Flash Encryption & Pre Generated Key , must manually burn efuses ?
Posted: Wed Jan 29, 2020 1:02 am
Hello
Let's say I have this scenario
-Firmware is in plainText
-No Flash Encryption Enabled
-No keys , efuses burned .. chip is brand new
Now .. I
-Generate a Flash Encryption Key
-Burn it to efuse
-didn't burn any efuses manually (no encrypt_cnt , cnf ..etc )
-Now I open menuconfig , enable flash encryption in Release mode
-Flash the the image normally as plainText .
will this burn the remaining efuses automatically to match the Release mode ?
Note:
I ask this because previously I had a chip that was in dev mode , then I disabled FE and then re enabled it in release mode
that didn't burn any efuses and I got an error (warning) .. device is not secure . difference between dev and release mode in efuses
Thanks
Let's say I have this scenario
-Firmware is in plainText
-No Flash Encryption Enabled
-No keys , efuses burned .. chip is brand new
Now .. I
-Generate a Flash Encryption Key
-Burn it to efuse
-didn't burn any efuses manually (no encrypt_cnt , cnf ..etc )
-Now I open menuconfig , enable flash encryption in Release mode
-Flash the the image normally as plainText .
will this burn the remaining efuses automatically to match the Release mode ?
Note:
I ask this because previously I had a chip that was in dev mode , then I disabled FE and then re enabled it in release mode
that didn't burn any efuses and I got an error (warning) .. device is not secure . difference between dev and release mode in efuses
Thanks