当前位置:网站首页>Flash encryption process and implementation of esp32
Flash encryption process and implementation of esp32
2022-07-07 23:33:00 【Little river god is tangled】
List of articles
Preface
After a project is completed , To prevent secondary burning or firmware piracy , Usually program encryption , It's like STM32 Of flash Write protection 、 only ID Program encryption is similar to .
Lexin provides us flash Encryption scheme ,flash The encryption function is used to encrypt and ESP32 Off chip for use flash The content in . Enable flash After the encryption function , Firmware will be burned in clear text , Then encrypt the data at the first startup . therefore , Physical read flash Will not be able to recover most flash Content .
One 、 Be careful
Please familiarize yourself with this article and try to do the encryption experiment , Because encryption is one-time , It may cause the module to become... Due to encryption “ Soft brick ”, After encryption , Will not be available flash_download_tool Tool for firmware burning , You'll get a hint like this :
Two 、flash The encryption process
hypothesis eFuse The value is in the default state , And the boot loader of the firmware is compiled to support flash encryption , be flash The specific process of encryption is as follows :
When the first power on reset ,flash All data in is unencrypted ( Plaintext ).ROM Boot loader loads firmware boot loader .
The boot loader of the firmware will read FLASH_CRYPT_CNT eFuse value (0b0000000). Because the value is 0( Even digit ), The boot loader for the firmware will be configured and enabled flash Encryption block , At the same time FLASH_CRYPT_CONFIG eFuse The value of is programmed to 0xF.
The boot loader of the firmware uses RNG( Random number generation ) Module generation AES-256 A key , And then write it in flash_encryption eFuse in . because flash_encryption eFuse Write and read protection bits have been set , You will not be able to access the key through the software .Flash The encryption operation is completely completed in hardware , The key cannot be accessed through software .
Flash The encryption block will encrypt flash The content of ( Boot loader for firmware 、 Applications 、 And marked with “ encryption ” Mark the partition ). In place encryption may take some time ( For large partitions, it takes up to one minute ).
The firmware boot loader will be in FLASH_CRYPT_CNT (0b0000001) Set the first available bit in to encrypt the encrypted flash Mark the content . Set an odd number of bits .
about Development mode , The firmware boot loader only sets DISABLE_DL_DECRYPT and DISABLE_DL_CACHE Of eFuse position , In order to UART Boot loader reburning encrypted binaries . Besides , FLASH_CRYPT_CNT Of eFuse Bits are not write protected .
about Release pattern , Firmware boot loader settings DISABLE_DL_ENCRYPT、DISABLE_DL_DECRYPT and DISABLE_DL_CACHE Of eFuse Position as 1, To prevent UART Boot loader decrypts flash Content . It's also write protected FLASH_CRYPT_CNT eFuse position . To modify this behavior , see also Enable UART Boot loader encryption / Decrypt .
Restart the device to start the encrypted image . The firmware boot loader calls flash Decrypt the block flash Content , Load the decrypted content into IRAM in .
In short : After the encrypted program starts , First, it will be encrypted by the program boot . Encryption takes time , After encryption is successful , Will be able to FLASH_CRYPT_CNT From 0x0 Turn into 1 or 0xf, Finally start executing the user program .
3、 ... and 、 Encryption mode
Flash There are two modes of encryption , One is the development model 、 The other is the production mode .
3.1 Development mode encryption
Since it's encryption , That must require a key , Lexin also provides us with two methods of encryption or generation of keys :
3.1.1 Use ESP32 The generated key is encrypted
Using this encryption method , The key is unique , And invisible . The key will not be saved in the system file , It will only be randomly generated and burned to efuse Partition .
