Copyright © https://mongoose-os.com

Mongoose OS Forum

frame
ATTENTION! This forum has moved to:

https://community.mongoose-os.com

Do not post any new messages.

ESP32 Flash Encryption File System

I am attempting to encrypt the ESP32 completely. However, I am having a hard time understanding and executing the process by which the filesystem encrypts. I am using the development kit, 356-ESP32-DEVKITC-S1. In addition, I am using the default esp32 build, so no custom build, version 2.12.1, and I am on a Mac. I understand that the first time flashing, the file system is encrypted on the first boot, then after the first time it boots up, it will start to encrypt the file system. But, I see no sign of this happening.

These are the steps I have taken:

Encryption Commands, which can be found here for reference and are shown below:

mos -X esp32-gen-key flash_encryption_key fe.key --esp32-enable-flash-encryption --dry-run=false  
mos flash esp32 --esp32-encryption-key-file fe.key 

This installs successfully, and I am able to do a mos flash-read --arch esp32 0x190000 2000 - , and I can confirm it is encrypted.

The development kit by default reboots the ESP, which at this point should encrypt it, according to rojer at this closed issue, https://github.com/cesanta/mongoose-os/issues/435, but I see no sign of this happening. I can confirm with the mos console that the output is coming out of the device, but no attempt to encrypt the file system. I say this because I am able to use the Visual Studio Code editor to take a look at the file system, using UART, which is there is plain text. I pressed the reset button and I just get the following relevant logs.

[Apr  3 14:54:13.603] I (33) qio_mode: Enabling default flash chip QIO
[Apr  3 14:54:13.609] I (38) boot: SPI Speed      : 80MHz
[Apr  3 14:54:13.614] I (43) boot: SPI Mode       : QIO
[Apr  3 14:54:13.620] I (47) boot: SPI Flash Size : 4MB
[Apr  3 14:54:13.620] I (51) boot: Partition Table:
[Apr  3 14:54:13.626] I (54) boot: ## Label            Usage          Type ST Offset   Length   Flags
[Apr  3 14:54:13.637] I (62) boot:  0 nvs              WiFi data        01 02 00009000 00004000 00000000
[Apr  3 14:54:13.642] I (70) boot:  1 otadata          OTA data         01 00 0000d000 00002000 00000000
[Apr  3 14:54:13.648] I (79) boot:  2 app_0            OTA app          00 10 00010000 00180000 00000000
[Apr  3 14:54:13.659] I (87) boot:  3 fs_0             SPIFFS           01 82 00190000 00040000 00000000
[Apr  3 14:54:13.665] I (95) boot:  4 app_1            OTA app          00 11 001d0000 00180000 00000000
[Apr  3 14:54:13.676] I (103) boot:  5 fs_1             SPIFFS           01 82 00350000 00040000 00000000
[Apr  3 14:54:13.681] I (112) boot: End of partition table
[Apr  3 14:54:13.687] I (116) boot: OTA data 0: seq 0x00000001, st 0x10, CRC 0x157a2b85, valid? 1
[Apr  3 14:54:13.698] I (124) boot: OTA data 1: seq 0x00000000, st 0x00, CRC 0x00000000, valid? 0
[Apr  3 14:54:13.703] I (131) esp_image: segment 0: paddr=0x00010020 vaddr=0x3f400020 size=0x44f70 (282480) map
[Apr  3 14:54:13.781] I (217) esp_image: segment 1: paddr=0x00054f98 vaddr=0x3ffbdb60 size=0x02a68 ( 10856) load
[Apr  3 14:54:13.786] I (221) esp_image: segment 2: paddr=0x00057a08 vaddr=0x40080000 size=0x00400 (  1024) load
[Apr  3 14:54:13.797] I (225) esp_image: segment 3: paddr=0x00057e10 vaddr=0x40080400 size=0x08200 ( 33280) load
[Apr  3 14:54:13.803] I (244) esp_image: segment 4: paddr=0x00060018 vaddr=0x400d0018 size=0x11dae4 (1170148) map
[Apr  3 14:54:14.126] I (563) esp_image: segment 5: paddr=0x0017db04 vaddr=0x40088600 size=0x0f4d8 ( 62680) load
[Apr  3 14:54:14.147] I (583) esp_image: segment 6: paddr=0x0018cfe4 vaddr=0x400c0000 size=0x00034 (    52) load
[Apr  3 14:54:14.160] I (597) boot: Loaded app from partition at offset 0x10000
[Apr  3 14:54:14.166] I (597) boot: Disabling RNG early entropy source...
[Apr  3 14:54:14.171] I (598) cpu_start: Pro cpu up.
[Apr  3 14:54:14.171] I (601) cpu_start: Single core mode
[Apr  3 14:54:14.177] I (605) heap_init: Initializing. RAM available for dynamic allocation:
[Apr  3 14:54:14.182] I (612) heap_init: At 3FFAFF10 len 000000F0 (0 KiB): DRAM
[Apr  3 14:54:14.188] I (619) heap_init: At 3FFB6388 len 00001C78 (7 KiB): DRAM
[Apr  3 14:54:14.199] I (625) heap_init: At 3FFB9A20 len 00004108 (16 KiB): DRAM
[Apr  3 14:54:14.204] I (631) heap_init: At 3FFBDB5C len 00000004 (0 KiB): DRAM
[Apr  3 14:54:14.210] I (637) heap_init: At 3FFCFB98 len 00010468 (65 KiB): DRAM
[Apr  3 14:54:14.216] I (643) heap_init: At 3FFE0440 len 0001FBC0 (126 KiB): D/IRAM
[Apr  3 14:54:14.221] I (649) heap_init: At 40078000 len 00008000 (32 KiB): IRAM
[Apr  3 14:54:14.227] I (656) heap_init: At 40097AD8 len 00008528 (33 KiB): IRAM
[Apr  3 14:54:14.232] I (662) cpu_start: Pro cpu start user code
[Apr  3 14:54:14.245] I (8) cpu_start: Starting scheduler on PRO CPU.

The thing that confusing me the most is I read all five boot images at their address offsets, and they all are encrypted, so I don't know how I am able to access the file system from visual studio code and see everything in plain text. My understanding is that I should see gibberish if I go into Visual Studio Code and try to read from the files. Below are the addresses for the partitions.

    [Apr  3 14:54:13.637] I (62) boot:  0 nvs              WiFi data       00009000 
    [Apr  3 14:54:13.642] I (70) boot:  1 otadata          OTA data    0000d000 
    [Apr  3 14:54:13.648] I (79) boot:  2 app_0            OTA app      00010000 
    [Apr  3 14:54:13.659] I (87) boot:  3 fs_0             SPIFFS          00190000 
    [Apr  3 14:54:13.665] I (95) boot:  4 app_1            OTA app     001d0000 
    [Apr  3 14:54:13.676] I (103) boot:  5 fs_1             SPIFFS        00350000 

What am I missing, any thoughts? I appreciate any feedback. Thanks!

Sign In or Register to comment.