ESP32 - Documentation

Link to this headingESP32 Glitching

ESP32 Efuse Info:

$ ./efuse_table_gen.py esp32/esp_efuse_table.csv --info eFuse coding scheme: NONE # field_name efuse_block bit_start bit_count 1 WR_DIS_FLASH_CRYPT_CNT EFUSE_BLK0 2 1 2 WR_DIS_BLK1 EFUSE_BLK0 7 1 3 WR_DIS_BLK2 EFUSE_BLK0 8 1 4 WR_DIS_BLK3 EFUSE_BLK0 9 1 5 RD_DIS_BLK1 EFUSE_BLK0 16 1 6 RD_DIS_BLK2 EFUSE_BLK0 17 1 7 RD_DIS_BLK3 EFUSE_BLK0 18 1 8 FLASH_CRYPT_CNT EFUSE_BLK0 20 7 9 MAC_FACTORY EFUSE_BLK0 32 8 10 MAC_FACTORY EFUSE_BLK0 40 8 11 MAC_FACTORY EFUSE_BLK0 48 8 12 MAC_FACTORY EFUSE_BLK0 56 8 13 MAC_FACTORY EFUSE_BLK0 64 8 14 MAC_FACTORY EFUSE_BLK0 72 8 15 MAC_FACTORY_CRC EFUSE_BLK0 80 8 16 CHIP_VER_DIS_APP_CPU EFUSE_BLK0 96 1 17 CHIP_VER_DIS_BT EFUSE_BLK0 97 1 18 CHIP_VER_PKG EFUSE_BLK0 105 3 19 CHIP_CPU_FREQ_LOW EFUSE_BLK0 108 1 20 CHIP_CPU_FREQ_RATED EFUSE_BLK0 109 1 21 CHIP_VER_REV1 EFUSE_BLK0 111 1 22 ADC_VREF_AND_SDIO_DREF EFUSE_BLK0 136 6 23 XPD_SDIO_REG EFUSE_BLK0 142 1 24 SDIO_TIEH EFUSE_BLK0 143 1 25 SDIO_FORCE EFUSE_BLK0 144 1 26 ENCRYPT_CONFIG EFUSE_BLK0 188 4 27 CONSOLE_DEBUG_DISABLE EFUSE_BLK0 194 1 28 ABS_DONE_0 EFUSE_BLK0 196 1 29 DISABLE_JTAG EFUSE_BLK0 198 1 30 DISABLE_DL_ENCRYPT EFUSE_BLK0 199 1 31 DISABLE_DL_DECRYPT EFUSE_BLK0 200 1 32 DISABLE_DL_CACHE EFUSE_BLK0 201 1 33 ENCRYPT_FLASH_KEY EFUSE_BLK1 0 256 34 SECURE_BOOT_KEY EFUSE_BLK2 0 256 35 MAC_CUSTOM_CRC EFUSE_BLK3 0 8 36 MAC_CUSTOM EFUSE_BLK3 8 48 37 ADC1_TP_LOW EFUSE_BLK3 96 7 38 ADC1_TP_HIGH EFUSE_BLK3 103 9 39 ADC2_TP_LOW EFUSE_BLK3 112 7 40 ADC2_TP_HIGH EFUSE_BLK3 119 9 41 SECURE_VERSION EFUSE_BLK3 128 32 42 MAC_CUSTOM_VER EFUSE_BLK3 184 8

WR_DIS_BLK1: Write Protection on Block 1
WR_DIS_BLK2: Write Protection on Block 2
RD_DIS_BLK1: Read Protection on Block 1
RD_DIS_BLK2: Read Protection on Block 2
ABS_DONE_0: Secureboot enabled for bootloader

Link to this headingSetup Keys

Generate the Signing Key:

espsecure.py generate_signing_key

Flash the AES Boot Key:

#Set the Boot Key and disable read and write espefuse.py burn_key secure_boot ./hello_world_k1/secure-bootloader-key-256.bin espefuse.py burn_efuse ABS_DONE_0

Flash the AES Flash Encryption Key:

