espressif/esptool
1
0
Fork 0
mirror of https://github.com/espressif/esptool.git synced 2025-10-14 02:43:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
esptool/test/secure_images
History
harshal.patil 568b3bb16f test(espsecure): Add details for generating the files present in secure_images
2025-09-22 15:03:25 +05:30
..
256bit_iv.bin
espsecure digest_secure_bootloader: Fix Python 3 string vs bytes usage
2018-12-20 14:16:44 +11:00
256bit_key.bin
espsecure digest_secure_bootloader: Fix Python 3 string vs bytes usage
2018-12-20 14:16:44 +11:00
512bit_key.bin
espsecure: add option for 512bit key for encrypt_flash_data
2021-07-13 16:48:56 +08:00
bootloader_digested.bin
espsecure digest_secure_bootloader: Fix Python 3 string vs bytes usage
2018-12-20 14:16:44 +11:00
bootloader_multi_signed_v2_ecdsa192.bin
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
bootloader_multi_signed_v2_ecdsa256.bin
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
bootloader_multi_signed_v2_ecdsa384.bin
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
bootloader_multi_signed_v2_rsa.bin
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
bootloader_signed_v2_ecdsa192.bin
espsecure: Refine SBV2 ECC support
2022-02-17 07:45:16 +00:00
bootloader_signed_v2_ecdsa256.bin
espsecure: Refine SBV2 ECC support
2022-02-17 07:45:16 +00:00
bootloader_signed_v2_ecdsa384.bin
ci(espsecure): Add tests for secure boot using ECDSA-P384 curve
2024-06-06 13:41:50 +05:30
bootloader_signed_v2_rsa.bin
test(espsecure): add parametrization and split signing tests
2024-12-11 23:21:46 +08:00
bootloader_signed.bin
espsecure: Fix verify_signature (regression in 8305193b44)
2018-12-20 14:58:54 +11:00
bootloader_unsigned_v2.bin
feature/espsecure: Added support for pre-calculated signatures.
2022-12-07 10:15:52 +00:00
bootloader-encrypted-aes-xts.bin
espsecure: add command for encrypting file with AES-XTS
2021-01-05 12:29:48 +08:00
bootloader-encrypted-conf0.bin
espsecure: Add some new tests for ESP32 flash encryption
2019-07-11 20:11:20 +10:00
bootloader-encrypted-conf3.bin
espsecure: Add some new tests for ESP32 flash encryption
2019-07-11 20:11:20 +10:00
bootloader-encrypted-conf9.bin
espsecure: Add some new tests for ESP32 flash encryption
2019-07-11 20:11:20 +10:00
bootloader-encrypted-confc.bin
espsecure: Add some new tests for ESP32 flash encryption
2019-07-11 20:11:20 +10:00
bootloader-encrypted.bin
espsecure: Add some new tests for ESP32 flash encryption
2019-07-11 20:11:20 +10:00
bootloader.bin
espsecure digest_secure_bootloader: Fix Python 3 string vs bytes usage
2018-12-20 14:16:44 +11:00
digest_iv.bin
espsecure digest_secure_bootloader: Fix Python 3 string vs bytes usage
2018-12-20 14:16:44 +11:00
ecdsa192_public_key_digest_v2.bin
efuse(esp32c2): Support burn_key_digest cmd
2022-02-23 09:31:19 +00:00
ecdsa192_secure_boot_signing_key2.pem
espsecure: Refine SBV2 ECC support
2022-02-17 07:45:16 +00:00
ecdsa192_secure_boot_signing_key3.pem
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
ecdsa192_secure_boot_signing_key4.pem
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
ecdsa192_secure_boot_signing_key_v2.pem
efuse(esp32c2): Support burn_key_digest cmd
2022-02-23 09:31:19 +00:00
ecdsa192_secure_boot_signing_key.pem
espsecure: Refine SBV2 ECC support
2022-02-17 07:45:16 +00:00
ecdsa192_secure_boot_signing_pubkey2.pem
espsecure: Refine SBV2 ECC support
2022-02-17 07:45:16 +00:00
ecdsa192_secure_boot_signing_pubkey4.pem
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
ecdsa192_secure_boot_signing_pubkey.pem
espsecure: Refine SBV2 ECC support
2022-02-17 07:45:16 +00:00
ecdsa256_public_key_digest_v2.bin
efuse(esp32c2): Support burn_key_digest cmd
2022-02-23 09:31:19 +00:00
ecdsa256_secure_boot_signing_key2.pem
test(espsecure): add parametrization and split signing tests
2024-12-11 23:21:46 +08:00
ecdsa256_secure_boot_signing_key3.pem
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
ecdsa256_secure_boot_signing_key4.pem
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
