EasyManuals Logo

Espressif ESP32-S2 User Manual

Espressif ESP32-S2
1695 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1083 background imageLoading...
Page #1083 background image
Chapter 2. API Reference
No (disabled) if CONFIG_SECURE_BOOT
CONFIG_SECURE_BOOT_INSECURE
Allow potentially insecure options
Found in: Security features
You can disable some of the default protections offered by secure boot, in order to enable testing or a
custom combination of security features.
Only enable these options if you are very sure.
Refer to the Secure Boot section of the ESP-IDF Programmers Guide for this version before enabling.
Default value:
No (disabled) if CONFIG_SECURE_BOOT
CONFIG_SECURE_FLASH_ENC_ENABLED
Enable flash encryption on boot (READ DOCS FIRST)
Found in: Security features
If this option is set, flash contents will be encrypted by the bootloader on first boot.
Note: After first boot, the system will be permanently encrypted. Re-flashing an encrypted system is
complicated and not always possible.
Read Flash Encryption before enabling.
Default value:
No (disabled)
CONFIG_SECURE_FLASH_ENCRYPTION_KEYSIZE
Size of generated AES-XTS key
Found in: Security features > CONFIG_SECURE_FLASH_ENC_ENABLED
Size of generated AES-XTS key.
AES-128 uses a 256-bit key (32 bytes) which occupies one Efuse key block. AES-256 uses a 512-bit
key (64 bytes) which occupies two Efuse key blocks.
This setting is ignored if either type of key is already burned to Efuse before the first boot. In this case,
the pre-burned key is used and no new key is generated.
Available options:
AES-128 (256-bit key) (SECURE_FLASH_ENCRYPTION_AES128)
AES-256 (512-bit key) (SECURE_FLASH_ENCRYPTION_AES256)
CONFIG_SECURE_FLASH_ENCRYPTION_MODE
Enable usage mode
Found in: Security features > CONFIG_SECURE_FLASH_ENC_ENABLED
By default Development mode is enabled which allows ROM download mode to perform flash encryption
operations (plaintext is sent to the device, and it encrypts it internally and writes ciphertext to flash.) This
mode is not secure, its possible for an attacker to write their own chosen plaintext to flash.
Release mode should always be selected for production or manufacturing. Once enabled its no longer
possible for the device in ROM Download Mode to use the flash encryption hardware.
Refer to the Flash Encryption section of the ESP-IDF Programmers Guide for details.
Espressif Systems 1072
Submit Document Feedback
Release v4.4

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Espressif ESP32-S2 and is the answer not in the manual?

Espressif ESP32-S2 Specifications

General IconGeneral
BrandEspressif
ModelESP32-S2
CategorySingle board computers
LanguageEnglish