Chapter 2. API Reference
CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
Sign binaries during build
Found in: Security features
Once secure boot or signed app requirement is enabled, app images are required to be signed.
If enabled (default), these binary files are signed as part of the build process. The file named in“Secure
boot private signing key”will be used to sign the image.
If disabled, unsigned app/partition data will be built. They must be signed manually using espsecure.py.
Version 1 to enable ECDSA Based Secure Boot and Version 2 to enable RSA based Secure Boot. (for
example, on a remote signing server.)
CONFIG_SECURE_BOOT_SIGNING_KEY
Secure boot private signing key
Found in: Security features > CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
Path to the key file used to sign app images.
Key file is an ECDSA private key (NIST256p curve) in PEM format for Secure Boot V1. Key file is an
RSA private key in PEM format for Secure Boot V2.
Path is evaluated relative to the project directory.
You can generate a new signing key by running the following command: espsecure.py gener-
ate_signing_key secure_boot_signing_key.pem
See the Secure Boot section of the ESP-IDF Programmer’s Guide for this version for details.
Default value:
•“secure_boot_signing_key.pem”if CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
CONFIG_SECURE_BOOT_VERIFICATION_KEY
Secure boot public signature verification key
Found in: Security features
Path to a public key file used to verify signed images. Secure Boot V1: This ECDSA public key is
compiled into the bootloader and/or app, to verify app images. Secure Boot V2: This RSA public key
is compiled into the signature block at the end of the bootloader/app.
Key file is in raw binary format, and can be extracted from a PEM formatted private key using the
espsecure.py extract_public_key command.
Refer to the Secure Boot section of the ESP-IDF Programmer’s Guide for this version before enabling.
CONFIG_SECURE_BOOT_ENABLE_AGGRESSIVE_KEY_REVOKE
Enable Aggressive key revoke strategy
Found in: Security features
If this option is set, ROM bootloader will revoke the public key digest burned in efuse block if it fails to
verify the signature of software bootloader with it. Revocation of keys does not happen when enabling
secure boot. Once secure boot is enabled, key revocation checks will be done on subsequent boot-up,
while verifying the software bootloader
This feature provides a strong resistance against physical attacks on the device.
NOTE: Once a digest slot is revoked, it can never be used again to verify an image This can lead to
permanent bricking of the device, in case all keys are revoked because of signature verification failure.
Default value:
Espressif Systems 1071
Submit Document Feedback
Release v4.4
To Next Page
Loading...
Need help?
General