Commit Graph

32 Commits

Author SHA1 Message Date
harshal.patil
97c8f15e48 docs: Added documentation for using pre-calculated signatures
to generate secure boot enabled binaries.
2023-02-23 11:54:22 +05:30
Mahavir Jain
d55b870ff2 docs: secure-boot-v2: add a section about secure padding 2023-02-13 13:16:08 +05:30
harshal.patil
3beea950b7 docs: refactored Secure Boot V2 documentation
- Added "Signing using pre-calculate signatures" section
- Refactored "Signing using an external HSM" section
2023-02-13 13:15:57 +05:30
harshal.patil
43cdd2bfe2 docs: fix secure boot "Remote Signing of Images" section command 2022-12-06 23:46:34 +05:30
Linda
3d5f2fbafc docs:updates based on feedbacks 2022-07-22 15:58:09 +08:00
Mahavir Jain
26514959dd
docs: secure-boot-v2: remove incorrect note about bootloader re-flash
In secure-boot-v2 scheme, one can always regenerate signature using
secure boot signing key and re-flash either bootloader or application.
2022-06-27 14:24:42 +05:30
KonstantinKondrashov
6e6b5474c3 doc(esp32c2): Updates Flash Encryption chapter 2022-05-31 11:12:21 +00:00
Stefan Wallentowitz
dd7aece4bf
Secure boot v2 image format: CRC size
The CRC size is documented as 1095 bytes, but in the code I find 1196 bytes:
https://github.com/espressif/esp-idf/blob/master/components/bootloader_support/src/secure_boot_v2/secure_boot.c#L35
2022-05-30 23:30:34 +02:00
Sachin Parekh
2c725264f7
esp32c2: Support Secure Boot V2 based on ECDSA scheme 2022-05-11 18:00:03 +05:30
Mahavir Jain
1501a22e02 docs: fix salt length in secure-boot-v2 docs 2021-12-07 09:49:28 +05:30
Roland Dobai
9c1d4f5b54 Build & config: Remove the "make" build system
The "make" build system was deprecated in v4.0 in favor of idf.py
(cmake). The remaining support is removed in v5.0.
2021-11-10 09:53:53 +01:00
Sachin Parekh
8ff3dbc05d secure_boot: Added Kconfig option for aggressive key revoke
Applicable to S2, C3, and S3
2021-10-22 12:20:14 +05:30
Jakob Hasse
ea2e2b0d62 [docs]: Clarified and improved Secure Boot docs 2021-10-13 11:41:53 +08:00
Sachin Parekh
2d82560ed5 bootloader: Enable Secure boot V2 for ESP32-S3 2021-08-19 14:08:12 +05:30
KonstantinKondrashov
93512edc7a secure_boot_v2(doc): secure_boot_v2 key/s must be readable 2021-08-04 15:39:48 +05:00
Sachin Parekh
082cc36532 doc/secure_boot_v2: Fix the steps mentioned for enabling secure boot 2021-07-30 14:40:32 +08:00
Mahavir Jain
77c96e51bb docs: security: fix minor formatting issues or typos 2021-07-22 15:18:56 +05:30
Angus Gratton
c01da712f6 docs: Move the bootloader size section into the Bootloader guide 2021-07-13 17:35:04 +10:00
Angus Gratton
1bad8a28bb secure boot doc: Clarify limits for verifying signed updates without secure boot
Closes https://github.com/espressif/esp-idf/issues/7080
2021-06-15 17:44:03 +10:00
KonstantinKondrashov
9295e54c9d docs: Adds secure_boot_v2 for ESP32-C3 ECO3 2021-04-08 14:22:46 +08:00
KonstantinKondrashov
7f40717eb2 secure_boot/SIGNED_ON_UPDATE_NO_SECURE_BOOT: Only the first position of signature blocks is used to verify any update 2021-03-25 12:27:05 +00:00
Aditya Patwardhan
2095148b31 bootloader/ ESP32_ECO3: Do not disable UART download mode by default 2021-03-23 08:15:32 +00:00
Angus Gratton
bc7e00896e docs: Add docs for Secure Boot V2 "verify on update without secure boot" 2021-03-15 12:30:20 +00:00
Angus Gratton
501af6dfa2 Merge branch 'feature/secure_boot_revoke_check' into 'master'
secure_boot: Checks secure boot efuses

Closes IDF-2609

See merge request espressif/esp-idf!12148
2021-02-25 22:38:42 +00:00
KonstantinKondrashov
90f2d3199a secure_boot: Checks secure boot efuses
ESP32 V1 and V2 - protection bits.
ESP32xx V2: revoke bits, protection bits

- refactor efuse component
- adds some APIs for esp32 chips as well as for esp32xx chips
2021-02-23 03:56:21 +08:00
KonstantinKondrashov
70dd884fee doc(esp32c3): Updates secure features doc 2021-02-22 18:01:35 +08:00
KonstantinKondrashov
98f726fa4b bootloader/esp32c3: Adds secure boot (not yet supported) 2021-01-19 20:51:13 +08:00
Supreet Deshpande
33979a9361 Docs: Secure boot v2 support for ESP32-S2 2020-07-27 00:01:10 +00:00
Angus Gratton
4358f3b573 doc: Add warnings about using JTAG debugging with hardware security features
This is related to the following issues but is not a fix, just documentation of a workaround until we can
improve the support:
https://github.com/espressif/esp-idf/issues/4878
https://github.com/espressif/esp-idf/issues/4734
2020-04-01 17:36:08 +11:00
Angus Gratton
fe64ab6de0 docs: secure boot v2: Add a note about maximum bootloader size 2020-03-30 18:13:42 +11:00
Angus Gratton
142f69448f secure boot v2: esp32: Prevent read disabling additional efuses
Also reduce the number of eFuse write cycles during first boot when
Secure Boot and/or Flash Encryption are enabled.
2020-03-30 18:00:40 +11:00
Supreet Deshpande
073ba0a608 feat/secure_boot_v2: Adding docs for secure boot v2 ESP32-ECO3 2020-02-25 01:28:22 +05:30