def burn_key_digest(esp, efuses, args):
if efuses.coding_scheme == efuses.REGS.CODING_SCHEME_34:
raise esptool.FatalError(
"burn_key_digest only works with 'None' coding scheme")
chip_revision = esp.get_chip_description()
if "revision 3" not in chip_revision:
raise esptool.FatalError(
"Incorrect chip revision for Secure boot v2. Detected: %s. Expected: (revision 3)"
% chip_revision)
digest = espsecure._digest_rsa_public_key(args.keyfile)
efuse = efuses["BLOCK2"]
num_bytes = efuse.bit_len // 8
if len(digest) != num_bytes:
raise esptool.FatalError(
"Incorrect digest size %d. Digest must be %d bytes (%d bits) of raw binary key data."
% (len(digest), num_bytes, num_bytes * 8))
print(" - %s -> [%s]" % (efuse.name, util.hexify(digest, " ")))
efuse.save(digest)
if not args.no_protect_key:
print("Disabling write to efuse %s..." % (efuse.name))
efuse.disable_write()
efuses.burn_all()
def burn_key_digest(esp, efuses, args):
if efuses.coding_scheme == CODING_SCHEME_34:
raise RuntimeError(
"burn_key_digest only works with 'None' coding scheme")
chip_revision = esp.get_chip_description()
if "revision 3" not in chip_revision:
raise esptool.FatalError(
"Incorrect chip revision for Secure boot v2. Detected: %s. Expected: (revision 3)"
% chip_revision)
digest = espsecure._digest_rsa_public_key(args.keyfile)
num_bytes = efuses.get_block_len()
if len(digest) != num_bytes:
raise esptool.FatalError(
"Incorrect digest size %d. Digest must be %d bytes (%d bits) of raw binary key data."
% (len(digest), num_bytes, num_bytes * 8))
block_num = 2
efuse = [e for e in efuses if e.register_name == "BLK%d" % block_num][0]
_confirm_burn_key(num_bytes, block_num, efuse, args)
# reverse the digest bytes as burn_key reverses them a second time... (so we get 'normal' order)
new = efuse.burn_key(digest[::-1])
print("Burned public key digest data. New value: %s" % (new, ))
if not args.no_protect_key:
print("Disabling write to efuse BLK2...")
efuse.disable_write()
def burn_key_digest(esp, efuses, args):
digest_list = []
datafile_list = args.keyfile[0:len([name for name in args.keyfile if name is not None]):]
block_list = args.block[0:len([block for block in args.block if block is not None]):]
for block_name, datafile in zip(block_list, datafile_list):
efuse = None
for block in efuses.blocks:
if block_name == block.name or block_name == block.alias:
efuse = efuses[block.name]
if efuse is None:
raise esptool.FatalError("Unknown block name - %s" % (block_name))
num_bytes = efuse.bit_len // 8
digest = espsecure._digest_rsa_public_key(datafile)
if len(digest) != num_bytes:
raise esptool.FatalError("Incorrect digest size %d. Digest must be %d bytes (%d bits) of raw binary key data." %
(len(digest), num_bytes, num_bytes * 8))
digest_list.append(digest)
burn_key(esp, efuses, args, digest=digest_list)
