Are all the old ESP32 versions with the outdated secure boot discontinued?
Are all the old ESP32 versions with the outdated secure boot discontinued?
Hi, I'm seeing that the old versions of the ESP32, the ones vulnerable to fault injection, are not recommended for new designs. Should I worry and update my process? As far as I know, the same firmware should work, but new tooling is needed to enable Secure Boot and generate the keys, etc, which would be problematic should I need units for some projects. I would also need a new bootloader which may or may not fit on my partition layout.
-
- Posts: 9770
- Joined: Thu Nov 26, 2015 4:08 am
Re: Are all the old ESP32 versions with the outdated secure boot discontinued?
You could still use the old SecureBoot; the V3 still supports that and we fixed the issues that made the process glitchable in earlier versions. SecureBoot V2 is a bit more secure (as it uses public/private keypairs for signing the bootloader, meaning it's physically impossible to get the signing key in whatever way from a chip) but if V1 satisfies your requirements, there's nothing to stop you using that instead.
Re: Are all the old ESP32 versions with the outdated secure boot discontinued?
Ok, thanks!
Then I have two questions:
1- There is an old project where I was burning the secure boot and flash encryption keys using the tools provided by IDF 3.2, will that still work? I was doing that since it had no OTA so I needed to be able to reflash the whole firmware already encrypted if I wanted to upgrade.
-2 Having Secure Boot V1 with the new chips fixes the voltage glitching problem, correct?
Then I have two questions:
1- There is an old project where I was burning the secure boot and flash encryption keys using the tools provided by IDF 3.2, will that still work? I was doing that since it had no OTA so I needed to be able to reflash the whole firmware already encrypted if I wanted to upgrade.
-2 Having Secure Boot V1 with the new chips fixes the voltage glitching problem, correct?
-
- Posts: 9770
- Joined: Thu Nov 26, 2015 4:08 am
Re: Are all the old ESP32 versions with the outdated secure boot discontinued?
1. I think so. The ESP ECO fuses should be compatible.
2. Yes.
2. Yes.
Re: Are all the old ESP32 versions with the outdated secure boot discontinued?
Thanks! It seems to work.
Is this bit needed though?: ABS_DONE_1
Is this bit needed though?: ABS_DONE_1
Who is online
Users browsing this forum: No registered users and 47 guests