Secure boot and signed bins

ESP_Angus
Posts: 1318
Joined: Sun May 08, 2016 4:11 am

Re: Secure boot and signed bins

Postby ESP_Angus » Thu Dec 06, 2018 11:37 pm

snahmad75 wrote:
Thu Dec 06, 2018 10:56 am
Hi,

Question #1
As secure bootlaoder allow flash only once.
https://docs.espressif.com/projects/esp ... -boot.html

I wonder how it works for me. I use signed secure bootloader bin first which works. then later on I flash again encrypted signed bootloader after enable flash encryption which also works.
There's a "Reflashable bootloader mode", where you regenerate the digest when you reflash:
https://docs.espressif.com/projects/esp ... bootloader

You're using a variation of this process.
snahmad75 wrote:
Thu Dec 06, 2018 10:56 am
Also I found It don't need to enable any secure boot and flash encryption via menuconfig.
If the bootloader is built without CONFIG_SECURE_BOOT_ENABLED (and the new option CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT is also not set, if available), then the bootloader will not verify the app signature - it will boot any app.

So the hardware is verifying the bootloader (first stage of secure boot), but nothing is verifying the app.

Similarly, if the app is built without any secure boot options enabled then the OTA/app_update and app verification APIs will not verify the signature of any new app which is updated. This means an OTA update can download an unsigned app, flash it, and then try to boot it.

If you want to follow a custom security process like you are, that's up to you. But you should read the documentation very carefully and make sure you understand all of the options and why they exist. The recommended processes in the documentation exist for several reasons. One of those reasons is to make sure you don't get a system which you think is secure but is actually not secure.

Who is online

Users browsing this forum: No registered users and 11 guests