Chapter 4. API Guides
(continued from previous page)
I (180) esp_image: segment 5: paddr=0x000445a4 vaddr=0x40029830 size=0x032ac (␣
,→12972) load
0x40029830: gpspi_flash_ll_set_miso_bitlen at /home/marius/esp-idf/examples/
,→security/flash_encryption/build/../../../../components/hal/esp32s2/include/hal/
,→gpspi_flash_ll.h:261
(inlined by) spi_flash_hal_gpspi_common_command at /home/marius/esp-idf/components/
,→hal/spi_flash_hal_common.inc:161
I (190) boot: Loaded app from partition at offset 0x20000
I (191) boot: Checking flash encryption...
I (191) flash_encrypt: flash encryption is enabled (1 plaintext flashes left)
I (199) boot: Disabling RNG early entropy source...
I (216) cache: Instruction cache : size 8KB, 4Ways, cache line size 32Byte
I (216) cpu_start: Pro cpu up.
I (268) cpu_start: Pro cpu start user code
I (268) cpu_start: cpu freq: 160000000
I (268) cpu_start: Application information:
I (271) cpu_start: Project name: flash_encryption
I (277) cpu_start: App version: qa-test-v4.3-20201113-777-gd8e1
I (284) cpu_start: Compile time: Dec 21 2020 11:24:00
I (290) cpu_start: ELF file SHA256: 30fd1b899312fef7...
I (296) cpu_start: ESP-IDF: qa-test-v4.3-20201113-777-gd8e1
I (303) heap_init: Initializing. RAM available for dynamic allocation:
I (310) heap_init: At 3FF9E000 len 00002000 (8 KiB): RTCRAM
I (316) heap_init: At 3FFBF898 len 0003C768 (241 KiB): DRAM
I (323) heap_init: At 3FFFC000 len 00003A10 (14 KiB): DRAM
W (329) flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)
I (336) spi_flash: detected chip: generic
I (341) spi_flash: flash io: dio
W (345) spi_flash: Detected size(4096k) larger than the size in the binary image␣
,→header(2048k). Using the size in the binary image header.
I (358) cpu_start: Starting scheduler on PRO CPU.
Example to check Flash Encryption status
This is esp32s2 chip with 1 CPU core(s), WiFi, silicon revision 0, 2MB external␣
,→flash
FLASH_CRYPT_CNT eFuse value is 1
Flash encryption feature is enabled in DEVELOPMENT mode
At this stage, if you need to update and re-flash binaries, see Re-flashing Updated Partitions.
Using Host Generated Key It is possible to pre-generate a flash encryption key on the host computer and burn
it into the eFuse. This allows you to pre-encrypt data on the host and flash already encrypted data without needing
a plaintext flash update. This feature can be used in both Development Mode and Release Mode. Without a pre-
generated key, data is flashed in plaintext and then ESP32-S2 encrypts the data in-place.
Note: This option is not recommended for production, unless a separate key is generated for each individual device.
To use a host generated key, take the following steps:
1. Ensure that you have an ESP32-S2 device with default flash encryption eFuse settings as shown in Relevant
eFuses.
See how to check ESP32-S2 Flash Encryption Status.
2. Generate a random key by running:
If Size of generated AES-XTS key is AES-128 (256-bit key):
Espressif Systems 1348
Submit Document Feedback
Release v4.4
To Next Page
Loading...