ESP32-S31 Secure Boot and Flash Encryption Overview

Secure Boot and Flash Encryption protect firmware integrity and confidentiality on ESP32-S31 devices in production deployments.

Secure Boot — Firmware Integrity

Secure Boot is a hardware chain of trust based on digital signature verification. On reset, the chip runs only firmware images that pass signature checks.

How It Works

Digital signature verification: During the build, firmware is signed with a private key (RSA-3072 or ECDSA).
Public key in eFuse: The public key hash is written to read-only eFuse during manufacturing.
Boot verification chain: On each boot, the ROM bootloader uses the public key hash in eFuse to verify the first-stage bootloader in flash. After that succeeds, the bootloader verifies the partition table and application image in sequence.
Side-channel hardening: ESP32-S31 includes a Brownout Detector and DPA (Differential Power Analysis) protection to reduce side-channel attacks during boot and key use.

Flash Encryption — Firmware Confidentiality

Flash Encryption protects code and data stored in external flash. It reduces the risk of firmware cloning or reverse engineering when flash is read with a programmer or logic analyzer.

How It Works

On-the-fly encryption: Uses XTS-AES-256. When the CPU reads code or data from flash through the MMU cache, the hardware decrypts in real time; writes are encrypted in real time. This is transparent to application software.
Physically isolated key: The encryption key is generated by the on-chip TRNG on first boot (or programmed on the production line) and stored in a read-only eFuse key block. Software and external interfaces such as USB/JTAG cannot read the key after it is programmed.
Ciphertext at rest: Data read directly from the flash chip appears as ciphertext without the key.

Use Both Features in Production

Enable Secure Boot and Flash Encryption together for defense in depth:

Flash Encryption only: Attackers may still replace flash contents with unsigned firmware if Secure Boot is disabled.
Secure Boot only: Attackers may still read plaintext firmware from flash for reverse engineering.
Secure Boot + Flash Encryption: Protects both execution integrity and stored firmware confidentiality.

Implementation

For enabling Secure Boot and flash encryption, including key generation, eFuse configuration, and production signing, see the ESP32-S31 Security Guide.

[!NOTE] eFuse is one-time programmable (OTP). After a key or lock bit is written, the change is permanent. During development, use Development mode. Do not enable Release mode on engineering boards unless you intend to lock the device permanently.