Do Espressif provide espsecure.py key generation security documentation?

[outportasomebinary]

Hello!

I am working on compiling information for the cybersecurity standard EN 18031-1. I am wondering if there are any documentation from Espressif about the security level of the espsecure commands to generate a secure boot signing key and a flash encryption key?

More specifically, I am running `espsecure.py generate_flash_encryption_key` and `espsecure.py generate_signing_key` to generate secure boot (v1) and flash encryption keys respectively.

As per the EN 18031-1 standard, I am required to document the following, and I am wondering if Espressif provides this documentation anywhere:

Because I am using `espsecure` as a confidential cryptographic key generation mechanism, I need to provide:

for the random number source:

list the best practices followed by that source

explain why the source provides sufficient security strength

explain how the source is configured and initialized

for the random number generator:

list the best practices followed by the random number generator

explain why the random number generator provides sufficient security strength

explain how the random number generator is configured and initialized

Thanks!

[Mahavir]

Hello,

The espsecure script uses standard python os.urandom call for RNG requirement. Please refer to documentation details here for more information: https://docs.python.org/3/library/os.html#os.urandom

Regarding the EN 18031 compliance, please refer to:

https://developer.espressif.com/blog/20 ... nce-guide/
https://developer.espressif.com/blog/20 ... ide-part2/

Technical posts above also carries pointers to webinars that we had conducted with our partner security labs. Please feel free to contact our support channel for more information on the documentation templates.

Hope this helps!