EasyManuals Logo

Espressif ESP32-S2 User Manual

Espressif ESP32-S2
1695 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1081 background imageLoading...
Page #1081 background image
Chapter 2. API Reference
ECDSA (SECURE_SIGNED_APPS_ECDSA_SCHEME)
Embeds the ECDSA public key in the bootloader and signs the application with an ECDSA
key.
Refer to the documentation before enabling.
RSA (SECURE_SIGNED_APPS_RSA_SCHEME)
Appends the RSA-3072 based Signature block to the application. Refer to <Secure Boot
Version 2 documentation link> before enabling.
CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
Verify app signature on update
Found in: Security features
If this option is set, any OTA updated apps will have the signature verified before being considered valid.
When enabled, the signature is automatically checked whenever the esp_ota_ops.h APIs are used for
OTA updates, or esp_image_format.h APIs are used to verify apps.
If hardware secure boot is enabled, this option is always enabled and cannot be disabled. If hardware
secure boot is not enabled, this option still adds significant security against network-based attackers by
preventing spoofing of OTA updates.
Default value:
Yes (enabled) if CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT
CONFIG_SECURE_BOOT
Enable hardware Secure Boot in bootloader (READ DOCS FIRST)
Found in: Security features
Build a bootloader which enables Secure Boot on first boot.
Once enabled, Secure Boot will not boot a modified bootloader. The bootloader will only load a partition
table or boot an app if the data has a verified digital signature. There are implications for reflashing
updated apps once secure boot is enabled.
When enabling secure boot, JTAG and ROM BASIC Interpreter are permanently disabled by default.
Default value:
No (disabled)
CONFIG_SECURE_BOOT_VERSION
Select secure boot version
Found in: Security features > CONFIG_SECURE_BOOT
Select the Secure Boot Version. Depends on the Chip Revision. Secure Boot V2 is the new RSA
based secure boot scheme. Supported in ESP32-ECO3 (ESP32 Chip Revision 3 onwards), ESP32-S2,
ESP32-C3 ECO3. Secure Boot V1 is the AES based secure boot scheme. Supported in ESP32 and
ESP32-ECO3.
Available options:
Enable Secure Boot version 1 (SECURE_BOOT_V1_ENABLED)
Build a bootloader which enables secure boot version 1 on first boot. Refer to the Secure Boot
section of the ESP-IDF Programmers Guide for this version before enabling.
Enable Secure Boot version 2 (SECURE_BOOT_V2_ENABLED)
Build a bootloader which enables Secure Boot version 2 on first boot. Refer to Secure Boot
V2 section of the ESP-IDF Programmers Guide for this version before enabling.
Espressif Systems 1070
Submit Document Feedback
Release v4.4

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Espressif ESP32-S2 and is the answer not in the manual?

Espressif ESP32-S2 Specifications

General IconGeneral
BrandEspressif
ModelESP32-S2
CategorySingle board computers
LanguageEnglish