1 Commits

Author SHA1 Message Date
harshal.patil
100084bd61 change(bootloader): validate secure boot signing key type at configure time
The signing step (espsecure sign-data) derives the signature block type
from the key file itself, so selecting e.g. the RSA app signing scheme
with an ECDSA signing key produced a successfully built image that only
failed signature verification at boot.

Check the key at configure time and fail with a clear error when:

- the key family (RSA vs ECDSA) does not match the selected app signing
  scheme
- the ECDSA curve does not match the selected ECDSA key size for the
  ECDSA (V1/V2) schemes
- the key cannot be parsed as an unencrypted PEM private key
2026-06-29 16:59:52 +05:30