Scroll to navigation

ESPSECURE(1) User Commands ESPSECURE(1)

NAME

espsecure - ESP32 Secure Boot & Flash Encryption tool

DESCRIPTION

usage: espsecure [OPTION] COMMAND

command arguments:

Run espsecure {command} -h for additional help
digest_secure_bootloader
Take a bootloader binary image and a secure boot key, and output a combined digest+binary suitable for flashing along with the precalculated secure boot key.
generate_signing_key
Generate a private key for signing secure boot images. Key file is generated in PEM format, and contains a ECDSA NIST256p private key and matching public key.
sign_data
Sign a data file for use with secure boot. Signing algorithm is determinsitic ECDSA w/ SHA-512.
verify_signature
Verify a data file previously signed by "sign_data", using the public key.
extract_public_key
Extract the public verification key for signatures, save it as a raw binary file.
digest_private_key
Generate an SHA-256 digest of the private signing key. This can be used as a reproducible secure bootloader or flash encryption key.
generate_flash_encryption_key
Generate a development-use 32 byte flash encryption key with random data.
decrypt_flash_data
Decrypt some data read from encrypted flash (using known key)
encrypt_flash_data
Encrypt some data suitable for encrypted flash (using known key)

optional arguments:

-h, --help
show this help message and exit

EXAMPLES

Flash Espressif AT v1.4 firmware to an ESP-12S board:
esptool write_flash --flash_mode dio --flash_size 4MB-c1 0x00 boot_v1.7.bin 0x1000 at/1024+1024/user1.2048.new.5.bin 0xfe000 blank.bin 0x3fc000 esp_init_data_default.bin 0x3fe000 blank.bin

Display ESP32 efuse state summary:

espefuse --port /dev/ttyUSB0 summary

Generate a flash encryption key:

espsecure generate_flash_encryption_key key.bin

Burn the key to the device (WARNING: one time only operation):

espefuse --port /dev/ttyUSB1 burn_key flash_encryption key.bin

Encrypt flash data:

espsecure encrypt_flash_data --keyfile key.bin --address 0x10000 -o my-app-encrypted.bin my-app.bin

AUTHOR

esptool.py was started by Fredrik Ahlberg as an unofficial community project, currently maintained by Angus Gratton and supported by Espressif Systems (Shanghai) PTE LTD. This manual page was generated by Milan Kupcevic <milan@debian.org> for the Debian project and can be used by others.

REPORTING BUGS

Review: <https://github.com/espressif/esptool/#troubleshooting>
Known issues: <https://github.com/espressif/esptool/issues>
Report new issues at: <https://github.com/espressif/esptool/issues/new>

COPYRIGHT

Copyright © 2014-2016 Fredrik Ahlberg, Angus Gratton, Espressif Systems (Shanghai) PTE LTD, other contributors as noted. License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

SEE ALSO

esptool(1), espefuse(1), espsecure(1)
April 2018 esptool.py 2.1