esp_secure_boot_verify_signature() function

Verify the secure boot signature appended to some binary data in flash. For ECDSA Scheme (Secure Boot V1) - deterministic ECDSA w/ SHA256 image For RSA Scheme (Secure Boot V2) - RSA-PSS Verification of the SHA-256 image Public key is compiled into the calling program in the ECDSA Scheme. See the apt docs/security/secure-boot-v1.rst or docs/security/secure-boot-v2.rst for details. If flash encryption is enabled, the image will be transparently decrypted while being verified.

Syntax

Show:

Summary

Declaration

from esp_secure_boot.h:231

esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length);

Arguments

Argument

Description

src_addr

Starting offset of the data in flash.

length

Length of data in bytes. Signature is appended -after- length bytes.

Return value

ESP_OK if signature is valid, ESP_ERR_INVALID_STATE if signature fails, ESP_FAIL for other failures (ie can't read flash).

Notes

This function doesn't have any fault injection resistance so should not be called during a secure boot itself (but can be called when verifying an update, etc.)

Examples

References

from examples

esp_secure_boot_verify_signature() function

Syntax

Arguments

Return value

Notes

Examples

References

Call Tree

Data Use

Class Tree

Override Tree

Implementations

Instances

Lifecycle