Suppose that flash encryption is eventually supported for the NVS partitions, is that a safe place to store our private keys?
What would be the advantages of using an external crypto IC (e.g. Microchip ATECC508A) in this case? Some I can think of:
- Dedicated ECC processing offload, since ESP32 does not have ECC H/W accelerated?
- Stronger security in the case of remote code execution? (since the private key cannot be read from the crypto chip into RAM, only crypto operations are allowed)
- Maybe easier for manufacturing, to get the crypto ICs pre-programmed?
Or, does ESP32 flash encryption obsolete the need for a separate IC (and using one would be overkill)?