1. Home
  2. /
  3. Use cases
  4. /
  5. Set up your ESP32 board with secure updates

Set up your ESP32 board with secure updates

Get acquainted with our Espressif ESP32 and SignServer integration and learn more about how to enable secure OTA updates.

hero-sub-2-white
espressif logo

Enhanced Code Signing: Secure & Trustworthy ESP32 Build

The developer can only store the private part of the signature key locally with the out-of-the-box code signing solution provided by Espressif's tools. This means that it can be accessible, unprotected, and with limited evidence of authenticity. According to the Espressif manual, this method is only suitable for single-user development and refers to centralized tools for enterprise deployment, but there is no clear implementation roadmap.

The integration of Espressif ESP32 with our open-source PKI EJBCA and signature solution SignServer has enabled us to achieve a smooth and trustworthy build process. SignServer is a server-side signature solution that uses an HSM (Hardware Security Module) to protect code-signing keys and integrates with the EJBCA PKI to issue trusted code-signing certificates. For testing purposes, we provide SoftHSM options.

How to get started

In this tutorial, you will learn how to:

  • Issue signing certificate using EJBCA

  • Create a signing token in SignServer

  • Configure ESP-IDF and enable Secure Boot

  • Generate the SignServer signature and attach it to the application image

  • Upload the image and verify the signature with ESP32

For the full set of instructions, view our tutorials on how to set up SignServer and create a code signing certificate using EJBCA.

 

Prerequisites

To take full advantage of this tutorial, you need to have a basic understanding of the Espressif platform and security concepts. It is assumed that you are familiar and experienced with the ESP32 microcontroller and the ESP-IDF development framework, its system architecture, and the software lifecycle process. You should also understand and be able to apply the basic security functions of the ESP32. 

Before you begin, you also need the following:

Documentation

Tutorials/documentation

Documentation

Check out the supplementary documentation that goes hand-in-hand with our tutorial video.

Docker Hub

Get your hands on the SignServer Docker container by downloading it now from Docker Hub.

Discussions

You can ask your questions and learn from PKI and signing specialists in the SignServer forum on GitHub Discussions.

Related open-source projects

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey Solutions AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Check to consent to the use of Necessary cookies
Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Check to consent to the use of Functional cookies
Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

Check to consent to the use of Cookies for statistics
For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

Check to consent to the use of Cookies for ad-tracking
To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

Check to consent to the use of Ad measurement user cookies
In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

Check to consent to the use of Personalized ads cookies
To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data