Questions regarding flash encryption and Secure Boot

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: Questions regarding flash encryption and Secure Boot

Postby WiFive » Thu Oct 26, 2017 4:04 pm

There is a factory image in the default ota partition table but it is not required and with big apps there is not much room for it on 4mb flash.

He meant if the devices have unique flash encryption keys which is much more secure since you can't "break one break em all".

ESPtronic
Posts: 9
Joined: Sat Jun 03, 2017 9:41 pm

Re: Questions regarding flash encryption and Secure Boot

Postby ESPtronic » Thu Oct 26, 2017 4:14 pm

WiFive wrote:There is a factory image in the default ota partition table but it is not required and with big apps there is not much room for it on 4mb flash.
You're right. Fortunately mine isn't. And even if it was, I could simply buy more flash memory.
WiFive wrote:He meant if the devices have unique flash encryption keys which is much more secure since you can't "break one break em all".
Who said I wasn't going to use a unique flash encryption key? My idea is to make individual keys for each device and have a DB of keys for all the devices. It won't be expensive (1 TB HDDs can be purchased for 50 €).

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: Questions regarding flash encryption and Secure Boot

Postby WiFive » Thu Oct 26, 2017 4:26 pm

Yes so you could also encrypt the binary on the fly as you serve it to a specific client and hopefully all your devices don't update at once.

But you did say "storing the binary pre-encrypted in the server".

ESPtronic
Posts: 9
Joined: Sat Jun 03, 2017 9:41 pm

Re: Questions regarding flash encryption and Secure Boot

Postby ESPtronic » Thu Oct 26, 2017 7:17 pm

WiFive wrote:But you did say "storing the binary pre-encrypted in the server".
Oh, sorry, I’ve just realized about the implications of storing the binary pre-encrypted in the server. My bad. I’ll probably just use the HTTPS method.

malaimo
Posts: 17
Joined: Mon Sep 25, 2017 6:28 am

Re: Questions regarding flash encryption and Secure Boot

Postby malaimo » Sat Jan 20, 2018 12:19 pm

@ESP_Angus Hello, I have some questions on the security of esp ota updates.. As I know we have two ways to protect codes, one is secure boot and the other is flash encryption , but if I use ota , I have to put the signed(if the secure boot is enabled) bin on the server, then the bin on the server is easy to leak,even if I use the https... Do you have some suggestions about that? can secure boot protect this? :?: :?:

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: Questions regarding flash encryption and Secure Boot

Postby WiFive » Sat Jan 20, 2018 2:10 pm

No you would need to add another layer of encryption on the bin file and store the shared decryption key on all the devices.

malaimo
Posts: 17
Joined: Mon Sep 25, 2017 6:28 am

Re: Questions regarding flash encryption and Secure Boot

Postby malaimo » Sun Jan 21, 2018 3:07 am

WiFive wrote:No you would need to add another layer of encryption on the bin file and store the shared decryption key on all the devices.
Thanks for your response,
You give me some inspirations, I think I can do that like this
1. flash a shared decryption key to the devices when I give them out.
2. do decrypt in the ota bin file ,when update is over ,the app file code read the 1 step key from flash , then the devices that did not have the key will not boot up.

but if someone find the key in the flash, that will not work too..
Is my understanding right ? how to solve that?

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: Questions regarding flash encryption and Secure Boot

Postby WiFive » Sun Jan 21, 2018 3:19 am

If you use flash encryption, secure boot, encrypted ota bin and ssl all together it should be secure.

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Questions regarding flash encryption and Secure Boot

Postby ESP_Angus » Sun Jan 21, 2018 10:35 pm

As WiFive says, using flash encryption & secure boot together provides local physical firmware security. To protect data in transit over the network, you need additional steps.

To prevent OTA updates being downloaded by unauthorised parties, I'd recommend using HTTPS and some kind of authentication method based on a private key or other secret stored in the client ESP32 - either TLS Client Certificate auth, or some kind of secret device ID which is not broadcast but stored encrypted in the ESP32 flash.

The ESP32 identifies itself to the server over HTTPS, and then the sends provides the .bin image using TLS to encrypt the data transfer.

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: Questions regarding flash encryption and Secure Boot

Postby WiFive » Mon Jan 22, 2018 1:15 am

Server can potentially be backdoored to get unencrypted bin file so encrypted ota bin is still better.

Who is online

Users browsing this forum: MicroController and 60 guests