You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the NVS is unencrypted. This should be encrypted to improve security, but doing so requires the full flash to be encrypted.
The only secure way to enable encryption on all Wardrivers is to let the device itself handle key generation but this could lead to situations where the ESP32 cannot later be re-used for other projects. Specifically enabling encryption in release mode makes it so "flashing plaintext firmware to the device without knowing the encryption key is no longer possible." source. OTA updates should continue to work but devices may be bricked if the OTA fails.
Since it seems the blowing of eFuses cannot be done within the firmware, this would simply be implemented as a list of commands to run in the documentation. The eFuses can be read so then a warning can be displayed recommending users to run those commands.
The text was updated successfully, but these errors were encountered:
Currently the NVS is unencrypted. This should be encrypted to improve security, but doing so requires the full flash to be encrypted.
The only secure way to enable encryption on all Wardrivers is to let the device itself handle key generation but this could lead to situations where the ESP32 cannot later be re-used for other projects. Specifically enabling encryption in
release
mode makes it so "flashing plaintext firmware to the device without knowing the encryption key is no longer possible." source. OTA updates should continue to work but devices may be bricked if the OTA fails.Since it seems the blowing of eFuses cannot be done within the firmware, this would simply be implemented as a list of commands to run in the documentation. The eFuses can be read so then a warning can be displayed recommending users to run those commands.
The text was updated successfully, but these errors were encountered: