ESP32 Flash Encryption 学习

最新推荐文章于 2024-05-07 10:26:13 发布
最新推荐文章于 2024-05-07 10:26:13 发布
阅读量2.3k 收藏 2
点赞数
文章标签: 学习 ESP32 flash encrypt
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u011983700/article/details/127388196
版权

官方文档链接

使用官方样例来进行学习,避免出现不必要的错误。样例地址在

esp-idf\examples\security\flash_encryption

所有的测试都在开发模式下进行!

一、测试不加密

设置好环境变量后,将sdkconfig.defaults复制并重命名为sdkconfig,由于默认是不加密的,所以不需要对配置进行修改。

直接build和flash即可

idf.py -p PORT flash monitor    //PORT替换成对应串口号

对于的执行情况如下:

I (76) boot: Chip Revision: 3
I (76) boot_comm: chip revision: 3, min. bootloader chip revision: 0
I (42) boot: ESP-IDF v4.0-9-g390d54d27-dirty 2nd stage bootloader
I (42) boot: compile time 12:42:30
I (42) boot: Enabling RNG early entropy source...
I (48) boot: SPI Speed      : 40MHz
I (52) boot: SPI Mode       : DIO
I (56) boot: SPI Flash Size : 2MB
I (60) boot: Partition Table:
I (64) boot: ## Label            Usage          Type ST Offset   Length
I (71) boot:  0 nvs              WiFi data        01 02 00009000 00006000
I (78) boot:  1 storage          Unknown data     01 ff 0000f000 00001000
I (86) boot:  2 factory          factory app      00 00 00010000 00100000
I (93) boot: End of partition table
I (97) boot_comm: chip revision: 3, min. application chip revision: 0
I (105) esp_image: segment 0: paddr=0x00010020 vaddr=0x3f400020 size=0x05dbc ( 23996) map
I (122) esp_image: segment 1: paddr=0x00015de4 vaddr=0x3ffb0000 size=0x02144 (  8516) load
I (126) esp_image: segment 2: paddr=0x00017f30 vaddr=0x40080000 size=0x00400 (  1024) load
0x40080000: _WindowOverflow4 at /home/pi/blueair/ba_esp32/fw.esp32/esp-idf/components/freertos/xtensa_vectors.S:1778

I (132) esp_image: segment 3: paddr=0x00018338 vaddr=0x40080400 size=0x07cd8 ( 31960) load
I (154) esp_image: segment 4: paddr=0x00020018 vaddr=0x400d0018 size=0x13258 ( 78424) map
0x400d0018: _stext at ??:?

I (182) esp_image: segment 5: paddr=0x00033278 vaddr=0x400880d8 size=0x01cb4 (  7348) load
0x400880d8: xQueueReceiveFromISR at /home/pi/blueair/ba_esp32/fw.esp32/esp-idf/components/freertos/queue.c:1686

I (192) boot: Loaded app from partition at offset 0x10000
I (192) boot: Disabling RNG early entropy source...
I (194) cpu_start: Pro cpu up.
I (197) cpu_start: Application information:
I (202) cpu_start: Project name:     flash_encryption
I (208) cpu_start: App version:      1
I (212) cpu_start: Compile time:     Oct 18 2022 12:43:06
I (218) cpu_start: ELF file SHA256:  f021f72d33fd9b62...
I (224) cpu_start: ESP-IDF:          v4.0-9-g390d54d27-dirty
I (231) cpu_start: Starting app cpu, entry point is 0x40080fec
0x40080fec: call_start_cpu1 at /home/pi/blueair/ba_esp32/fw.esp32/esp-idf/components/esp32/cpu_start.c:285

I (0) cpu_start: App cpu up.
I (241) heap_init: Initializing. RAM available for dynamic allocation:
I (248) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
I (254) heap_init: At 3FFB3138 len 0002CEC8 (179 KiB): DRAM
I (260) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM
I (267) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (273) heap_init: At 40089D8C len 00016274 (88 KiB): IRAM
I (279) cpu_start: Pro cpu start user code
I (298) spi_flash: detected chip: generic
I (298) spi_flash: flash io: dio
W (298) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the size in the binary image header.
I (309) cpu_start: Starting scheduler on PRO CPU.
I (0) cpu_start: Starting scheduler on APP CPU.

