|
|
|
|
|
|
by mmoskal
1969 days ago
|
|
|
This exploit is about loading your own code to, and reading existing code from, a locked (encrypted) ESP32 - which is pretty bad, as it lets someone with physical access to a device to replace firmware on it, but also if you store the same secret in flash of devices you ship, someone can take one of them and get the secret (potentially compromising them all). A single secret, shipped to users is never a good security architecture, as we have learned multiple times. However, it's not like this breaks security of your hobbyist projects. OTOH, the RP2040 doesn't even have flash encryption or secure boot. Which I guess makes sense, given that it looks like a first mass produced MCU designed specifically for education/makers/hackers. |
|
|
At that price point you should just be thankful for what you're getting.