0

I have been reading about NVS flash partitions for use in embedded systems and that the NVS key-value data can be encrypted by using a symmetric key. This symmetric key is then stored in a separate partition in flash which is flash encrypted (source: Google search AI summary):

Encryption keys used for flash memory protection are often stored in a secure area of the chip, such as eFuses or a dedicated hardware key store. These keys are typically read-protected and may be one-time programmable (OTP), preventing unauthorized access or modification.

I still don't understand. If someone who we don't want then gets access to the flash memory, either programatically, or physically, what is to stop them from reading those keys and decrypting data the partition in the same way as those who are permitted? What am I missing here?

Improve this question
7
  • You seem to cite some external source - please provide the source for this citation. Commented Jun 8 at 3:49
  • @SteffenUllrich A google search with AI results. Commented Jun 8 at 6:18
  • Please provide "real" sources instead of fully relying on AI, which is known to be (more or less) inaccurate or incomplete far too often. Google AI based search summary links to relevant sources - follow these and cite from there and maybe you will even be able to answer your question yourself when looking at the actual information source. Otherwise, if you believe that blindly relying on AI results is a good thing then please ask an AI your question instead of asking at Information Security Commented Jun 8 at 6:56
  • @SteffenUllrich Ok. I have been doing research. I still don't understand how the flash encryption works. Commented Jun 8 at 8:29
  • The idea is that the keys can only be read by a limited set of "actors". Be it the flash controller, or another. For example the eFuse key inside the CSME of PCH can only be read by the ME ROM and they are "fused" inside the chip, so you need to delaminate the chip and use specialized imaging devices to get them. The manufacturer generate a key K, encrypt sthe data with it and fuse it in the device. Something similar should happen for embedded devices too. The keys are not in the same "flash region" as the encrypted data. Commented Jun 8 at 12:45

1 Answer 1

Reset to default
2

It is not a good idea to just rely on AI output without consulting the original source. One possible source for this is the documentation for flash encryption on ESP32. To cite from the introduction there about the intention of the feature:

Flash encryption is intended for encrypting the contents of the ESP32's off-chip flash memory. Once this feature is enabled, firmware is flashed as plaintext, and then the data is encrypted in place on the first boot. As a result, physical readout of flash will not be sufficient to recover most flash contents.

So it is about protecting the data on the off-chip flash memory, not the data on the builtin flash memory of the ESP32 itself.

Once this is understood it gets clear that it is sufficient for this to store the key material on the ESP32 itself and not on the off-chip flash memory. This means just having the off-chip flash alone will not allow decryption. And that's exactly what is done - as can be seen from the documentation.

In addition to this key extraction from within the software on the ESP32 is prevented, to defend against potential software vulnerabilities which would allow (limited) code execution by the attacker:

The key cannot be accessed via software as the write and read protection bits for the flash_encryption eFuse are set. The flash encryption operations happen entirely by hardware, and the key cannot be accessed via software.

Improve this answer
2
  • Thank you for this explanation. Commented Jun 8 at 19:04
  • One key reason for this feature being important is that some of Espressif's most popular products are the ESP32 modules, which are not just the IC on its own. The modules typically contain an ESP32 IC, PSRAM IC, a flash IC, and supporting components under a metal can, plus either a PCB antenna or IPEX/u.FL connector on the castellated carrier board. This means that a large group of popular ESP32 product lines come with physically external (it's under a metal can, but you can just remove it) flash that may need to be protected with this feature. Commented Jul 18 at 1:15

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.