Be careful :
Before doing the encryption experiment , And ensure that the module does not do any encryption , The query instruction of encryption status is ,(PORT Is the serial port number ):
espefuse.py -p PORT summary
This article will be hello_world Routine as an example to encrypt , stay hello_world Run in directory :
idf.py menuconfig
Do the following :
- Enable at startup flash encryption
- Select publishing mode ( Note that once the publishing mode is selected ,DISABLE_DL_ENCRYPT and DISABLE_DL_DECRYPT eFuse The bit will be programmed at ROM Disable in download mode flash Encryption hardware )
- choice UART ROM Download mode ( It is recommended to permanently disable ) ( Note that this option is only available in CONFIG_ESP32_REV_MIN Level set to 3 when (ESP32 V3) You can use .) The default option is to keep enabled UART ROM Download mode , However, it is recommended to disable this mode permanently , To reduce the options available to attackers .
- Select the boot loader log with the appropriate level of detail
- Save the configuration and exit
And then run directly :
idf.py flash monitor
Screenshot of successful encryption :
Then we can take a look at :FLASH_CRYPT_CNT
You can see ,FLASH_CRYPT_CNT The value of is set to 1; It means that it has been successfully encrypted .
3.1.2 Use the self generated key for encryption
Using the self generated key is actually the step of burning the key , Key generation instruction :
espsecure.py generate_flash_encryption_key my_flash_encryption_key.bin
I suggest saving the key in a separate file , Prevent false deletion . After generating the key , Use the following command to burn the key :
espefuse.py --port PORT burn_key flash_encryption my_flash_encryption_key.bin
next step , It can be based on 3.1.1 Configuration burning in
3.2 Production mode encryption
Use the development mode , Can still be used idf.py Script burning , It's just a limit on the number of times , But you can turn off encryption :
espefuse.py burn_efuse FLASH_CRYPT_CNT
However, the encrypted burning of production mode has no chance of repeated burning , It is usually used in mass production , Because it's disposable , After burning, you can only pass OTA To upgrade the program . Its configuration is as follows :
Use it directly :
idf.py flash monitor
So , The blogger's module becomes “ Soft brick ”:
For more information, please skip :
https://docs.espressif.com/projects/esp-idf/zh_CN/latest/esp32/security/flash-encryption.html#flash-encryption-status
Welcome to your attention : Anxinko Technology
边栏推荐
- Turbo introder common scripts
- 做自媒体视频剪辑怎么赚钱呢?
- The efficient s2b2c e-commerce system helps electronic material enterprises improve their adaptability in this way
- As a new force, chenglian premium products was initially injected, and the shares of relevant listed companies rose 150% in response
- Summary of common methods of object class (September 14, 2020)
- Unity3d learning notes 5 - create sub mesh
- 【7.4】25. K 个一组翻转链表
- Mysql索引优化实战二
- New potential energy of industrial integration, Xiamen station of city chain technology digital summit successfully held
- 在软件工程领域,搞科研的这十年!
猜你喜欢
LDO voltage stabilizing chip - internal block diagram and selection parameters
SAP HR 劳动合同信息 0016
Progress broadcast | all 29 shield machines of Guangzhou Metro Line 7 have been launched
Live-Server使用
Lm12 rolling heikin Ashi double K-line filter
Explain
漏洞复现----49、Apache Airflow 身份验证绕过 (CVE-2020-17526)
SAP HR 社会工作经历 0023
B_ QuRT_ User_ Guide(36)
Three questions TDM
随机推荐
Add data analysis tools in Excel
Mysql索引优化实战二
电子设备行业智能供应链协同平台解决方案:解决低效, 赋能产业数字化升级
HDU 4747 mex "recommended collection"
在软件工程领域,搞科研的这十年!
Senior programmers must know and master. This article explains in detail the principle of MySQL master-slave synchronization, and recommends collecting
re1攻防世界逆向
8.31 Tencent interview
leetcode-520. Detect capital letters -js
2022 certified surveyors are still at a loss when preparing for the exam? Teach you how to take the exam hand in hand?
Solution: prompt "unsupported video format" when inserting avi format video into the message
UE4_ Use of ue5 blueprint command node (turn on / off screen response log publish full screen display)
LDO voltage stabilizing chip - internal block diagram and selection parameters
windows设置redis开启自动启动
UE4_ Ue5 panoramic camera
Technology at home and abroad people "see" the future of audio and video technology
SLAM面试总结
turbo intruder常用脚本
LeeCode -- 6. Zigzag transformation
系统设计概述