Search found 32 matches

by gb.123
Sun Aug 20, 2023 2:17 am
Forum: Hardware
Topic: [Question] : Has Security Advisory AR2022-003 been addressed ?
Replies: 4
Views: 1711

Re: [Question] : Has Security Advisory AR2022-003 been addressed ?

Well the Document states : "SCA and BBI vulnerabilities reported in this advisory may be applicable for Espressif SoC's including ESP32, ESP32-S2, ESP32-C3 and ESP32-S3. We will incorporate hardware countermeasures in our future chips to address these vulnerabilities." Also For ESP32, EMFI has been ...
by gb.123
Fri Aug 18, 2023 12:39 pm
Forum: Hardware
Topic: [Question] : Has Security Advisory AR2022-003 been addressed ?
Replies: 4
Views: 1711

[Question] : Has Security Advisory AR2022-003 been addressed ?

Hello,
Anyone knows if Security Advisory AR2022-003 been addressed ?
If yes, then what is the revision number of ESP32-S3 that addresses this issue ?
(I am specifically looking ESP32-S3-DevKitC which addresses this issue)
Thanks
by gb.123
Sun Feb 20, 2022 3:26 pm
Forum: ESP-IDF
Topic: Secure Boot V2 failure: Sig block 0 invalid: Image digest does not match
Replies: 4
Views: 3623

Re: Secure Boot V2 failure: Sig block 0 invalid: Image digest does not match

After discussion on the ESP-IDF github, it was concluded that this is due to mismatch of Size header in the bootloader.
Best way is to manually pass --flash_size keep or --flash_size <SIZE>
by gb.123
Thu Feb 17, 2022 7:11 pm
Forum: ESP-IDF
Topic: ESP32 Efuses
Replies: 1
Views: 2382

Re: ESP32 Efuses

Is it ok to do that? I think its a design flaw (imho)... If you dont mind the keys being read, why not store it in your program itself and check for it while the program boots ? (unless you are using this as a digest again)... there should be no 'negative' effect though as far as esp32 is cnocerned...
by gb.123
Thu Feb 17, 2022 5:26 pm
Forum: ESP-IDF
Topic: [Script] Easy burn e-fuse in case of Flashing Pre-Generated Keys for Flash Encryption
Replies: 3
Views: 3816

[Script] Easy burn e-fuse in case of Flashing Pre-Generated Keys for Flash Encryption

Hi All ! After reading so much on the forum and getting help from ESP admins and mods, I have written a simple BAT script to burn the required fuses to protect ESP incase someone wants to burn pre-flashed keys. Please replace : <PORT> to your actual connected port <KEY> Path to your Key.bin ::*** fr...
by gb.123
Thu Feb 17, 2022 3:42 pm
Forum: ESP-IDF
Topic: Secure Boot V2 failure: Sig block 0 invalid: Image digest does not match
Replies: 4
Views: 3623

Re: Secure Boot V2 failure: Sig block 0 invalid: Image digest does not match

I am also having the same problem. I am using ESP32-DevkitC-VE (Wrover Module) with 8MB Flash. If I burn the digest using : espefuse.py --port COM6 burn_key_digest X:\secure_boot_signing_key.pem, I get "Sig block 0 invalid: Image digest does not match" If I dont burn the digest manually, I get simil...
by gb.123
Thu Feb 17, 2022 12:32 pm
Forum: ESP-IDF
Topic: Does Partition.bin also need to be signed when using SecureBoot V2
Replies: 4
Views: 3816

Does Partition.bin also need to be signed when using SecureBoot V2

Hi !

I was wondering if Partition.bin(or Partition-table.bin) also needs to be signed when using SecureBoot V2. Signing is done seperately using espsecure.py sign_data command.

Does Partition.bin(or Partition-table.bin) need to be signed or is ot supposed to be burnt unsigned ?

Thanks for the help!
by gb.123
Tue Feb 01, 2022 8:20 pm
Forum: ESP-IDF
Topic: Problem in Computing AES 256 CBC
Replies: 19
Views: 28375

Re: Problem in Computing AES 256 CBC

Hi @chegewara, I am trying to decrypt the file while writing OTA. The problem is that I get esp_image: invalid segment length 0xffc70fb10m if I use decryption. Direct non-encrypted OTA updates fine . Code : if (true) { #define BUFFER_SIZE=2048 mbedtls_aes_context aes; const uint8_t key[] = {0x10,0x1...
by gb.123
Tue Feb 01, 2022 7:04 am
Forum: ESP-IDF
Topic: Problem in Computing AES 256 CBC
Replies: 19
Views: 28375

Re: Problem in Computing AES 256 CBC

I know int (11) is not the same as hex (0x11) and definitely not the same as "11". What I wanted to do was get a series of bytes is input to be encoded and decoded back to byte format. i,e -> input = 0x11 -> encrypt -> decrypt -> back to 0x11 I realize that the Decrypt array is showing as decimal an...