Lines Matching refs:key

1 .. _burn-key-cmd:
19     - ``block`` - Name of key block.
20 …:esp32: - ``Keyfile``. It is a raw binary file. It must contain 256 bits of binary key if the codi…
21 …h2: - ``Keyfile``. It is a raw binary file. The length of binary key depends on the key purpose op…
22 …:esp32h2: - ``Keyfile``. It is a raw binary file. The length of binary key depends on the key purp…
23     :not esp32: - ``Key purpose``. The purpose of this key.
27     It can be list of key blocks and keyfiles (like BLOCK1 file1.bin BLOCK2 file2.bin etc.).
31 …It can be list of key blocks and keyfiles and key purposes (like BLOCK_KEY1 file1.bin USER BLOCK_K…
37 …:esp32: - ``--no-protect-key``. Disable default read and write protecting of the key. If this opti…
38 …:not esp32: - ``--no-write-protect``. Disable write-protecting of the key. The key remains writabl…
39 …`--no-read-protect``. Disable read-protecting of the key. The key remains readable software. The k…
40 …- ``--force-write-always``. Write the eFuse key even if it looks like it is already been written, …
47 …* Secure boot key. Use ``secure_boot_v1`` or ``secure_boot_v2`` as block name. The key is placed i…
48     * Flash encryption key. Use ``flash_encryption`` as block name. The key is placed in BLOCK1.
52 …Key for ``secure_boot_v2`` will be burned only as write protected. The key must be readable becaus…
60key purposes. This means that each eFuse block has a special eFuse field that indicates which key
66         :esp32s2 or esp32s3: - XTS_AES_256_KEY_1. The first 256 bits of 512bit flash encryption key.
67 …      :esp32s2 or esp32s3: - XTS_AES_256_KEY_2. The second 256 bits of 512bit flash encryption key.
68 …. The private key is extracted from the given file and written into a eFuse block with write and r…
69         - XTS_AES_128_KEY. 256 bit flash encryption key.
74         - SECURE_BOOT_DIGEST0. 1 secure boot key.
75         - SECURE_BOOT_DIGEST1. 2 secure boot key.
76         - SECURE_BOOT_DIGEST2. 3 secure boot key.
77key purpose for flash encryption key. This allows you to write a whole 512-bit key into two blocks…
81 …_KEY`` purpose takes the ``PEM`` file and writes the private key into a eFuse block. The key is wr…
83     For NIST192p, the private key is 192 bits long, so 8 padding bytes ("0x00") are added.
88         ECDSA NIST192p private key in PEM format written to ecdsa192.pem
93         ECDSA NIST256p private key in PEM format written to ecdsa256.pem
97key block (256 bits long). It is block #3 - ``BLOCK_KEY0``. This block can have user, flash encryp…
102key. The secure boot key can not be used with this option. In addition, eFuse ``XTS_KEY_LENGTH_256…
103 …28_KEY_DERIVED_FROM_128_EFUSE_BITS. 128 bits flash encryption key. The 128 bits of this key will b…
104 …- SECURE_BOOT_DIGEST. Secure boot key. The first 128 bits of key will be burned to the high part o…
108 …1. Both, Flash encryption (low 128 bits of eFuse block) and Secure boot key (high 128 bits of eFus…
110     3. only Flash encryption key (256 bits long), whole eFuse key block.
111     4. only Secure boot key (high 128 bits of eFuse block).
118     Only flash encryption key is read protected if ``--no-read-protect`` is not used.
120 …All keys, except flash encryption, will be burned in direct byte order. The encryption key is writ…
128 …espefuse v2.6 or newer supports the 3/4 Coding Scheme. The key file must be the appropriate length…
133 By default, when an encryption key block is burned it is also read and write protected.
137 …The ``--no-protect-key`` option will disable this behaviour (you can separately read or write prot…
141 …ect`` options will disable this behaviour (you can separately read or write protect the key later).
145     Leaving a key unprotected may compromise its use as a security feature.
153key to be written to the eFuse block in reversed byte order, compared to the order used by the AES…
158key will only be burned if the efuse block has not been previously written to. The ``--force-write…
176                 Disabling read to key block
177                 Disabling write to key block
180         The key block will be read and write protected
199         BLOCK1 (BLOCK1):                                   Flash encryption key
202 …Byte order for flash encryption key is reversed. Content of flash encryption key file ("256bit_fe_…
208     When the ``no protection`` option is used then you can see the burned key:
212         > espefuse.py burn_key flash_encryption  256bit_fe_key.bin --no-protect-key
220         Key is left unprotected as per --no-protect-key argument.
222         The key block will left readable and writeable (due to --no-protect-key)
239         BLOCK1 (BLOCK1):                                   Flash encryption key
246key goes to given BLOCK (here it is ``BLOCK_KEY0``) with key purpose = ``XTS_AES_256_KEY_1``. The …
250     Content of flash encryption key file (``512bits_0.bin``):
268                 Disabling write to key block
274                 Disabling write to key block
319                 Disabling write to key block
329                 Disabling read to key block
330                 Disabling write to key block