Is writing to /flash when flash encryption enabled secure? (3rd party port)

[sotpotatis]

Hi!

I am working with a long-obsolete board (PyCom GPY) which has its own port: https://github.com/pycom/pycom-micropython-sigfox/tree/a37510c092bcec00671c924accb97dcdfa2f4b5d
Its forums have long shut down, so there is nowhere to ask, hoping for a second round of luck here.
This will most likely be a stupid question, but here we go.

I have enabled both secure boot and flash encryption on my GPY device. However, I am trying to figure out if I am writing my certificates to an encrypted flash area (i.e. one that no one can decrypt without knowing the correct encryption keys). (the reason I need to know if this flash area is encrypted or not is because I was asked to provide that detail in a follow-up to an online topic I posted: https://esp32.com/viewtopic.php?t=45800).

Basically, with secure boot and flash encryption enabled, I am writing sensitive keys used for a server connection to the path /flash/keys, where keys is a directory and each key is stored in plain text.

I am not sure if /flash is where the filesystem is typically mounted on MicroPython ports, but on the port I am using (from Pycom), keys and /flash/keys (as os paths) are equivalent, i.e. point to the same location.

I've tried to look at PyCom's source code to figure out where /flash points to, to see if it is covered by flash encryption or not. But no luck.
Is it possible I could recieve some guidance from here? Thanks!

[robert-hh]

The layout of the flash is defined in the partition files. For GPY you find them at esp32/boards/GPY. They are called script_8MB and script_8MB_enc. These tell you, that the file system in the flash memory starts at the 4MB boundary, address 0x400000.
The name /flash is the name of file systems mount point. It is quite arbitrary. One can define any name for it. Some ports use /flash, some use /. And it is not related to the physical location of the data belonging to a file in the flash chip. That applies to both FAT and LittleFS. So your data may be at any place in the upper 4MB of the flash chip. Since both file system are based on the common block device, knowing the block number of a file helps. There may be tools which tell at which block a file is stored. But at the moment I do not know them.

[sotpotatis]

Hi @robert-hh sorry for not replying yet, I was out of office during the weekend.

Here is a dump of the first 512 bytes (using the ImHex software):

Hex View  00 01 02 03 04 05 06 07  08 09 0A 0B 0C 0D 0E 0F
 
00000000  0F 00 00 00 F0 0F FF F7  6C 69 74 74 6C 65 66 73  ........littlefs
00000010  2F E0 00 10 00 00 02 00  00 10 00 00 00 04 00 00  /...............
00000020  FE 03 00 00 FF FF FF 7F  FE 03 00 00 20 00 14 1F  ............ ...
00000030  6D 61 69 6E 2E 70 79 20  00 00 25 23 20 6D 61 69  main.py ..%# mai
00000040  6E 2E 70 79 20 2D 2D 20  70 75 74 20 79 6F 75 72  n.py -- put your
00000050  20 63 6F 64 65 20 68 65  72 65 21 0D 0A 10 00 00   code here!.....
00000060  26 21 28 00 00 30 00 10  03 62 6F 6F 74 2E 70 79  &!(..0...boot.py
00000070  20 00 00 1A 23 20 62 6F  6F 74 2E 70 79 20 2D 2D   ...# boot.py --
00000080  20 72 75 6E 20 6F 6E 20  62 6F 6F 74 2D 75 70 0D   run on boot-up.
00000090  0A 10 00 00 19 21 28 00  00 30 30 1C 07 73 79 73  .....!(..00..sys
000000A0  20 20 00 0B D6 02 00 00  D7 02 00 00 10 10 00 0C    ..............
000000B0  21 28 00 00 30 30 08 07  6C 69 62 20 20 00 0B D8  !(..00..lib  ...
000000C0  02 00 00 D9 02 00 00 10  10 00 0C 21 28 00 00 30  ...........!(..0
000000D0  30 18 00 63 65 72 74 20  20 00 0C DA 02 00 00 DB  0..cert  .......
000000E0  02 00 00 10 10 00 0C 21  28 00 00 30 30 04 0F 64  .......!(..00..d
000000F0  61 74 61 73 74 6F 72 61  67 65 20 20 00 03 DC 02  atastorage  ....
00000100  00 00 DD 02 00 00 10 10  00 0C 21 28 00 00 50 1F  ..........!(..P.
00000110  F0 0C DC 02 00 00 DD 02  00 00 30 10 02 EA AC 22  ..........0...."
00000120  6F D3 FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  o...............
00000130  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00000140  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00000150  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00000160  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00000170  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00000180  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00000190  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
000001A0  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
000001B0  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
000001C0  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
000001D0  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
000001E0  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
000001F0  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................

