Hi !
I was wondering if Partition.bin(or Partition-table.bin) also needs to be signed when using SecureBoot V2. Signing is done seperately using espsecure.py sign_data command.
Does Partition.bin(or Partition-table.bin) need to be signed or is ot supposed to be burnt unsigned ?
Thanks for the help!
Does Partition.bin also need to be signed when using SecureBoot V2
-
- Posts: 190
- Joined: Wed Jan 24, 2018 6:51 am
Re: Does Partition.bin also need to be signed when using SecureBoot V2
Bootloader does not check signature for partition table in either of secure boot v1 or v2 scheme. However for secure boot v1 scheme, build system does add signature to partition table binary for backward compatibility purpose. For secure boot v2, partition table binary is kept as is, ref: https://github.com/espressif/esp-idf/bl ... t#L98-L102
So you may flash partition table binary without appending signature.
So you may flash partition table binary without appending signature.
Mahavir
https://github.com/mahavirj/
https://github.com/mahavirj/
Re: Does Partition.bin also need to be signed when using SecureBoot V2
What is the rationale behind not signing the partition table? Seems like a good idea to sign it and verify it at boot, to avoid any kind of
unauthorized modification.
unauthorized modification.
-
- Posts: 190
- Joined: Wed Jan 24, 2018 6:51 am
Re: Does Partition.bin also need to be signed when using SecureBoot V2
Primary reason was to speed up the bootup time with secure boot enabled case. Additionally, alteration to partition table with flash encryption enabled case is difficult, because the contents (along with integrity check) are encrypted on the flash. Here is a prior discussion on this topic: https://github.com/espressif/esp-idf/issues/1641What is the rationale behind not signing the partition table?
Mahavir
https://github.com/mahavirj/
https://github.com/mahavirj/
Who is online
Users browsing this forum: Majestic-12 [Bot] and 384 guests