Provided by: esptool_4.7.0+dfsg-0.1_all bug

NAME
       espsecure - ESP32 Secure Boot & Flash Encryption tool


DESCRIPTION
       usage: espsecure [OPTION] COMMAND

   command arguments:
       Run espsecure {command} -h for additional help

       digest_secure_bootloader
              Take a bootloader binary image and a secure boot key, and output a combined digest+binary suitable
              for flashing along with the precalculated secure boot key.

       generate_signing_key
              Generate  a private key for signing secure boot images as per the secure boot version. Key file is
              generated in PEM format, Secure Boot V1 - ECDSA NIST256p private key. Secure Boot V2 -  RSA  3072,
              ECDSA NIST256p, ECDSA NIST192p private key.

       sign_data
              Sign  a  data  file  for use with secure boot. Signing algorithm is deterministic ECDSA w/ SHA-512
              (V1) or either RSA-PSS or ECDSA w/ SHA-256 (V2).

       verify_signature
              Verify a data file previously signed by "sign_data", using the public key.

       extract_public_key
              Extract the public verification key for signatures, save it as a raw binary file.

       digest_rsa_public_key
              Generate an SHA-256 digest of the RSA public key. This digest is burned into the eFuse and asserts
              the legitimacy of the public key for Secure boot v2.

       digest_sbv2_public_key
              Generate an SHA-256 digest of the public key. This digest is burned into the eFuse and asserts the
              legitimacy of the public key for Secure boot v2.

       signature_info_v2
              Reads the signature block and provides the signature block information.

       digest_private_key
              Generate an SHA-256 digest of the private signing key.  This can be used as a reproducible  secure
              bootloader (only secure boot v1) or flash encryption key.

       generate_flash_encryption_key
              Generate a development-use flash encryption key with random data.

       decrypt_flash_data
              Decrypt some data read from encrypted flash (using known key)

       encrypt_flash_data
              Encrypt some data suitable for encrypted flash (using known key)

   options:
       -h, --help
              show this help message and exit


EXAMPLES
       Display device features, SPI flash manufacturer and device ID:

           esptool flash_id

       Flash ESP8266 Espressif AT v1.6.2 firmware to ESP-WROOM-02 board:

           esptool write_flash --flash_mode dio --flash_size 4MB-c1 0x00 boot_v1.7.bin 0x1000 at/1024+1024/user1.2048.new.5.bin 0xfe000 blank.bin 0x3fc000 esp_init_data_default_v08.bin 0x3fe000 blank.bin

       Flash ESP32 Espressif AT v1.1.1 firmware to ESP-WROOM-32 board:

           esptool write_flash --flash_mode dio --flash_freq 40m --flash_size detect 0x1000 bootloader/bootloader.bin 0x20000 at_customize.bin 0x21000 customized_partitions/ble_data.bin 0x24000 customized_partitions/server_cert.bin 0x26000 customized_partitions/server_key.bin 0x28000 customized_partitions/server_ca.bin 0x2a000 customized_partitions/client_cert.bin 0x2c000 customized_partitions/client_key.bin 0x2e000 customized_partitions/client_ca.bin 0xf000 phy_init_data.bin 0x100000 esp-at.bin 0x8000 partitions_at.bin

       Display ESP32 efuse state summary:

           espefuse --port /dev/ttyUSB0 summary

       Generate a flash encryption key:

           espsecure generate_flash_encryption_key key.bin

       Burn the key to the device (WARNING: one time only operation):

           espefuse --port /dev/ttyUSB1 burn_key flash_encryption key.bin

       Encrypt flash data:

           espsecure encrypt_flash_data --keyfile key.bin --address 0x10000 -o my-app-encrypted.bin my-app.bin


AUTHOR
       esptool.py  was  started  by  Fredrik Ahlberg as an unofficial community project, currently maintained by
       Angus Gratton and supported by Espressif Systems (Shanghai) PTE LTD. This manual page has  been  produced
       by Milan Kupcevic <milan@debian.org> for the Debian project and can be used by others.


REPORTING BUGS
       Review: <https://github.com/espressif/esptool/#troubleshooting>
       Known issues: <https://github.com/espressif/esptool/issues>
       Report new issues at: <https://github.com/espressif/esptool/issues/new>


COPYRIGHT
       Copyright  ©  2014-2017  Fredrik  Ahlberg,  Angus  Gratton,  Espressif  Systems (Shanghai) PTE LTD, other
       contributors as noted.  License GPLv2+: GNU GPL version 2  or  later  <http://gnu.org/licenses/gpl.html>.
       This  is  free software: you are free to change and redistribute it.  There is NO WARRANTY, to the extent
       permitted by law.


SEE ALSO
       esptool(1), espefuse(1), espsecure(1)

esptool.py 4.7.0                                  January 2024                                   ESPSECURE.PY(1)