ecdsa256_secure_boot_signing_key_pkcs8.pem
test(espsecure): add parametrization and split signing tests
2024-12-11 23:21:46 +08:00
ecdsa256_secure_boot_signing_key_v2.pem
efuse(esp32c2): Support burn_key_digest cmd
2022-02-23 09:31:19 +00:00
ecdsa256_secure_boot_signing_key.pem
test(espsecure): add parametrization and split signing tests
2024-12-11 23:21:46 +08:00
ecdsa256_secure_boot_signing_pubkey2.pem
test(espsecure): add parametrization and split signing tests
2024-12-11 23:21:46 +08:00
ecdsa256_secure_boot_signing_pubkey4.pem
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
ecdsa256_secure_boot_signing_pubkey_raw.bin
feat(espsecure): Drop ecdsa module, use cryptography instead
2025-04-22 22:20:07 +08:00
ecdsa256_secure_boot_signing_pubkey.pem
test(espsecure): add parametrization and split signing tests
2024-12-11 23:21:46 +08:00
ecdsa384_secure_boot_signing_key2.pem
ci(espsecure): Add tests for secure boot using ECDSA-P384 curve
2024-06-06 13:41:50 +05:30
ecdsa384_secure_boot_signing_key3.pem
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
ecdsa384_secure_boot_signing_key4.pem
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
ecdsa384_secure_boot_signing_key.pem
ci(espsecure): Add tests for secure boot using ECDSA-P384 curve
2024-06-06 13:41:50 +05:30
ecdsa384_secure_boot_signing_pubkey2.pem
ci(espsecure): Add tests for secure boot using ECDSA-P384 curve
2024-06-06 13:41:50 +05:30
ecdsa384_secure_boot_signing_pubkey4.pem
fix(espsecure): Allow verifying multiple appended ECDSA signatures
2025-09-16 11:08:14 +05:30
ecdsa384_secure_boot_signing_pubkey.pem
ci(espsecure): Add tests for secure boot using ECDSA-P384 curve
2024-06-06 13:41:50 +05:30
ef-flashencryption-key.bin
espsecure: Add some new tests for ESP32 flash encryption
2019-07-11 20:11:20 +10:00
hello-world-signed-encrypted-aes-xts-256.bin
espsecure: add option for 512bit key for encrypt_flash_data
2021-07-13 16:48:56 +08:00
hello-world-signed-encrypted-aes-xts.bin
espsecure: add command for encrypting file with AES-XTS
2021-01-05 12:29:48 +08:00
hello-world-signed-encrypted.bin
espsecure: Add some new tests for ESP32 flash encryption
2019-07-11 20:11:20 +10:00
hello-world-signed.bin
espsecure: Add some new tests for ESP32 flash encryption
2019-07-11 20:11:20 +10:00
pre_calculated_bootloader_signature_ecdsa192.bin
feature/espsecure: Added support for pre-calculated signatures.
2022-12-07 10:15:52 +00:00
pre_calculated_bootloader_signature_ecdsa256.bin
feature/espsecure: Added support for pre-calculated signatures.
2022-12-07 10:15:52 +00:00
pre_calculated_bootloader_signature_ecdsa384.bin
ci(espsecure): Add tests for secure boot using ECDSA-P384 curve
2024-06-06 13:41:50 +05:30
pre_calculated_bootloader_signature_rsa.bin
feature/espsecure: Added support for pre-calculated signatures.
2022-12-07 10:15:52 +00:00
pre_calculated_bootloader_signature.bin
feature/espsecure: Added support for pre-calculated signatures.
2022-12-07 10:15:52 +00:00
README.md
test(espsecure): Add details for generating the files present in secure_images
2025-09-22 15:03:25 +05:30
rsa_public_key_digest.bin
espsecure: Fix the byte order for digest_rsa_public_key
2020-09-21 15:12:23 +08:00
rsa_secure_boot_signing_key2.pem
feat/eco3_secure_boot_v2: Update Secure Boot V2 utilities
2020-02-21 17:22:06 +11:00
rsa_secure_boot_signing_key3.pem
feat/secure_boot_v2_s2: Support for secure boot v2 for esp32s2
2020-04-27 10:44:18 +05:30
rsa_secure_boot_signing_key4.pem
feat/secure_boot_v2_s2: Support for secure boot v2 for esp32s2
2020-04-27 10:44:18 +05:30
rsa_secure_boot_signing_key.pem
feat/eco3_secure_boot_v2: Update Secure Boot V2 utilities
2020-02-21 17:22:06 +11:00
rsa_secure_boot_signing_pubkey2.pem
feat/eco3_secure_boot_v2: Update Secure Boot V2 utilities
2020-02-21 17:22:06 +11:00
rsa_secure_boot_signing_pubkey4.pem
feat/secure_boot_v2_s2: Support for secure boot v2 for esp32s2
2020-04-27 10:44:18 +05:30
rsa_secure_boot_signing_pubkey.pem
feat/eco3_secure_boot_v2: Update Secure Boot V2 utilities
2020-02-21 17:22:06 +11:00

