Search found 7 matches

by schickb
Tue Apr 04, 2023 5:40 am
Forum: ESP-IDF
Topic: Using read protected AES keys from application code
Replies: 9
Views: 6106

Re: Using read protected AES keys from application code

If someone has the physical device in their hands and can get to all the pins, isn't it possible to use various tools to dump readable efuses and get the key? Is the statement above true? Asked another way... Is there a way to prevent someone with access to a chip from reading out efuses that are "...
by schickb
Mon Apr 03, 2023 6:04 pm
Forum: ESP-IDF
Topic: Using read protected AES keys from application code
Replies: 9
Views: 6106

Re: Using read protected AES keys from application code

Read (and write) protection is available only for the AES-XTS key used in flash encryption scheme on ESP32-C3, not for a general purpose AES key. One approach here could be to enable secure (trusted boot) and then use application specific EFuse block to store the symmetric encryption key. In this c...
by schickb
Sat Apr 01, 2023 5:56 pm
Forum: ESP-IDF
Topic: Using read protected AES keys from application code
Replies: 9
Views: 6106

Using read protected AES keys from application code

ESP32-C3 and similar parts let you set an XTS_AES_128_KEY efuse block that is write and read protected so that only internal ROM code can access it for flash encryption and decryption. Is there a way do something similar for general purpose AES crypto through mbedtls or even direct ROM calls? For ex...
by schickb
Fri Jan 21, 2022 10:45 am
Forum: ESP-IDF
Topic: Correct sequence to apply encrypted flash and secure boot v2
Replies: 6
Views: 16508

Correct sequence to apply encrypted flash and secure boot v2

Using an ESP32C3 and esp-idf 4.4-rc1 I am applying encrypted flash and secure boot v2 (all in "dev mode" for now). Eventually I'm able to get it all working, but I seem to have to repeat the same steps multiple times and cut power to the device between steps to get it to work. Should these steps wor...
by schickb
Thu Jan 13, 2022 6:16 am
Forum: ESP-IDF
Topic: Using DS peripheral with mbedtls to decrypt data
Replies: 1
Views: 3655

Using DS peripheral with mbedtls to decrypt data

On the ESP32-C3 I'd like to use a private RSA key stored on the device to decrypt data. While I could store the private key in encrypted NVS, I thought it would be nice to use the DS peripheral instead. Ideally the private key would then never need to be seen by the application code. I followed http...
by schickb
Fri Jan 07, 2022 11:20 pm
Forum: ESP-IDF
Topic: Ordering problem with flash encryption
Replies: 1
Views: 4294

Re: Ordering problem with flash encryption

I solved this problem. Two realizations got me there: * I discovered the --partition-table-file option for parttool.py and similar commands. That let me update the flash even when the partition table is encrypted. * Second, I realized that even though my partition table file lists the nvs_key partit...
by schickb
Mon Dec 27, 2021 11:39 pm
Forum: ESP-IDF
Topic: Ordering problem with flash encryption
Replies: 1
Views: 4294

Ordering problem with flash encryption

Having a problem performing operations with parttool.py after doing encrypted-flash. The error I get is as follows: Traceback (most recent call last): File "/Users/bschick/esp/esp-idf/components/partition_table/parttool.py", line 365, in <module> main() File "/Users/bschick/esp/esp-idf/components/pa...