ESP Chip Errata Logo

ESP32-H2 Series SoC Errata

  • Chip Revision Identification
  • Errata Summary
  • All Errata Descriptions
  • Errata Descriptions by Chip Revisions
    • v0.0 (13)
    • v0.1 (13)
      • [BOOT-9537] Accidentally Enter USB Download Boot Mode If the Power-up Duration Is Too Long
      • [ADC-7227] Unavailable Channel 4 in SRA ADC1
      • [AES-11401] CPA Attack-Related Security Vulnerability
      • [ECC-11400] Timing Attack-Related Security Vulnerability
        • Description
        • Workarounds
        • Solution
      • [LEDC-253] Unable to Reach 100% Duty Cycle at Maximum Duty Resolution
      • [PCNT-249] Unable to Trigger Step Interrupts
      • [ADC-1477] Loss of Precision in Lower Four Bits of SAR ADC
      • [SPI-304] Enabling Flash Auto Suspend May Cause Abnormalities in Data Read
      • [802.15.4-9538] TX Power Variation in Certain RF Certification
      • [CLK-6996] Inaccurate Calibration of RC_FAST_CLK Clock
      • [CPU-206] Possible Deadlock Due to Out-of-Order Execution of Instructions When Writing to LP SRAM Is Involved
      • [I2C-308] I2C Slave Fails in Multiple-read Under Non-FIFO Mode
      • [RMT-176] The Idle State Signal Level Might Run into Error in RMT Continuous TX Mode
    • v1.2 (1)
  • Revision History

Resources and Legal Notices

  • Related Documentation and Resources
  • Disclaimer and Copyright Notice
ESP Chip Errata
  • Errata Descriptions by Chip Revisions
  • Chip Revision: v0.0
  • [ECC-11400] Timing Attack-Related Security Vulnerability
    • Download PDF

[ECC-11400] Timing Attack-Related Security Vulnerability

Affected revisions: v0.0 v0.1

Description

ECC does not operate in a constant time when performing point multiplication, making it susceptible to timing attacks.

Workarounds

The ECC driver has randomized the power profile and made it appear constant time. This requires Secure Boot to be enabled for full effectiveness.

ESP-IDF has bypassed this issue in the following released versions.

Table 6 ESP-IDF Released Versions

ESP-IDF Release Branch

Released Version

release/v5.4 and above

v5.4

release/v5.3

v5.3.2

release/v5.2

v5.2.5

release/v5.1

v5.1.5

Solution

Fixed in chip revision v1.2. Chip revision v1.2 has introduced constant time and consumption mode, in which each point multiplication calculation consumes the same amount of time and power, able to effectively resist timing attacks.

Next Previous
Suggestion on this document?

 Provide feedback
Help improve this document?

 Edit on GitHub
Need more information?

 Check ESP forum
 Sales Questions
 Technical Inquiries

  • © Copyright 2024 - 2025, Espressif Systems (Shanghai) Co., Ltd

    Built with Sphinx using a theme based on Read the Docs Sphinx Theme.