I need to absolutely protect reading ESP32-S2 firmware (chip is 2022-2023 year release).
For example, on a chip ESP32-D0WD was an attack and the vulnerability was reported as (CVE-2019-17391).
To prevent an attack through the UART, release V3 (ESP32-D0WD-V3) provided the ability to disable the UART via the UART_DOWNLOAD_DIS value.
My question is: I did not find in the ESP32-S2 the ability to disable the UART through the UART_DOWNLOAD_DIS value. Is it possible to protect the ESP32-S2 from UART attacks. Or for absolute confidence in protection against attacks - for my projects it is necessary to use not ESP32-S2, but only ESP32-D0WD-V3?
Absolutely protect reading ESP32-S2 firmware from attacks via UART
-
- Posts: 1708
- Joined: Mon Oct 17, 2022 7:38 pm
- Location: Europe, Germany
Re: Absolutely protect reading ESP32-S2 firmware from attacks via UART
Apparently, the issue was fixed in the ESP32 V3 ROM: https://www.espressif.com/en/news/Secur ... rotections
And the linked document also says
And the linked document also says
However, "absolute" protection against an attacker with physical access to a device is generally impossible for (almost?) any IC. So you may want to evaluate additional options which would mitigate the risk associated with a successful attack on a specific device.The forthcoming ESP32-S2 SoC has additional hardware and ROM code provisions to protect against fault injection, including against this attack
Who is online
Users browsing this forum: No registered users and 132 guests