Did this code ever get finished? Can ECC use the hidden eFuses with the DS peripheral to protect the key? I have a working prototype. eFuse cannot be used to protect the key, since the RSA peripheral is only used as a generic bignum multiplier accelerator. I have also been working on a separate ESP...

Thanks for the quick reply! The mv.qr instruction, which seems to copy the second register's content into the first register, should be equivalent to "ee.orq qa, qb, qb", since (x | x) = x. The other two seem to have no replacements though, since they seem to load and store using the address and an ...

I'm currently writing code using the PIE in ESP32-S3, using the TRM as a reference. I noticed there appears to be further instructions used in your DSP libs that aren't mentioned in the TRM. Only in the file https://github.com/espressif/esp-dsp/blob/master/modules/fft/fixed/dsps_fft2r_sc16_aes3.S#L1...

What is the rationale behind not signing the partition table? Seems like a good idea to sign it and verify it at boot, to avoid any kind of
unauthorized modification.

Hi, I was wondering the same thing and I landed here. So if generic flash encryption is now supported by nvs out-of-the-box, why do the docs still ask for the whole mess of adding own keys for NVS encryption? What is the downside of following your modification of " remove this line " to get it to w...

It seems to be some inconsistency for the address of EFUSE_RD_REPEAT_ERR4_REG for the various ESP-* chips. For example, for ESP32-S3, the TRM lists EFUSE_RD_REPEAT_ERR4_REG to be at offset 0x0190 in the Register Summary table. When going to the details for EFUSE_RD_REPEAT_ERR4_REG however in the sam...

Ok so since this commit https://github.com/espressif/esp-idf/commit/aca9ec28b3d091a73605ee89ab63f8f76a996491, it appears the generic flash encryption is now supported by nvs out-of-the-box, since the partition api now supports both raw and non-raw read/write methods, where the non-raw methods use en...

Hello! Is any news on it? Did you release any code on GitHub ? Thanks! I've implemented some more curves, such as Curve448, secp384r1 and secp521r1 but have a few things to complete before I will put it on Github. What curves are you interested in and what ESP platform would you like to run it on?

I'm not a NVS expert, but generally an issue with flash encryption is that you always need to write 32 bytes in one go, and that the standard behaviour of flash (you can always make a bit go from 1 to 0, regardless of the data around it) is gone. Could be that NVS relies on that. This is the exact ...

The NVS documentation says that "NVS is not directly compatible with the ESP32 flash encryption system". Instead the user is required to have a separate encrypted nvs_key partition to store another set of custom keys used only for nvs. The page header (32 bytes) and the Entry state bitmap (32 bytes)...