Example to check Flash Encryption status
This is ESP32 chip with 2 CPU cores, WiFi/BT/BLE, silicon revision 3, 2MB external flash
FLASH_CRYPT_CNT eFuse value is 0
Flash encryption feature is disabled
Erasing partition "storage" (0x1000 bytes)
Writing data with esp_partition_write:
I (499) example: 0x3ffb4f00   00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f  |................|
I (499) example: 0x3ffb4f10   10 11 12 13 14 15 16 17  18 19 1a 1b 1c 1d 1e 1f  |................|
Reading with esp_partition_read:
I (509) example: 0x3ffb4ee0   00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f  |................|
I (519) example: 0x3ffb4ef0   10 11 12 13 14 15 16 17  18 19 1a 1b 1c 1d 1e 1f  |................|
Reading with spi_flash_read:
I (539) example: 0x3ffb4ee0   00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f  |................|
I (549) example: 0x3ffb4ef0   10 11 12 13 14 15 16 17  18 19 1a 1b 1c 1d 1e 1f  |................|

二、测试加密

将sdkconfig.ci复制并重命名为sdkconfig,此配置使能了flash encryption,并且默认为开发模式。同时将partition table offset 从 0x8000 改成 0x9000。

idf.py menuconfig

 

 此处有一个地方需要注意,本文使用的样例文件partitions_example.csv有问题,默认配置如下:

# Name,   Type, SubType, Offset,  Size, Flags
nvs,        data, nvs,      0x9000,  0x6000,
# Extra partition to demonstrate reading/writing of encrypted flash
storage,    data, 0xff,     0xf000,  0x1000, encrypted
factory,    app,  factory,  0x10000, 1M,

直接使用的话会出错,0x9000跟上面的冲突了,改成如下配置就没问题了。

# Name,   Type, SubType, Offset,  Size, Flags
nvs,        data, nvs,      0xa000,  0x5000,
# Extra partition to demonstrate reading/writing of encrypted flash
storage,    data, 0xff,     0xf000,  0x1000, encrypted
factory,    app,  factory,  0x10000, 1M,

重新build和flash

idf.py -p PORT flash monitor    //PORT替换成对应串口号

加密执行情况如下

首次加密时执行结果:

I (78) boot: Chip Revision: 3
I (78) boot_comm: chip revision: 3, min. bootloader chip revision: 0
I (40) boot: ESP-IDF v4.0-9-g390d54d27-dirty 2nd stage bootloader
I (40) boot: compile time 12:57:21
I (40) boot: Enabling RNG early entropy source...
I (46) boot: SPI Speed      : 40MHz
I (50) boot: SPI Mode       : DIO
I (54) boot: SPI Flash Size : 2MB
I (58) boot: Partition Table:
I (62) boot: ## Label            Usage          Type ST Offset   Length
I (69) boot:  0 nvs              WiFi data        01 02 0000a000 00005000
I (77) boot:  1 storage          Unknown data     01 ff 0000f000 00001000
I (84) boot:  2 factory          factory app      00 00 00010000 00100000
I (92) boot: End of partition table
I (96) boot_comm: chip revision: 3, min. application chip revision: 0
I (103) esp_image: segment 0: paddr=0x00010020 vaddr=0x3f400020 size=0x0615c ( 24924) map
I (121) esp_image: segment 1: paddr=0x00016184 vaddr=0x3ffb0000 size=0x02144 (  8516) load
I (124) esp_image: segment 2: paddr=0x000182d0 vaddr=0x40080000 size=0x00400 (  1024) load
0x40080000: _WindowOverflow4 at /home/pi/blueair/ba_esp32/fw.esp32/esp-idf/components/freertos/xtensa_vectors.S:1778

I (130) esp_image: segment 3: paddr=0x000186d8 vaddr=0x40080400 size=0x07938 ( 31032) load
I (152) esp_image: segment 4: paddr=0x00020018 vaddr=0x400d0018 size=0x13360 ( 78688) map
0x400d0018: _stext at ??:?

