Espressif ESP32 Technical Reference Manual page 607
Hide thumbs
Also See for ESP32:
- At instruction set (58 pages) ,
- Manual (22 pages) ,
- User manual (20 pages)
Advertisement
26 External Memory Encryption and Decryption (FLASH)
In the peripheral DPort Register, the register relevant to Flash Encryption/Decryption is DPORT_SPI_ENCRYPT_ENABLE
bit and DPORT_SPI_DECRYPT_ENABLE bit in DPORT_SLAVE_SPI_CONFIG_REG. The Flash Encryption/Decryption
module will fetch six system parameters from the peripheral eFuse Controller. These parameters are: cod-
ing_scheme, BLOCK1, flash_crypt_config, download_dis_encrypt, flash_crypt_cnt, and download_dis_decrypt.
26.3.1 Key Generator
According to system parameters coding_scheme and BLOCK1, the Key Generator will first generate
Key
= f (coding_scheme, BLOCK1).
o
Then, according to system parameter flash_crypt_config, and off-chip flash physical addresses Addr
accessed by the Flash Encryption block and the Flash Decryption block, the Key Generator will respec-
Addr
d
tively figure out that:
Key
= g(Key
, f lash_crypt_conf ig, Addr
e
o
Key
= g(Key
, f lash_crypt_conf ig, Addr
d
o
When all values of system parameter flash_crypt_config are 0, Key
address of the off-chip flash. When all values of system parameter flash_crypt_config are not 0, every 8-word
block on the off-chip flash has a dedicated Key
26.3.2 Flash Encryption Block
The Flash Encryption block is equipped with registers that can be accessed by the CPU directly. Registers
embedded in the Flash Encryption block, registers in the peripheral DPort Register, system parameters and Boot
Mode jointly configure and control this block.
The Flash Encryption block requires software intervention during operation. The steps are as follows:
1. Set the DPORT_SPI_ENCRYPT_ENABLE bit of register DPORT_SLAVE_SPI_CONFIG_REG.
2. Write the physical address prepared for the off-chip flash on register FLASH_ENCRYPT_ADDRESS_REG.
The address must be 8-word boundary aligned.
3. The Flash Encryption block must encrypt 8-word long code segments. Write the lowest word to register
FLASH_ENCRYPT_BUFFER_0_REG, the second-lowest word into FLASH_ENCRYPT_BUFFER_1_REG, and
so on, up to FLASH_ENCRYPT_BUFFER_7_REG.
4. Set the FLASH_START bit in FLASH_ENCRYPT_START_REG.
5. Wait for the FLASH_DONE bit to be set in FLASH_ENCRYPT_DONE_REG.
6. Use this function and write any 8-word code to the 8-word aligned address on the off-chip flash via the
peripheral SPI0.
In Steps 1 to 5, the Flash Encryption block encrypts 8-word long codes. The key encryption algorithm uses
. The encryption result will also be 8-word long. In Step 6, the peripheral SPI0 writes encrypted results of
Key
e
the Flash Encryption block to the off-chip flash. One parameter of the function used in Step 6 will be the physical
address of the off-chip flash. The physical address must be 8-word boundary aligned. Also, the value must
be the same as the value written into register FLASH_ENCRYPT_ADDRESS_REG during Step 2. Even though
the function used in Step 6 still has a parameter with an 8-word long code, the parameter will be meaningless
if Steps 1 to 5 are executed. The Peripheral SPI0 will use the encrypted result instead. If the Flash Encryption
block is not operating, or has not executed Steps 1 to 5, Step 6 will not use the encrypted result. Instead, the
function parameter will be used.
Flash Encryption Operating Conditions:
Espressif Systems
),
e
).
d
and Key
.
e
d
607
Submit Documentation Feedback
and Key
are not relevant to the physical
e
d
ESP32 TRM (Version 5.2)
and
e
Advertisement
Need help?
Do you have a question about the ESP32 and is the answer not in the manual?