Security Advisory for USB_OTG & USB_Serial_JTAG Download Functions of ESP32-S3 Series Products

1/3Security AdvisoryTitleSecurity Advisory for USB_OTG & USB_Serial_JTAGDownload Functions of ESP32-S3 Series ProductsIssue date2022/12/21Advisory NumberAR2022-004Serial NumberNAVersionV1.1Issue SummaryESP32-S3 features a USB On-The-Go (OTG) interface which complies with theUSB 2.0 specification. It supports downloading firmware through USB module.For more information, please refer to Device Firmware Upgrade Through USB.For ESP32-S3 series chips manufactured before Date Code 22191and modulesand development boards with the PW No. before PW-2022-06-XXXX, theEFUSE_DIS_USB_OTG_DOWNLOAD_MODE (BLK0 B19[7]2) bit of eFuse isset by default and cannot be modified. Therefore, the USB_OTG Downloadfunction is unavailable for these products.Note: This bit (BLK0 B19[7]) was defined as EFUSE_ERR_RST_ENABLE inprevious versions ofESP32-S3 Technical Reference Manualand ESP-IDF, and ithas been redefined as EFUSE_DIS_USB_OTG_DOWNLOAD_MODE in thelatest version.ESP32-S3 also supports downloading firmware through USB_Serial_JTAG.Please refer to Uploading the Application via USB-Serial-JTAG. Users can setEFUSE_DIS_USB_SERIAL_JTAG_DOWNLOAD_MODE (BLK0 B16[4]) todisable this feature.Note: This bit (BLK0 B16[4]) was defined as EFUSE_DIS_USB_DOWNLOAD inprevious versions ofESP32-S3 Technical Reference Manualand ESP-IDF, and ithas been updated in the latest version.12219: Indicates the 19thweek of the year 2022. D/C on chip product labels is marked as 2219 (YYWW) and DateCode on chip product silk markings is marked as 192022 (WWYYYY). Please refer to Espressif Chip PackagingInformation. Similarly hereinafter.2BLK0 B19[7]: Indicates the 7thbit of the 19thbyte in Block0 of eFuse memory. Similarly hereinafter. 2/3UpdatesFor ESP32-S3 series chips manufactured on and after Date Code 2219 andmodules and development boards with the PW No. of and after PW-2022-06-XXXX, the bit (BLK0 B19[7]) will be open for users to program since it will not beprogrammed by default. This will enable the USB_OTG Download function.EFUSE_DIS_USB_DOWNLOAD_MODE (BLK0 B16[4]) can only be used todisable USB_Serial_JTAG Download. In the latest version of ESP-IDF, it hasbeen renamed EFUSE_DIS_USB_SERIAL_JTAG_DOWNLOAD_MODE.Recommendations for Users Security Recommendations for Using USB_OTG of the ESP32-S3Series Products After the UpdatesRecommendations for firmware security–sensitive users:1. For ESP32-S3 series products, the USB_OTG Download function will bedisabled if any of the EFUSE_ENABLE_SECURITY_DOWNLOAD,EFUSE_DIS_USB_OTG, or EFUSE_DIS_DOWNLOAD_MODE isprogrammed. In such circumstance, this security advisory can be ignored.2. For ESP32-S3 series products manufactured on and after Date Code 2219, ifnone of the EFUSE_ENABLE_SECURITY_DOWNLOAD,EFUSE_DIS_USB_OTG, and EFUSE_DIS_DOWNLOAD_MODE bits areprogrammed in the product manufacturing process, users should additionallyprogram the EFUSE_DIS_USB_OTG_DOWNLOAD_MODE bit to disablethe USB_OTG Download feature during the manufacturing. This will protectthe firmware from unauthorized access or malicious attacks via USB_OTG. Security Recommendations for Using USB_Serial_JTAG Download ofthe ESP32-S3 Series Products After the UpdatesThe EFUSE_DIS_USB_SERIAL_JTAG_DOWNLOAD_MODE bit should beprogrammed separately to protect the firmware from unauthorized access ormalicious attacks via USB_Serial_JTAG.Note: The bit was defined as EFUSE_DIS_USB_DOWNLOAD_MODE previously,but it only disables USB_Serial_JTAG Download. If there is a need to disableUSB_OTG Download, please programEFUSE_DIS_USB_OTG_DOWNLOAD_MODE according to the aboverecommendation.If you need technical assistance, please contact Espressif. 3/3Revision HistoryDateVersionRelease notes2022/12/21V1.1Added chip product date code description.2022/06/01V1.0Initial release.