Espressif ESP32 Technical Reference Manual page 606

26 External Memory Encryption and Decryption (FLASH)
26 External Memory Encryption and Decryption (FLASH)
26.1 Overview
Many variants of the ESP32 must store programs and data in external flash memory. The external flash memory
chip is likely to contain proprietary firmware and sensitive user data, such as credentials for gaining access to
a private network. The Flash Encryption block can encrypt code and write encrypted code to off-chip flash
memory for enhanced hardware security. When the CPU reads off-chip flash through the cache, the Flash
Decryption block can automatically decrypt instructions and data read from the off-chip flash, thus providing
hardware-based security for application code.
26.2 Features
• Various key generation methods
• Software-based encryption
• High-speed, hardware decryption
• Register configuration, system parameters and boot mode jointly determine the flash encryption/decryption
function.
26.3 Functional Description
Figure 26-1. Flash Encryption/Decryption Module Architecture
The Flash Encryption/Decryption module consists of three parts, namely the Key Generator, Flash Encryption
block and Flash Decryption block. The structure of these parts is shown in Figure 26-1. The Key Generator
is shared by both the Flash Encryption block and the Flash Decryption block, which can function simultane-
ously.
Espressif Systems 606
Submit Documentation Feedback
ESP32 TRM (Version 5.2)