#Generate Key espsecure.py generate_flash_encryption_key my_flash_encryption_key.bin #Key Data hexdump my_flash_encryption_key.bin 0000000 c838 e375 7633 1541 5ff9 4365 f2dd 2ce9 0000010 1f78 42a0 bf53 8f14 68ce 009f 5586 9b52 #Flash Key and disable write and read espefuse.py --port /dev/ttyUSB0 burn_key flash_encryption my_flash_encryption_key.bin espefuse.py v2.7-dev Connecting...... Write key in efuse block 1. The key block will be read and write protected (no further changes or readback). This is an irreversible operation. Type 'BURN' (all capitals) to continue. BURN Burned key data. New value: 9b 52 55 86 00 9f 68 ce 8f 14 bf 53 42 a0 1f 78 2c e9 f2 dd 43 65 5f f9 15 41 76 33 e3 75 c8 38 Disabling read/write to key efuse block... #Activate the Key espefuse.py burn_efuse FLASH_CRYPT_CONFIG 0xf espefuse.py burn_efuse FLASH_CRYPT_CNT

Link to this headingCompile and Flash an Application

Test Application:

void app_main() { while(1) { printf("Hello from SEC boot K1 & FE !\n"); vTaskDelay(1000 / portTICK_PERIOD_MS); } }

Compile with the proper flags:

# Enable the secure boot and the flash encryption make menuconfig #Generate the Hash digest to validate the Application from being replaced espsecure.py encrypt_flash_data -k ../../my_flash_encryption_key.bin -o bootloader-reflash-digest-encrypted.bin -a 0x0 bootloader-reflash-digest.bin # Flash the Digest Information python /home/limited/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size detect 0x0 /home/ limited/esp/hello_world_k1_FE/build/bootloader/bootloader-reflash-digest-encrypted.bin # Flash the Encrypted Application to the memory address of 0x10000 # This is the Entry point for the Device and starts the decrypting (Stage 1) espsecure.py encrypt_flash_data -k ../my_flash_encryption_key.bin -o hello-world-encrypted.bin -a 0x10000 hello-world.bin # Encrypt the App Partition that starts at the offset of 0x08000 # This is the main app that is the stage 2 espsecure.py encrypt_flash_data -k ../my_flash_encryption_key.bin -o partitions_singleapp-encrypted.bin -a 0x08000 partitions_singleapp.bin # Now flash them with the appropriate offset python /home/limited/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size detect 0x10000 /home/limited/esp/hello_world_k1_FE/build/hello-world-encrypted.bin 0x8000 /home/limited/esp/hello_world_k1_FE/build/partitions_singleapp-encrypted.bin

Link to this headingStarting the Glitch

Read Flash Memory:

#Read Contents to file esptool.py -p /dev/ttyUSB0 -b 460800 read_flash 0 0x400000 flash_contents.bin #This is to make sure that it is encrypted

Without Glitching:

espefuse.py --port /dev/ttyUSB0 dump espefuse.py v2.7-dev Connecting.... EFUSE block 0: 00130180 bf4dbb34 00e43c71 0000a000 00000430 f0000000 00000054 EFUSE block 1: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 EFUSE block 2: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 EFUSE block 3: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

With using the following setup
CH1= UART TX
CH2= 3.3V VDD (trigger)
CH3= Power consumption
CH4= pulse command.

Glitching the ENCRYPT_FLASH_KEY Read Check:

----- Efuses reading 40 ----- Pulse delay = 0.001191230 espefuse.py v2.7-dev Connecting.... EFUSE block 0: 00120300 bf4dbb34 00e43c71 0000a000 00000430 f0000000 00000054 EFUSE block 1: 8655529b ce689f00 56bf288f 781fa042 ddf2e958 f25f6543 33764115 38c875e3 EFUSE block 2: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 EFUSE block 3: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001

Glitching the SECURE_BOOT_KEY Read Check:

----- Efuses reading 19 ----- Pulse delay = 0.001190600 espefuse.py v2.7-dev Connecting.... EFUSE block 0: 001100c0 bf4dbb34 00e43c71 00000000 00000430 f0000000 00000054 EFUSE block 1: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 EFUSE block 2: e94f5bc2 00370f91 7c897429 2eadd23b c7664f05 5ae3365f d3781029 82e25c4c EFUSE block 3: 00000000 00000000 00800000 00000000 00000000 01000000 00000000 00000080

In practice do many dumps to get the most common bytes

Link to this headingBypassing Bypassing Encrypted Secure Boot

Espressif ESP32: Bypassing Encrypted Secure Boot (CVE-2020-13629)