docs: Add pentest results and update project docs
Executed non-invasive pentest against amber-maple (v1.12-dev): - Phase 1: mDNS, port scan, binary analysis, eFuse readout - Phase 2: HMAC timing, command injection (27 tests), replay (6 tests) - Phase 3: NVS analysis, CVE check (12 CVEs), binary structure All network-facing tests PASS. Physical security gaps documented.
This commit is contained in:
user
12
TODO.md
12
TODO.md
@@ -2,6 +2,18 @@
|
||||
|
||||
## Firmware
|
||||
|
||||
### Security (from pentest findings)
|
||||
- [ ] Enable `CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y` (stack canaries)
|
||||
- [ ] Enable `CONFIG_HEAP_POISONING_LIGHT=y` (heap corruption detection)
|
||||
- [ ] Enable `CONFIG_ESP_TASK_WDT_PANIC=y` (WDT auto-recovery)
|
||||
- [ ] Remove unused `#include "esp_now.h"` from app_main.c
|
||||
- [ ] Remove hardcoded default IP `192.168.129.11` from binary
|
||||
- [ ] Flash encryption planning (irreversible eFuse burn)
|
||||
- [ ] Secure Boot V2 planning (irreversible eFuse burn)
|
||||
- [ ] DTLS for UDP command channel (stretch goal)
|
||||
- [ ] OTA certificate pinning / embedded CA cert
|
||||
- [ ] NVS encryption for auth_secret at rest
|
||||
|
||||
### Features
|
||||
- [ ] Multi-target (send UDP data to 2+ destinations simultaneously)
|
||||
- [ ] Deep sleep mode with wake-on-CSI-motion
|
||||
|
||||
Reference in New Issue
Block a user