Signed app image validation fails

rpoelvogels
Posts: 6
Joined: Wed Jan 30, 2019 9:35 am

Signed app image validation fails

Postby rpoelvogels » Fri Apr 09, 2021 11:27 am

Hi,

I enabled CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT in my project to have OTA updates validate the binary.
I've added a private key file and enabled the sign during build option. The build system indicates that it performs signing operations after build using the correct key file. After building my project I reflashed the bootloader, ota_data, partition_table and app image and started an OTA session. After the download is complete I get the following output:

Code: Select all

I (6234572) esp_https_ota: Writing to partition subtype 17 at offset 0x110000
I (6235082) esp_image: Verifying image signature...
E (6236362) esp_image: Secure boot signature verification failed
I (6236362) esp_image: Calculating simple hash to check for corruption...
E (6236822) esp_image: Image hash failed - image is corrupt
W (6236822) esp_image: image corrupted on flash
The OTA was working without app signing.
I've no idea how I should approach this. Is the public key missing? If so, how do I add it to the project? Where is the public key stored? Are there any steps I can verify manually?

Thanks in advance.

Kind regards,

Remco Poelstra

Who is online

Users browsing this forum: No registered users and 345 guests