readme-espressif.md - OpenGrok cross reference for /mcuboot-latest/docs/readme-espressif.md

Lines Matching refs:bootloader
10 Documentation about the MCUboot bootloader design, operation and features can be found in the
23 the bootloader own memory layout to avoid overlapping. More information on the section
69     from NuttX RTOS environments also can be used for the bootloader standalone build, however as
81 ## [Building the bootloader itself](#building-the-bootloader-itself)
83 The MCUboot Espressif port bootloader is built using the toolchain and tools provided by Espressif.
85 `port/<TARGET>/bootloader.conf` file or passing a custom config file using the
240 ED25519. In order to enable the feature, the **bootloader** must be compiled with the following
286 Notice that the public key will be embedded in the bootloader code, since the hardware key storage
307 bootloader signature checking by the ROM bootloader.
309 ***Note***: ROM bootloader is the First Stage Bootloader, while the Espressif MCUboot port is the
312 ### [Building bootloader with Secure Boot](#building-bootloader-with-secure-boot)
314 In order to build the bootloader with the feature on, the following configurations must be enabled:
377 Once the **bootloader image** is built, the resulting binary file is required to be signed with
386 Then sign the bootloader image:
395 *Once the bootloader is flashed and the device resets, the **first boot will enable Secure Boot**
396 and the bootloader and key **no longer can be modified**. So **ENSURE** that both bootloader and
401 Flash the bootloader as following, with `--after no_reset` flag, so you can reset the device only
410 Secure boot uses a signature block appended to the bootloader image in order to verify the
417 1. On startup, since it is the first boot, the ROM bootloader will not verify the bootloader image
419    bootloader port).
425 After that the Secure Boot feature is permanently enabled and on every next boot the ROM bootloader
426 will verify the MCUboot bootloader image. The process of an usual boot:
428 1. On startup, the ROM bootloader checks the Secure Boot enable bit in the eFuse. If it is enabled,
430 2. ROM bootloader verifies the bootloader's signature block integrity (magic number and CRC).
432 3. ROM bootloader verifies the bootloader image, interrupt boot if any step fails:
433     1. Compare the SHA-256 hash digest of the public key embedded in the bootloader’s signature
437     3. Use the public key to verify the signature of the bootloader image, using RSA-PSS with the
439 4. ROM bootloader executes the bootloader image.
457 ### [Building bootloader with Flash Encryption](#building-bootloader-with-flash-encryption)
459 In order to build the bootloader with the feature on, the following configurations must be enabled:
498 *Once the bootloader is flashed and the device resets, the __first boot will enable Flash
499 Encryption, encrypt the flash content including bootloader and image slots, burn the eFuses that no
539 the SPI Flash. Flash the bootloader and application normally:
549 On the **first boot**, the bootloader will:
552 2. Encrypt flash in-place including bootloader, image primary/secondary slot and scratch.
594 Now, similar as the Device generated key, the bootloader and application can be flashed plaintext.
598 Flashing the bootloader and application:
608 On the **first boot**, the bootloader will:
610 1. Encrypt flash in-place including bootloader, image primary/secondary slot and scratch using the
650 1. ROM bootloader validates the MCUboot bootloader using RSA signature verification.
651 2. MCUboot bootloader validates the image using the chosen algorithm EC256/RSA/ED25519. It also
657 When all 3 features are enable at same time, the bootloader size may exceed the fixed limit for
658 the ROM bootloader checking on the Espressif chips **depending on which algorithm** was chosen for
667 The Espressif port bootloader handles the boot in two different approaches:
672 bootloader is aware of the second image regions and can update it, however it does not load
675 Configuration example (`bootloader.conf`):
699 In the multi boot approach the bootloader is responsible for booting two different images in two
792 When enabled, the bootloader checks the if the GPIO `<CONFIG_ESP_SERIAL_BOOT_GPIO_DETECT>`
869 `iram_loader_seg` and `dram_seg` bootloader RAM regions. Although part of the RAM becomes initially
872 Therefore, the application must be designed aware of the bootloader memory usage.
885 The following diagrams illustrate a memory organization from the bootloader point of view (notice
887 `boot/espressif/port/<TARGET>/ld/bootloader.ld`:
951 as there would be conflict when the bootloader starts the APP CPU before jump to the main