Search found 4 matches
- Sat Jan 13, 2024 2:43 am
- Forum: ESP-IDF
- Topic: NVS partition encryption keys in HMAC mode
- Replies: 4
- Views: 44590
Re: NVS partition encryption keys in HMAC mode
You definitely need to protect the device against running malicious firmware (->secure boot). I'll definitely add this as a "layer" of security. I just don't want to rely only on that feature, leaving things behind unprotected. Otherwise an attacker could run his own firmware and let it brute-force...
- Tue Jan 09, 2024 6:06 am
- Forum: ESP-IDF
- Topic: NVS partition encryption keys in HMAC mode
- Replies: 4
- Views: 44590
Re: NVS partition encryption keys in HMAC mode
Hello @ESP_harshal, If you do not enable secure boot, and even if you somehow read-protect the NVS encryption key (maybe by storing the encryption key directly in the efuses like the read-protected flash encryption key), the "other app" which has been flashed can still decrypt the NVS and get plaint...
- Thu Dec 28, 2023 11:18 am
- Forum: ESP-IDF
- Topic: NVS partition encryption keys in HMAC mode
- Replies: 4
- Views: 44590
NVS partition encryption keys in HMAC mode
I don't really completely understand how it works on ESP32-C3. Things that clear to me: 1. HMAC are used as a KDF to securely derive AES encryption key, which are used to encrypt/decrypt data on NVS partition. 2. The key for HMAC are stored in eFuse, read protected. Ok, but HMAC also takes 'message'...
- Thu Dec 28, 2023 10:30 am
- Forum: ESP-IDF
- Topic: Using read protected AES keys from application code
- Replies: 9
- Views: 6118
Re: Using read protected AES keys from application code
In downstream mode (configurable by eFuse), the HMAC->AES key path also is protected, as in the CPU can access neither the eFuses with the original key material nor the derived AES key. It's an old post, but this sentance got my attention. Could you please confirm this and specify ESP32 part which ...