I (180) esp_image: segment 5: paddr=0x00033380 vaddr=0x40087d38 size=0x025b4 (  9652) load
0x40087d38: vPortYield at /home/pi/blueair/ba_esp32/fw.esp32/esp-idf/components/freertos/portasm.S:548

I (191) boot: Loaded app from partition at offset 0x10000
I (191) boot: Checking flash encryption...
I (191) flash_encrypt: Generating new flash encryption key...
I (209) flash_encrypt: Read & write protecting new key...
I (220) flash_encrypt: Setting CRYPT_CONFIG efuse to 0xF
W (232) flash_encrypt: Not disabling UART bootloader encryption
I (232) flash_encrypt: Disable UART bootloader decryption...
I (233) flash_encrypt: Disable UART bootloader MMU cache...
I (240) flash_encrypt: Disable JTAG...
I (244) flash_encrypt: Disable ROM BASIC interpreter fallback...
I (262) boot_comm: chip revision: 3, min. application chip revision: 0
I (262) esp_image: segment 0: paddr=0x00001020 vaddr=0x3fff0018 size=0x00004 (     4) 
I (269) esp_image: segment 1: paddr=0x0000102c vaddr=0x3fff001c size=0x0229c (  8860) 
I (281) esp_image: segment 2: paddr=0x000032d0 vaddr=0x40078000 size=0x03f80 ( 16256) 
I (292) esp_image: segment 3: paddr=0x00007258 vaddr=0x40080400 size=0x010d0 (  4304) 
I (968) flash_encrypt: Encrypting partition 1 at offset 0xf000...
I (1046) boot_comm: chip revision: 3, min. application chip revision: 0
I (1046) esp_image: segment 0: paddr=0x00010020 vaddr=0x3f400020 size=0x0615c ( 24924) map
I (1060) esp_image: segment 1: paddr=0x00016184 vaddr=0x3ffb0000 size=0x02144 (  8516) 
I (1064) esp_image: segment 2: paddr=0x000182d0 vaddr=0x40080000 size=0x00400 (  1024) 
0x40080000: _WindowOverflow4 at /home/pi/blueair/ba_esp32/fw.esp32/esp-idf/components/freertos/xtensa_vectors.S:1778

I (1069) esp_image: segment 3: paddr=0x000186d8 vaddr=0x40080400 size=0x07938 ( 31032) 
I (1089) esp_image: segment 4: paddr=0x00020018 vaddr=0x400d0018 size=0x13360 ( 78688) map
0x400d0018: _stext at ??:?

I (1117) esp_image: segment 5: paddr=0x00033380 vaddr=0x40087d38 size=0x025b4 (  9652) 
0x40087d38: vPortYield at /home/pi/blueair/ba_esp32/fw.esp32/esp-idf/components/freertos/portasm.S:548

I (1121) flash_encrypt: Encrypting partition 2 at offset 0x10000...
I (20295) flash_encrypt: Flash encryption completed
I (20296) boot: Resetting with flash encryption enabled...

重启后加密执行结果

I (80) boot: Chip Revision: 3
I (80) boot_comm: chip revision: 3, min. bootloader chip revision: 0
I (40) boot: ESP-IDF v4.0-9-g390d54d27-dirty 2nd stage bootloader
I (40) boot: compile time 12:57:21
I (40) boot: Enabling RNG early entropy source...
I (46) boot: SPI Speed      : 40MHz
I (50) boot: SPI Mode       : DIO
I (54) boot: SPI Flash Size : 2MB
I (58) boot: Partition Table:
I (62) boot: ## Label            Usage          Type ST Offset   Length
I (69) boot:  0 nvs              WiFi data        01 02 0000a000 00005000
I (77) boot:  1 storage          Unknown data     01 ff 0000f000 00001000
I (84) boot:  2 factory          factory app      00 00 00010000 00100000
I (92) boot: End of partition table
I (96) boot_comm: chip revision: 3, min. application chip revision: 0
I (103) esp_image: segment 0: paddr=0x00010020 vaddr=0x3f400020 size=0x0615c ( 24924) map
I (121) esp_image: segment 1: paddr=0x00016184 vaddr=0x3ffb0000 size=0x02144 (  8516) load
I (125) esp_image: segment 2: paddr=0x000182d0 vaddr=0x40080000 size=0x00400 (  1024) load
0x40080000: _WindowOverflow4 at /home/pi/blueair/ba_esp32/fw.esp32/esp-idf/components/freertos/xtensa_vectors.S:1778

I (130) esp_image: segment 3: paddr=0x000186d8 vaddr=0x40080400 size=0x07938 ( 31032) load
I (152) esp_image: segment 4: paddr=0x00020018 vaddr=0x400d0018 size=0x13360 ( 78688) map
0x400d0018: _stext at ??:?

