Добавил:
ИВТ (советую зайти в "Несортированное") Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
interfeysy_1 / ИДЗ_машинка / даташиты / esp32_technical_reference_manual_en.pdf
Скачиваний:
13
Добавлен:
26.01.2024
Размер:
9.62 Mб
Скачать

26 External Memory Encryption and Decryption (FLASH)

26 External Memory Encryption and Decryption (FLASH)

26.1Overview

Many variants of the ESP32 must store programs and data in external flash memory. The external flash memory chip is likely to contain proprietary firmware and sensitive user data, such as credentials for gaining access to a private network. The Flash Encryption block can encrypt code and write encrypted code to off-chip flash memory for enhanced hardware security. When the CPU reads off-chip flash through the cache, the Flash Decryption block can automatically decrypt instructions and data read from the off-chip flash, thus providing hardware-based security for application code.

26.2Features

Various key generation methods

Software-based encryption

High-speed, hardware decryption

Register configuration, system parameters and boot mode jointly determine the flash encryption/decryption function.

26.3Functional Description

Figure 26­1. Flash Encryption/Decryption Module Architecture

The Flash Encryption/Decryption module consists of three parts, namely the Key Generator, Flash Encryption block and Flash Decryption block. The structure of these parts is shown in Figure 26-1. The Key Generator is shared by both the Flash Encryption block and the Flash Decryption block, which can function simultaneously.

In the peripheral DPort Register, the register relevant to Flash Encryption/Decryption is DPORT_SPI_ENCRYPT_ENABLE

Espressif Systems

599

ESP32 TRM (Version 5.0)

Submit Documentation Feedback

26 External Memory Encryption and Decryption (FLASH)

bit and DPORT_SPI_DECRYPT_ENABLE bit in DPORT_SLAVE_SPI_CONFIG_REG. The Flash Encryption/Decryption module will fetch six system parameters from the peripheral eFuse Controller. These parameters are: coding_scheme, BLOCK1, flash_crypt_config, download_dis_encrypt, flash_crypt_cnt, and download_dis_decrypt.

26.3.1 Key Generator

According to system parameters coding_scheme and BLOCK1, the Key Generator will first generate

Keyo = f(coding_scheme, BLOCK1).

Then, according to system parameter flash_crypt_config, and off-chip flash physical addresses Addre and Addrd accessed by the Flash Encryption block and the Flash Decryption block, the Key Generator will respectively figure out that:

Keye = g(Keyo, flash_crypt_config, Addre),

Keyd = g(Keyo, flash_crypt_config, Addrd).

When all values of system parameter flash_crypt_config are 0, Keye and Keyd are not relevant to the physical address of the off-chip flash. When all values of system parameter flash_crypt_config are not 0, every 8-word block on the off-chip flash has a dedicated Keye and Keyd.

26.3.2 Flash Encryption Block

The Flash Encryption block is equipped with registers that can be accessed by the CPU directly. Registers embedded in the Flash Encryption block, registers in the peripheral DPort Register, system parameters and Boot Mode jointly configure and control this block.

The Flash Encryption block requires software intervention during operation. The steps are as follows:

1.Set the DPORT_SPI_ENCRYPT_ENABLE bit of register DPORT_SLAVE_SPI_CONFIG_REG.

2.Write the physical address prepared for the off-chip flash on register FLASH_ENCRYPT_ADDRESS_REG. The address must be 8-word boundary aligned.

3.The Flash Encryption block must encrypt 8-word long code segments. Write the lowest word to register FLASH_ENCRYPT_BUFFER_0_REG, the second-lowest word into FLASH_ENCRYPT_BUFFER_1_REG, and so on, up to FLASH_ENCRYPT_BUFFER_7_REG.

4.Set the FLASH_START bit in FLASH_ENCRYPT_START_REG.

5.Wait for the FLASH_DONE bit to be set in FLASH_ENCRYPT_DONE_REG.

6.Use this function and write any 8-word code to the 8-word aligned address on the off-chip flash via the peripheral SPI0.

In Steps 1 to 5, the Flash Encryption block encrypts 8-word long codes. The key encryption algorithm uses Keye. The encryption result will also be 8-word long. In Step 6, the peripheral SPI0 writes encrypted results of the Flash Encryption block to the off-chip flash. One parameter of the function used in Step 6 will be the physical address of the off-chip flash. The physical address must be 8-word boundary aligned. Also, the value must be the same as the value written into register FLASH_ENCRYPT_ADDRESS_REG during Step 2. Even though the function used in Step 6 still has a parameter with an 8-word long code, the parameter will be meaningless if Steps 1 to 5 are executed. The Peripheral SPI0 will use the encrypted result instead. If the Flash Encryption block is not operating, or has not executed Steps 1 to 5, Step 6 will not use the encrypted result. Instead, the function parameter will be used.

Flash Encryption Operating Conditions:

Espressif Systems

600

ESP32 TRM (Version 5.0)

Submit Documentation Feedback

Соседние файлы в папке даташиты