docs: Added documentation for using pre-calculated signatures

to generate secure boot enabled binaries.
2024-10-05 20:47:46 -04:00 · 2022-12-01 17:46:18 +05:30 · 2022-12-01 17:46:18 +05:30 · 97c8f15e48
commit 97c8f15e48
parent 4c606d3381
1 changed files with 4 additions and 1 deletions
--- a/docs/en/security/secure-boot-v2.rst
+++ b/docs/en/security/secure-boot-v2.rst
@ -406,9 +406,12 @@ Remember that the strength of the Secure Boot system depends on keeping the sign
 Remote Signing of Images
 ------------------------

+Signing using espsecure.py
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 For production builds, it can be good practice to use a remote signing server rather than have the signing key on the build machine (which is the default esp-idf Secure Boot configuration). The espsecure.py command line program can be used to sign app images & partition table data for Secure Boot, on a remote system.

-To use remote signing, disable the option "Sign binaries during build". The private signing key does not need to be present on the build system.
+To use remote signing, disable the option :ref:`CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES` and build the firmware. The private signing key does not need to be present on the build system.

 After the app image and partition table are built, the build system will print signing steps using espsecure.py::