encryptionesp32esp-idfflash-memory

ESP32-c3 Flash encryption is acting not as intended


I was trying to implement Flash encryption on my ESP32-c3-mini-1 project using VScode and esp-idf extension. The task was to lock flash, so no one could read the firmware. After doing some research on official documentation page, Flash encryption seemed like solution I needed. So I started by implementing Develop mode encryption using my own key. I followed guide how to generate key, how to burn it into eFuse. Then via menuconfig adjusted the settings. Disabled Bootloader messages to fit in partition size. After doing everything I flashed test fw to see if it flashed successfully. It worked fine, then I changed my code a bit (basically, I printed different text) and flashed it again. Then, I tried reading flash data using this command

esptool.py --port COMX --baud 115200 read_flash 0 0x400000 on_off.bin

And well I managed to read out .bin file. Then after flashing it using this command:

esptool.py --chip esp32-c3 --port COMX --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size 4MB 0x00 C:\Users\pkasu\Desktop\test_workspace\on_off.bin

everything seemed to work. To sum up, I managed to read out encrypted Flash data, so what is the whole point of encryption if I can simply read out my fw and flash it again? Can someone explain Flash encryption and what it does?

Also, I would also like to use Release mode, but as I understood, I wouldn't be able to flash my fw using USB (currently I am using internal USB/UART converter):

In Release mode, UART bootloader cannot perform flash encryption operations. New plaintext images can ONLY be downloaded using the over-the-air (OTA) scheme which will encrypt the plaintext image before writing to flash.

So if I want to flash my fw using COMPORT and USB cable, I can only use Develop mode encryption?


Solution

  • You've understood Flash encryption correctly. If set up securely, Release mode Flash encryption disables all access and manipulation of the system via UART bootloader. This is permanent and quite intentional. If you wish to update firmware on this chip again, you must implement some OTA solution before enabling Flash encryption, or you will simply not update firmware. Ever.

    The Development mode is an intermediate development tool to help you experiment with Flash encryption without bricking the chip through simple mistakes. It's not meant to be secure, it's simply the mode that helps you get to the point where you can enable Release mode.