username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

feat: Auto-generate auth secret and enforce HMAC on privileged commands

Browse Source 
- Generate 128-bit random auth secret on first boot via hardware RNG,
  persist to NVS, log to serial for retrieval
- Gate destructive commands (OTA, FACTORY, REBOOT, TARGET, AUTH,
  HOSTNAME set) behind HMAC authentication
- Read-only and operational commands remain open for monitoring
- Require WPA2/WPA3 for WiFi AP association (reject open/WEP)
This commit is contained in:
user
2026-02-14 18:36:31 +01:00
parent 00b3372a6d
commit ebc8a00b46
2 changed files with 52 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
get-started/csi_recv_router/sdkconfig.defaults
View File

@@ -82,3 +82,8 @@ CONFIG_ESP_WIFI_IRAM_OPT=n
#
CONFIG_PM_ENABLE=y
CONFIG_FREERTOS_USE_TICKLESS_IDLE=y
#
# WiFi Authentication (reject open/WEP APs)
#
CONFIG_EXAMPLE_WIFI_AUTH_WPA2_WPA3_PSK=y