Hello,
Anyone knows if Security Advisory AR2022-003 been addressed ?
If yes, then what is the revision number of ESP32-S3 that addresses this issue ?
(I am specifically looking ESP32-S3-DevKitC which addresses this issue)
Thanks
[Question] : Has Security Advisory AR2022-003 been addressed ?
-
ESP_Sprite
- Posts: 9709
- Joined: Thu Nov 26, 2015 4:08 am
Re: [Question] : Has Security Advisory AR2022-003 been addressed ?
Probably not on the S3 as that pre-dated the advisory and I don't believe we had a mask change related to this since then. However, if the S3 is vulnerable to this in the first place is unknown.
Re: [Question] : Has Security Advisory AR2022-003 been addressed ?
Well the Document states :
"SCA and BBI vulnerabilities reported in this advisory may be applicable for Espressif SoC's including ESP32, ESP32-S2, ESP32-C3 and ESP32-S3. We will incorporate hardware countermeasures in our future chips to address these vulnerabilities."
Also For ESP32, EMFI has been identified on Advisory No. AR2023-005.
I would love to use ESP32 since ESP32-S3 does not have DAC. Any chance you guys have released a newer release of ESP32 which has all these vulnerabilities addressed ?
What hardware would you suggest ? Security will be very crucial to me.
"SCA and BBI vulnerabilities reported in this advisory may be applicable for Espressif SoC's including ESP32, ESP32-S2, ESP32-C3 and ESP32-S3. We will incorporate hardware countermeasures in our future chips to address these vulnerabilities."
Also For ESP32, EMFI has been identified on Advisory No. AR2023-005.
I would love to use ESP32 since ESP32-S3 does not have DAC. Any chance you guys have released a newer release of ESP32 which has all these vulnerabilities addressed ?
What hardware would you suggest ? Security will be very crucial to me.
-
ESP_Sprite
- Posts: 9709
- Joined: Thu Nov 26, 2015 4:08 am
Re: [Question] : Has Security Advisory AR2022-003 been addressed ?
Yeah, as I said, 'may be vulnerable', it's unknown how the details of these vulnerabilities would work out on those chips.gb.123 wrote: ↑Sun Aug 20, 2023 2:17 amWell the Document states :
"SCA and BBI vulnerabilities reported in this advisory may be applicable for Espressif SoC's including ESP32, ESP32-S2, ESP32-C3 and ESP32-S3. We will incorporate hardware countermeasures in our future chips to address these vulnerabilities."
No, sorry, from what I know said countermeasures are incorporated in 'future chips', as in as of yet unreleased ESP32-Cx, -Sx, -Hx etc models. I'm not sure if we'll backport these changes to the ESP32.Also For ESP32, EMFI has been identified on Advisory No. AR2023-005.
I would love to use ESP32 since ESP32-S3 does not have DAC. Any chance you guys have released a newer release of ESP32 which has all these vulnerabilities addressed ?
What hardware would you suggest ? Security will be very crucial to me.
Re: [Question] : Has Security Advisory AR2022-003 been addressed ?
The AR2022-003 also confirms that ESP32-PICO-V3 is better choice from ESP32 line as it has flash pins terminated internally, making the possible attack more difficult. Is there any possibility that we could see PICO-V3 with increased temperature range? Currently it is max. +85°C which may be limiting in some of our applications.ESP_Sprite wrote: ↑Sun Aug 20, 2023 3:49 amNo, sorry, from what I know said countermeasures are incorporated in 'future chips', as in as of yet unreleased ESP32-Cx, -Sx, -Hx etc models. I'm not sure if we'll backport these changes to the ESP32.Also For ESP32, EMFI has been identified on Advisory No. AR2023-005.
I would love to use ESP32 since ESP32-S3 does not have DAC. Any chance you guys have released a newer release of ESP32 which has all these vulnerabilities addressed ?
What hardware would you suggest ? Security will be very crucial to me.
Who is online
Users browsing this forum: No registered users and 50 guests