We've been looking at using the Digital Signature Peripheral and struggling to get what we want to work. Are there any examples somewhere showing how to do on chip key generation instead of using the tooling on a host to generate/upload keys?
That aside, what are the advantages of using the DS Peripheral if you already have secure boot with flash encryption and JTAG disabled? With those, the keys could just be stored in an encrypted partition and no one could get at them, could they?
DS Periperal vs Secure Boot
-
torntrousers
- Posts: 21
- Joined: Mon Dec 21, 2015 9:30 am
Re: DS Periperal vs Secure Boot
Over here its said:
"...ESP-DS is much more secure because the keys are entirely inaccessible to software. 'C' code usually has plenty of software exploits, and a motivated attacker can often gain cpu execution privileges"
- https://github.com/espressif/esp-idf/is ... 1523000011
Any comments on that? Is it possible for a hacker to gain cpu execution privileges?
"...ESP-DS is much more secure because the keys are entirely inaccessible to software. 'C' code usually has plenty of software exploits, and a motivated attacker can often gain cpu execution privileges"
- https://github.com/espressif/esp-idf/is ... 1523000011
Any comments on that? Is it possible for a hacker to gain cpu execution privileges?
-
MicroController
- Posts: 1734
- Joined: Mon Oct 17, 2022 7:38 pm
- Location: Europe, Germany
Re: DS Periperal vs Secure Boot
Asking the other way around: How certain are you/can you be that in a complex application with tens of thousands of lines of code compiled in, possibly accessible over network and other interfaces, there is no spot where a buffer overflow or stack manipulation can be slipped in by an attacker to cause undesired code execution?torntrousers wrote: ↑Wed Apr 26, 2023 11:30 amIs it possible for a hacker to gain cpu execution privileges?
-
torntrousers
- Posts: 21
- Joined: Mon Dec 21, 2015 9:30 am
Re: DS Periperal vs Secure Boot
MicroController wrote: ↑Wed Apr 26, 2023 5:19 pmAsking the other way around: How certain are you/can you be that in a complex application with tens of thousands of lines of code compiled in, possibly accessible over network and other interfaces, there is no spot where a buffer overflow or stack manipulation can be slipped in by an attacker to cause undesired code execution?torntrousers wrote: ↑Wed Apr 26, 2023 11:30 amIs it possible for a hacker to gain cpu execution privileges?
Ok yes, thats a good perspective. Thanks.
-
ESP_flying_raijin
- Posts: 25
- Joined: Tue Aug 13, 2019 2:03 pm
Re: DS Periperal vs Secure Boot
Hi @torntrousers
The DS peripheral also has following advantages
1) With DS peripheral the security private key becomes independent of the platform security features ( secure boot and flash encryption). That means it does not remain mandatory to enable flash encryption to protect the private key.
2) When using the DS peripheral the plaintext key cannot be obtained unless the hmac key stored in the eFuse (hardware) is known. That reduces the vulnerability for the DS key and makes it independent of flash encryption.
3) Additionally DS peripheral offers optimised signing through hardware that gives better performance.
Regarding the security advantage provided by DS.
As the plaintext private key is completely in-accessible by the software it is not possible for the software to obtain the plaintext private key in any way. If secure boot is enabled then only a trusted code an be executed which can only sign a respective data. The signature operation happens entirely inside the hardware DS peripheral hence software does not any access to be manipulated. Due to this restriction we reduce the attack surface by a larger extent which is not possible when the key is present in plaintext format to the software.
Please let me know if you want me to elaborate on any point.
Thanks,
Adiya
The DS peripheral also has following advantages
1) With DS peripheral the security private key becomes independent of the platform security features ( secure boot and flash encryption). That means it does not remain mandatory to enable flash encryption to protect the private key.
2) When using the DS peripheral the plaintext key cannot be obtained unless the hmac key stored in the eFuse (hardware) is known. That reduces the vulnerability for the DS key and makes it independent of flash encryption.
3) Additionally DS peripheral offers optimised signing through hardware that gives better performance.
Regarding the security advantage provided by DS.
As the plaintext private key is completely in-accessible by the software it is not possible for the software to obtain the plaintext private key in any way. If secure boot is enabled then only a trusted code an be executed which can only sign a respective data. The signature operation happens entirely inside the hardware DS peripheral hence software does not any access to be manipulated. Due to this restriction we reduce the attack surface by a larger extent which is not possible when the key is present in plaintext format to the software.
Please let me know if you want me to elaborate on any point.
Thanks,
Adiya