There's a "Reflashable bootloader mode", where you regenerate the digest when you reflash:snahmad75 wrote: ↑Thu Dec 06, 2018 10:56 amHi,
As secure bootlaoder allow flash only once.
https://docs.espressif.com/projects/esp ... -boot.html
I wonder how it works for me. I use signed secure bootloader bin first which works. then later on I flash again encrypted signed bootloader after enable flash encryption which also works.
https://docs.espressif.com/projects/esp ... bootloader
You're using a variation of this process.
If the bootloader is built without CONFIG_SECURE_BOOT_ENABLED (and the new option CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT is also not set, if available), then the bootloader will not verify the app signature - it will boot any app.
So the hardware is verifying the bootloader (first stage of secure boot), but nothing is verifying the app.
Similarly, if the app is built without any secure boot options enabled then the OTA/app_update and app verification APIs will not verify the signature of any new app which is updated. This means an OTA update can download an unsigned app, flash it, and then try to boot it.
If you want to follow a custom security process like you are, that's up to you. But you should read the documentation very carefully and make sure you understand all of the options and why they exist. The recommended processes in the documentation exist for several reasons. One of those reasons is to make sure you don't get a system which you think is secure but is actually not secure.