The documentation regarding Secure Boot using espsecure.py to generate the digest for burning the eFuse signature block assumes that the private key is available.
We are using an external HSM (Digicert, via PKS11) and we're wondering how we can do this from a pre-signed binary (or what other method should we use) as we don't have access to the private key in this context.