of encryption status is ,(PORT Is the serial port number ):
espefuse.py -p PORT summary
This article will be hello_world Routine as an example to encrypt , stay hello_world Run in directory :
idf.py menuconfig
Do the following :
- Enable at startup flash encryption
- Select publishing mode ( Note that once the publishing mode is selected ,DISABLE_DL_ENCRYPT and DISABLE_DL_DECRYPT eFuse The bit will be programmed at ROM Disable in download mode flash Encryption hardware )
- choice UART ROM Download mode ( It is recommended to permanently disable ) ( Note that this option is only available in CONFIG_ESP32_REV_MIN Level set to 3 when (ESP32 V3) You can use .) The default option is to keep enabled UART ROM Download mode , However, it is recommended to disable this mode permanently , To reduce the options available to attackers .
- Select the boot loader log with the appropriate level of detail
- Save the configuration and exit
And then run directly :
idf.py flash monitor
Screenshot of successful encryption :
Then we can take a look at :FLASH_CRYPT_CNT
You can see ,FLASH_CRYPT_CNT The value of is set to 1; It means that it has been successfully encrypted .
3.1.2 Use the self generated key for encryption
Using the self generated key is actually the step of burning the key , Key generation instruction :
espsecure.py generate_flash_encryption_key my_flash_encryption_key.bin
I suggest saving the key in a separate file , Prevent false deletion . After generating the key , Use the following command to burn the key :
espefuse.py --port PORT burn_key flash_encryption my_flash_encryption_key.bin
next step , It can be based on 3.1.1 Configuration burning in
3.2 Production mode encryption
Use the development mode , Can still be used idf.py Script burning , It's just a limit on the number of times , But you can turn off encryption :
espefuse.py burn_efuse FLASH_CRYPT_CNT
However, the encrypted burning of production mode has no chance of repeated burning , It is usually used in mass production , Because it's disposable , After burning, you can only pass OTA To upgrade the program . Its configuration is as follows :
Use it directly :
idf.py flash monitor
So , The blogger's module becomes “ Soft brick ”:
For more information, please skip :
https://docs.espressif.com/projects/esp-idf/zh_CN/latest/esp32/security/flash-encryption.html#flash-encryption-status
Welcome to your attention : Anxinko Technology
边栏推荐
- FPGA basics catalog
- Explain
- 建筑建材行业SRM供应商云协同管理平台解决方案,实现业务应用可扩展可配置
- B_ QuRT_ User_ Guide(36)
- Caip2021 preliminary VP
- Conversion between commonsmultipartfile and file
- B_ QuRT_ User_ Guide(40)
- LDO voltage stabilizing chip - internal block diagram and selection parameters
- Solve the problem of duplicate request resource paths /o2o/shopadmin/o2o/shopadmin/getproductbyid
- Technology at home and abroad people "see" the future of audio and video technology
猜你喜欢
SAP 内存参数调优过程
Unity3d learning notes 5 - create sub mesh
RE1 attack and defense world reverse
电子设备行业智能供应链协同平台解决方案:解决低效, 赋能产业数字化升级
漏洞复现----49、Apache Airflow 身份验证绕过 (CVE-2020-17526)
ROS2专题(03):ROS1和ROS2的区别【01】
UE4_ Use of ue5 blueprint command node (turn on / off screen response log publish full screen display)
LDO穩壓芯片-內部框圖及選型參數
产业共融新势能,城链科技数字峰会厦门站成功举办
Progress broadcast | all 29 shield machines of Guangzhou Metro Line 7 have been launched
随机推荐
Count the top 10 films at the box office and save them in another file
给出一个数组,如 [7864, 284, 347, 7732, 8498],现在需要将数组中的数字拼接起来,返回「最大的可能拼出的数字」
Extended tree (I) - graphic analysis and C language implementation
turbo intruder常用脚本
PCI-Express接口的PCB布线规则
Solution of intelligent supply chain collaboration platform in electronic equipment industry: solve inefficiency and enable digital upgrading of industry
Oracle database backup and recovery
Senior programmers must know and master. This article explains in detail the principle of MySQL master-slave synchronization, and recommends collecting
2022 Season 6 perfect children's model Shaanxi finals came to a successful conclusion
SAP HR奖罚信息导出
SLAM面试总结
SAP 内存参数调优过程
Add data analysis tools in Excel
ROS2专题(03):ROS1和ROS2的区别【01】
Unity3d learning notes 4 - create mesh advanced interface
Opencv scalar passes in three parameters, which can only be displayed in black, white and gray. Solve the problem
2022 届的应届生都找到工作了吗?做自媒体可以吗?
B_QuRT_User_Guide(38)
2022第六季完美童模陕西总决赛圆满落幕
UE4_ Use of ue5 blueprint command node (turn on / off screen response log publish full screen display)