diff --git a/examples/security/hmac_soft_jtag/README.md b/examples/security/hmac_soft_jtag/README.md index ccc2f52308..9ead91db1f 100644 --- a/examples/security/hmac_soft_jtag/README.md +++ b/examples/security/hmac_soft_jtag/README.md @@ -46,8 +46,9 @@ espefuse.py -p $ESPPORT burn_key .bin HMAC_DOWN_ALL **Step 4:** Generate token data from the HMAC key. Keep this token data handy before re-enabling JTAG access. ```bash -python jtag_example_helper.py generate_token .bin +python jtag_example_helper.py generate_token .bin ``` +**Note**: The OUTPUT_FILE argument is optional. If provided, the token data will be stored in the specified file in either binary format (.bin) or hexadecimal format (.hex) based on the file extension. If no OUTPUT_FILE is specified, the token data will be printed to the console. ### Configure the project diff --git a/examples/security/hmac_soft_jtag/jtag_example_helper.py b/examples/security/hmac_soft_jtag/jtag_example_helper.py index d355a9d2db..1674245f89 100644 --- a/examples/security/hmac_soft_jtag/jtag_example_helper.py +++ b/examples/security/hmac_soft_jtag/jtag_example_helper.py @@ -6,15 +6,27 @@ import hashlib import hmac import os import subprocess +from typing import Optional -def generate_token_data(hmac_key_file: str) -> None: +def generate_token_data(hmac_key_file: str, output_file: Optional[str] = None) -> None: with open(hmac_key_file, 'rb') as file: key_data = file.read() data = bytes([0] * 32) token_data = hmac.HMAC(key_data, data, hashlib.sha256).digest() token_hex = binascii.hexlify(token_data).decode('utf-8') - print(token_hex) + + if output_file: + if output_file.endswith('.bin'): + with open(output_file, 'wb') as out_file: + out_file.write(token_data) + elif output_file.endswith('.hex'): + with open(output_file, 'w') as out_file: + out_file.write(token_hex) + else: + print(f'Unsupported file format for output file: {output_file}') + else: + print(token_hex) def generate_hmac_key(hmac_key_file: str) -> None: @@ -69,6 +81,7 @@ def main() -> None: token_generator_parser = subparsers.add_parser('generate_token') token_generator_parser.add_argument('hmac_key_file', help='File containing the HMAC key') + token_generator_parser.add_argument('output_file', nargs='?', help='File to store the generated token (optional)') args = parser.parse_args() @@ -77,7 +90,7 @@ def main() -> None: elif args.command == 'generate_hmac_key': generate_hmac_key(args.hmac_key_file) elif args.command == 'generate_token': - generate_token_data(args.hmac_key_file) + generate_token_data(args.hmac_key_file, args.output_file) else: parser.print_help() diff --git a/examples/security/security_features_app/test/test_hmac_key.bin b/examples/security/security_features_app/test/test_hmac_key.bin new file mode 100644 index 0000000000..63a3db0d80 Binary files /dev/null and b/examples/security/security_features_app/test/test_hmac_key.bin differ diff --git a/examples/security/security_features_app/test/test_nvs_encr_keys.bin b/examples/security/security_features_app/test/test_nvs_encr_keys.bin new file mode 100644 index 0000000000..02faea963f --- /dev/null +++ b/examples/security/security_features_app/test/test_nvs_encr_keys.bin @@ -0,0 +1,2 @@ +/f ~=ʝͷiq:+e6 ᯪJ_(l@" +.fn \ No newline at end of file diff --git a/examples/security/security_features_app/test/test_secure_boot_signing_key.pem b/examples/security/security_features_app/test/test_secure_boot_signing_key.pem new file mode 100644 index 0000000000..bce9437fe5 --- /dev/null +++ b/examples/security/security_features_app/test/test_secure_boot_signing_key.