Skip to content

Commit

Permalink
docs: espsecure remote signing using a HSM broken link fix
Browse files Browse the repository at this point in the history
  • Loading branch information
Harshal5 committed Feb 14, 2023
1 parent 238cb8e commit 0095a26
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions docs/en/espsecure/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,7 @@ Remote Signing using an external HSM

An external Hardware Security Module (HSM) can be used for remote signing of images in secure boot v2 scheme.

You must install ``esptool.py`` package with the ``hsm`` extra using the command, ``pip install 'esptool[hsm]'`` to use this feature.

``esp_hsm_sign`` provides a PKCS #11 interface to communicate with the external HSM and is integrated in ``espsecure.py``.

Refer to `Signing using an External HSM <https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/secure-boot-v2.html#signing-using-an-external-hsm>`_ to generate a Secure Boot V2 format unsigned firmware image.
You must install ``esptool.py`` package with the ``hsm`` extra using the command ``pip install 'esptool[hsm]'`` to use this feature. ``esp_hsm_sign`` provides a PKCS #11 interface to communicate with the external HSM and is integrated in ``espsecure.py``.

The following command should be used to get an image signed using an external HSM. ::

Expand All @@ -33,6 +29,9 @@ If the public key is not stored in the external HSM, you can specify the ``--pub

python espsecure.py sign_data --version 2 --hsm --hsm-config <hsm_config_file> --pub-key <public_key> --output <signed_image> <datafile>

.. note::
In case you are using ESP-IDF, then an unsigned application can be generated by disabling ``CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES`` configuration option in the project settings.

Verifying the Signed Image
~~~~~~~~~~~~~~~~~~~~~~~~~~

Expand Down

0 comments on commit 0095a26

Please sign in to comment.