Secure ESP32 is an entry point for Espressif development ESP32 platforms and a part of a larger project for best practice recommended for IoT firmwares security.
It focuses on maintaining different security parts of the network protocols used to foster good practice and awareness of security weaknesses and point to components that needfurther hardening.
All developments have been conducted on an ESP32 ESPRESSIF development kit platform:
- The currently supported ESP32 development board is: ESP-WROOM-32 DEVKIT-V1
- The currently supported features are: WiFi, BT, Dual Core, 240MHz, VRef calibration in efuse, Coding Scheme None
- The currently supported chip version is: ESP32D0WDQ6
- The currently supported host operating system is: Linux 64-bit
The project may need modifications to work with other versions or other boards.
This current version supports the following features :
- Automated script to set up the Espressif development environment, increase entropy when generating keys and generate Flash Encryption and Secure Boot Signing Keys.
- Main set up for the Flash Encryption mode.
- Build chains of trust certificate used for TLS layer, check the Certificate Management submodule.
- Wifi Access Point task.
- HTTPS Requests task with TLS layer.
- MQTT Client task with TLS layer.
- Add more network and IoT communication protocols.
- Implement end-to-end encryption for better defense-in-depth against TLS limitation (when the service itself is compromised) and to avoid data breaches.
You are welcome to contribute and suggest any improvements. If you want to point to an issue, Please file an issue.
If you have questions or need further guidance on using the tool, Please file an issue.
Fork the repository, file a pull request and You are good to go ;)
This project is licensed under The MIT License terms.
Copyright (c) 2019 Rtone IoT Security