Page 1 of 1
Are all the old ESP32 versions with the outdated secure boot discontinued?
Posted: Mon Sep 13, 2021 1:31 pm
by JosuGZ
Hi, I'm seeing that the old versions of the ESP32, the ones vulnerable to fault injection, are not recommended for new designs. Should I worry and update my process? As far as I know, the same firmware should work, but new tooling is needed to enable Secure Boot and generate the keys, etc, which would be problematic should I need units for some projects. I would also need a new bootloader which may or may not fit on my partition layout.
Re: Are all the old ESP32 versions with the outdated secure boot discontinued?
Posted: Tue Sep 14, 2021 1:33 am
by ESP_Sprite
You could still use the old SecureBoot; the V3 still supports that and we fixed the issues that made the process glitchable in earlier versions. SecureBoot V2 is a bit more secure (as it uses public/private keypairs for signing the bootloader, meaning it's physically impossible to get the signing key in whatever way from a chip) but if V1 satisfies your requirements, there's nothing to stop you using that instead.
Re: Are all the old ESP32 versions with the outdated secure boot discontinued?
Posted: Tue Sep 14, 2021 7:23 am
by JosuGZ
Ok, thanks!
Then I have two questions:
1- There is an old project where I was burning the secure boot and flash encryption keys using the tools provided by IDF 3.2, will that still work? I was doing that since it had no OTA so I needed to be able to reflash the whole firmware already encrypted if I wanted to upgrade.
-2 Having Secure Boot V1 with the new chips fixes the voltage glitching problem, correct?
Re: Are all the old ESP32 versions with the outdated secure boot discontinued?
Posted: Tue Sep 14, 2021 10:45 am
by ESP_Sprite
1. I think so. The ESP ECO fuses should be compatible.
2. Yes.
Re: Are all the old ESP32 versions with the outdated secure boot discontinued?
Posted: Thu Sep 16, 2021 3:16 pm
by JosuGZ
Thanks! It seems to work.
Is this bit needed though?: ABS_DONE_1