You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -17,11 +17,7 @@ Remote Signing using an external HSM
An external Hardware Security Module (HSM) can be used for remote signing of images in secure boot v2 scheme.
You must install ``esptool.py`` package with the ``hsm`` extra using the command, ``pip install 'esptool[hsm]'`` to use this feature.
``esp_hsm_sign`` provides a PKCS #11 interface to communicate with the external HSM and is integrated in ``espsecure.py``.
Refer to `Signing using an External HSM <https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/secure-boot-v2.html#signing-using-an-external-hsm>`_ to generate a Secure Boot V2 format unsigned firmware image.
You must install ``esptool.py`` package with the ``hsm`` extra using the command ``pip install 'esptool[hsm]'`` to use this feature. ``esp_hsm_sign`` provides a PKCS #11 interface to communicate with the external HSM and is integrated in ``espsecure.py``.
The following command should be used to get an image signed using an external HSM. ::
Expand All
@@ -33,6 +29,9 @@ If the public key is not stored in the external HSM, you can specify the ``--pub
In case you are using ESP-IDF, then an unsigned application can be generated by disabling ``CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES`` configuration option in the project settings.
