arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-07-27 18:02:17 +03:00
Code Activity

Add code-spell spelling checks to CI (#8067)

Browse Source 
Help find and fix silly spelling errors as they are added to the repo.
This commit is contained in:
Earle F. Philhower, III
2021-05-23 08:53:04 -07:00
committed by GitHub
parent 78a2ed6bd8
commit 60fe7b4ca8
133 changed files with 273 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/ota_updates/readme.rst
View File

@ -50,7 +50,7 @@ Signed updates are updates whose compiled binaries are signed with a private key
Cryptographic signing only protects against tampering with binaries delivered via OTA. If someone has physical access, they will always be able to flash the device over the serial port. Signing also does not encrypt anything but the hash (so that it can't be modified), so this does not protect code inside the device: if a user has physical access they can read out your program.
**Securing your private key is paramount. The same private/public keypair that was used with the original upload must also be used to sign later binaries. Loss of the private key associated with a binary means that you will not be able to OTA-update any of your devices in the field. Alternatively, if someone else copies the private key, then they will be able to use it to sign binaries which will be accepted by the ESP.**
**Securing your private key is paramount. The same private/public key pair that was used with the original upload must also be used to sign later binaries. Loss of the private key associated with a binary means that you will not be able to OTA-update any of your devices in the field. Alternatively, if someone else copies the private key, then they will be able to use it to sign binaries which will be accepted by the ESP.**
Signed Binary Format
^^^^^^^^^^^^^^^^^^^^
@ -68,7 +68,7 @@ Signed Binary Prerequisites
OpenSSL is required to run the standard signing steps, and should be available on any UNIX-like or Windows system. As usual, the latest stable version of OpenSSL is recommended.
Signing requires the generation of an RSA-2048 key (other bit lengths are supported as well, but 2048 is a good selection today) using any appropriate tool. The following shell commands will generate a new public/private keypair. Run them in the sketch directory:
Signing requires the generation of an RSA-2048 key (other bit lengths are supported as well, but 2048 is a good selection today) using any appropriate tool. The following shell commands will generate a new public/private key pair. Run them in the sketch directory:
.. code:: bash