DS Periperal vs Secure Boot

[torntrousers]

We've been looking at using the Digital Signature Peripheral and struggling to get what we want to work. Are there any examples somewhere showing how to do on chip key generation instead of using the tooling on a host to generate/upload keys?

That aside, what are the advantages of using the DS Peripheral if you already have secure boot with flash encryption and JTAG disabled? With those, the keys could just be stored in an encrypted partition and no one could get at them, could they?

[torntrousers]

Over here its said:
"...ESP-DS is much more secure because the keys are entirely inaccessible to software. 'C' code usually has plenty of software exploits, and a motivated attacker can often gain cpu execution privileges"
- https://github.com/espressif/esp-idf/is ... 1523000011

Any comments on that? Is it possible for a hacker to gain cpu execution privileges?

[MicroController]

Is it possible for a hacker to gain cpu execution privileges?

Asking the other way around: How certain are you/can you be that in a complex application with tens of thousands of lines of code compiled in, possibly accessible over network and other interfaces, there is no spot where a buffer overflow or stack manipulation can be slipped in by an attacker to cause undesired code execution?

[torntrousers]

Is it possible for a hacker to gain cpu execution privileges?

Asking the other way around: How certain are you/can you be that in a complex application with tens of thousands of lines of code compiled in, possibly accessible over network and other interfaces, there is no spot where a buffer overflow or stack manipulation can be slipped in by an attacker to cause undesired code execution?

Ok yes, thats a good perspective. Thanks.

[ESP_flying_raijin]

Hi @torntrousers
The DS peripheral also has following advantages
1) With DS peripheral the security private key becomes independent of the platform security features ( secure boot and flash encryption). That means it does not remain mandatory to enable flash encryption to protect the private key.
2) When using the DS peripheral the plaintext key cannot be obtained unless the hmac key stored in the eFuse (hardware) is known. That reduces the vulnerability for the DS key and makes it independent of flash encryption.
3) Additionally DS peripheral offers optimised signing through hardware that gives better performance.


Regarding the security advantage provided by DS.
As the plaintext private key is completely in-accessible by the software it is not possible for the software to obtain the plaintext private key in any way. If secure boot is enabled then only a trusted code an be executed which can only sign a respective data. The signature operation happens entirely inside the hardware DS peripheral hence software does not any access to be manipulated. Due to this restriction we reduce the attack surface by a larger extent which is not possible when the key is present in plaintext format to the software.

Please let me know if you want me to elaborate on any point.
Thanks,
Adiya