build: remove integrated binary signatures

our secure boot feature checks the signatures of hashes of ota binaries

deploy.sh

@@ -32,11 +32,7 @@ fi
 cargo espflash erase-flash
 cd factory
 cargo espflash flash --release
-cargo espflash save-image --release --chip esp32c3 factory.bin
-espsecure.py sign_data factory.bin --version 2 --keyfile ../secure_boot_signing_key.pem
-espflash write-bin 0x10000 factory.bin
 cd ../sphinx-key
 cargo espflash save-image --bin sphinx-key --release --chip esp32c3 sphinx-key.bin
-espsecure.py sign_data sphinx-key.bin --version 2 --keyfile ../secure_boot_signing_key.pem
 espflash write-bin 0x50000 sphinx-key.bin
 cargo espflash monitor

factory/sdkconfig.defaults

@@ -11,6 +11,3 @@ CONFIG_FATFS_LFN_STACK=y
 # Workaround for https://github.com/espressif/esp-idf/issues/7631
 #CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
 #CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL=n
-
-CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT=y
-CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=n

sphinx-key/clear_sd.sh

@@ -30,6 +30,5 @@ then
     exit 1
 fi
 cargo espflash save-image --bin clear --release --chip esp32c3 clear.bin
-espsecure.py sign_data clear.bin --version 2 --keyfile ../secure_boot_signing_key.pem
 espflash write-bin 0x50000 clear.bin
 cargo espflash monitor

sphinx-key/sdkconfig.defaults

@@ -19,9 +19,6 @@ CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
 CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA=y
 CONFIG_MBEDTLS_DYNAMIC_FREE_CA_CERT=y
 
-CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT=y
-CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=n
-
 CONFIG_MBEDTLS_HARDWARE_AES=n
 
 # All these settings below sum to a 60KB reduction in bin size

sphinx-key/sphinx_key.sh

@@ -30,6 +30,5 @@ then
     exit 1
 fi
 cargo espflash save-image --bin sphinx-key --release --chip esp32c3 sphinx-key.bin
-espsecure.py sign_data sphinx-key.bin --version 2 --keyfile ../secure_boot_signing_key.pem
 espflash write-bin 0x50000 sphinx-key.bin
 cargo espflash monitor