mirror
/
esp-idf
kopia lustrzana https://github.com/espressif/esp-idf
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

bootloader: Secure_boot name replaced by secure_boot_v1 & secure_boot_v2 

- espefuse.py burn_key secure_boot is no longer used.
- Secure boot V1: espefuse.py burn_key secure_boot_v1 file.bin
- Secure boot V2: espefuse.py burn_key secure_boot_v2 file.bin
pull/4512/merge
KonstantinKondrashov 2020-10-15 16:48:23 +08:00
rodzic a16152a78e
commit b19c4739c3
4 zmienionych plików z 4 dodań i 4 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

2
components/bootloader/Makefile.projbuild
Wyświetl plik

@ -102,7 +102,7 @@ endif
bootloader: $(BOOTLOADER_DIGEST_BIN)
@echo $(SEPARATOR)
@echo "Bootloader built and secure digest generated. First time flash command is:"
@echo "$(ESPEFUSEPY) burn_key secure_boot $(SECURE_BOOTLOADER_KEY)"
@echo "$(ESPEFUSEPY) burn_key secure_boot_v1 $(SECURE_BOOTLOADER_KEY)"
@echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)"
@echo $(SEPARATOR)
@echo "To reflash the bootloader after initial flash:"

2
components/bootloader/subproject/CMakeLists.txt
Wyświetl plik

@ -147,7 +147,7 @@ elseif(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
COMMAND ${CMAKE_COMMAND} -E echo
"Burn secure boot key to efuse using:"
COMMAND ${CMAKE_COMMAND} -E echo
"\t${espefusepy} burn_key secure_boot ${secure_bootloader_key}"
"\t${espefusepy} burn_key secure_boot_v1 ${secure_bootloader_key}"
COMMAND ${CMAKE_COMMAND} -E echo
"First time flash command is:"
COMMAND ${CMAKE_COMMAND} -E echo

2
components/esptool_py/esptool

@ -1 +1 @@
Subproject commit 0f064e1d6c5640785a602de564b21040dcc32926
Subproject commit 456384ca330f7bee6510d1690f89465845d705e8

2
docs/en/security/secure-boot-v1.rst
Wyświetl plik

@ -144,7 +144,7 @@ To enable a reflashable bootloader:
2. Follow the steps shown above to choose a signing key file, and generate the key file.
3. Run ``idf.py bootloader``. A binary key file will be created, derived from the private key that is used for signing. Two sets of flashing steps will be printed - the first set of steps includes an ``espefuse.py burn_key`` command which is used to write the bootloader key to efuse. (Flashing this key is a one-time-only process.) The second set of steps can be used to reflash the bootloader with a pre-calculated digest (generated during the build process).
3. Run ``idf.py bootloader``. A binary key file will be created, derived from the private key that is used for signing. Two sets of flashing steps will be printed - the first set of steps includes an ``espefuse.py burn_key secure_boot_v1 path_to/secure-bootloader-key-xxx.bin`` command which is used to write the bootloader key to efuse. (Flashing this key is a one-time-only process.) The second set of steps can be used to reflash the bootloader with a pre-calculated digest (generated during the build process).
4. Resume from :ref:`Step 6 of the one-time flashing process <secure-boot-resume-normal-flashing>`, to flash the bootloader and enable secure boot. Watch the console log output closely to ensure there were no errors in the secure boot configuration.