Mongoose OS implements ESP32 flash encryption

ESP32 chip comes with built-in security features, one of which is a transparent SPI flash encryption (for details see Espressif's documentation). That feature is critical for securing device's cloud access.

By default, an ESP32 firmware is kept in plain text form on flash:

# Dump initial 2k of filesystem area to stdout
mos flash-read --arch esp32 0x190000 2000 -  

The flash-read command dumps the flash memory into a file and the output can show that the content is not encrypted. Therefore, sensitive information like TLS private keys could be easily stolen from the flash, since the part of the device's file system is not encrypted.

Enabling flash encryption

In order to enable flash encryption, use the Mongoose OS esp32-gen-key command. It enables flash encryption for the next flashing:

mos -X esp32-gen-key flash_encryption_key fe.key --esp32-enable-flash-encryption --dry-run=false  
mos flash esp32 --esp32-encryption-key-file fe.key  

Please note, this is irreversible and once flash encryption is enabled you cannot go back.

Note of an extra flag --esp32-encryption-key-file fe.key for the flash command. From now on, a key file is required to re-flash the device. If the 'key file' is lost, the module can not be reflashed. After flash encryption is enabled, the very first boot performs an encryption, which can take a while (up to a minute in average). Subsequent boots will be normal, as the encryption is already performed.

Verification step

Once the flash is encrypted, one can verify it by using flash-read command to ensure there are no plain-text parts present:

mos flash-read --arch esp32 0x190000 2000 -  

Video tutorial

You can watch a video tutorial that goes over the steps described above:

Contact us

Have a question? Ask on our developer forum or send us a message.