table of contents
other versions
- testing 2.5.1+dfsg-3
- stretch-backports 2.1+dfsg1-2~bpo9+1
- unstable 2.6+dfsg-1
ESPSECURE(1) | User Commands | ESPSECURE(1) |
NAME¶
espsecure - ESP32 Secure Boot & Flash Encryption toolDESCRIPTION¶
usage: espsecure [OPTION] COMMANDcommand arguments:¶
- Run espsecure {command} -h for additional help
- digest_secure_bootloader
- Take a bootloader binary image and a secure boot key, and output a combined digest+binary suitable for flashing along with the precalculated secure boot key.
- generate_signing_key
- Generate a private key for signing secure boot images. Key file is generated in PEM format, and contains a ECDSA NIST256p private key and matching public key.
- sign_data
- Sign a data file for use with secure boot. Signing algorithm is determinsitic ECDSA w/ SHA-512.
- verify_signature
- Verify a data file previously signed by "sign_data", using the public key.
- extract_public_key
- Extract the public verification key for signatures, save it as a raw binary file.
- digest_private_key
- Generate an SHA-256 digest of the private signing key. This can be used as a reproducible secure bootloader or flash encryption key.
- generate_flash_encryption_key
- Generate a development-use 32 byte flash encryption key with random data.
- decrypt_flash_data
- Decrypt some data read from encrypted flash (using known key)
- encrypt_flash_data
- Encrypt some data suitable for encrypted flash (using known key)
optional arguments:¶
- -h, --help
- show this help message and exit
EXAMPLES¶
Flash Espressif AT v1.4 firmware to an ESP-12S board:- esptool write_flash --flash_mode dio --flash_size 4MB-c1 0x00 boot_v1.7.bin 0x1000 at/1024+1024/user1.2048.new.5.bin 0xfe000 blank.bin 0x3fc000 esp_init_data_default.bin 0x3fe000 blank.bin
Display ESP32 efuse state summary:
- espefuse --port /dev/ttyUSB0 summary
Generate a flash encryption key:
- espsecure generate_flash_encryption_key key.bin
Burn the key to the device (WARNING: one time only operation):
- espefuse --port /dev/ttyUSB1 burn_key flash_encryption key.bin
Encrypt flash data:
- espsecure encrypt_flash_data --keyfile key.bin --address 0x10000 -o my-app-encrypted.bin my-app.bin
AUTHOR¶
esptool.py was started by Fredrik Ahlberg as an unofficial community project, currently maintained by Angus Gratton and supported by Espressif Systems (Shanghai) PTE LTD. This manual page was generated by Milan Kupcevic <milan@debian.org> for the Debian project and can be used by others.REPORTING BUGS¶
Review: <https://github.com/espressif/esptool/#troubleshooting>Known issues: <https://github.com/espressif/esptool/issues>
Report new issues at: <https://github.com/espressif/esptool/issues/new>
COPYRIGHT¶
Copyright © 2014-2016 Fredrik Ahlberg, Angus Gratton, Espressif Systems (Shanghai) PTE LTD, other contributors as noted. License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.SEE ALSO¶
esptool(1), espefuse(1), espsecure(1)April 2018 | esptool.py 2.1 |