I have configure my esp32 s3 project by using "idf.py menuconfig" and I have set they parameters as below :
Security features ->
Enable flash encryption on boot ->
```
Size of generated AES-XTS key (AES-128 (256-bit key))
Enable usage mode (Release)
```
Partition Table ->
(0x10000) Offset of partition table
Then, after building my project "idf.py build", I have burn my key for encryption by using the command below :
espsecure.py generate_flash_encryption_key my_flash_encryption_key.bin
espefuse.py --port PORT burn_key BLOCK_KEY0 my_flash_encryption_key.bin XTS_AES_128_KEY
Finally, I have flash the project (idf.py flash) and the program work well.
But now I need to modify my project flash again. The problem is that the monitor send me the data below : "invalid header: 0xdffde09a"
So I thing that I have forget something during my process to reflash my device.
You can see below, theirs commands used:
espsecure.py encrypt_flash_data --aes_xts --keyfile /path/to/key.bin --address 0x10000 --output my-app-ciphertext.bin build/my-app.bin
esptool.py --chip esp32s3 --port /dev/ttyUSB0 --baud 460800 write_flash 0x10000 my-app-ciphertext.bin
After enabling the Release Mode of Flash encryption you cannot flash this device anymore. That's the whole purpose of it.
If your firmware has a built-it OTA client with flash encryption support, feel free to use this. Otherwise this board is now un-changeable.