ESP32 Forum

if I signed the app image by the secure boot pem, then will it run ok on an board that secure boot is not enabled?
Is the bootloader and the app image verify each other mutally ? or the bootloader just verify app image, and signed app image can run on any other board that secure boot is not enabled?

Hi malaimo,

A bootloader without secure boot enabled should boot a signed image without issue, the signature is ignored.

(Use flash encryption with secure boot to prevent signed images being run on other hardware.)

ESP_Angus wrote:Hi malaimo,

A bootloader without secure boot enabled should boot a signed image without issue, the signature is ignored.

(Use flash encryption with secure boot to prevent signed images being run on other hardware.)

Hello~~
I got your idea, flash encryption can prevent flash reading, and then prevent the signed image readout, so no body can get this image and run it on other hardware. but if I use ota update, I have to put them on server, I think the image is easy to leak even if I use https.
do you have some suggestions about ota?

Regarding OTA and protection of data on the server or in transit, let's continue the discussion over here:
https://esp32.com/viewtopic.php?f=2&t=2 ... =10#p19194

ESP_Angus wrote:Regarding OTA and protection of data on the server or in transit, let's continue the discussion over here:
https://esp32.com/viewtopic.php?f=2&t=2 ... =10#p19194

Sorry , I have seen your reply there. This solve my problem already, thank you!