ESP32 Fault Injection and Secure Boot flaw

Hi what is currently the status of the Arduino IDE with respect to the Fault_Injection_and_Secure_Boot security flaw of the ESP32 microcontroller.

Will the IDE provide the fix as it is availble on the own Espressif IDE?

An IDE will never apply a fix. Look to the core code to make a determination; check out GitHub for open/closed status.

... the link is posted Sept 2019.

All existing users of Secure Boot and Flash Encryption on the ESP32 should upgrade ESP-IDF to versions 3.0.9, 3.1.6, 3.2.3, 3.3.1 as soon as these versions are available. These versions, and ESP-IDF v4.0 and newer, will contain a patch to permanently enable Flash Encryption when Secure Boot is used, preventing it from ever being temporarily disabled.

Following the chain of notations from Espressif:

Latest Arduino Core ESP32 version is now compatible with ESP-IDF v4.4. Please consider this compability when using Arduino as component in ESP-IDF.

Effective use of any forum implies that the Op should attempt to ascertain the answer prior to asking the question. This was very easy, just 2 links beyond your starting link.

Maybe you do not understand how 3rd party cores function; Espressif and STM in particular: The manufacturer has their own C++ development system and provides high-end function libraries. For the ArduinoIDE and simplified language commands, someone writes a "wrapper" to encapsulate the manufactures libraries and functions and to mimic Arduino behavior: the level of compatibility is generally good. But forward motion on bugs identified to be in the manufactures code or silicon must (generally) be corrected by the manufacturer before the fix flows to the Arduino core code.


This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.