From e40d733d5ac3b0afd0ec144512e84b95a18e3011 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Tue, 23 Aug 2022 16:37:14 +0530 Subject: [PATCH 1/2] secure-boot-v2: fix minor typo (s/MFG1/MGF1) --- docs/en/security/secure-boot-v2.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/security/secure-boot-v2.rst b/docs/en/security/secure-boot-v2.rst index 89fde7abcd..ef890c9cec 100644 --- a/docs/en/security/secure-boot-v2.rst +++ b/docs/en/security/secure-boot-v2.rst @@ -150,7 +150,7 @@ The content of each signature block is shown in the following table: - Pre-calculated M’, derived from ‘n’ * - 812 - 384 - - RSA-PSS Signature result (section 8.1.1 of RFC8017) of image content, computed using following PSS parameters: SHA256 hash, MFG1 function, salt length 32 bytes, default trailer field (0xBC). + - RSA-PSS Signature result (section 8.1.1 of RFC8017) of image content, computed using following PSS parameters: SHA256 hash, MGF1 function, salt length 32 bytes, default trailer field (0xBC). * - 1196 - 4 - CRC32 of the preceding 1196 bytes. From 64a88e995b00ecc1340596ef45e05273aff61326 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Tue, 23 Aug 2022 16:37:58 +0530 Subject: [PATCH 2/2] docs: update app image format description for secure boot v2 signature --- docs/en/api-reference/system/app_image_format.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/en/api-reference/system/app_image_format.rst b/docs/en/api-reference/system/app_image_format.rst index bda9375036..7582db0c6a 100644 --- a/docs/en/api-reference/system/app_image_format.rst +++ b/docs/en/api-reference/system/app_image_format.rst @@ -68,11 +68,13 @@ You can also see the information on segments in the ESP-IDF logs while your appl 3. The image has a single checksum byte after the last segment. This byte is written on a sixteen byte padded boundary, so the application image might need padding. 4. If the ``hash_appended`` field from :cpp:type:`esp_image_header_t` is set then a SHA256 checksum will be appended. The value of SHA256 is calculated on the range from the first byte and up to this field. The length of this field is 32 bytes. -5. If the options :ref:`CONFIG_SECURE_SIGNED_APPS_SCHEME` is set to ECDSA then the application image will have additional 68 bytes for an ECDSA signature, which includes: +5. If the option :ref:`CONFIG_SECURE_SIGNED_APPS_SCHEME` is set to ECDSA then the application image will have an additional 68 bytes for an ECDSA signature, which includes: * version word (4 bytes), * signature data (64 bytes). +6. If the option :ref:`CONFIG_SECURE_SIGNED_APPS_SCHEME` is set to RSA or ECDSA (V2) then the application image will have an additional signature sector of 4K size. For more details on the format of this signature sector, please refer to :ref:`signature-block-format`. + .. _app_image_format_application_description: Application Description