encryption is working on one device not other

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: encryption is working on one device not other

Postby ESP_Angus » Mon Dec 17, 2018 8:29 am

The statement about 3/4 Coding Scheme has been released, sorry I didn't update this thread when it was posted:
https://www.espressif.com/en/news/Varia ... ER_modules
snahmad75 wrote:
Wed Dec 12, 2018 5:15 pm
Hi Angus,

We are currently in production and bought about 1000 units from your sales department
ESP-WROVER-B with efuse CODING_SCHEME=0. We are happy that encryption is working for us.

Can you guarantee that we will get supply of ESP-WROVER-B with efuse CODING_SCHEME=0 in future.
Modules produced after July 2018 will have CODING_SCHEME=0. If purchasing from Espressif Sales you can check the production date with them (I think it will almost definitely be after July but it is advisable to check). If purchasing from another vendor you'll need to check production date with them, also.
snahmad75 wrote:
Wed Dec 12, 2018 5:15 pm
Now I believe ESP32 SDK supports 3/4 coding scheme which is efuse CODING_SCHEME=1.
Yes, ESP-IDF V3.1.1 and newer.
snahmad75 wrote:
Wed Dec 12, 2018 5:15 pm
Is this backward compatible. for example. we release firmware with coding scheme= 0 PCB and then we compile using new SDK which also support both coding scheme 0 and 1. I am using latest master branch which is two weeks old.

Can OTA still work for device with both coding scheme 0 and 1.

Kindly verify this for us as asap.
Yes, the same firmware binary will be compatible with both, with a couple of minor exceptions:

If you have custom code in your firmware which writes efuse data to BLK1, BLK2 or BLK3 directly then you may need to update the code so it will work with 3/4 Coding Scheme (CODING_SCHEME==1).

If you are using flash encryption or secure boot with pre-generated keys flashed via espefuse.py, the keys must be 192-bit (24 bytes) not 256-bit if 3/4 Coding Scheme is set. You will need to produce a second set of key files for use with these modules (they can simply be truncated versions of the 256-bit keys, or totally different keys if you prefer).

If pre-encrypting any binaries with espsecure.py, you'll need to use the key file which matches the module's coding scheme.

For more details, refer to the link above.

Who is online

Users browsing this forum: Google [Bot] and 109 guests