Adds support for flash encryption #718
Conversation
|
Thanks for the PR. Unfortunately, this include breaking changes and will require a new major release, however we are currently discussing a v4 release anyway, so probably this is not too much of an issue. If I can just ask you to be patient, once we come up with a game plan I can get back to you with regards to merging this. Hopefully within a week or two we will have a better idea of what our plans are moving forward. |
|
Hi ! Thanks for the quick response. |
|
We did some planning this week for the v4 release. I do not think we will start working on this quite yet, probably not for a few weeks still, but in the meantime I will publish one final v3 release on Monday, and then we can at least unblock this PR (and others). |
|
@4rzael Please excuse my ignorance... I do not understand how |
|
@4rzael Also I'm a bit lost as to what exactly is requested in #70 ? My understanding as to what @jessebraham demonstrates in #70, is just one way to do encryption, which is - "first flash plaintext images, and then the bootloader will encrypt them on-the-fly" (that is, given that the bootloader is compiled with encryption support in the first place, which I doubt to be the case with the bootloaders provided by This is by the way (and to my understanding - I'm still debugging the bootloader so I might very well be wrong!) a one time operation? If you can confirm my understanding is correct? Like, once it is done, you can't just burn plaintext images and hope the bootloader would encrypt them? Or am I missing something here? My understanding is, once the initial bootloader-driven encryption is done, that's it end of story. The bootloader does not repeat the process anymore, and will assume all new images you upload to be pre-encrypted. and since you don't know the encryption key, you can't pre-encrypt them in the first place? That is, given that the UART downloader was left enabled (which depends on whether you are in DEVELOPMENT or RELEASE mode w.r.t. encryption). I'm myself following the "other" process, where the encryption key is "externally" provided, and the payload (bootloader, part-table, app image, nvs keys etc.) are pre-encrypted. Seems to be what Espressif recommends as well?: If you have an opinion on this stuff - please share. I'm about to enter production with my approach... |
Introduction
This PR adds support for flash encryption, by adding a
--encryptflag toflashandwrite-bincommands.Requested by #70
As written below, I still need to perform a few tests (waiting for new chips, I hope to have it done in a few days).
Implementation
When performing encrypted writes, espflash will use non-compressed flashing instructions to the bootloader, as compression + encryption is not supported. Similarly, skip & verify features are disabled on encrypted partitions.
When passed to the
write-bincommand, espflash perform an encrypted flash directly.The
encryptflag is stored inWriteBinArgs, and then directly passed to the createdRomSegment.When passed to the
flashcommand, espflash will perform encrypted flashes on bootloader, partition, and application partitions.The parameter flow is a bit more complex there: we start in
FlashArgs, which is used to constructFlashData, which is used to constructIdfBootloaderFormat, which finally populates the appropriateRomSegments.Tests: