ESP32 Forum

Hello,

I'm currently following the examples and guides for using the AWS IoT OTA library for sending OTA updates to the ESP32-S3 [0]. One of the prerequisite steps is to generate a code signing key that AWS uses to sign OTA images [1]. The public key is stored on the device and used to verify the downloaded image.

These instructions recommend generating a ECDSA private key. Is this the best algorithm / key type to use for the ESP32-S3?

The Reference Manual does not mention anything about ECDSA hardware acceleration, but RSA acceleration is supported and used for Hardware Secure Boot. From some of the outdated materials I could find online [2], it looks like the old version of Secure Boot (now unsupported) used to use ECDSA, but Secure Boot V2 now uses RSA with 3072 bit keys. This outdated resource even suggested using the same key for secure boot signing and OTA image signing with AWS Code Signing.

Would my OTA Update implementation benefit from using RSA instead of ECDSA for AWS IoT code signing? Will the image signature check be faster with hardware accelerated RSA operations compared to ECDSA?

Thanks in advance for your help!

[0] https://github.com/espressif/esp-aws-io ... a/ota_http
[1] https://docs.aws.amazon.com/freertos/la ... t-esp.html
[2] https://blog.espressif.com/esp32-ota-up ... fbbb8f4784

For ESP32-S3 case, secure boot scheme uses RSA-PSS scheme with 3072-bits key length.

For AWS IoT code signing, IIRC it only supports ECDSA signing scheme. In that case, you would have two signing layers on the application, first one using RSA-PSS based signing key and then 2nd one by the AWS IoT code signing service using ECDSA key.

On the device side, during OTA updates device would verify the signature as per ECDSA signing scheme and then secure boot related code would verify the flashed image as per RSA-PSS scheme.

Would my OTA Update implementation benefit from using RSA instead of ECDSA for AWS IoT code signing?

Yes. But I am doubtful that AWS IoT code signing service supports RSA scheme, please check once.

Will the image signature check be faster with hardware accelerated RSA operations compared to ECDSA?

Yes, verification would be lot faster with RSA compared with ECDSA scheme due to hardware acceleration.

Hope this helps!

Thanks for the info! I reviewed the AWS documentation a bit further and it seems that RSA is supported for AWS IoT Code Signing. [0] So when creating a signing profile and signing configuration, it is possible to choose this option.

I also reviewed the esp-aws-iot port of the OTA library and it seems like the PAL interface implementation assumes the signature will always be ECDSA-SHA256. [1] So to use RSA, the PAL interface would need to be modified to support RSA signing. This seems like a big task, so I will probably continue using ECDSA.

Thanks for your help!

[0] https://docs.aws.amazon.com/signer/late ... tions.html
[1] https://github.com/espressif/esp-aws-io ... pal.c#L398