Secure Boot V2 Reflashable + flash encryption

RMandR
Posts: 69
Joined: Mon Oct 29, 2018 3:13 pm

Secure Boot V2 Reflashable + flash encryption

Postby RMandR » Mon Jan 17, 2022 5:11 pm

The IDF 4.1.2 documentation refers to reflashable but I think that's only for V1.

Provided that we have host generated per device flash encryption keys and secure boot keys, what steps do we need to take allow for serial uploading of new firmware (signed and encrypted)?

thx

ESP_Mahavir
Posts: 101
Joined: Wed Jan 24, 2018 6:51 am

Re: Secure Boot V2 Reflashable + flash encryption

Postby ESP_Mahavir » Thu Feb 10, 2022 7:03 am

Provided that we have host generated per device flash encryption keys and secure boot keys, what steps do we need to take allow for serial uploading of new firmware (signed and encrypted)?
(Assuming this in context of ESP32) If you have host generated keys then you could always update signed and encrypted firmware via UART port. Firmware must be signed with private RSA key on host machine and then uploaded to device over UART. Please note that, "UART ROM download mode" must be kept enabled for this. For co-existence with flash encryption enabled case, please see documentation at https://docs.espressif.com/projects/esp ... pted-flash.

If its case of OTA update then only signing is required for firmware. Encryption part will be taken care on device itself. Please see more details at https://docs.espressif.com/projects/esp ... -of-images

Please let us know if you have any followup questions.
Mahavir

Who is online

Users browsing this forum: Hicks01 and 45 guests