espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-01 19:54:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'docs/support_for_pre_calculated_signatures_v5.0' into 'release/v5.0'

Browse Source 
docs: Added documetation for using pre-calculated signatures (v5.0)

See merge request espressif/esp-idf!21855
This commit is contained in:
Mahavir Jain
2023-02-23 22:07:47 +08:00
parent 22a45d2a09 97c8f15e48
commit bbda601f62
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/en/security/secure-boot-v2.rst
View File

@@ -406,9 +406,12 @@ Remember that the strength of the Secure Boot system depends on keeping the sign
Remote Signing of Images
------------------------
Signing using espsecure.py
~~~~~~~~~~~~~~~~~~~~~~~~~~
For production builds, it can be good practice to use a remote signing server rather than have the signing key on the build machine (which is the default esp-idf Secure Boot configuration). The espsecure.py command line program can be used to sign app images & partition table data for Secure Boot, on a remote system.
To use remote signing, disable the option "Sign binaries during build". The private signing key does not need to be present on the build system.
To use remote signing, disable the option :ref:`CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES` and build the firmware. The private signing key does not need to be present on the build system.
After the app image and partition table are built, the build system will print signing steps using espsecure.py::