Can ECDSA signing key be changed when secure boot is enabled?

[linuxman]

Hello!

I have a project on enabling and discussing ESP32's security functions and I was wondering whether once secure boot enabled, does ECDSA key can be changed. I have an assumption that the answer is NO, with some explanations I consider as correct, but I'd need confirmation or correction, as I'm not sure.

1. Reflashable mode: as the AES256 key stored in eFuse is equivalent to the SHA256 hash value of the ECDSA private key, in the chain of trust, hardware can verify the bootloader via this key. However, when we'd reflash the bootloader with a different ECDSA key, this verification would fail. So this is why we can't change ECDSA key in Reflashable mode. Am I right?

2. One-time flash: as the secure bootloader is permanent, it needs to have a key that can verify the application (chain of trust again). This key is embedded in bootloader through the first flash and as the bootloader is permanent, this key also cannot be changed. So if we flash a new application image signed by a different key, the bootloader can't verify it. So this is why we can't change ECDSA key in OTF mode, as well. Am I right?

Thanks in advance,
András

[Angus]

Hi Andras,

You're essentially correct. To change the ECDSA signing key, you need to compile and a flash a new bootloader with the new ECDSA public key compiled into it. Reflashing the bootloader requires re-generating the bootloader digest, and generating the bootloader digest requires knowledge of the secure boot key in efuse.

• In reflashable mode, if you know the original ECDSA signing key then you can use espsecure.py to calculate the digest of it, which is the secure boot key in efuse. You can generate a new bootloader digest using that efuse key and the new bootloader. None of this is part of the workflow supported by the build system, but if you're happy to run espsecure.py manually to make a custom digest then it's possible.
• In one-time flashing mode, if you didn't pre-flash the efuse key (ie it was randomly generated) then you can't replace the bootloader.
• If you pre-flashed some different secure boot key to eFuse (regardless of which mode is set in config) then you can use this key to generate an updated bootloader digest.

If you are using Flash Encryption at the same time (recommended always, if this is for a production configuration), then you'll also need a way to re-flash the encrypted bootloader.

If you are only doing this for a single device then replacing with a new ESP32 may be the easiest option.