Hi,
I am using ESP32 chipset with custom board design. Currently we're in production stage where we are going to design more ESP32 device. We have to secure our board from unwanted framework upgradation, because in custom board, UART is outside of the enclose with ground pin. so board is accessible to program through the UART. I think currently the esp-32 flashing take any esp32 base generated .bin file from UART.
I am not doing anything with custom boot-loader because I just use one of the example from esp-idf and start my top level application code. so bootloader and all other stuff would be same as esp-idf.
So how do I protect the board from unwanted framework. ?
Planning to use secure boot-loader
Re: Planning to use secure boot-loader
https://docs.espressif.com/projects/esp ... ot-v2.html
You can enable this and sign your firmware.
This will prevent unauthorized firmware to be flashed.
You will still be able to do OTA updates but it will need to be singed firmware too.
Also don't forget:
Enable all Secure Boot options in the Secure Boot Configuration. These include flash encryption, disabling of JTAG, disabling BASIC ROM interpreter, and disabling the UART bootloader encrypted flash access
You can enable this and sign your firmware.
This will prevent unauthorized firmware to be flashed.
You will still be able to do OTA updates but it will need to be singed firmware too.
Also don't forget:
Enable all Secure Boot options in the Secure Boot Configuration. These include flash encryption, disabling of JTAG, disabling BASIC ROM interpreter, and disabling the UART bootloader encrypted flash access
-
- Posts: 21
- Joined: Wed Jul 27, 2022 9:53 am
Re: Planning to use secure boot-loader
Hi,
I had been go through the document and secure boot guidelines and start the device the secure-boot to esp32 development kit.
Here is my step for building the secure boot-loader
step1 . copy hello_word example from idf example.
step2. enable the Secure boot option from menu config and select reflashable.
step3. create key for bootloader using `openssl ecparam -name prime256v1 -genkey -noout -out secure_boot_signing_key.pem`
step4. copy .pem key into the workspace.. (outside the build) and run the idf.py bootloader
step5. run the "first time flash command" and then run the idf.py flash
step6. example started.
but still i am able to load the another application using UART. once I load the another blink example using idf.py flash, device start failed with following method.
Once I reflash using "first time flash command", device start with hello_word example.
Here Is my question.
1. If secure bootloader is enable still we can flash another framework or .bin file using idf.py flash ?
2. while flashing the framework or .bin file from the build directory, device verify anything any incoming framework on the bootloader side ?
I had been go through the document and secure boot guidelines and start the device the secure-boot to esp32 development kit.
Here is my step for building the secure boot-loader
step1 . copy hello_word example from idf example.
step2. enable the Secure boot option from menu config and select reflashable.
step3. create key for bootloader using `openssl ecparam -name prime256v1 -genkey -noout -out secure_boot_signing_key.pem`
step4. copy .pem key into the workspace.. (outside the build) and run the idf.py bootloader
step5. run the "first time flash command" and then run the idf.py flash
step6. example started.
but still i am able to load the another application using UART. once I load the another blink example using idf.py flash, device start failed with following method.
Code: Select all
rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)<\r><\n>
configsip: 0, SPIWP:0xee<\r><\n>
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00<\r><\n>
mode:DIO, clock div:2<\r><\n>
load:0x3fff0030,len:6612<\r><\n>
load:0x40078000,len:14788<\r><\n>
load:0x40080400,len:3792<\r><\n>
secure boot check fail<\r><\n>
ets_main.c 371
Here Is my question.
1. If secure bootloader is enable still we can flash another framework or .bin file using idf.py flash ?
2. while flashing the framework or .bin file from the build directory, device verify anything any incoming framework on the bootloader side ?
-
- Posts: 190
- Joined: Wed Jan 24, 2018 6:51 am
Re: Planning to use secure boot-loader
Yes, it is possible to reflash the application after signing the image. Please refer to the section https://docs.espressif.com/projects/esp ... -of-images1. If secure bootloader is enable still we can flash another framework or .bin file using idf.py flash ?
No, there is no verification of the image during flashing stage.2. while flashing the framework or .bin file from the build directory, device verify anything any incoming framework on the bootloader side ?
Mahavir
https://github.com/mahavirj/
https://github.com/mahavirj/
-
- Posts: 21
- Joined: Wed Jul 27, 2022 9:53 am
Re: Planning to use secure boot-loader
Hi,
I did something related with encrypted flash option and reload the bootloader again, now board is showing me only this.
How can I prevent my board from physical upgradation. ?
I did something related with encrypted flash option and reload the bootloader again, now board is showing me only this.
Code: Select all
rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)<\r><\n>
configsip: 0, SPIWP:0xee<\r><\n>
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00<\r><\n>
mode:DIO, clock div:2<\r><\n>
load:0x3fff0030,len:6612<\r><\n>
load:0x40078000,len:14788<\r><\n>
load:0x40080400,len:3792<\r><\n>
secure boot check fail<\r><\n>
ets_main.c 371
-
- Posts: 6
- Joined: Fri Feb 03, 2023 11:50 am
Re: Planning to use secure boot-loader
We made our own ESP32-S3 board. When we first plug a USB TYPE C from Windows PC, It boots continiously. We used esptool.exe to load many bootloader.bin or similar file, but nothing changed. We stil have bootloop.
The message in serial port is:
ESP-ROM:esp32s3-20210327
Build:Mar 27 2021
rst:0x7 (TG0WDT_SYS_RST),boot:0x8 (SPI_FAST_FLASH_BOOT)
Saved PC:0x40043ac8
SPIWP:0xee
mode:DIO, clock div:1
load:0x3fcd0108,len:0x1634
load:0x403b6000,len:0xe74
load:0x403ba000,len:0x31c8
Checksum failure. Calculated 0x9f stored 0xde
ets_main.c 329
------(loops)------
Any help is appreciated..
The message in serial port is:
ESP-ROM:esp32s3-20210327
Build:Mar 27 2021
rst:0x7 (TG0WDT_SYS_RST),boot:0x8 (SPI_FAST_FLASH_BOOT)
Saved PC:0x40043ac8
SPIWP:0xee
mode:DIO, clock div:1
load:0x3fcd0108,len:0x1634
load:0x403b6000,len:0xe74
load:0x403ba000,len:0x31c8
Checksum failure. Calculated 0x9f stored 0xde
ets_main.c 329
------(loops)------
Any help is appreciated..