espsign 0.1.0

A utility for signing ESP32 firmware images for ESP RSA Secure Boot V2
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

use std::fs::{self, File};
use std::path::PathBuf;

use log::info;

use rand::thread_rng;

use espsign::rsa::pkcs8::DecodePrivateKey;
use espsign::rsa::RsaPrivateKey;
use espsign::{AsyncIo, ImageType, SBV2RsaSignatureBlock};

/// Sign `image` with private key `key` and save the signed image as `signed`.
/// Also, generate the hash of the private key and save it as `hash`
fn main() {
    let key = PathBuf::from("/home/foo/private-key.pem");
    let image = PathBuf::from("/home/foo/factory-app");
    let signed = PathBuf::from("/home/foo/factory-app-signed");
    let hash = PathBuf::from("/home/foo/efuse-sb-hash");

    let mut buf = [0; 65536];

    let priv_key = RsaPrivateKey::from_pkcs8_pem(&fs::read_to_string(&key).unwrap()).unwrap();

    info!("Signing image `{}`...", image.display());

    embassy_futures::block_on(async {
        let block = SBV2RsaSignatureBlock::sign(
            &priv_key,
            &mut thread_rng(),
            &mut buf,
            AsyncIo::new(File::open(image).unwrap()),
            ImageType::App,
            AsyncIo::new(File::create(&signed).unwrap()),
        )
        .await
        .unwrap();

        info!("Image signed and saved to `{}`", signed.display());

        block
            .save_pubkey_hash(AsyncIo::new(File::create(&hash).unwrap()))
            .await
            .unwrap();

        info!("Hash saved to `{}`", hash.display());
    });
}