ESP Chip Errata Logo

ESP32-H2 Series SoC Errata

  • Chip Revision Identification
  • Errata Summary
  • All Errata Descriptions
  • Errata Descriptions by Chip Revisions
    • v0.0 (13)
    • v0.1 (13)
      • [BOOT-9537] Accidentally Enter USB Download Boot Mode If the Power-up Duration Is Too Long
      • [ADC-7227] Unavailable Channel 4 in SRA ADC1
      • [AES-11401] CPA Attack-Related Security Vulnerability
        • Description
        • Workarounds
        • Solution
      • [ECC-11400] Timing Attack-Related Security Vulnerability
      • [LEDC-253] Unable to Reach 100% Duty Cycle at Maximum Duty Resolution
      • [PCNT-249] Unable to Trigger Step Interrupts
      • [ADC-1477] Loss of Precision in Lower Four Bits of SAR ADC
      • [SPI-304] Enabling Flash Auto Suspend May Cause Abnormalities in Data Read
      • [802.15.4-9538] TX Power Variation in Certain RF Certification
      • [CLK-6996] Inaccurate Calibration of RC_FAST_CLK Clock
      • [CPU-206] Possible Deadlock Due to Out-of-Order Execution of Instructions When Writing to LP SRAM Is Involved
      • [I2C-308] I2C Slave Fails in Multiple-read Under Non-FIFO Mode
      • [RMT-176] The Idle State Signal Level Might Run into Error in RMT Continuous TX Mode
    • v1.2 (1)
  • Revision History

Resources and Legal Notices

  • Related Documentation and Resources
  • Disclaimer and Copyright Notice
ESP Chip Errata
  • Errata Descriptions by Chip Revisions
  • Chip Revision: v0.0
  • [AES-11401] CPA Attack-Related Security Vulnerability
    • Download PDF

[AES-11401] CPA Attack-Related Security Vulnerability

Affected revisions: v0.0 v0.1

Description

The chip’s Flash Encryption is based on XTS-AES. Flash Encryption as well as Secure Boot may be bypassed by using a Correlation Power Analysis (CPA) attack combined with Fault Injection (FI) and a buffer overflow exploitation.

Workarounds

Long lived encryption keys that are common between the devices or manufacturing batch should be avoided at all costs.

Enable Flash Encryption and Secure Boot at the same time, which can minimize the risk of attacker rewriting with the firmware.

Solution

Fixed in chip revision v1.2. Chip revision v1.2 has introduced anti-attack pseudo-round function, which can effectively resist CPA attacks.

Next Previous
Suggestion on this document?

 Provide feedback
Help improve this document?

 Edit on GitHub
Need more information?

 Check ESP forum
 Sales Questions
 Technical Inquiries

  • © Copyright 2024 - 2025, Espressif Systems (Shanghai) Co., Ltd

    Built with Sphinx using a theme based on Read the Docs Sphinx Theme.