Mirrors/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-06-04 20:26:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

docs(security): adds data partition verification docs

Browse Source
This commit is contained in:
Ashish Sharma
2026-02-23 11:17:47 +08:00
parent f93575a622
commit abe0d37d94
4 changed files with 54 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/en/api-reference/system/ota.rst
View File

@@ -229,6 +229,23 @@ The verification of signed OTA updates can be performed even without enabling ha
For more information, please refer to :ref:`signed-app-verify`.
.. _secure-signed-data-partition:
Signed Data Partition Updates
------------------------------
Data partition images can be verified using the same Secure Boot v2 signature mechanism as application images. Enable :ref:`CONFIG_SECURE_SIGNED_DATA_PARTITION` to verify data partitions with subtype ``ESP_PARTITION_SUBTYPE_DATA_UNDEFINED`` during OTA updates.
Sign data partition images using:
.. code-block:: bash
idf.py secure-sign-data --keyfile PRIVATE_SIGNING_KEY --output signed_data.bin data.bin
The signing key must match the one used for application signing, with its public key digest programmed into eFuse. The signed image format is: data content (padded to 4 KB) + 4 KB signature block (see :ref:`signature-block-format` in :doc:`/security/secure-boot-v2`).
For a complete example, see :example:`system/ota/partitions_ota`.
Tuning OTA Performance
----------------------