My fault. I found the right key for signing...

So, I have performed the following steps: 1. I returned the environment at the time of ESP-IDF v4.4.4, at which my devices were created. 2. I found all the ECDSA keys that are available to me. One by one, I signed and uploaded the application to the device. Naturally, I used the correct encryption k...

Is there any difference between 4.4.4 and 4.4.7, I think about espsecure.py...

Hi all. I have a pack of devices that I flashed with SecureBoot v1 a couple of years ago using ESP-IDF v4.4.4. An error was made in the firmware, which led to the inability of OTA due to the outdated certificate that was flashed in the devices. But I carefully store the keys to all devices and decid...

Thanks. All works fine!

Also, I have the following configuration: grep SIGN configurations/sdkconfig-latch-sim800 CONFIG_SECURE_SIGNED_ON_BOOT=y CONFIG_SECURE_SIGNED_ON_UPDATE=y CONFIG_SECURE_SIGNED_APPS=y CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=y # CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=y # CONFIG_SECURE_BOOT_SIGNING_KEY="...

Build signed application, decide this application as base application. Then it is needed to have an application signed for particular device using the device's key. Make sign_data process, no errors. At the end of OTA the device can not verify the signature. Build signed application from scratch usi...

Your utility can not resign the application binary!

Ah. I've found a solution. There is a bug in sign_data implementation...

Hmm, I did a hack: Build the application on the notebook with applying signature during build process. Run OTA with breakpoint on obtaining application. Upload the builded and signed (by notebook) application to OTA server. Begin the OTA process And the final was: D (892411) OTA: Written image lengt...