Closed Asa-McVay-Rheem closed 1 year ago
@Asa-McVay-Rheem
External signing of the images is documented here.
Mainly the signing part is handled by the espsecure.py
utility and you can refer to its code for more details here.
Your understanding is mostly correct with one addition that hash (SHA256) of the public key is also stored in EFuse block. This hash is used to first verify the public key in the signature block appended to the image and then only the public key is trusted to verify the signature.
Hope this helps!
That answers my question. Thank you!
Answers checklist.
General issue report
How is the signature created for a signed build? My particular system does not have secure boot enabled, but we want to sign the images. My understanding right now is as follows:
What I would guess is the signature is created from encrypting the hash, but I haven't seen any confirmation of this in the documentation, and when I reached out to support they pointed me here.