espsign
| Crates.io | espsign |
| lib.rs | espsign |
| version | 0.1.0 |
| created_at | 2025-01-10 18:59:06.8773+00 |
| updated_at | 2025-01-10 18:59:06.8773+00 |
| description | A utility for signing ESP32 firmware images for ESP RSA Secure Boot V2 |
| homepage | |
| repository | https://github.com/ivmarkov/espsign |
| max_upload_size | |
| id | 1511610 |
| size | 90,088 |
(ivmarkov)
documentation
README
espsign
A utility for signing ESP32 firmware images for ESP RSA Secure Boot V2
Highlights
- Pure-Rust
no_std(but needsalloc) library interface for:- Signing
- Verifying
- Generating key SHA-256 E-FUSE signature
- Command line interface
Examples
Command line
Install the command line utility
cargo install --force --git https://github.com/ivmarkov/espsign
Generate a new PEM signing key in file foo:
espsign gen-key foo
Generate a new password-protected with pass PEM signing key in file foo, and with E-FUSE SHA-256 hash in file hash:
espsign gen-key -p pass -s hash foo
Sign an app image firmware using a pre-generated PEM signing key from file foo
espsign sign -k foo firmware-padded firmware-signed
NOTE: App image should first be padded to 64K alignment with e.g. esptools:
esptools tool --chip esp32s3 elf2image --version 2 --secure-pad-v2 --output firmware-padded firmware
Verify a signed app image firmware-signed
espsign verify firmware-signed
Library
Verify an image. Other examples.
use std::fs::File;
use std::path::PathBuf;
use log::info;
use espsign::{AsyncIo, ImageType, SBV2RsaSignatureBlock};
/// Verify that `image` is properly signed
fn main() {
let image = PathBuf::from("/home/foo/factory-app-signed");
let mut buf = [0; 65536];
info!("Verifying image `{}`...", image.display());
embassy_futures::block_on(SBV2RsaSignatureBlock::load_and_verify(
&mut buf,
AsyncIo::new(File::open(image).unwrap()),
ImageType::App,
))
.unwrap();
info!("Image verified successfully");
}