EasyManuals Logo

Espressif ESP32-S2 User Manual

Espressif ESP32-S2
1695 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1354 background imageLoading...
Page #1354 background image
Chapter 4. API Guides
readout of flash will not be sufficient to recover most flash contents.
With flash encryption enabled, the following types of data are encrypted by default:
Firmware bootloader
Partition Table
All apptype partitions
Other types of data can be encrypted conditionally:
Any partition marked with the encrypted flag in the partition table. For details, see Encrypted Partition
Flag.
Secure Boot bootloader digest if Secure Boot is enabled (see below).
Important: For production use, flash encryption should be enabled in the Releasemode only.
Important: Enabling flash encryption limits the options for further updates of ESP32-S2. Before using this feature,
read the document and make sure to understand the implications.
4.13.2 Relevant eFuses
The flash encryption operation is controlled by various eFuses available on ESP32-S2. The list of eFuses
and their descriptions is given in the table below. The names in eFuse column are also used by es-
pefuse.py tool. For usage in the eFuse API, modify the name by adding ESP_EFUSE_, for example:
esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT).
Table 1: eFuses Used in Flash Encryption
eFuse Description Bit Depth
BLOCK_KEYN AES key storage. N is between 0 and 5. One 256
bit key
block for
XTS_AES_128,
Two 256
bit key
blocks for
XTS_AES_256
(512 bit to-
tal)
KEY_PURPOSE_N Controls the purpose of eFuse block BLOCK_KEYN,
where N is between 0 and 5. Possible val-
ues: 2 for XTS_AES_256_KEY_1 , 3
for XTS_AES_256_KEY_2, and 4 for
XTS_AES_128_KEY. Final AES key is derived based
on the value of one or two of these purpose eFuses. For
a detailed description of the possible combinations, see
ESP32-S2 Technical Reference Manual > External Memory
Encryption and Decryption (XTS_AES) [PDF].
4
DIS_DOWNLOAD_MANUAL_ENCRYPTIf set, disables flash encryption when in download boot-
modes.
1
SPI_BOOT_CRYPT_CNT Enables encryption and decryption, when an SPI boot mode
is set. Feature is enabled if 1 or 3 bits are set in the eFuse,
disabled otherwise.
3
Note:
Espressif Systems 1343
Submit Document Feedback
Release v4.4

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Espressif ESP32-S2 and is the answer not in the manual?

Espressif ESP32-S2 Specifications

General IconGeneral
BrandEspressif
ModelESP32-S2
CategorySingle board computers
LanguageEnglish