Page 2 of 4
Re: encryption is working on one device not other
Posted: Mon Oct 01, 2018 5:17 am
by ESP_Angus
Hi,
Sorry, I was away on leave on Friday.
snahmad75 wrote:If we use the ESP-WROVER-B will Flash encryption work?
Does ESP-WROVER-B willl have efuse CODING_SCHEME=0?
My understanding is that only some ESP-WROVER modules and no ESP-WROVER-B modules were produced with 3/4 Coding Scheme. However, I've asked manufacturing team to confirm this. This week is Chinese National Holiday so I probably won't get confirmation until next week.
We're also working on full 3/4 Coding Scheme support in ESP-IDF right now, so flash encryption & secure boot will be supported in IDF V3.2 and support backported to V3.1.x as well.
Re: encryption is working on one device not other
Posted: Mon Oct 01, 2018 6:30 am
by WiFive
ESP_Angus wrote:
We're also working on full 3/4 Coding Scheme support in ESP-IDF right now, so flash encryption & secure boot will be supported in IDF V3.2 and support backported to V3.1.x as well.
What is the effect of 3/4 encoding on key length and entropy?
Re: encryption is working on one device not other
Posted: Mon Oct 01, 2018 6:34 am
by ESP_Angus
WiFive wrote:ESP_Angus wrote:
We're also working on full 3/4 Coding Scheme support in ESP-IDF right now, so flash encryption & secure boot will be supported in IDF V3.2 and support backported to V3.1.x as well.
What is the effect of 3/4 encoding on key length and entropy?
Devices with 3/4 encoding have a 192 bit usable key blocks rather than 256 bits (as 25% of the bits are used for the error detection/correction bits). So available key length is reduced accordingly.
Re: encryption is working on one device not other
Posted: Mon Oct 01, 2018 7:55 am
by WiFive
ESP_Angus wrote:
Devices with 3/4 encoding have a 192 bit usable key blocks rather than 256 bits (as 25% of the bits are used for the error detection/correction bits). So available key length is reduced accordingly.
Does the encryption engine use aes 192 or does it use aes 256 where the remaining key bits are either filled with 0 or the ecc bits?
Re: encryption is working on one device not other
Posted: Mon Oct 01, 2018 10:29 am
by snahmad75
ESP_Angus wrote:Hi,
My understanding is that only some ESP-WROVER modules and no ESP-WROVER-B modules were produced with 3/4 Coding Scheme. However, I've asked manufacturing team to confirm this. This week is Chinese National Holiday so I probably won't get confirmation until next week.
We found out ESP-WROVER-B modules shows efuse "CODING_SCHEME" = 1. so we cannot use encryption with any ESP32 WROVER PCB.
I guess we have wait for ESP-IDF SDK update which will support "CODING_SCHEME" = 1. Hopefully within 1 month time.
Re: encryption is working on one device not other
Posted: Fri Oct 05, 2018 8:20 pm
by snahmad75
Kindly do reply. I are going into production within 1 month time. need to sort this out.
Re: encryption is working on one device not other
Posted: Fri Oct 05, 2018 9:53 pm
by WiFive
snahmad75 wrote:
We found out ESP-WROVER-B modules shows efuse "CODING_SCHEME" = 1.
What is your source for that? You tested yourself or somebody told you? Who?
Re: encryption is working on one device not other
Posted: Fri Oct 05, 2018 10:10 pm
by snahmad75
I check myself using esptool efuse from board.
Re: encryption is working on one device not other
Posted: Sat Oct 06, 2018 12:22 am
by WiFive
That's unfortunate and in direct conflict to
no ESP-WROVER-B modules were produced with 3/4 Coding Scheme
.
Can you post efuse dump?
Re: encryption is working on one device not other
Posted: Sat Oct 06, 2018 11:16 am
by snahmad75
I have two board. The second BOARD2.txt claim by distributor/sales is ESP-WROVER-B. It has correct coding scheme but few others key/values are different. After upload my firmware. It was not working full for example ADC voltage calculation.
You can do diff between these two text files.
First board is with coding scheme=0. I think it was not ESP-WROVER-B. but my firmware works fine on this board without encryption.
Kindly do reply.