ASF-Nabd/ASF_01_sys_sw_arch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

analysis

Browse Source
This commit is contained in:
mahmamdouh
2026-01-25 17:17:08 +01:00
parent edd3e96591
commit 0daead7821
21 changed files with 1636 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
System Design/Creating Gap Analysis and Solutions Documentation/02_Security_Model.md Normal file
View File

@@ -0,0 +1,36 @@
# 2. Security Model
## Overview
Security is a non-negotiable requirement for industrial systems. The ASF project leverages the hardware security features of the ESP32-S3 to establish a robust Root of Trust and secure communication channels.
## Root of Trust
The following features are mandatory to ensure the integrity of the device and its firmware:
* **Secure Boot V2:** Ensures only digitally signed firmware can run on the device.
* **Flash Encryption:** Protects the firmware and sensitive data stored in flash memory from physical access.
* **eFuse-based Anti-rollback:** Prevents the installation of older, potentially vulnerable firmware versions.
> **Industrial Standard:** These features are the baseline for any production-ready industrial embedded system.
## Device Identity & Authentication
A unique identity for each device is established using X.509 certificates and mutual TLS (mTLS).
| Item | Implementation |
| :--- | :--- |
| **Identity** | Device-unique X.509 certificate |
| **Private Key** | Stored securely in eFuse or encrypted flash |
| **Authentication** | Mutual TLS (mTLS) for all broker communications |
| **Provisioning** | Handled via a secure factory or onboarding mode |
### Key Insight
The ESP32-S3 is optimized to handle a single device certificate efficiently. It is recommended to avoid managing large certificate chains on the device itself to conserve resources.
## Key Lifecycle Management
The lifecycle of security keys is managed from manufacturing through operation and eventual revocation.
| Phase | Mechanism |
| :--- | :--- |
| **Manufacturing** | Injection of the unique device certificate and private key. |
| **Operation** | Use of TLS session keys for encrypted communication. |
| **Rotation** | Certificate rotation managed on the broker/server side. |
| **Revocation** | Use of Certificate Revocation Lists (CRL) or broker-side denylists. |