Signed app image validation fails
Posted: Fri Apr 09, 2021 11:27 am
Hi,
I enabled CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT in my project to have OTA updates validate the binary.
I've added a private key file and enabled the sign during build option. The build system indicates that it performs signing operations after build using the correct key file. After building my project I reflashed the bootloader, ota_data, partition_table and app image and started an OTA session. After the download is complete I get the following output:
The OTA was working without app signing.
I've no idea how I should approach this. Is the public key missing? If so, how do I add it to the project? Where is the public key stored? Are there any steps I can verify manually?
Thanks in advance.
Kind regards,
Remco Poelstra
I enabled CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT in my project to have OTA updates validate the binary.
I've added a private key file and enabled the sign during build option. The build system indicates that it performs signing operations after build using the correct key file. After building my project I reflashed the bootloader, ota_data, partition_table and app image and started an OTA session. After the download is complete I get the following output:
Code: Select all
I (6234572) esp_https_ota: Writing to partition subtype 17 at offset 0x110000
I (6235082) esp_image: Verifying image signature...
E (6236362) esp_image: Secure boot signature verification failed
I (6236362) esp_image: Calculating simple hash to check for corruption...
E (6236822) esp_image: Image hash failed - image is corrupt
W (6236822) esp_image: image corrupted on flash
I've no idea how I should approach this. Is the public key missing? If so, how do I add it to the project? Where is the public key stored? Are there any steps I can verify manually?
Thanks in advance.
Kind regards,
Remco Poelstra