Possible security problems with using flash on a securebooted device?

Post Reply
outportasomebinary
Posts: 6
Joined: Tue Jun 03, 2025 2:23 pm

Possible security problems with using flash on a securebooted device?

Postby outportasomebinary » Wed Jun 04, 2025 6:14 am

Hello,

I am working on a security overhaul before a device hits production.

The device runs MicroPython.

Currently, Secure Boot (v1) is enabled on the device.

The device stores private connection keys as on the flash, that are written to the flash on first boot. I.e. some pseudocode would be

Code: Select all

if is_first_boot:
	write_to_flash("key1.pem", key_1_content)
	write_to_flash("key2.pem", key_2_content)
	write_to_flash("key3.pem", key_3_content)
I am wondering if there are any flaws with this approach, i.e. if it is possible to perform a readout of these files by running some magic esptool commands or connecting to the device via some pins.

As mentioned already, secure boot is enabled. The UART is locked until someone connects two pins together and enters a device-unique password. Have checked online but cannot find any info.
Top
Sprite
Espressif staff
Espressif staff
Posts: 10593
Joined: Thu Nov 26, 2015 4:08 am

Re: Possible security problems with using flash on a securebooted device?

Postby Sprite » Sat Jun 07, 2025 11:36 am

It depends: is flash encryption also enabled and will write_to_flash() write the pem files to an encrypted partition?
Top
Post Reply

Return to “General Discussion”

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], PerplexityBot, Qwantbot and 17 guests