ESP32 secure bootloader

tatulea
Posts: 10
Joined: Wed Feb 06, 2019 12:39 pm

ESP32 secure bootloader

Postby tatulea » Tue Jul 09, 2019 10:58 am

Hi,

I want to implement secure bootloader and flash encryption on my devices. I am trying to implement the secure bootloader first and later I will activate the flash encryption as well.

My problem is that I don't fully understand the secure bootloader methodology.

My system is composed from many ESP32 and a Raspberry Pi. The case scenario is that you connect the ESP32 to RPI and it will update its firmware if there is a new version available. The secure keys will be stored on Google Cloud.

As far as I understand, once I enable secure bootloader I will not be able to update it anymore. But what happens if I want to change a setting from menuconfig or update the idf? I should generate another bootloader, but am I able to reflash it?

Also, can I somehow disable the secure bootloader once activated?

WiFive
Posts: 2468
Joined: Tue Dec 01, 2015 7:35 am

Re: ESP32 secure bootloader

Postby WiFive » Tue Jul 09, 2019 5:31 pm

https://docs.espressif.com/projects/esp ... bootloader

No you can't disable the secure boot check for the bootloader. Don't lose your key!

tatulea
Posts: 10
Joined: Wed Feb 06, 2019 12:39 pm

Re: ESP32 secure bootloader

Postby tatulea » Tue Jul 09, 2019 8:07 pm

And how do I make an update in case of new idf version?

WiFive
Posts: 2468
Joined: Tue Dec 01, 2015 7:35 am

Re: ESP32 secure bootloader

Postby WiFive » Wed Jul 10, 2019 12:31 am

As long as you have the key you can sign a new bootloader and flash it.

ESP_Angus
Posts: 1649
Joined: Sun May 08, 2016 4:11 am

Re: ESP32 secure bootloader

Postby ESP_Angus » Wed Jul 10, 2019 4:25 am

- We don't support OTA updating of the bootloader, only the app. The only safe way to update the bootloader is via serial. The bootloader from older ESP-IDF should stay compatible with apps built from newer ESP-IDF versions, so you don't need to update it for most purposes.

- If you enable Secure Boot then you have to run a manual build step to flash the bootloader, to prevent updating it accidentally over serial. The normal "flash" target will skip the bootloader.

- As WiFive says, If you keep a copy of the Secure Boot key that's written to efuse then you can generate a valid digest to re-flash an updated bootloader over serial, while keeping secure boot enabled. But this is not supported when doing OTA firmware updates.

- It is possible to configure ESP-IDF to verify app signatures on OTA updates, without using the hardware secure boot feature. See this option. However, this option is limited because it only protects against an attacker with network access and not an attacker with physical access.

tatulea
Posts: 10
Joined: Wed Feb 06, 2019 12:39 pm

Re: ESP32 secure bootloader

Postby tatulea » Wed Jul 10, 2019 8:17 am

It makes sense. As I understand, the ESP can generate a key for itself as well. If I use this option I won't be able to update the bootloader later, right?

Who is online

Users browsing this forum: Baidu [Spider], RAlexeev and 19 guests