Hello,
I would like to understand where my host generated key need to be stored so the process of reflashing (whether dev/release mode) uses my encryption key. It does not seem I can add as a parameter or if there is a default place/name.
My goal is actually to have a bunch of encrypted/signed firmwares hanging in enterprise github.
Allow anybody to flash any device, in as far as signing and matching flash key encryption.
I want to leave the device in a state that firmware can be uploaded and downloaded.
However, in both cases it is encrypted and only possible to decrypt with host key.
Can somebody help with correct set up of fuses and project config ?
Frankly I have a number of esp32S3 devices unusable in my desk and I am running out of them with tests.
Any help appreciated.
Thanks.
JC
host generated key if using idf.py encrypted-app-flash / encrypted-flash ?
[solved] Re: host generated key if using idf.py encrypted-app-flash / encrypted-flash ?
As I understand and make it work,
with idf 5.1.2 you can setup the secureboot signature file in menuconfig, but not the encryption key.
Hence, I manually encrypt bootloader, partition and firmware ( micropython in my case), then I sign bootloader and firmware, and eventually I upload everything into the device.
I works as expected
JC
with idf 5.1.2 you can setup the secureboot signature file in menuconfig, but not the encryption key.
Hence, I manually encrypt bootloader, partition and firmware ( micropython in my case), then I sign bootloader and firmware, and eventually I upload everything into the device.
I works as expected
JC
Who is online
Users browsing this forum: No registered users and 97 guests