ESP32 Forum

I need to absolutely protect reading ESP32-S2 firmware (chip is 2022-2023 year release).

For example, on a chip ESP32-D0WD was an attack and the vulnerability was reported as (CVE-2019-17391).
To prevent an attack through the UART, release V3 (ESP32-D0WD-V3) provided the ability to disable the UART via the UART_DOWNLOAD_DIS value.

My question is: I did not find in the ESP32-S2 the ability to disable the UART through the UART_DOWNLOAD_DIS value. Is it possible to protect the ESP32-S2 from UART attacks. Or for absolute confidence in protection against attacks - for my projects it is necessary to use not ESP32-S2, but only ESP32-D0WD-V3?

Apparently, the issue was fixed in the ESP32 V3 ROM: https://www.espressif.com/en/news/Secur ... rotections

And the linked document also says

The forthcoming ESP32-S2 SoC has additional hardware and ROM code provisions to protect against fault injection, including against this attack

However, "absolute" protection against an attacker with physical access to a device is generally impossible for (almost?) any IC. So you may want to evaluate additional options which would mitigate the risk associated with a successful attack on a specific device.