Flash Encryption

[watermark]

Hi

I have a question regarding the following statement from the ESP32 Flash Encryption introduction page.

Flash encryption is intended for encrypting the contents of the ESP32’s off-chip flash memory. Once this feature is enabled, firmware is flashed as plaintext, and then the data is encrypted in place on the first boot. As a result, physical readout of flash will not be sufficient to recover most flash contents.

Does this mean that there is a period of time, ie once an image is downloaded and flashed, but before it has been encrypted upon next boot, where the image is available in plain text from the flash device and that the flash device could be removed from the circuit before encryption occurs and the contents read?

Thank you.

[ESP_Angus]

Hi watermark,

Yes, we expect this first boot from plaintext flash happens in the factory as part of the initial bring-up/test. Any subsequent OTA updates would write ciphertext directly to the flash.

We don't have an official workflow for situations where the factory is not a trusted environment, yet.

[watermark]

Thank you for your reply.

Just to be clear, after the first boot initial encryption of the flash, any subsequent OTA update could be sent in plaintext (over TLS) and would be automatically encrypted by the device on write to the flash?

[ESP_Angus]

Just to be clear, after the first boot initial encryption of the flash, any subsequent OTA update could be sent in plaintext (over TLS) and would be automatically encrypted by the device on write to the flash?

That's right. In order keep the firmware confidential we recommend doing some device authentication/authorisation on the OTA server.

A requested feature is a way to provide pre-encrypted firmware binaries, so they can be served from a generic web server without any access controls. We don't have this in ESP-IDF right now.

Some customers have implemented this on their own by using a pre-generated flash encryption keys in the ESP32 and pre-encrypting the OTA updates so they are written as-is to flash instead of being encrypted on write. We don't recommend this as usually it means sharing the same encryption key between all devices.

[watermark]

Thank you for the extra detail - it's making a lot more sense now.

A requested feature is a way to provide pre-encrypted firmware binaries, so they can be served from a generic web server without any access controls. We don't have this in ESP-IDF right now.

Do you have a link to where the above feature is requested/discussed?

Thank you.