secure-boot-v1.rst - OpenGrok cross reference for /hal_espressif-3.4.0/docs/en/security/secure-boot-v1.rst

Lines Matching full:image
37 …image is built by esp-idf with secure boot support enabled and the public key (signature verificat…
41 … and a secure digest. The digest is derived from the key, an IV, and the bootloader image contents.
44 …e bootloader then becomes protected (the chip will only boot a bootloader image if the digest matc…
65 …g key" is a standard ECDSA public/private key pair (see :ref:`secure-boot-image-signing-algorithm`…
67 …ader and used to verify the second stage of booting (partition table, app image) before booting co…
101 …h`` to build and flash the partition table and the just-built app image. The app image will be sig…
105 …tloader will enable secure boot on the chip, and then it verifies the app image signature and boot…
107 .. note:: Secure boot won't be enabled until after a valid partition table and app image have been …
111 …en the software bootloader will verify the signed partition table and app image (using the public …
155 .. _remote-sign-image:
162 …red because it is compiled into the bootloader (and can be used to verify image signatures during …
170 After the app image and partition table are built, the build system will print signing steps using …
174 The above command appends the image signature to the existing binary. You can use the `--output` ar…
203 2. Generate a digest from data (usually the bootloader image from flash) using a key stored in Efus…
205 3. Generate a digest from data (usually the bootloader image from flash) using the same algorithm a…
212 Starting with an "image" of binary data as input, this algorithm generates a digest as output. The …
219 2. Prefix the image with a 128 byte randomly generated IV.
220 3. If the image length is not modulo 128, pad the image to a 128 byte boundary with 0xFF. (^)
221 4. For each 16 byte plaintext block of the input image:
231 .. _secure-boot-image-signing-algorithm:
233 Image Signing Algorithm
244 …Image signature is 68 bytes - a 4 byte version word (currently zero), followed by a 64 bytes of si…
249 …into the esp-idf build system, so ``make`` will automatically sign an app image if secure boot is …
253 To sign a binary image::
255 …espsecure.py sign_data --keyfile ./my_signing_key.pem --output ./image_signed.bin image-unsigned.b…
274 …-check to time-of-use" attack, where flash contents are swapped after the image is verified and ru…
300 … build process. The file named in "Secure boot private signing key" will be used to sign the image.
303 …; public verification key and signed image should be generated by following instructions in :ref:`…