encryption is working on one device not other

ESP_Angus
Posts: 1225
Joined: Sun May 08, 2016 4:11 am

Re: encryption is working on one device not other

Postby ESP_Angus » Mon Oct 01, 2018 5:17 am

Hi,

Sorry, I was away on leave on Friday.

snahmad75 wrote:If we use the ESP-WROVER-B will Flash encryption work?
Does ESP-WROVER-B willl have efuse CODING_SCHEME=0?


My understanding is that only some ESP-WROVER modules and no ESP-WROVER-B modules were produced with 3/4 Coding Scheme. However, I've asked manufacturing team to confirm this. This week is Chinese National Holiday so I probably won't get confirmation until next week.

We're also working on full 3/4 Coding Scheme support in ESP-IDF right now, so flash encryption & secure boot will be supported in IDF V3.2 and support backported to V3.1.x as well.

WiFive
Posts: 1982
Joined: Tue Dec 01, 2015 7:35 am

Re: encryption is working on one device not other

Postby WiFive » Mon Oct 01, 2018 6:30 am

ESP_Angus wrote:We're also working on full 3/4 Coding Scheme support in ESP-IDF right now, so flash encryption & secure boot will be supported in IDF V3.2 and support backported to V3.1.x as well.


What is the effect of 3/4 encoding on key length and entropy?

ESP_Angus
Posts: 1225
Joined: Sun May 08, 2016 4:11 am

Re: encryption is working on one device not other

Postby ESP_Angus » Mon Oct 01, 2018 6:34 am

WiFive wrote:
ESP_Angus wrote:We're also working on full 3/4 Coding Scheme support in ESP-IDF right now, so flash encryption & secure boot will be supported in IDF V3.2 and support backported to V3.1.x as well.


What is the effect of 3/4 encoding on key length and entropy?


Devices with 3/4 encoding have a 192 bit usable key blocks rather than 256 bits (as 25% of the bits are used for the error detection/correction bits). So available key length is reduced accordingly.

WiFive
Posts: 1982
Joined: Tue Dec 01, 2015 7:35 am

Re: encryption is working on one device not other

Postby WiFive » Mon Oct 01, 2018 7:55 am

ESP_Angus wrote:
Devices with 3/4 encoding have a 192 bit usable key blocks rather than 256 bits (as 25% of the bits are used for the error detection/correction bits). So available key length is reduced accordingly.

Does the encryption engine use aes 192 or does it use aes 256 where the remaining key bits are either filled with 0 or the ecc bits?

snahmad75
Posts: 263
Joined: Wed Jan 24, 2018 6:32 pm

Re: encryption is working on one device not other

Postby snahmad75 » Mon Oct 01, 2018 10:29 am

ESP_Angus wrote:Hi,

My understanding is that only some ESP-WROVER modules and no ESP-WROVER-B modules were produced with 3/4 Coding Scheme. However, I've asked manufacturing team to confirm this. This week is Chinese National Holiday so I probably won't get confirmation until next week.


We found out ESP-WROVER-B modules shows efuse "CODING_SCHEME" = 1. so we cannot use encryption with any ESP32 WROVER PCB.
I guess we have wait for ESP-IDF SDK update which will support "CODING_SCHEME" = 1. Hopefully within 1 month time.

snahmad75
Posts: 263
Joined: Wed Jan 24, 2018 6:32 pm

Re: encryption is working on one device not other

Postby snahmad75 » Fri Oct 05, 2018 8:20 pm

Kindly do reply. I are going into production within 1 month time. need to sort this out.

WiFive
Posts: 1982
Joined: Tue Dec 01, 2015 7:35 am

Re: encryption is working on one device not other

Postby WiFive » Fri Oct 05, 2018 9:53 pm

snahmad75 wrote:We found out ESP-WROVER-B modules shows efuse "CODING_SCHEME" = 1.


What is your source for that? You tested yourself or somebody told you? Who?

snahmad75
Posts: 263
Joined: Wed Jan 24, 2018 6:32 pm

Re: encryption is working on one device not other

Postby snahmad75 » Fri Oct 05, 2018 10:10 pm

I check myself using esptool efuse from board.

WiFive
Posts: 1982
Joined: Tue Dec 01, 2015 7:35 am

Re: encryption is working on one device not other

Postby WiFive » Sat Oct 06, 2018 12:22 am

That's unfortunate and in direct conflict to
no ESP-WROVER-B modules were produced with 3/4 Coding Scheme
.

Can you post efuse dump?

snahmad75
Posts: 263
Joined: Wed Jan 24, 2018 6:32 pm

Re: encryption is working on one device not other

Postby snahmad75 » Sat Oct 06, 2018 11:16 am

I have two board. The second BOARD2.txt claim by distributor/sales is ESP-WROVER-B. It has correct coding scheme but few others key/values are different. After upload my firmware. It was not working full for example ADC voltage calculation.

You can do diff between these two text files.

First board is with coding scheme=0. I think it was not ESP-WROVER-B. but my firmware works fine on this board without encryption.

Kindly do reply.
Attachments
Board2.txt
(2.99 KiB) Downloaded 14 times
Board1.txt
(3.26 KiB) Downloaded 12 times

Who is online

Users browsing this forum: No registered users and 21 guests