Add notes about MbedTLS and hardened stages to readme

will-v-pi · will-v-pi · commit a3328811c813 · 2025-05-29T14:32:36.000+01:00
diff --git a/README.md b/README.md
@@ -90,7 +90,8 @@ App|Description
 
 App|Description
 ---|---
-[hello_encrypted](encrypted/hello_encrypted) | Create a self-decrypting binary.
+[hello_encrypted](encrypted/hello_encrypted) | Create a self-decrypting binary, using the hardened decryption stage. This should be secure against side channel attacks.
+[hello_encrypted_mbedtls](encrypted/hello_encrypted) | Create a self-decrypting binary, using the MbedTLS decryption stage. This is not secure against side channel attacks, so is fast but provides limited protection.
 
 ### HSTX (RP235x Only)
 
diff --git a/encrypted/hello_encrypted/CMakeLists.txt b/encrypted/hello_encrypted/CMakeLists.txt
@@ -1,4 +1,4 @@
-# Example encrypted binary
+# Example encrypted binary - this should be secure against side channel attacks
 add_executable(hello_encrypted
         hello_encrypted.c
         secret.S
@@ -48,7 +48,7 @@ pico_add_extra_outputs(hello_encrypted)
 example_auto_set_url(hello_encrypted)
 
 
-# Example encrypted binary using MbedTLS
+# Example encrypted binary using MbedTLS - this is faster, but not secure against side channel attacks
 add_executable(hello_encrypted_mbedtls
         hello_encrypted.c
         secret.S
