can singed app run on an board that secure boot is not enabled?

malaimo
Posts: 17
Joined: Mon Sep 25, 2017 6:28 am

can singed app run on an board that secure boot is not enabled?

Postby malaimo » Sun Jan 21, 2018 10:01 am

if I signed the app image by the secure boot pem, then will it run ok on an board that secure boot is not enabled?
Is the bootloader and the app image verify each other mutally ? or the bootloader just verify app image, and signed app image can run on any other board that secure boot is not enabled? :?: :?:

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: can singed app run on an board that secure boot is not enabled?

Postby ESP_Angus » Sun Jan 21, 2018 10:30 pm

Hi malaimo,

A bootloader without secure boot enabled should boot a signed image without issue, the signature is ignored.

(Use flash encryption with secure boot to prevent signed images being run on other hardware.)

malaimo
Posts: 17
Joined: Mon Sep 25, 2017 6:28 am

Re: can singed app run on an board that secure boot is not enabled?

Postby malaimo » Mon Jan 22, 2018 1:14 am

ESP_Angus wrote:Hi malaimo,

A bootloader without secure boot enabled should boot a signed image without issue, the signature is ignored.

(Use flash encryption with secure boot to prevent signed images being run on other hardware.)
Hello~~
I got your idea, flash encryption can prevent flash reading, and then prevent the signed image readout, so no body can get this image and run it on other hardware. but if I use ota update, I have to put them on server, I think the image is easy to leak even if I use https.
do you have some suggestions about ota?

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: can singed app run on an board that secure boot is not enabled?

Postby ESP_Angus » Mon Jan 22, 2018 1:17 am

Regarding OTA and protection of data on the server or in transit, let's continue the discussion over here:
https://esp32.com/viewtopic.php?f=2&t=2 ... =10#p19194

malaimo
Posts: 17
Joined: Mon Sep 25, 2017 6:28 am

Re: can singed app run on an board that secure boot is not enabled?

Postby malaimo » Mon Jan 22, 2018 5:53 am

ESP_Angus wrote:Regarding OTA and protection of data on the server or in transit, let's continue the discussion over here:
https://esp32.com/viewtopic.php?f=2&t=2 ... =10#p19194
Sorry , I have seen your reply there. This solve my problem already, thank you! :mrgreen: :mrgreen:

Who is online

Users browsing this forum: HighVoltage and 103 guests