I (181) esp_image: segment 5: paddr=0x00033380 vaddr=0x40087d38 size=0x025b4 (  9652) load
0x40087d38: vPortYield at /home/pi/blueair/ba_esp32/fw.esp32/esp-idf/components/freertos/portasm.S:548

I (192) boot: Loaded app from partition at offset 0x10000
I (192) boot: Checking flash encryption...
I (192) flash_encrypt: flash encryption is enabled (3 plaintext flashes left)
I (200) boot: Disabling RNG early entropy source...
I (206) cpu_start: Pro cpu up.
I (209) cpu_start: Application information:
I (214) cpu_start: Project name:     flash_encryption
I (220) cpu_start: App version:      1
I (224) cpu_start: Compile time:     Oct 18 2022 12:57:55
I (230) cpu_start: ELF file SHA256:  ee9ed9c2e271fc27...
I (236) cpu_start: ESP-IDF:          v4.0-9-g390d54d27-dirty
I (243) cpu_start: Starting app cpu, entry point is 0x40081038
0x40081038: call_start_cpu1 at /home/pi/blueair/ba_esp32/fw.esp32/esp-idf/components/esp32/cpu_start.c:285

W (249) flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)
I (0) cpu_start: App cpu up.
I (260) heap_init: Initializing. RAM available for dynamic allocation:
I (267) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
I (273) heap_init: At 3FFB3138 len 0002CEC8 (179 KiB): DRAM
I (280) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM
I (286) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (292) heap_init: At 4008A2EC len 00015D14 (87 KiB): IRAM
I (299) cpu_start: Pro cpu start user code
I (317) spi_flash: detected chip: generic
I (317) spi_flash: flash io: dio
W (318) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the size in the binary image header.
I (328) cpu_start: Starting scheduler on PRO CPU.
I (0) cpu_start: Starting scheduler on APP CPU.

Example to check Flash Encryption status
This is ESP32 chip with 2 CPU cores, WiFi/BT/BLE, silicon revision 3, 2MB external flash
FLASH_CRYPT_CNT eFuse value is 1
Flash encryption feature is enabled in DEVELOPMENT mode
Erasing partition "storage" (0x1000 bytes)
Writing data with esp_partition_write:
I (481) example: 0x3ffb4f00   00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f  |................|
I (481) example: 0x3ffb4f10   10 11 12 13 14 15 16 17  18 19 1a 1b 1c 1d 1e 1f  |................|
Reading with esp_partition_read:
I (501) example: 0x3ffb4ee0   00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f  |................|
I (511) example: 0x3ffb4ef0   10 11 12 13 14 15 16 17  18 19 1a 1b 1c 1d 1e 1f  |................|
Reading with spi_flash_read:
I (521) example: 0x3ffb4ee0   db 13 54 91 f2 44 87 c2  f8 0f 9e 5d bd c0 ef ca  |..T..D.....]....|
I (531) example: 0x3ffb4ef0   45 f7 4e 6b ad 34 a5 d8  c2 e4 45 32 ca 30 79 bc  |E.Nk.4....E2.0y.|

三、解除加密

官网提示如果操作错误导致无法正常运行,可以解除加密,但是只有3次机会。

首先禁用flash encryption功能,确保一定要禁用!

重新构建烧录:

