search

espressif / esptool

Espressif SoC serial bootloader utility
https://docs.espressif.com/projects/esptool
GNU General Public License v2.0
5.6k stars 1.39k forks source link

espsecure: read_hsm_config now can prompt for HSM PIN (ESPTOOL-716) #900

Closed rretanubun closed 1 year ago

rretanubun commented 1 year ago

Description of change

If the config file contains credentials = prompt during image signing process, the user will be prompted to type in the HSM PIN. This avoids the need to have the HSM PIN written as plaintext into a config file, which is not a secure practice.

I have tested this change with the following hardware & software combinations:

espsecure using NitroKey HSM2 HW on Linux Ubuntu 22.04

radimkarnis commented 1 year ago

Hello @rretanubun, thank you for contributing! We will get to this PR soon. If all goes well and it passes our internal review queue, this will get merged.

Harshal5 commented 1 year ago

Hello @rretanubun,

Thank you for the update! Just a suggestion regarding the changes.

radimkarnis commented 1 year ago

Thank you @rretanubun, LGTM! Before merging, could you please:

1) squash the commits 2) fix the issue detected by the flake8 linter (./espsecure/esp_hsm_sign/__init__.py:40:89: E501 line too long (90 > 88 characters)) 3) change the commit message to follow the conventional commits standard. Something like feat(espsecure): Allow promoting for HSM PIN in read_hsm_config would be nice.

Thank you very much!