I found another cause for this persistent problem: CPU1 started DMA/SPI transfer (screen refresh) while CPU0 was calling esp_ota_begin. Apparently, esp_ota_begin was blocked waiting for screen update to finish. Raising task priority did not help. The fix is to delay screen refresh until esp_ota_begi...

Thank you for detailed explanation.
So, in short, write(STDOUT_FILENO, ..) is atomic and cannot be interrupted by ESP_LOGx or printf, right?

It appears that ESP_LOGx routines eventually call "write(STDOUT_FILENO, ..)", which is located in ROM. Does implementation of write in ROM uses a mutex to avoid corruption? Can I assume that buffer passed to write(STDOUT_FILENO, ...) will be written atomically without being interrupted by ESP_LOGs f...

I want to send some configuration data to my ESP32 device (without Digital Signature Peripheral) and I want to authenticate it. I can, of course, create my own public/private key pair and embed public key in FW, but I wonder whether I can sign the data using the same private key as used for Secure B...

> Again, why not simply add your own partition, something which you have complete control over, and use that? Yes, this is what I will do. Still, I have a nagging thought that wasting 4 KB of flash just to get 32 bytes for a key is not a perfect idea. NVS reserved 4 KB for its keys, I will reserve a...

@WiFive and @ESP_Sprite Yes, thank you, I forgot that bootloader is also encrypted in flash. > Note that you're using the FFs as a nonce here. Cryptography-wise, there's nothing wrong with that in particular as far as I can tell No, as "nvs_flash_generate_keys" code says: https://github.com/espressi...

How to get a secret, unique key for ESP32 chip (when flash encryption is enabled)? A unique, secret AES key is already generated on every chip and saved in BLK1, but we have no access to it. Can I use esp_flash_read(NULL, CONFIG_BOOTLOADER_OFFSET_IN_FLASH, ...) to get a derived key? I see this post ...

Hi, Typical 3 partition scheme includes factory, ota_1 and ota_2 partitions. Then bootloader can be configured with CONFIG_BOOTLOADER_FACTORY_RESET option to erase OTA partitions if some button is pressed during reboot. But this is too drastic - I do not want user to erase all OTA partitions by acci...

I see in https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/secure-boot-v2.html "The bootloader and application images are padded to the next 4096 byte boundary" But in my builds it appears that images are padded to 64 KB boundaries, for example, from build log: Signed 1179648 byte...

> ESP_Angus wrote: > We got around 10% reduction in our experiments, but the firmware didn't always work! Yes, when I built all .obj files with LTO I got as much as 5%, but that did not work at all. Then I gradually restored some object files from non-LTO build until it started working: in library l...