idf.py -p PORT flash

使用 espefuse.py (在 components/esptool_py/esptool 中)以关闭 FLASH_CRYPT_CNT

espefuse.py burn_efuse FLASH_CRYPT_CNT

执行时会有提示,输入BURN即可。

 重启开发板,此时又变成非加密的了

juelianhuayao
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
xor encryption_encryption_
09-30
xor encryption source code
ESP32-C3 flash encryption & secure boot
lambml的博客
12-21 2368
未使能前,efuse 信息 $ esptool.py flash_id esptool.py v3.2-dev Found 2 serial ports Se
ESP32下载时选错SPI Flash Size,导致一直重启
caicai的博客
03-04 5422
esp32烧录程序后一直重启报错
ESP32 flash 加密测试
lambml的博客
03-05 1356
https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/flash-encryption.html#development-mode 使能 espefuse.py -p /dev/ttyUSB0 summary Connecting.... Detecting chip type... ESP32 espefuse.py v3.0 EFUSE_NAME (Block) Descri
ESP32 OTA 与 Flash 分区
09-22
ESP32 与 AWS 平台联动 无线OTA升级
ESP32最全学习笔记(基础篇)——1.ESP32简介】
热门推荐
m0_46509684的博客
02-17 7万+
ESP32 的新手?你来对地方了。本指南包含您开始使用 ESP32 所需的所有信息。了解什么是 ESP32、如何选择 ESP32 开发板、如何让您的第一个程序运行等等。以下是我们将在本指南中介绍的内容:
encryption32.zip
05-28
encryption32.zip
Image encryption_image_encryption_
10-03
62. Image encryption scheme with bit-level scrambling and multiplication diffusion
Encryption加密
12-23
Laravel官方文档讲解,该资料是一整套视频,需要逐个下载,Encryption加密
encryption-master_encryption_
10-02
封装好的一些加密工具类,包括AES、Base64、RSA、SHA等
ESP32 nvs 加密
ESP 技术分享,推动万物互联
01-29 2582
由于部分用户在 nvs 中存储了一些安全性需求较高的数据,比如 cloud 对应的秘钥。希望在 flash 加密时同时开启 nvs 加密。此篇文章着重描述 nvs 加密需要进行的流程,大体分为以下三步: 编写需要生成的自定义 nvs 键值对 生成 nvs.bin 的 key 与加密后的 nvs.bin 进行加密 烧录加密后的 nvs.bin 和 nvs key 到 flash 注意:NVS 加密同时需要修改分区表,具体会在后文说明。 对应的指令可以简要概括如下: 使用 nvs_partition
ESP32-C3 手动启用 Secure Boot V2 与 Flash 加密流程
ESP 技术分享,推动万物互联
08-21 1422
1. 手动生成秘钥 2. 手动加密固件并写入加密固件 3. 手动写 Efuse 开启 Flash 加密和安全启动
esp32 platformio设置spi速率
qq_19298049的博客
07-30 1194
flashdownlodetools下载的时候要选中80m。
JAVA 学习·泛型(二)——通配泛型
wr114514的博客
05-02 1074
介绍了Java泛型中的重要知识点——通配泛型及其应用。
限流的学习
weixin_43675252的博客
05-01 466
限流算法:滑动窗口算法滑动日志算法漏桶算法令牌桶算法。
Java---类和方法的再学习
m0_74012211的博客
05-05 1114
Java类与对象
场景文本检测&识别学习 day08(无监督的Loss Function、代理任务、特征金字塔)
丿罗小黑的博客
05-03 459
无监督的Loss Function(无监督的目标函数) 根据有无标签,可以将模型的学习方法分为:无监督、有监督两种。而自监督是无监督的一种 无监督的目标函数可以分为以下几种: 生成式网络的做法,衡量模型的输出和固定的目标之间的差距,主要考虑输入数据是怎么分布的,即 “给定Y,如何生成X”。如auto-encoder:输入一张干扰过的图,通过编码器-解码器,然后得出一张还原后的图,通过对比原图和生成的还原后的图之间的差异 判别式网络的做法,衡量模型的输出和固定的目标之间的差异,主要考虑输入和输出的映射关系
力扣数据库题库学习(5.7日)--1757. 可回收且低脂的产品
最新发布
Jesse_Kyrie的博客
05-07 315
这个问题要求的筛选条件很简单,只需要简单的WHERE语句即可 **WHERE low_fats = "Y" AND recyclable="Y";** 太简单了,简直侮辱我的智商。。扛不住😕😕😕
esp32 flash加密流程
05-24
ESP32Flash加密流程如下: 1. 生成密钥:使用AES-256算法生成一个256位的密钥(Key),这个密钥用于加密和解密Flash存储区中的数据。 2. 加密Flash存储区:将需要加密的Flash存储区(比如bootloader、firmware等)按照一定的规则划分成多个块,然后对每个块进行加密。加密时使用前面生成的密钥对块中的数据进行AES-256加密,加密后的数据存储在Flash存储区中。 3. 加密Flash存储区信息:将Flash存储区中每个块的加密信息(比如加密算法、密钥等)存储在一个特殊的区域中,这个区域称为Flash Encryption Key Area(FEKA)。FEKA是一个只读区域,其内容在出厂时被写入,保证了加密信息的安全性。 4. 启用Flash加密:在系统启动时,ESP32会读取FEKA中的加密信息,并使用其中的密钥对Flash存储区中的数据进行解密。如果解密成功,ESP32会继续运行,否则系统会停止工作。 总之,ESP32Flash加密流程就是将Flash存储区中的数据使用AES-256算法进行加密,并将加密信息存储在一个只读区域中,以保证数据的安全性。同时,在系统启动时,ESP32会读取FEKA中的加密信息,对Flash存储区中的数据进行解密,以保证系统正常运行。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值