In the hex dump I retrieved, I can almost the very same data at address 0x00001000:

Hex View  00 01 02 03 04 05 06 07  08 09 0A 0B 0C 0D 0E 0F
 
00001000  0E 00 00 00 F0 0F FF F7  6C 69 74 74 6C 65 66 73  ........littlefs
00001010  2F E0 00 10 00 00 02 00  00 10 00 00 00 04 00 00  /...............
00001020  FE 03 00 00 FF FF FF 7F  FE 03 00 00 20 00 14 1F  ............ ...
00001030  6D 61 69 6E 2E 70 79 20  00 00 25 23 20 6D 61 69  main.py ..%# mai
00001040  6E 2E 70 79 20 2D 2D 20  70 75 74 20 79 6F 75 72  n.py -- put your
00001050  20 63 6F 64 65 20 68 65  72 65 21 0D 0A 10 00 00   code here!.....
00001060  26 21 28 00 00 30 00 10  03 62 6F 6F 74 2E 70 79  &!(..0...boot.py
00001070  20 00 00 1A 23 20 62 6F  6F 74 2E 70 79 20 2D 2D   ...# boot.py --
00001080  20 72 75 6E 20 6F 6E 20  62 6F 6F 74 2D 75 70 0D   run on boot-up.
00001090  0A 10 00 00 19 21 28 00  00 30 30 1C 07 73 79 73  .....!(..00..sys
000010A0  20 20 00 0B D6 02 00 00  D7 02 00 00 10 10 00 0C    ..............
000010B0  21 28 00 00 30 30 08 07  6C 69 62 20 20 00 0B D8  !(..00..lib  ...
000010C0  02 00 00 D9 02 00 00 10  10 00 0C 21 28 00 00 30  ...........!(..0
000010D0  30 18 00 63 65 72 74 20  20 00 0C DA 02 00 00 DB  0..cert  .......
000010E0  02 00 00 10 10 00 0C 21  28 00 00 30 30 04 0F 64  .......!(..00..d
000010F0  61 74 61 73 74 6F 72 61  67 65 20 20 00 03 DC 02  atastorage  ....
00001100  00 00 DD 02 00 00 40 0F  F0 00 DC 02 00 00 DD 02  ......@.........
00001110  00 00 30 10 02 E2 E4 F8  D6 16 FF FF FF FF FF FF  ..0.............
00001120  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00001130  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00001140  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00001150  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00001160  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00001170  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00001180  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
00001190  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
000011A0  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
000011B0  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
000011C0  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
000011D0  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
000011E0  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
000011F0  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................

I executed this command in the REPL after the device had been encrypted. I.e. I encrypted the device with secure boot and flash encryption, hooked it up to my computer, accessed the REPL, and typed in this

with open("/flash/datastorage/githubissues.txt", "w") as f:
	for i in range(25):
		f.write("hello github issues hello robert-hh\n")

Then in the flash dump (obtained with the esptool command you suggested) I can see this of course:

Hex View  00 01 02 03 04 05 06 07  08 09 0A 0B 0C 0D 0E 0F
 
002DD310  32 21 28 00 00 30 00 10  14 67 69 74 68 75 62 69  2!(..0...githubi
002DD320  73 73 75 65 73 2E 74 78  74 20 00 00 10 00 30 00  ssues.txt ....0.
002DD330  08 80 00 00 00 9D 03 00  00 10 30 00 0C 21 28 27  ..........0..!('
002DD340  00 50 1F F0 0C B8 00 00  00 B9 00 00 00 30 10 00  .P...........0..
002DD350  A7 88 F4 C3 32 FF FF FF  FF FF FF FF FF FF FF FF  ....2...........

