You definitely need to protect the device against running malicious firmware (->secure boot). I'll definitely add this as a "layer" of security. I just don't want to rely only on that feature, leaving things behind unprotected. Otherwise an attacker could run his own firmware and let it brute-force...

Hello @ESP_harshal, If you do not enable secure boot, and even if you somehow read-protect the NVS encryption key (maybe by storing the encryption key directly in the efuses like the read-protected flash encryption key), the "other app" which has been flashed can still decrypt the NVS and get plaint...

I don't really completely understand how it works on ESP32-C3. Things that clear to me: 1. HMAC are used as a KDF to securely derive AES encryption key, which are used to encrypt/decrypt data on NVS partition. 2. The key for HMAC are stored in eFuse, read protected. Ok, but HMAC also takes 'message'...

In downstream mode (configurable by eFuse), the HMAC->AES key path also is protected, as in the CPU can access neither the eFuses with the original key material nor the derived AES key. It's an old post, but this sentance got my attention. Could you please confirm this and specify ESP32 part which ...