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEA5Mc7fvPAz9MQl1IqVfRUBWliSZ3GhdW0hM43gOfL2IH/ArS3 +6N8nY6F5Q/3bnvKEfuQ1sAavJwxE+rMJbZGJvOsxf1aSnjJ4GM6yoFtjb6VEpiiP +VLWe4LqFfwluXHhf4w8e38YYJxyKAIc5AS3KPHLLqX+c9UBz3YPw3RUE0kVTHQky +GvOZftfDZoSW7/c9WyqDXg8VavHNyA38y1sKxgR0sqO1wL30TM/RneMC5IjxFQ+Z +P91DIUULiCYBvDBmhX0B7pfB9nevn4Bzjq732WbHYssYI/MIOJq3h9kN2GXQM1Qk +GyX1RGJdc5lN+n0Pi9Fv5K44E97ylwd6F9LxQYwqp1XEbWNCgeCTJpkQ+74Uk/9T +zJrsVzRbIfjbRo7XQHyM1X6tNM9zus3+kL/14ins6lzIVOG9rSUordVrTy+jF1OW +6A0gwnEnNhveruU/IMu7CrpvncSmiHUodctKCDwVFKuD8OQpoBcJOZVM+0JxTu0r +p/UfU7KiA2z2IXbZAgMBAAECggGAM3DY3+LPJ+u9f0jqXAlkGxNnFkZzrQQwYuw7 +brCwFS6luGYKNEJ5CN319mPOTh8Zy65ko//cwlrv5676H7jpz6DSsF82+HtApdNU +NtpVsXTnyrS0BcgQwVcvTTFBr2khplxwBMD2DVVNcnD1UF6LaqwlPyeCk2K6qsRQ +FGX1f5I27gBzU7wSd4LsXNDTX4GoOieFAlFB75oPOzxp6w+9jGjUFJba90u+8saH +y4iPzfM8wg+P1dxai9CKl0J0gWwgNGXMuw0z0OMrGjUYqy9ylAvQOc90xz8D7YHj +OKhwl3kb6O4sQaO7YL7nwptnrML+e5CZ3tosPCQeWVZ3UtCFBaclysO0Nhy5mKbM +xJrGsnquPyRFRglmkngKqbkQQO0ka0X0yrbFZuATE4uxcBF7gBlp+LiHz+1mrimy +Cys2SbRq71e2lNPWlCwnsGL6jADuFYZw2qm3K52Zaj670WtvfUj03fV6ju5kGvdF +6xWszAQJLK0DoVNZB1kNG1nr+VFBAoHBAPgzXUlQXQLmSrvXzJZAIdNVAjcmzAkj +zsSJfv/3Qq30jCMEU75gPxyRYHX6pwS2M1xJMa7jgsf+Eqz8Hr6EDfmg0sA21p2C +dQs2PKIifigPx70dafvtWnQPO+wtxvD/bFhvFt1OFaA1LDwZeCNqSZRqZUksiRv+ +DE4XL8wv6hOudtHV+XD+404YWwJDR+gryX9fDV/6X5guCTUEp6fG+XxCgk9Bu4im +ULoQj3ewfJ3qLyf0e1dcIY1i97vDDb2TTwKBwQDr96Au+U6/d+Q9b57nnUtC+GbY +Qnr2m+LKaVIyn8G3ehoOeAcfnyCJM4QNaIywqF4EdupGrVR1App3/2SjYwrr+0Qi +cGN++dLt5x3kyKcqYUsAQS0uGF1swjfq9SflT2TsUdZo1xZe3IndO4bHV7IdBR9b +p8KMvg27DWml7txRRv+7k7+2zhyEJJ0CdkeTYXMETJow0hkaEw18KGgQUq7muH5c +KkKh5ssdsoRHY/trOm05NY5uxh5jUl4K8lPnaVcCgcEAw+NmINK4Ve2D1jU/VuZO +zAgvs29/YUdNjXgnL8XqbnivkYN8xKgZp2ZlhzfIUcOrTY7HE4ykT0uLWdOyQBLh +JL91Fhcx0yZ/UdYAjMZEY0HxFqT8XMS7uxW66XBHrzUoQbOLjCZwkvzkaJqBYxIj ++GrwfYwUum8LLybFppW6XMY5KOuD71Z798rpKSQIwIiug0R1veZRRD4xLhL6b0Ru +609ioULzy6nX1MH1OTWlZMzLYvFl11Dzei897obHdXOpAoHAZs8rIYxJ/S41aXca +mvtzcShdVtgQTyY4N8yPnbLxaglvFOLC58ojGOQzIsxskAOrgvJ0vHqEk76goqvJ +o05h0dNWKlMhZo9ekXzjD21FODfPv7ql/rFq8xnj1yEdUtG2vSgi7ObZvlcEUjm/ +TVcuKWqz8PE02LFtthPv9fYOU/NFNOr42qMO1ZxGNG5oXRRWUoc1nxPLEAtBEtlg +DcyYm7nChFF9WqD92mCPNbOgNWXtdMGa3zS+xLN8efR/DhJdAoHBAI8j+abPyQDw +0iSi5sx76Abtlb/P8nFZ4Njqf8ojQaytMQGO8DG7e1YMPyq/xIKUVQyFmf8ITx7a +RxlU98sMTiDylVueG2Mx1xNsXlIaX4FDFsvJXUKD4xss4PVv8ZhOgb7uJpd18Op/ +mKfSByfQ/CFjnq+QBBs2KOFyHvwgtJhvn1KddyXFa/E4qEIpjjTZTKfaksweFVCv +GmQ/GFqqd6Ih00Q19bgilpvTDDKjrklkAd0DR13TkLLEGqEaLbjXzA== +-----END RSA PRIVATE KEY----- diff --git a/examples/security/security_features_app/test/test_secure_jtag_token.bin b/examples/security/security_features_app/test/test_secure_jtag_token.bin new file mode 100644 index 0000000000..e547179e74 --- /dev/null +++ b/examples/security/security_features_app/test/test_secure_jtag_token.bin @@ -0,0 +1 @@ + {qػa768Lpg {qػa768LpgŔ1㏉a>z(̍Q \ No newline at end of file