ESP32 Forum

Hello

Let's say I have this scenario

-Firmware is in plainText
-No Flash Encryption Enabled
-No keys , efuses burned .. chip is brand new

Now .. I
-Generate a Flash Encryption Key
-Burn it to efuse
-didn't burn any efuses manually (no encrypt_cnt , cnf ..etc )
-Now I open menuconfig , enable flash encryption in Release mode
-Flash the the image normally as plainText .

will this burn the remaining efuses automatically to match the Release mode ?


Note:
I ask this because previously I had a chip that was in dev mode , then I disabled FE and then re enabled it in release mode
that didn't burn any efuses and I got an error (warning) .. device is not secure . difference between dev and release mode in efuses

Thanks

plusorc wrote: ↑

Wed Jan 29, 2020 1:02 am

Let's say I have this scenario

-Firmware is in plainText
-No Flash Encryption Enabled
-No keys , efuses burned .. chip is brand new

Now .. I
-Generate a Flash Encryption Key
-Burn it to efuse
-didn't burn any efuses manually (no encrypt_cnt , cnf ..etc )
-Now I open menuconfig , enable flash encryption in Release mode
-Flash the the image normally as plainText .

will this burn the remaining efuses automatically to match the Release mode ?

Yes, that's the best way to do this.

plusorc wrote: ↑

Wed Jan 29, 2020 1:02 am

Note:
I ask this because previously I had a chip that was in dev mode , then I disabled FE and then re enabled it in release mode
that didn't burn any efuses and I got an error (warning) .. device is not secure . difference between dev and release mode in efuses

There is no workflow at the moment for taking the same device from Development mode to Release mode. If you flash a release mode firmware on a chip which already using Development mode flash encryption then you get this warning, and it stays in Development mode.

We made the decision not to support this workflow because it's easier to discourage taking a device from Development to Release mode than to try to think of every possible sequence of updates that might leave the device in an insecure state. If you have a use case for using the same chip in first Development then Release mode then let us know, we might be able to figure something out.

Yes, that's the best way to do this.

Thank you so much

There is no workflow at the moment for taking the same device from Development mode to Release mode
If you have a use case for using the same chip in first Development then Release mode then let us know

I actually don't , I just assumed that the chip will match the sdkconfig settings with the efuse (0 to 1 only of course)

As far as I understand , Even if the chip is in FE Dev mode , and I burn the remaining efuse bits (dl_enc,dl_dec,cnf,cnt, jtag,console_debug) , it will eventually become a Release mode .

Thanks again for the great help .

plusorc wrote: ↑

Wed Jan 29, 2020 11:39 am

As far as I understand , Even if the chip is in FE Dev mode , and I burn the remaining efuse bits (dl_enc,dl_dec,cnf,cnt, jtag,console_debug) , it will eventually become a Release mode .

That's correct. The reason we don't officially document this process is that it's fiddly and easy to do it incorrectly, so we recommend using a new whole new chip for Release mode encryption.

Angus

You're a great help

Thank You