Skip to content

Commit

Permalink
Add note on writing OTP to enc bootloader
Browse files Browse the repository at this point in the history
  • Loading branch information
@will-v-pi
will-v-pi authored Sep 25, 2024
1 parent 362f676 commit c0a7bba
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion bootloaders/encrypted/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,17 @@ Replace private.pem and privateaes.bin with your own keys - your signing key mus
openssl ecparam -name secp256k1 -genkey -out private.pem
```

The AES key is just be a 32 byte binary file - you can create one with
The AES key is just a 32 byte binary file - you can create one with

```bash
dd if=/dev/urandom of=privateaes.bin bs=1 count=32
```

You will need to program your OTP using the generated `otp.json` file in the build folder. Note that this will enable secure boot on your device, so only signed binaries can run, and will also lock down the page the AES key is stored in. If you wish to test without enabling secure boot then you can load the `otp.json` file in the source folder, which will just program the AES key and lock down that page.
```bash
picotool otp load otp.json
```

Then either drag & drop the UF2 files to the device in order (enc_bootloader first, then hello_serial_enc) waiting for a reboot in-between, or run
```bash
picotool load enc_bootloader.uf2
Expand Down

0 comments on commit c0a7bba

Please sign in to comment.