PlatformIO Community

ESP32 Secure Boot

Is it possible to integrate the ESP32 secure boot module with platformIO? For those unaware, this is what I’m referring to.

The “Secure Boot” and “Flash Encryption” of the current ESP32 has been defeated in November last year. Only new silicon-revision chips (starting at ESP32-D0WD-V3) fix the problem.

Using a power glitch attack, it’s possible to extract the secure bootloader key (SBK) and the flash encryption key (FEK). The article shows how to dump the keys and encrypt and sign a new firmware as an attacker.

https://news.ycombinator.com/item?id=21599545

https://nvd.nist.gov/vuln/detail/CVE-2019-17391

Sure you want to use that :slight_smile:?

Anways I don’t think PlatformIO supports automatic generation of signed binaries at the moment, at least not according to the docs. Right, @ivankravets?

Thanks for the concerning information. There goes my plans!

It seems we do not support this :frowning: Please report a bug at Issues · platformio/platform-espressif32 · GitHub

Hello there,

Does PlatformIO support flash encryption for ESP32 nowadays?

Thanks!

1 Like