ESP download modes

[gd_code]

Hi,

After enabling several security features of our ESP32-D0WD-V3 (revision 3) ESP32, I have some questions regarding the download modes possibilities of the ESP. We enabled flash encryption and secure boot V2 on our device, while trying to keep the possibility of reflashing it. These are my questions:

Is there a difference between ROM Download Mode and UART Download Mode? If so, what is the difference? Sometimes the former is used, sometimes the latter, sometimes mixed up.

- Related to the previous question, what is the difference between the config options CONFIG_SECURE_UART_ROM_DL_MODE and CONFIG_SECURE_DISABLE_ROM_DL_MODE? Is the latter some kind of option of the former?

- The documentation suggest there are 3 different ways to configure CONFIG_SECURE_UART_ROM_DL_MODE (https://docs.espressif.com/projects/esp ... om-dl-mode). Our subquestions:

• We don't want to permanently disable the download mode because that would prevent us from reflashing the ESP32 while being secured. The docs page (SECURE_INSECURE_ALLOW_DL_MODE) says this option allows "full" UART enabled. What exactly is meant with "full" UART download mode and what is the difference with this "Permanently switch to Secure mode (recommended)" option (SECURE_ENABLE_SECURE_ROM_DL_MODE).

• Concerning the SECURE_ENABLE_SECURE_ROM_DL_MODE option: is it still possible to use the traditional tools like esptool.py and efuse.py etc.? Because it is unclear to us what the docs say about this:

  Secure Download mode is not compatible with the esptool.py flasher stub feature, espefuse.py, read/writing memory or registers, encrypted download, or any other features that interact with unsupported Download Mode commands.

  while it is also said that

  Secure Download mode limits the use of Download Mode functions to simple flash read, write and erase operations, plus a command to return a summary of currently enabled security features.

  If we can not use the traditional tools (as suggested by the first paragraph), which tools do we use to do these "simple" operations?

• How do we enable the "Permanently switch to Secure mode (recommended)" option? We do not manage to do so. What are the requirements to enable it?

- Does Flash Encryption Release Mode automatically imply that the UART/ROM Download Mode is disabled? When I read the docs of the release mode (https://docs.espressif.com/projects/esp ... lease-mode), it seems that ROM download mode is not disabled by default (as it is suggested to set the permanently disable option ourselves, so this would mean it is not set by default), but when I look at the source code (https://github.com/espressif/esp-idf/bl ... ypt.c#L177) it seems that, by default, ROM download mode, is disabled (or are we looking at the wrong source code)? We are confused by this.

Thanks in advance,
gd_code

[ESP_Sprite]

(Hm, did you post this question earlier as well? I'd swear I saw it before...)

I'm not a secureboot expert, so I'll leave the majority of the questions to my colleagues. I can tell you that technically, 'ROM download mode' refers to any way to (generally) send new code to the ESP32 that is in ROM; you can do that over UART but there's also a (little-documented) SDIO download mode. 'UART download mode' specifically refers to the ROM download mode that happens over UART.

Secure download mode is a somewhat stripped download mode, as in, you can use it to flash the chip but nothing more. The idea is that this should give a somewhat secure way to upload new data over the UART but as it can't do 'dangerous' things like read/write RAM or jump to user code, it should be much harder to impossible to use it to get secrets out of the chip. (The limitations also mean that the esptool.py stub does not work, as it relies on code uploaded via download mode to RAM.) You can still use esptool.py, but presumably you need to use the --no-stub option to flash the chip.

[gd_code]

Thanks for the help, I appreciate it.

(Hm, did you post this question earlier as well? I'd swear I saw it before...)

Indeed, I removed that question and trimmed it down to make it more manageable, as I realized the entire thread was too bulky.

I'm not a secureboot expert, so I'll leave the majority of the questions to my colleagues. I can tell you that technically, 'ROM download mode' refers to any way to (generally) send new code to the ESP32 that is in ROM; you can do that over UART but there's also a (little-documented) SDIO download mode. 'UART download mode' specifically refers to the ROM download mode that happens over UART.

I did not know about the SDIO option. That explains the specific UART download mode name as there is also an alternative. I'll await the answer(s) of your peers for the other questions.

Secure download mode is a somewhat stripped download mode, as in, you can use it to flash the chip but nothing more. The idea is that this should give a somewhat secure way to upload new data over the UART but as it can't do 'dangerous' things like read/write RAM or jump to user code, it should be much harder to impossible to use it to get secrets out of the chip. (The limitations also mean that the esptool.py stub does not work, as it relies on code uploaded via download mode to RAM.) You can still use esptool.py, but presumably you need to use the --no-stub option to flash the chip.

Ok, good to know about the --no-stub option: that explains how it can still be flashed when being in the secure UART mode.

Additionally, I read in the docs and on other forum posts: when enabling flash encryption and secure boot v2, and not restricting the UART download mode ("full UART"/SECURE_INSECURE_ALLOW_DL_MODE) should not expose any known vulnerabilities? Restricting it will only (and I quote) "reduce the attack surface of an attacker" (see https://www.esp32.com/viewtopic.php?p=73686#p73686). So in other words, enabling flash encryption and secure boot V2, while allowing full UART, should in theory be safe? (Agreed, disabling it would probably be better, but that's no option for us). However, if we manage (with your help0 to get it in this secure mode, we'll be glad to do so.

[ESP_Sprite]

Additionally, I read in the docs and on other forum posts: when enabling flash encryption and secure boot v2, and not restricting the UART download mode ("full UART"/SECURE_INSECURE_ALLOW_DL_MODE) should not expose any known vulnerabilities? Restricting it will only (and I quote) "reduce the attack surface of an attacker" (see https://www.esp32.com/viewtopic.php?p=73686#p73686). So in other words, enabling flash encryption and secure boot V2, while allowing full UART, should in theory be safe? (Agreed, disabling it would probably be better, but that's no option for us). However, if we manage (with your help0 to get it in this secure mode, we'll be glad to do so.

Well, it's secure in that there shouldn't be any *direct* ways to grab the unencrypted flash using the insecure download mode... however, do note that download mode can still access the entirety of RAM which depending on how your application works may lead to attacks. An attacker may for example be able to reset the ESP32 at just the right time that server credentials are being handled (and as such are in RAM), then dump the RAM and lift server credentials from there, perhaps using that to nab a firmware update straight from the server.

[gd_code]

Hi,

Any updates regarding how to enable the "Permanently switch to Secure mode (recommended) option?" and if UART/ROM Download Mode is automatically enabled/disabled in flash encryption release mode?

Thanks in advance,
gd_code

[ESP-Marius]

Hi,

Any updates regarding how to enable the "Permanently switch to Secure mode (recommended) option?

SECURE_ENABLE_SECURE_ROM_DL_MODE is only supported on S2 and later chips, so that's why you are unable to enable it. Sorry for your confusion, the latest docs have a note mentioning that it is not supported on ESP32, but it seems like that update hasn't been pushed to our webserver yet.

and if UART/ROM Download Mode is automatically enabled/disabled in flash encryption release mode?

For ESP32 the default is to keep UART/ROM Download Mode enabled, while for later chips the default is to switch to secure mode.