Apply suggestions from code review

umbynos · umbynos · commit 589863c3ad85 · 2022-04-13T15:24:36.000+02:00
diff --git a/content/hardware/04.pro/boards/portenta-h7/tutorials/secure-boot/secure-boot.md b/content/hardware/04.pro/boards/portenta-h7/tutorials/secure-boot/secure-boot.md
@@ -30,7 +30,10 @@ In order to have secure boot enabled you must update the bootloader on your Port
 Once The bootloader has been updated to MCUboot, it's possible to use [secure boot](https://www.keyfactor.com/blog/what-is-secure-boot-its-where-iot-security-starts/) to have an additional layer of security. From that point on it is required to upload a compiled sketch with the Custom Board Option **"Security settings"** set to **"Signature + Encryption"** (the option can be found under **Tools > Security settings** in the IDE when selecting Portenta H7 as board, or you can use `--board-options security=sien` if using the Arduino CLI). Failing to provide such option will cause the bootloader not to run the compiled sketch because it is not trusted.
 
 If no operation is performed the default security keys are used.
-These keys are embedded in the example sketch `STM32H747_updateBootloader` which can be found in  **Files > Examples > STM32H747_System > STM32H747_updateBootloader**. A private 256bit [ECDSA](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) key is used for the encryption (`ecdsa-p256-encrypt-key.h`), while a public key is used for the signing (`ecdsa-p256-signing-key.h`). These two keys are the ones the bootloader uses to verify if a sketch is valid or not, before starting it for the first time. The default private keys used after compiling a sketch to sign and encrypt it are located in `Arduino15/packages/arduino/hardware/mbed_portenta/<version>/libraries/MCUboot/default_keys/`.
+Two keys are embedded in the example sketch `STM32H747_updateBootloader` which can be found in **Files > Examples > STM32H747_System > STM32H747_updateBootloader** and used by the bootloader.
+A private 256bit [ECDSA](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) key is used to extract the encryption key and decrypt the binary update (`ecdsa-p256-encrypt-key.h`), while a public key is used for image verification (`ecdsa-p256-signing-key.h`).
+
+As counterpart, when building the image update, imgtool uses this private [key](https://github.com/arduino/ArduinoCore-mbed/pull/447/files#diff-f43e4850d60c61854678f6f80c6ddc4b59e3e68ca7e71b02e5ed15288c9aadb4) to sign the image and this public [key](https://github.com/arduino/ArduinoCore-mbed/pull/447/files#diff-95bb7b27de14276896a2bec099dc5a498d5332616458c04263efc8d24810e6a6) for image encryption with elliptic curve integrated encryption scheme.
 
 ### 1. Generate Custom Security Keys
 The default keys provided with the mbed platform are obviously only intended for development purposes. In a production environment it is strongly recommended to generate a new key pair (public and private key).
