In this post we’ll explore the differences between the new -E revision ESP32 modules verses previous revision modules (-D and older). This post will highlight the differences between both ESP32-WROOM-32D / 32E and WROVER-I /WROVER-IE.
At the beginning of 2020, Espressif announced the new series of modules, which ended with the letter E, namely
All these modules share the ESP32 ECO-V3 chip, which is the newest ESP32 core silicon release (at the time of writing). The standard ESP32 SoCs, the ESP32-D0WD and ESP32-D0WDQ6, have been updated and named ESP32-D0WD-V3 and ESP32-D0WDQ6-V3. In the next section we will see which are the main differences between the ECO-V3 and the previous ESP32 versions and in the third section we’ll look at one very important improvement. We will then see when to use the -E modules and when to use the older ones.
Regarding firmware and pinout compatibility, the older and new modules are interchangeable.
There are six main differences reported by Espressif – four bug fixes and two improvements.
Listed in the order chosen by Espressif:
For more information, please refer to the Official ECO-V3 User Guide.
In September 2019, LimitedResults described in his post a serious ESP32 vulnerability. He showed how a timely glitch on the supply rails of the ESP32 can lead to the reading of both secure bootloader encryption key (SBK) and flash encryption key (FEK).
To understand the exploitation, we must first understand the ESP32 eFuses. eFuses are non-volatile memory blocks which can be written only once: When a 1 is written in an eFuse bit, it cannot be reverted to 0. eFuses are organized in four blocks:
The ROM bootloader uses the SBK to verify the user bootloader on flash, which then checks trough ECDSA whether the application firmware is signed properly. After the reset, the eFuse controller reads the fuses and checks all the BLK0 flags.
LimitedResults was able to inject a glitch on the supply rails at the time when the eFuses controller reads the configuration bits, thus allowing him to read both SBK and FEK – even if the chip was secured and all the BLK0 flags are set to disable the reading. For detailed explaination, please read the ESP32 Fault Injection Vulnerability Press release.
The required equipment for this attack is fairly common and inexpensive but on the other hand the attacker needs physical access to the device to exploit this vulnerability. Our only recommended solution is to upgrade to the new ECO-V3 chip, but note that this will require re-certification of your product.
Previous revision modules are still available to buy, but using them is not recommended.