ESP32 Secure Boot

szarzycki · January 21, 2020, 7:55pm

Is it possible to integrate the ESP32 secure boot module with platformIO? For those unaware, this is what I’m referring to.

maxgerhardt · January 21, 2020, 8:41pm

The “Secure Boot” and “Flash Encryption” of the current ESP32 has been defeated in November last year. Only new silicon-revision chips (starting at ESP32-D0WD-V3) fix the problem.

Using a power glitch attack, it’s possible to extract the secure bootloader key (SBK) and the flash encryption key (FEK). The article shows how to dump the keys and encrypt and sign a new firmware as an attacker.

https://nvd.nist.gov/vuln/detail/CVE-2019-17391

Sure you want to use that ?

Anways I don’t think PlatformIO supports automatic generation of signed binaries at the moment, at least not according to the docs. Right, @ivankravets?

szarzycki · January 22, 2020, 2:07pm

Thanks for the concerning information. There goes my plans!

ivankravets · March 18, 2020, 10:56am

It seems we do not support this Please report a bug at Issues · platformio/platform-espressif32 · GitHub

gkfernandes · December 2, 2021, 12:23pm

Hello there,

Does PlatformIO support flash encryption for ESP32 nowadays?

Thanks!