alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-08 04:02:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat/secure_boot_v2: Adding docs for secure boot v2 ESP32-ECO3

Browse Source
This commit is contained in:
Supreet Deshpande
2020-02-25 01:24:16 +05:30
parent b79606ca37
commit 073ba0a608
17 changed files with 323 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/en/api-reference/system/app_image_format.rst
View File

@@ -62,7 +62,7 @@ For more details on the type of memory segments and their address ranges, see th
3. The image has a single checksum byte after the last segment. This byte is written on a sixteen byte padded boundary, so the application image might need padding.
4. If the ``hash_appended`` field from :cpp:type:`esp_image_header_t` is set then a SHA256 checksum will be appended. The value of SHA256 is calculated on the range from first byte and up to this field. The length of this field is 32 bytes.
5. If the options :ref:`CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT` or :ref:`CONFIG_SECURE_BOOT_ENABLED` are enabled then the application image will have additional 68 bytes for an ECDSA signature, which includes:
5. If the options :ref:`CONFIG_SECURE_SIGNED_APPS_SCHEME` is set to ECDSA then the application image will have additional 68 bytes for an ECDSA signature, which includes:
* version word (4 bytes),
* signature data (64 bytes).

8
docs/en/api-reference/system/esp_https_ota.rst
View File

@@ -29,10 +29,12 @@ Application Example
return ESP_OK;
}
Signature Verification
----------------------
.. only:: esp32
For additional security, signature of OTA firmware images can be verified. For that, refer :ref:`secure-ota-updates`
Signature Verification
----------------------
For additional security, signature of OTA firmware images can be verified. For that, refer :ref:`secure-ota-updates`
API Reference
-------------

10
docs/en/api-reference/system/ota.rst
View File

@@ -194,14 +194,16 @@ Restrictions:
- In ESP32 it is stored in efuse ``EFUSE_BLK3_RDATA4_REG``. (when a eFuse bit is programmed to 1, it can never be reverted to 0). The number of bits set in this register is the ``security_version`` from app.
.. _secure-ota-updates:
.. only:: esp32
Secure OTA Updates Without Secure boot
--------------------------------------
.. _secure-ota-updates:
The verification of signed OTA updates can be performed even without enabling hardware secure boot. For doing so, refer :ref:`signed-app-verify`
Secure OTA Updates Without Secure boot
--------------------------------------
The verification of signed OTA updates can be performed even without enabling hardware secure boot. For doing so, refer :ref:`signed-app-verify`
OTA Tool (otatool.py)
---------------------