Benefits of external crypto IC (e.g. ATECC508A) vs flash encryption

p-rimes
Posts: 15
Joined: Thu Jun 08, 2017 6:20 pm

Benefits of external crypto IC (e.g. ATECC508A) vs flash encryption

Postby p-rimes » Sat Oct 14, 2017 12:43 am

This is perhaps a naive question or my information is incorrect, but I would like some opinions on the matter.

Suppose that flash encryption is eventually supported for the NVS partitions, is that a safe place to store our private keys?

What would be the advantages of using an external crypto IC (e.g. Microchip ATECC508A) in this case? Some I can think of:
  • Dedicated ECC processing offload, since ESP32 does not have ECC H/W accelerated?
  • Stronger security in the case of remote code execution? (since the private key cannot be read from the crypto chip into RAM, only crypto operations are allowed)
  • Maybe easier for manufacturing, to get the crypto ICs pre-programmed?

Or, does ESP32 flash encryption obsolete the need for a separate IC (and using one would be overkill)?

Who is online

Users browsing this forum: No registered users and 2 guests