Table of Contents
Advertisement
Chapter 4. API Guides
readout of flash will not be sufficient to recover most flash contents.
With flash encryption enabled, the following types of data are encrypted by default:
• Firmware bootloader
• Partition Table
• All "app"type partitions
Other types of data can be encrypted conditionally:
• Any partition marked with the encrypted flag in the partition table. For details, see
Flag.
• Secure Boot bootloader digest if Secure Boot is enabled (see below).
Important: For production use, flash encryption should be enabled in the "Release"mode only.
Important: Enabling flash encryption limits the options for further updates of ESP32-S2. Before using this feature,
read the document and make sure to understand the implications.
4.13.2 Relevant eFuses
The flash encryption operation is controlled by various eFuses available on ESP32-S2.
and their descriptions is given in the table below.
pefuse.py tool.
For usage in the eFuse API, modify the name by adding ESP_EFUSE_, for example:
esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT).
eFuse
BLOCK_KEYN
KEY_PURPOSE_N
DIS_DOWNLOAD_MANUAL_ENCRYPT
SPI_BOOT_CRYPT_CNT
Note:
Espressif Systems
The names in eFuse column are also used by es-
Table 1: eFuses Used in Flash Encryption
Description
AES key storage. N is between 0 and 5.
Controls the purpose of eFuse block BLOCK_KEYN,
where N is between 0 and 5.
ues:
2
for
XTS_AES_256_KEY_1
for
XTS_AES_256_KEY_2,
XTS_AES_128_KEY. Final AES key is derived based
on the value of one or two of these purpose eFuses. For
a detailed description of the possible combinations, see
ESP32-S2 Technical Reference Manual > External Memory
Encryption and Decryption (XTS_AES) [PDF].
If set, disables flash encryption when in download boot-
modes.
Enables encryption and decryption, when an SPI boot mode
is set. Feature is enabled if 1 or 3 bits are set in the eFuse,
disabled otherwise.
1343
Submit Document Feedback
Encrypted Partition
The list of eFuses
Bit Depth
One
bit
block
XTS_AES_128,
Two
bit
blocks
XTS_AES_256
(512 bit to-
tal)
4
Possible val-
,
3
and
4
for
1
3
Release v4.4
256
key
for
256
key
for
Advertisement
Table of Contents
Need help?
Do you have a question about the ESP32-S2 and is the answer not in the manual?