ESP-IDF WiFi Password Protection

[bakerstu]

Need to audit the ways in which WiFi passwords are passed around memory and what level of protection we can provide.

At the moment, WiFi passwords are held in volatile arrays. Conceivably these can be leaked over the PSRAM interface at startup. This could be particularly problematic when the product reaches end of life and is discarded. A militous actor could gain physical access and the expose the WiFi passwords by monitoring the PSRAM interface.

One possible "easy" mitigation is to ensure that passwords are only ever stored in encrypted FLASH or internal SRAM. It is not impossible that a hacker could exploit a bug to inject code which can still expose the password from internal SRAM, but at least preventing it from being exposed over the PSRAM interface raises the barrier for a hacker considerably.

[bakerstu]

It does seem like PSRAM can be encrypted. Need to verify how this works and if it is adequate:
https://docs.espressif.com/projects/esp-idf/en/stable/esp32s3/api-guides/external-ram.html#encryption

[atanisoft]

Encrption of PSRAM also depends on general flash encryption to be enabled which is a one-time task and one-way only from what I've read on it. We will need to also explore does this impact OTA support (firmware upload via OpenLCB or raw OTA support). If possible, I'd like to suggest avoiding encryption if we can avoid it as a hard requirement since it has generated a number of reports of failures by users during usage.