Well the Document states : "SCA and BBI vulnerabilities reported in this advisory may be applicable for Espressif SoC's including ESP32, ESP32-S2, ESP32-C3 and ESP32-S3. We will incorporate hardware countermeasures in our future chips to address these vulnerabilities." Also For ESP32, EMFI has been ...

Hello,
Anyone knows if Security Advisory AR2022-003 been addressed ?
If yes, then what is the revision number of ESP32-S3 that addresses this issue ?
(I am specifically looking ESP32-S3-DevKitC which addresses this issue)
Thanks

After discussion on the ESP-IDF github, it was concluded that this is due to mismatch of Size header in the bootloader.
Best way is to manually pass --flash_size keep or --flash_size <SIZE>

Is it ok to do that? I think its a design flaw (imho)... If you dont mind the keys being read, why not store it in your program itself and check for it while the program boots ? (unless you are using this as a digest again)... there should be no 'negative' effect though as far as esp32 is cnocerned...

Hi All ! After reading so much on the forum and getting help from ESP admins and mods, I have written a simple BAT script to burn the required fuses to protect ESP incase someone wants to burn pre-flashed keys. Please replace : <PORT> to your actual connected port <KEY> Path to your Key.bin ::*** fr...

Thanks so much !

I am also having the same problem. I am using ESP32-DevkitC-VE (Wrover Module) with 8MB Flash. If I burn the digest using : espefuse.py --port COM6 burn_key_digest X:\secure_boot_signing_key.pem, I get "Sig block 0 invalid: Image digest does not match" If I dont burn the digest manually, I get simil...

Hi !

I was wondering if Partition.bin(or Partition-table.bin) also needs to be signed when using SecureBoot V2. Signing is done seperately using espsecure.py sign_data command.

Does Partition.bin(or Partition-table.bin) need to be signed or is ot supposed to be burnt unsigned ?

Thanks for the help!

Hi @chegewara, I am trying to decrypt the file while writing OTA. The problem is that I get esp_image: invalid segment length 0xffc70fb10m if I use decryption. Direct non-encrypted OTA updates fine . Code : if (true) { #define BUFFER_SIZE=2048 mbedtls_aes_context aes; const uint8_t key[] = {0x10,0x1...

I know int (11) is not the same as hex (0x11) and definitely not the same as "11". What I wanted to do was get a series of bytes is input to be encoded and decoded back to byte format. i,e -> input = 0x11 -> encrypt -> decrypt -> back to 0x11 I realize that the Decrypt array is showing as decimal an...