...and then the actual file contents, in raw text :(

Hex View  00 01 02 03 04 05 06 07  08 09 0A 0B 0C 0D 0E 0F
 
00080000  68 65 6C 6C 6F 20 67 69  74 68 75 62 20 69 73 73  hello github iss
00080010  75 65 73 2C 20 68 65 6C  6C 6F 20 72 6F 62 65 72  ues, hello rober
00080020  74 2D 68 68 0A 68 65 6C  6C 6F 20 67 69 74 68 75  t-hh.hello githu
00080030  62 20 69 73 73 75 65 73  2C 20 68 65 6C 6C 6F 20  b issues, hello 
00080040  72 6F 62 65 72 74 2D 68  68 0A 68 65 6C 6C 6F 20  robert-hh.hello 
00080050  67 69 74 68 75 62 20 69  73 73 75 65 73 2C 20 68  github issues, h
00080060  65 6C 6C 6F 20 72 6F 62  65 72 74 2D 68 68 0A 68  ello robert-hh.h
00080070  65 6C 6C 6F 20 67 69 74  68 75 62 20 69 73 73 75  ello github issu
00080080  65 73 2C 20 68 65 6C 6C  6F 20 72 6F 62 65 72 74  es, hello robert
00080090  2D 68 68 0A 68 65 6C 6C  6F 20 67 69 74 68 75 62  -hh.hello github
000800A0  20 69 73 73 75 65 73 2C  20 68 65 6C 6C 6F 20 72   issues, hello r
000800B0  6F 62 65 72 74 2D 68 68  0A 68 65 6C 6C 6F 20 67  obert-hh.hello g
000800C0  69 74 68 75 62 20 69 73  73 75 65 73 2C 20 68 65  ithub issues, he
and so on...
00080350  68 68 0A 68 65 6C 6C 6F  20 67 69 74 68 75 62 20  hh.hello github 
00080360  69 73 73 75 65 73 2C 20  68 65 6C 6C 6F 20 72 6F  issues, hello ro
00080370  62 65 72 74 2D 68 68 0A  68 65 6C 6C 6F 20 67 69  bert-hh.hello gi
00080380  74 68 75 62 20 69 73 73  75 65 73 2C 20 68 65 6C  thub issues, hel
00080390  6C 6F 20 72 6F 62 65 72  74 2D 68 68 0A FF FF FF  lo robert-hh....

Any ideas?

[robert-hh]

Looking at that we can cnclude that esptool.py retuns unencrptd content. That is bad.It does not tell whther the flash is unencrypted or if the content is decrypted on read. But that does not matter much unless tere is a way prevent dumping the flash using esptool.py.

P.S.: Litlefs has two "Superblocks" which by defaul are the irst two blocks of the file system. That's what you see above.

[robert-hh]

When reading through the Pycom forum I landed at this link for enabling the encryption. Did you follow it?
https://github.com/pycom/pycom-micropython-sigfox#steps-for-using-secure-boot-and-flash-encryption

[sotpotatis]

When reading through the Pycom forum I landed at this link for enabling the encryption. Did you follow it? https://github.com/pycom/pycom-micropython-sigfox#steps-for-using-secure-boot-and-flash-encryption

Yes, I followed that guide. I am using those exact commands, just double-checked with the script I use.

[sotpotatis]

Hi @robert-hh,

We got around this for now by moving the keys that needs to be stored securely to a Python file. For each device, there is a tiny bash script which places the device-unique certificates inside that file before encryption. We have a Python file like keys.py which has variables inside of it: CERT_CONTENTS, PRIVKEY_CONTENTS etc. (this is for an MQTT implementation).
Then we simply do from keys import CERT_CONTENTS, PRIVKEY_CONTENTS etc. There was one problem with this: if I am not mistaken the ssl implementation on Pycom did not seem to support passing the certificate data to it (the implementation has the certfile kwarg, but not cert, see here). The workaround for now is to use a RAMDisk guess who helped out with that? :) and mount the contents loaded from keys.py to there.

However, I realized afterwards that there is this part in the Micropython implementation, and the RAMDisk might not be necceary:

MicroPython extension: certfile and keyfile can be bytes objects instead of strings, in which case they are interpreted as the actual certificate/key data.

This is to be confirmed though.