From 61ef67ec8c3abf7f7619746ddfd006cab83c8988 Mon Sep 17 00:00:00 2001 From: irriden Date: Mon, 4 Dec 2023 19:07:47 +0000 Subject: [PATCH] build: remove integrated binary signatures our secure boot feature checks the signatures of hashes of ota binaries --- deploy.sh | 4 ---- factory/sdkconfig.defaults | 3 --- sphinx-key/clear_sd.sh | 1 - sphinx-key/sdkconfig.defaults | 3 --- sphinx-key/sphinx_key.sh | 1 - 5 files changed, 12 deletions(-) diff --git a/deploy.sh b/deploy.sh index b1e3990..002c979 100755 --- a/deploy.sh +++ b/deploy.sh @@ -32,11 +32,7 @@ fi cargo espflash erase-flash cd factory cargo espflash flash --release -cargo espflash save-image --release --chip esp32c3 factory.bin -espsecure.py sign_data factory.bin --version 2 --keyfile ../secure_boot_signing_key.pem -espflash write-bin 0x10000 factory.bin cd ../sphinx-key cargo espflash save-image --bin sphinx-key --release --chip esp32c3 sphinx-key.bin -espsecure.py sign_data sphinx-key.bin --version 2 --keyfile ../secure_boot_signing_key.pem espflash write-bin 0x50000 sphinx-key.bin cargo espflash monitor diff --git a/factory/sdkconfig.defaults b/factory/sdkconfig.defaults index d2ca0ba..604fef2 100644 --- a/factory/sdkconfig.defaults +++ b/factory/sdkconfig.defaults @@ -11,6 +11,3 @@ CONFIG_FATFS_LFN_STACK=y # Workaround for https://github.com/espressif/esp-idf/issues/7631 #CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n #CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL=n - -CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT=y -CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=n diff --git a/sphinx-key/clear_sd.sh b/sphinx-key/clear_sd.sh index f761480..bb65fbd 100755 --- a/sphinx-key/clear_sd.sh +++ b/sphinx-key/clear_sd.sh @@ -30,6 +30,5 @@ then exit 1 fi cargo espflash save-image --bin clear --release --chip esp32c3 clear.bin -espsecure.py sign_data clear.bin --version 2 --keyfile ../secure_boot_signing_key.pem espflash write-bin 0x50000 clear.bin cargo espflash monitor diff --git a/sphinx-key/sdkconfig.defaults b/sphinx-key/sdkconfig.defaults index 2abc603..f047135 100644 --- a/sphinx-key/sdkconfig.defaults +++ b/sphinx-key/sdkconfig.defaults @@ -19,9 +19,6 @@ CONFIG_MBEDTLS_DYNAMIC_BUFFER=y CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA=y CONFIG_MBEDTLS_DYNAMIC_FREE_CA_CERT=y -CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT=y -CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=n - CONFIG_MBEDTLS_HARDWARE_AES=n # All these settings below sum to a 60KB reduction in bin size diff --git a/sphinx-key/sphinx_key.sh b/sphinx-key/sphinx_key.sh index 043270b..56fa117 100755 --- a/sphinx-key/sphinx_key.sh +++ b/sphinx-key/sphinx_key.sh @@ -30,6 +30,5 @@ then exit 1 fi cargo espflash save-image --bin sphinx-key --release --chip esp32c3 sphinx-key.bin -espsecure.py sign_data sphinx-key.bin --version 2 --keyfile ../secure_boot_signing_key.pem espflash write-bin 0x50000 sphinx-key.bin cargo espflash monitor