README.md

How are the test images generated?

IV generation

{len}bit_iv.bin

dd if=/dev/random of={len}bit_iv.bin bs=1 count=32

where len = [256]

Keys Generation

Encryption Keys

{len}bit_key.bin

espsecure generate-flash-encryption-key -l {len} {len}bit_key.bin

where len = [256, 512]

ef-flashencryption-key.bin

espsecure generate-flash-encryption-key -l 256 ef-flashencryption-key.bin

Signing Keys

For schemes = [rsa, ecdsa192, ecdsa256, ecdsa384]

{scheme}_secure_boot_signing_keyX.pem

espsecure generate-signing-key -v 2 --scheme {scheme} {scheme}_secure_boot_signing_keyX.pem

{scheme}_secure_boot_signing_key_v2.pem

espsecure generate-signing-key -v 2 --scheme {scheme} {scheme}_secure_boot_signing_key_v2.pem

{scheme}_secure_boot_signing_pubkeyX.pem

espsecure extract-public-key -v 2 -k {scheme}_secure_boot_signing_keyX.pem {scheme}_secure_boot_signing_pubkeyX.pem

{scheme}_public_key_digest_v2.bin

espsecure digest-sbv2-public-key -k {scheme}_secure_boot_signing_key_v2.pem -o {scheme}_public_key_digest_v2.bin

Binaries Generation

Bootloader Binaries

Base Bootloader binaries: bootloader.bin (ESP32 <v3.0) and bootloader_unsigned_v2.bin (ESP32 >=3.0) build with the configuration CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=y enabled.

Secure Boot V1

bootloader_digested.bin

espsecure digest-secure-bootloader -k 256bit_key.bin -o bootloader_digested.bin --iv 256bit_iv.bin bootloader.bin

bootloader_signed.bin

espsecure sign-data -v 1 -k ecdsa256_secure_boot_signing_key.pem -o bootloader_signed.bin bootloader.bin

Secure Boot V2

bootloader_signed_v2_{scheme}.bin

espsecure sign-data -v 2 -k {scheme}_secure_boot_signing_key.pem -o bootloader_signed_v2_{scheme}.bin bootloader_unsigned_v2.bin

bootloader_multi_signed_v2.bin

espsecure sign-data -v 2 -a -k rsa_secure_boot_signing_key.pem rsa_secure_boot_signing_key2.pem rsa_secure_boot_signing_key3.pem -o bootloader_multi_signed_v2.bin bootloader_unsigned_v2.bin

pre_calculated_bootloader_signature_{scheme}.bin

Generate signatures using the key {scheme}_secure_boot_signing_key.pem and openssl: Secure-Boot V2 Documentation

Flash Encryption

bootloader-encrypted.bin

espsecure encrypt-flash-data -k 256bit_key.bin -a 0x1000 --flash-crypt-conf 0xF -o bootloader-encrypted.bin bootloader.bin

bootloader-encrypted-conf{conf:x}.bin

espsecure encrypt-flash-data -k 256bit_key.bin -a 0x1000 --flash-crypt-conf {conf} -o bootloader-encrypted-conf{conf:x}.bin bootloader.bin

where, conf = [0x0, 0x3, 0x9, 0xC]

bootloader-encrypted-aes-xts.bin

espsecure encrypt-flash-data -k 256bit_key.bin -a 0x1000 -x -o bootloader-encrypted-aes-xts.bin bootloader.bin

Application Binaries

Base Application binaries: hello-world-signed.bin

Flash Encryption

hello-world-signed-encrypted.bin

espsecure encrypt-flash-data -k ef-flashencryption-key.bin -a 0x20000 --flash-crypt-conf 0xF -o hello-world-signed-encrypted.bin hello-world-signed.bin

hello-world-signed-encrypted-aes-xts.bin

espsecure encrypt-flash-data -k ef-flashencryption-key.bin -a 0x20000 -x -o hello-world-signed-encrypted-aes-xts.bin hello-world-signed.bin

hello-world-signed-encrypted-aes-xts-256.bin

espsecure encrypt-flash-data -k 512bit_key.bin -a 0x10000 -x -o hello-world-signed-encrypted-aes-xts-256.bin hello-world-signed.bin