news

Espressif Product Security Advisory Concerning Secure Boot (CVE-2018-18558)

Shanghai, China
Nov 1, 2018

In previous releases of ESP-IDF releases (2.x, 3.0.5, 3.1), the 2nd stage Bootloader did not sufficiently verify the load address of binary image sections. The recommended configuration is to use Secure Boot together with Flash Encryption. ESP-IDF V3.1.1 and V3.0.6 contain the fix. All users of the Secure Boot feature are encouraged to update.

The ESP-IDF 2nd stage Bootloader implements functions related to the Secure Boot feature. In previous releases of ESP-IDF releases (2.x, 3.0.5, 3.1), the 2nd stage Bootloader did not sufficiently verify the load address of binary image sections. If the Secure Boot feature was used without the Flash Encryption feature enabled, an attacker could craft a binary which would overwrite parts of the 2nd stage Bootloader’s code whilst the binary file is being loaded. Such a binary could be used to execute arbitrary code, thus bypassing the Secure Boot check. In an otherwise secure configuration, an attacker would need to bypass additional protections in order to perform this attack:

The recommended configuration is to use Secure Boot together with Flash Encryption. With Flash Encryption enabled, an attack with physical access would still need to bypass Flash Encryption security measures for this attack to succeed.

Alternatively, an attack would require some other method of writing arbitrary app data into SPI flash then booting it. This is not possible using the ESP-IDF OTA update APIs, unless the application-side binary signature check is bypassed.

ESP-IDF V3.1.1 and V3.0.6 contain the fix. To update to these versions, see:

All users of the Secure Boot feature are encouraged to update.