def burn_key_digest(esp, efuses, args): if efuses.coding_scheme == efuses.REGS.CODING_SCHEME_34: raise esptool.FatalError( "burn_key_digest only works with 'None' coding scheme") chip_revision = esp.get_chip_description() if "revision 3" not in chip_revision: raise esptool.FatalError( "Incorrect chip revision for Secure boot v2. Detected: %s. Expected: (revision 3)" % chip_revision) digest = espsecure._digest_rsa_public_key(args.keyfile) efuse = efuses["BLOCK2"] num_bytes = efuse.bit_len // 8 if len(digest) != num_bytes: raise esptool.FatalError( "Incorrect digest size %d. Digest must be %d bytes (%d bits) of raw binary key data." % (len(digest), num_bytes, num_bytes * 8)) print(" - %s -> [%s]" % (efuse.name, util.hexify(digest, " "))) efuse.save(digest) if not args.no_protect_key: print("Disabling write to efuse %s..." % (efuse.name)) efuse.disable_write() efuses.burn_all()
def burn_key_digest(esp, efuses, args): if efuses.coding_scheme == CODING_SCHEME_34: raise RuntimeError( "burn_key_digest only works with 'None' coding scheme") chip_revision = esp.get_chip_description() if "revision 3" not in chip_revision: raise esptool.FatalError( "Incorrect chip revision for Secure boot v2. Detected: %s. Expected: (revision 3)" % chip_revision) digest = espsecure._digest_rsa_public_key(args.keyfile) num_bytes = efuses.get_block_len() if len(digest) != num_bytes: raise esptool.FatalError( "Incorrect digest size %d. Digest must be %d bytes (%d bits) of raw binary key data." % (len(digest), num_bytes, num_bytes * 8)) block_num = 2 efuse = [e for e in efuses if e.register_name == "BLK%d" % block_num][0] _confirm_burn_key(num_bytes, block_num, efuse, args) # reverse the digest bytes as burn_key reverses them a second time... (so we get 'normal' order) new = efuse.burn_key(digest[::-1]) print("Burned public key digest data. New value: %s" % (new, )) if not args.no_protect_key: print("Disabling write to efuse BLK2...") efuse.disable_write()
def burn_key_digest(esp, efuses, args): digest_list = [] datafile_list = args.keyfile[0:len([name for name in args.keyfile if name is not None]):] block_list = args.block[0:len([block for block in args.block if block is not None]):] for block_name, datafile in zip(block_list, datafile_list): efuse = None for block in efuses.blocks: if block_name == block.name or block_name == block.alias: efuse = efuses[block.name] if efuse is None: raise esptool.FatalError("Unknown block name - %s" % (block_name)) num_bytes = efuse.bit_len // 8 digest = espsecure._digest_rsa_public_key(datafile) if len(digest) != num_bytes: raise esptool.FatalError("Incorrect digest size %d. Digest must be %d bytes (%d bits) of raw binary key data." % (len(digest), num_bytes, num_bytes * 8)) digest_list.append(digest) burn_key(esp, efuses, args, digest=digest_list)