Secure Boot 2

Alberk
Posts: 55
Joined: Sat Jun 19, 2021 1:49 am

Secure Boot 2

Postby Alberk » Sat Jun 19, 2021 6:08 am

Hi,

May I know why RSA3072 is used instead of ECC considering the size of the keys for RSA is much larger?.

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Secure Boot 2

Postby ESP_Angus » Mon Jun 21, 2021 2:20 am

Hi AlberK,

Verifying RSA saves significant time during the boot process, especially because of the RSA accelerator hardware. Secure Boot V1 ECDSA signification verification adds a noticeable pause to the boot time (order of hundreds of milliseconds). RSA signature verification during boot is over ten times faster.

The key size is larger but as the key data is stored in flash (and we use the SHA of the key data stored in efuse to verify it), this doesn't cause a significant increase of resource use.

Angus

Alberk
Posts: 55
Joined: Sat Jun 19, 2021 1:49 am

Re: Secure Boot 2

Postby Alberk » Mon Jun 21, 2021 3:56 am

Thank you for the explanation.

Who is online

Users browsing this forum: No registered users and 140 guests