How to prevent flash data readout, but allow flash instruction execution

[MindReader32]

Hi,

Using encrypted flash is the way to go to protect my firmware but if I deploy my encrypted app, which contains a scripting language (e.g. micropython), it will be (I think) possible to readout my flash contents from within the scripting language when running on the ESP32, unless I do 1 or 2 things

1. Wherever the scripting language allows raw memory access (e.g. a flash_read API etc, embedded asm) I disable that in the scripting language's source. (So I better be able to catch all occurrences..)
and/or
2. Set some kind of ESP32 MMU setting that allows the CPU to execute instructions in a region (or all of flash) but disallows data read instructions...


Is #2 actually possible from an ESP32 MMU point of view? If so I guess some co-operation with the linker to place constants in a data readable portion might be required?

Is there a better way todo this?

Thanks

[ESP_Angus]

Hi MindReader32,

Do you want to allow users to run arbitrary MicroPython code on the device? I think the only way may be by thoroughly patching the interpreter, as you mention.

Disabling access to flash-mapped instruction & data via MMU is not possible as the C code in the interpreter needs to run instructions from instruction cache and read data from the .rodata mapped data cache.

If you want to prevent physical readout of the flash contents, you'll also need to enable flash encryption and possibly secure boot. I'm not sure if these features are fully supported by MicroPython, you'll need to check with them.