Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test / Document Flash Encryption #95

Open
JosephHewitt opened this issue Jul 16, 2023 · 0 comments
Open

Test / Document Flash Encryption #95

JosephHewitt opened this issue Jul 16, 2023 · 0 comments
Assignees
@JosephHewitt
Labels
enhancement New feature or request

Comments

@JosephHewitt
Copy link
Owner

Currently the NVS is unencrypted. This should be encrypted to improve security, but doing so requires the full flash to be encrypted.

The only secure way to enable encryption on all Wardrivers is to let the device itself handle key generation but this could lead to situations where the ESP32 cannot later be re-used for other projects. Specifically enabling encryption in release mode makes it so "flashing plaintext firmware to the device without knowing the encryption key is no longer possible." source. OTA updates should continue to work but devices may be bricked if the OTA fails.

Since it seems the blowing of eFuses cannot be done within the firmware, this would simply be implemented as a list of commands to run in the documentation. The eFuses can be read so then a warning can be displayed recommending users to run those commands.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JosephHewitt JosephHewitt

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JosephHewitt