Possible security problems with using flash on a securebooted device?
Posted: Wed Jun 04, 2025 6:14 am
Hello,
I am working on a security overhaul before a device hits production.
The device runs MicroPython.
Currently, Secure Boot (v1) is enabled on the device.
The device stores private connection keys as on the flash, that are written to the flash on first boot. I.e. some pseudocode would be
I am wondering if there are any flaws with this approach, i.e. if it is possible to perform a readout of these files by running some magic esptool commands or connecting to the device via some pins.
As mentioned already, secure boot is enabled. The UART is locked until someone connects two pins together and enters a device-unique password. Have checked online but cannot find any info.
I am working on a security overhaul before a device hits production.
The device runs MicroPython.
Currently, Secure Boot (v1) is enabled on the device.
The device stores private connection keys as on the flash, that are written to the flash on first boot. I.e. some pseudocode would be
Code: Select all
if is_first_boot:
write_to_flash("key1.pem", key_1_content)
write_to_flash("key2.pem", key_2_content)
write_to_flash("key3.pem", key_3_content)
As mentioned already, secure boot is enabled. The UART is locked until someone connects two pins together and enters a device-unique password. Have checked online but cannot find any info.