Espressif Launches ESP Privilege Separation, Giving the ESP32-C3 a Secure Split Personality
Designed to keep user-facing applications from interfering with protected code, the beta framework brings some interesting new features.
Espressif has announced a shiny new feature for its ESP32 microcontroller family, starting with the ESP32-C3: privilege separation, designed boost security by keeping user applications from interfering with protected applications.
"Traditionally, any ESP-IDF application on an Espressif SoCs [Systems on Chips] is built as a single monolithic firmware without any separation between the 'core' components (operating system, networking, etc.) and the 'application' or 'business' logic," Espressif's Sachin Parekh explains. "In the ESP Privilege Separation framework, we split the firmware image into two separate and independent binaries: Protected and user application."
The result, which places the new Privilege Separation Framework above the ESP-IDF framework, is the creation of two isolated execution environments: One secure and one insecure. User-facing applications running in the insecure environment are isolated from the protected application, boosting security and ensuring that bugs in what Parekh calls the "business logic" won't affect the whole system and can be more readily caught and diagnosed β even remotely.
The framework allows for other possibilities, too: Over-The-Air (OTA) updates can be issued for either or both isolated environments entirely independently, any required certifications to the protected application can be applied for once regardless of the number of updates issued to the user-facing code, and it allows for multiple user-facing applications to be chosen and called from within the single protected application.
Sadly for those working with older hardware, the feature is currently exclusive to the RISC-V ESP32-C3. "We started off with a PoC [Proof of Concept] on ESP32 and realized that there were limitations in it," Parekh explains, "and we would require some robust hardware support that can enforce permissions at the hardware level to achieve isolation between the user and kernel application. This led us to design our own custom peripherals in ESP32-C3."
Those with a suitable microcontroller can find the open source framework on Espressif's GitHub repository, with a detailed programming guide available on its documentation site. The company is keen to point out, however, that the framework should be considered in beta status.