I've created an application based on the jumpstart template (more or less). I've got a massive problem with this template. Security certificates go into nvs. Therefore, as far as I can tell, there is no way to encrypt them. NVS partitions can't use flash encryption, so must use nvs encryption. But that would entail creating an nvs_keys partition and flash encrypting that. And using it as a location to store your nvs key. Problem is how do you get your data in there in the first place. Do you have to explicitly read the nvs in plaintext first time round and then use the nvs encrypted from then on with a flag to say you've done so??? That's crazy complicated.
I need best practices on this. I have used the nvs approach. So without having to rip up my whole project, how do I secure my certificates? Any black belt esp32 security peeps around?
Flash Encryption / Jumpstart Example / NVS Encryption
Who is online
Users browsing this forum: Bing [Bot] and 277 guests