Chapter 4. API Guides
Enabling flash encryption will increase the size of bootloader, which might require updating partition table offset.
See Bootloader Size.
Important: Do not interrupt power to the ESP32-S2 while the first boot encryption pass is running.
If power is interrupted, the flash contents will be corrupted and will require flashing with unencrypted
data again. In this case, re-flashing will not count towards the flashing limit.
4.13.11 Limitations of Flash Encryption
Flash encryption protects firmware against unauthorised readout and modification. It is important to understand the
limitations of the flash encryption feature:
• Flash encryption is only as strong as the key. For this reason, we recommend keys are generated on the device
during first boot (default behaviour). If generating keys off-device, ensure proper procedure is followed and
don’t share the same key between all production devices.
• Not all data is stored encrypted. If storing data on flash, check if the method you are using (library, API, etc.)
supports flash encryption.
• Flash encryption does not prevent an attacker from understanding the high-level layout of the flash. This is
because the same AES key is used for every pair of adjacent 16 byte AES blocks. When these adjacent 16
byte blocks contain identical content (such as empty or padding areas), these blocks will encrypt to produce
matching pairs of encrypted blocks. This may allow an attacker to make high-level comparisons between
encrypted devices (i.e. to tell if two devices are probably running the same firmware version).
• Flash encryption alone may not prevent an attacker from modifying the firmware of the device. To prevent
unauthorised firmware from running on the device, use flash encryption in combination with Secure Boot.
4.13.12 Flash Encryption and Secure Boot
It is recommended to use flash encryption in combination with Secure Boot. However, if Secure Boot is enabled,
additional restrictions apply to device re-flashing:
• OTA Updates are not restricted, provided that the new app is signed correctly with the Secure Boot signing key.
4.13.13 Advanced Features
The following section covers advanced features of flash encryption.
Encrypted Partition Flag
Some partitions are encrypted by default. Other partitions can be marked in the partition table description as requiring
encryption by adding the flag encrypted to the partitions’flag field. As a result, data in these marked partitions
will be treated as encrypted in the same manner as an app partition.
# Name, Type, SubType, Offset, Size, Flags
nvs, data, nvs, 0x9000, 0x6000
phy_init, data, phy, 0xf000, 0x1000
factory, app, factory, 0x10000, 1M
secret_data, 0x40, 0x01, 0x20000, 256K, encrypted
For details on partition table description, see partition table.
Further information about encryption of partitions:
• Default partition tables do not include any encrypted data partitions.
• With flash encryption enabled, the app partition is always treated as encrypted and does not require marking.
• If flash encryption is not enabled, the flag “encrypted”has no effect.
Espressif Systems 1355
Submit Document Feedback
Release v4.4
To Next Page
Loading...
Need help?
General