You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@nuttx.apache.org by GitBox <gi...@apache.org> on 2021/12/20 17:54:51 UTC

[GitHub] [incubator-nuttx] gustavonihei opened a new pull request #5044: espressif: Add hardware-supported Secure Boot on top of MCUboot

gustavonihei opened a new pull request #5044:
URL: https://github.com/apache/incubator-nuttx/pull/5044


   ## Summary
   This PR intends to add hardware-supported Secure Boot by enabling the integration of Secure Boot V2 with MCUboot bootloader for the following chips:
   - **ESP32 (revision 3)**
   - **ESP32-S2**
   - **ESP32-C3 (revision 3)**
   
   This feature is a complement to MCUboot's verification and it's based on Espressif's Secure Boot V2:
   https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/secure-boot-v2.html
   
   Once Secure Boot V2 is enabled, the ROM bootloader verifies the signature of the MCUboot bootloader using the **RSA-3072** algorithm.
   For completing the Secure Boot chain, the MCUboot bootloader verifies the signature of the NuttX application image using one of the following algorithms:
   - **RSA-2048**
   - **RSA-3072**
   - **ECDSA-P256**
   - **ED25519**
   
   ## Impact
   This new feature for Espressif chips is restricted to the Bootloader image, so possible impacts only for platforms which rely on the Espressif-port of the MCUboot bootloader.
   Should bring no impact to the NuttX application image.
   
   ## Testing
   Tested with the some custom changes on top of the following defconfigs:
   - `esp32-devkitc:mcuboot_agent`
   - `esp32s2-saola-1:mcuboot_nsh`
   - `esp32c3-devkit:mcuboot_agent`
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] xiaoxiang781216 merged pull request #5044: espressif: Add hardware-supported Secure Boot on top of MCUboot

Posted by GitBox <gi...@apache.org>.

xiaoxiang781216 merged pull request #5044:
URL: https://github.com/apache/incubator-nuttx/pull/5044


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org