Concise monthly summary for 2026-03 focusing on esptool improvements including key feature delivery and reliability fixes that enhance security, boot integrity, and data protection across ESP32 targets.

January 2026 monthly summary for espressif/mbedtls: Delivered cryptographic enhancements for ESP-MAC, including CMAC and HMAC support, with the introduction of an opaque HMAC driver and PSA Crypto integration. Implemented new driver headers and updated MAC computation, setup, and verification flows to accommodate the new algorithms, strengthening cryptographic capabilities and security posture for ESP platforms. Also performed targeted fixes to stabilize ESP-MAC driver behavior and improve interoperability with PSA workflows.

December 2025 monthly summary for espressif/mbedtls focusing on cryptographic robustness and hardware acceleration improvements. Delivered key cryptographic features with a strong emphasis on reliability, performance, and flexible integration across ESP platforms.

Month: 2025-11 — espressif/esptool: Implemented Primitive HSM Signing Support delivering hardware-backed signing security and improved risk management. Hash payloads before signing and updated RSA/EC signing workflows to leverage HSM-based security, increasing trust in build and release pipelines. This change strengthens key protection for Espressif devices and aligns with security/compliance requirements. Major commit: a1a4e9564e6b8ae0098573cf1748d8e2b2a80dc3. Closes https://github.com/espressif/esptool/issues/1128.

Delivered hardware-backed encrypted flash write support (XTS-AES) for ESP32C5 and ESP32P4 via Key Manager integration in esptool. Implemented new efuse definitions and logic to apply Key Manager keys for XTS-AES encryption, enabling secure data-at-rest and secure data handling for ESP32 targets. This work lays the foundation for enhanced security features (e.g., secure OTA) and aligns with enterprise security requirements.

Concise monthly summary for 2025-09 focused on Espressif esptool Espsecure enhancements, CLI usability improvements, and expanded test/documentation assets. Delivered two core features with security implications, fixed usability gaps in the CLI, and extended test coverage and sample artifacts. Result: stronger Secure Boot verification, easier developer onboarding, and clearer guidance for generating secure images.

August 2025: Key bug fix in esptool strengthening efuse key handling for ESP32-series. Disabled XTS-AES-256 efuse key usage on ESP32-C5 to prevent incorrect key programming. Removed references to XTS_AES_256_KEY_1, XTS_AES_256_KEY_2, and XTS_AES_256_PSRAM_KEY from ESP32-C5, ESP32H4, and ESP32C61 targets. Change landed in a focused commit (c85a93dc0c24fe8b6786d5beb45e993d92d25506). Impact: improves provisioning security, reduces risk of misconfiguration in production, and enhances reliability across ESP32 variants.

In March 2025, delivered a public multi-call, chunked decompression API for the XZ library in espressif/esp-iot-solution, enabling streaming decompression for segmented data workflows. The change set includes API exposure, a corresponding chunked decompression workflow, updates to changelog and build/configuration files, and a new example demonstrating segment-wise processing of compressed data. No major bug fixes were recorded for this repository this month.

February 2025: Key engineering outcomes across espressif/qemu and espressif/esp-iot-solution, with emphasis on security primitives, hardware emulation fidelity, and robustness. Delivered a cryptographic driver suite (SHA, HMAC, and Digital Signature) for Espressif targets, added ESP32-S3 HMAC hardware module emulation and build integration for accurate hardware-level testing, and fixed a decompression error callback prototype in esp-iot-solution to improve error handling and stability. These work items enhance security capabilities, testing coverage, and developer productivity, enabling faster integration of Espressif platforms into customer workflows.

Month 2025-01: Delivered hardware-accelerated AES support for Espressif targets in espressif/qemu. Implemented a generic AES driver with hardware-accelerated encryption/decryption and GDMA data transfer, plus ESP32-S3 AES hardware emulation. Integrated the AES driver into the build system and configuration flow to ensure activation when configured.

November 2024 monthly wrap-up focusing on security feature enablement and emulator fidelity for Espressif targets in QEMU. Delivered a portable cryptographic driver and supporting infrastructure to improve testing of RSA-related features in the emulator, enabling realistic security validation paths for Espressif devices.

December 2023 monthly summary highlighting key cryptography and security work across espressif/mbedtls and espressif/qemu. Delivered a software fallback for GCM calculations with non-AES ciphers to ensure correctness and compilation-time compatibility; enabled unconditional inclusion of XTS-AES support for ESP32-C3 by building xts.c unconditionally and implementing the XTS-AES peripheral. These changes improve reliability, security, and expand crypto capabilities for ESP32-based deployments.

September 2023 monthly summary focused on delivering ESP32-C3 Digital Signature Accelerator Integration in the espressif/qemu repo, enabling secure signing/verification workflows in the emulator and hardware model. The work established the foundation for hardware-accelerated cryptography and improved trust in ESP32-C3 emulation scenarios.

Month: 2023-07 | espressif/qemu: Implemented an internal HMAC using existing SHA APIs to strengthen security for ESP32-C3 in the QEMU emulation path. This reduces attack surface for cryptographic material in testing environments and aligns with the security roadmap. Commit f7ade96f03f0256f54d233a0f5cac3377a1f1dfb (hw/misc: implement ESP32-C3 HMAC).