Provided by: esptool_2.8+dfsg-1_all bug


       espsecure - ESP32 Secure Boot & Flash Encryption tool


       usage: espsecure [OPTION] COMMAND

   command arguments:
       Run espsecure {command} -h for additional help

              Take  a  bootloader  binary  image  and  a  secure  boot key, and output a combined
              digest+binary suitable for flashing along with the precalculated secure boot key.

              Generate a private key for signing secure boot images.  Key file  is  generated  in
              PEM format, and contains a ECDSA NIST256p private key and matching public key.

              Sign a data file for use with secure boot. Signing algorithm is determinsitic ECDSA
              w/ SHA-512.

              Verify a data file previously signed by "sign_data", using the public key.

              Extract the public verification key for signatures, save it as a raw binary file.

              Generate an SHA-256 digest of the private signing key.   This  can  be  used  as  a
              reproducible secure bootloader or flash encryption key.

              Generate a development-use 32 byte flash encryption key with random data.

              Decrypt some data read from encrypted flash (using known key)

              Encrypt some data suitable for encrypted flash (using known key)

   optional arguments:
       -h, --help
              show this help message and exit


       Display device features, SPI flash manufacturer and device ID:

           esptool flash_id

       Flash ESP8266 Espressif AT v1.6.2 firmware to ESP-WROOM-02 board:

           esptool write_flash --flash_mode dio --flash_size 4MB-c1 0x00 boot_v1.7.bin 0x1000 at/1024+1024/ 0xfe000 blank.bin 0x3fc000 esp_init_data_default_v08.bin 0x3fe000 blank.bin

       Flash ESP32 Espressif AT v1.1.1 firmware to ESP-WROOM-32 board:

           esptool write_flash --flash_mode dio --flash_freq 40m --flash_size detect 0x1000 bootloader/bootloader.bin 0x20000 at_customize.bin 0x21000 customized_partitions/ble_data.bin 0x24000 customized_partitions/server_cert.bin 0x26000 customized_partitions/server_key.bin 0x28000 customized_partitions/server_ca.bin 0x2a000 customized_partitions/client_cert.bin 0x2c000 customized_partitions/client_key.bin 0x2e000 customized_partitions/client_ca.bin 0xf000 phy_init_data.bin 0x100000 esp-at.bin 0x8000 partitions_at.bin

       Display ESP32 efuse state summary:

           espefuse --port /dev/ttyUSB0 summary

       Generate a flash encryption key:

           espsecure generate_flash_encryption_key key.bin

       Burn the key to the device (WARNING: one time only operation):

           espefuse --port /dev/ttyUSB1 burn_key flash_encryption key.bin

       Encrypt flash data:

           espsecure encrypt_flash_data --keyfile key.bin --address 0x10000 -o my-app-encrypted.bin my-app.bin

AUTHOR  was  started  by Fredrik Ahlberg as an unofficial community project, currently
       maintained by Angus Gratton and supported by Espressif Systems (Shanghai)  PTE  LTD.  This
       manual  page has been produced by Milan Kupcevic <> for the Debian project
       and can be used by others.


       Review: <>
       Known issues: <>
       Report new issues at: <>


       Copyright © 2014-2017 Fredrik Ahlberg, Angus Gratton,  Espressif  Systems  (Shanghai)  PTE
       LTD,   other  contributors  as  noted.   License  GPLv2+:  GNU  GPL  version  2  or  later
       <>.  This is free software: you are  free  to  change  and
       redistribute it.  There is NO WARRANTY, to the extent permitted by law.


       esptool(1), espefuse(1), espsecure(1)