Merge branch 'feature/update_key_name_of_secure_boot_v4.2' into 'release/v4.2'

bootloader: Secure_boot name replaced by secure_boot_v1 & secure_boot_v2 (v4.2)

See merge request espressif/esp-idf!10850

.gitlab-ci.yml

@@ -49,7 +49,7 @@ variables:
   CI_AUTO_TEST_SCRIPT_REPO_BRANCH: "ci/v3.1"
 
   # Versioned esp-idf-doc env image to use for all document building jobs
-  ESP_IDF_DOC_ENV_IMAGE: "$CI_DOCKER_REGISTRY/esp-idf-doc-env:v5"
+  ESP_IDF_DOC_ENV_IMAGE: "$CI_DOCKER_REGISTRY/esp-idf-doc-env:v7"
 
 
 # before each job, we need to check if this job is filtered by bot stage/job filter

components/bootloader/Makefile.projbuild

@@ -102,7 +102,7 @@ endif
 bootloader: $(BOOTLOADER_DIGEST_BIN)
 	@echo $(SEPARATOR)
 	@echo "Bootloader built and secure digest generated. First time flash command is:"
-	@echo "$(ESPEFUSEPY) burn_key secure_boot $(SECURE_BOOTLOADER_KEY)"
+	@echo "$(ESPEFUSEPY) burn_key secure_boot_v1 $(SECURE_BOOTLOADER_KEY)"
 	@echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)"
 	@echo $(SEPARATOR)
 	@echo "To reflash the bootloader after initial flash:"

components/bootloader/subproject/CMakeLists.txt

@@ -147,7 +147,7 @@ elseif(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
         COMMAND ${CMAKE_COMMAND} -E echo
             "Burn secure boot key to efuse using:"
         COMMAND ${CMAKE_COMMAND} -E echo
-            "\t${espefusepy} burn_key secure_boot ${secure_bootloader_key}"
+            "\t${espefusepy} burn_key secure_boot_v1 ${secure_bootloader_key}"
         COMMAND ${CMAKE_COMMAND} -E echo
             "First time flash command is:"
         COMMAND ${CMAKE_COMMAND} -E echo

docs/en/security/secure-boot-v1.rst

@@ -144,7 +144,7 @@ To enable a reflashable bootloader:
 
 2. Follow the steps shown above to choose a signing key file, and generate the key file.
 
-3. Run ``idf.py bootloader``. A binary key file will be created, derived from the private key that is used for signing. Two sets of flashing steps will be printed - the first set of steps includes an ``espefuse.py burn_key`` command which is used to write the bootloader key to efuse. (Flashing this key is a one-time-only process.) The second set of steps can be used to reflash the bootloader with a pre-calculated digest (generated during the build process).
+3. Run ``idf.py bootloader``. A binary key file will be created, derived from the private key that is used for signing. Two sets of flashing steps will be printed - the first set of steps includes an ``espefuse.py burn_key secure_boot_v1 path_to/secure-bootloader-key-xxx.bin`` command which is used to write the bootloader key to efuse. (Flashing this key is a one-time-only process.) The second set of steps can be used to reflash the bootloader with a pre-calculated digest (generated during the build process).
 
 4. Resume from :ref:`Step 6 of the one-time flashing process <secure-boot-resume-normal-flashing>`, to flash the bootloader and enable secure boot. Watch the console log output closely to ensure there were no errors in the secure boot configuration.
 

requirements.txt

@@ -16,8 +16,11 @@ gdbgui==0.13.2.0
 # Windows is not supported since 0.14.0.0. See https://github.com/cs01/gdbgui/issues/348
 pygdbmi<=0.9.0.2
 # The pygdbmi required max version 0.9.0.2 since 0.9.0.3 is not copatible with latest gdbgui (>=0.13.2.0)
-reedsolo==1.5.3
+
+# esptool requirements (see components/esptool_py/esptool/setup.py)
+reedsolo>=1.5.3,<=1.5.4
 bitstring>=3.1.6
+ecdsa>=0.16.0
 
 # windows-curses are required in Windows command line but cannot be installed in MSYS2. A requirement like
 # "windows-curses; sys_platform == 'win32'" would want to install the package on both of them. There is no environment