Search found 7 matches
- Tue Apr 04, 2023 5:40 am
- Forum: ESP-IDF
- Topic: Using read protected AES keys from application code
- Replies: 9
- Views: 6106
Re: Using read protected AES keys from application code
If someone has the physical device in their hands and can get to all the pins, isn't it possible to use various tools to dump readable efuses and get the key? Is the statement above true? Asked another way... Is there a way to prevent someone with access to a chip from reading out efuses that are "...
- Mon Apr 03, 2023 6:04 pm
- Forum: ESP-IDF
- Topic: Using read protected AES keys from application code
- Replies: 9
- Views: 6106
Re: Using read protected AES keys from application code
Read (and write) protection is available only for the AES-XTS key used in flash encryption scheme on ESP32-C3, not for a general purpose AES key. One approach here could be to enable secure (trusted boot) and then use application specific EFuse block to store the symmetric encryption key. In this c...
- Sat Apr 01, 2023 5:56 pm
- Forum: ESP-IDF
- Topic: Using read protected AES keys from application code
- Replies: 9
- Views: 6106
Using read protected AES keys from application code
ESP32-C3 and similar parts let you set an XTS_AES_128_KEY efuse block that is write and read protected so that only internal ROM code can access it for flash encryption and decryption. Is there a way do something similar for general purpose AES crypto through mbedtls or even direct ROM calls? For ex...
- Fri Jan 21, 2022 10:45 am
- Forum: ESP-IDF
- Topic: Correct sequence to apply encrypted flash and secure boot v2
- Replies: 6
- Views: 16508
Correct sequence to apply encrypted flash and secure boot v2
Using an ESP32C3 and esp-idf 4.4-rc1 I am applying encrypted flash and secure boot v2 (all in "dev mode" for now). Eventually I'm able to get it all working, but I seem to have to repeat the same steps multiple times and cut power to the device between steps to get it to work. Should these steps wor...
- Thu Jan 13, 2022 6:16 am
- Forum: ESP-IDF
- Topic: Using DS peripheral with mbedtls to decrypt data
- Replies: 1
- Views: 3655
Using DS peripheral with mbedtls to decrypt data
On the ESP32-C3 I'd like to use a private RSA key stored on the device to decrypt data. While I could store the private key in encrypted NVS, I thought it would be nice to use the DS peripheral instead. Ideally the private key would then never need to be seen by the application code. I followed http...
- Fri Jan 07, 2022 11:20 pm
- Forum: ESP-IDF
- Topic: Ordering problem with flash encryption
- Replies: 1
- Views: 4294
Re: Ordering problem with flash encryption
I solved this problem. Two realizations got me there: * I discovered the --partition-table-file option for parttool.py and similar commands. That let me update the flash even when the partition table is encrypted. * Second, I realized that even though my partition table file lists the nvs_key partit...
- Mon Dec 27, 2021 11:39 pm
- Forum: ESP-IDF
- Topic: Ordering problem with flash encryption
- Replies: 1
- Views: 4294
Ordering problem with flash encryption
Having a problem performing operations with parttool.py after doing encrypted-flash. The error I get is as follows: Traceback (most recent call last): File "/Users/bschick/esp/esp-idf/components/partition_table/parttool.py", line 365, in <module> main() File "/Users/bschick/esp/esp-idf/components/pa...