ESP32 Forum

Hi for all!
I am trying to use secure boot and flash encryption for my esp32 module. Actually I do not have enough experience for this, but I think I made a mistake cause of my impatience.

I did espefuse.py generate_key and burn_key for flash encryption and secure boot.

I have keys,
Burned key data. New value: 2e 2f 1e 39 f7 50 80 a6 a1 46 ce 59 36 c9 0c c7 92 73 f7 a1 4b 03 ba 70 9e 29 00 64 09 ac ff 4e
Burned key data. New value: 4e 08 6e 36 8c 25 5a 6d 72 01 d9 23 ce 0d 40 05 3a 31 ab f7 43 90 04 1a ee 4e 92 31 b2 46 70 b2
one of them for secure boot, the other one for flash encryption.

my summary output is:

EFUSE_NAME Description = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Calibration fuses:
BLK3_PART_RESERVE BLOCK3 partially served for ADC calibration data = 0 R/W (0x0)
ADC_VREF Voltage reference calibration = 1100 R/W (0x0)

Identity fuses:
MAC Factory MAC Address
= 24:0a:c4:08:99:50 (CRC 0x6f OK) R/W
CHIP_VER_REV1 Silicon Revision 1 = 1 R/W (0x1)
CHIP_VER_REV2 Silicon Revision 2 = 0 R/W (0x0)
CHIP_VERSION Reserved for future chip versions = 0 R/W (0x0)
CHIP_PACKAGE Chip package identifier = 0 R/W (0x0)

Efuse fuses:
WR_DIS Efuse write disable mask = 384 R/W (0x180)
RD_DIS Efuse read disablemask = 3 R/W (0x3)
CODING_SCHEME Efuse variable block length scheme = 0 R/W (0x0)
KEY_STATUS Usage of efuse block 3 (reserved) = 0 R/W (0x0)

Config fuses:
XPD_SDIO_FORCE Ignore MTDI pin (GPIO12) for VDD_SDIO on reset = 1 R/W (0x1)
XPD_SDIO_REG If XPD_SDIO_FORCE, enable VDD_SDIO reg on reset = 1 R/W (0x1)
XPD_SDIO_TIEH If XPD_SDIO_FORCE & XPD_SDIO_REG, 1=3.3V 0=1.8V = 0 R/W (0x0)
CLK8M_FREQ 8MHz clock freq override = 54 R/W (0x36)
SPI_PAD_CONFIG_CLK Override SD_CLK pad (GPIO6/SPICLK) = 0 R/W (0x0)
SPI_PAD_CONFIG_Q Override SD_DATA_0 pad (GPIO7/SPIQ) = 0 R/W (0x0)
SPI_PAD_CONFIG_D Override SD_DATA_1 pad (GPIO8/SPID) = 0 R/W (0x0)
SPI_PAD_CONFIG_HD Override SD_DATA_2 pad (GPIO9/SPIHD) = 0 R/W (0x0)
SPI_PAD_CONFIG_CS0 Override SD_CMD pad (GPIO11/SPICS0) = 0 R/W (0x0)
DISABLE_SDIO_HOST Disable SDIO host = 0 R/W (0x0)

Security fuses:
FLASH_CRYPT_CNT Flash encryption mode counter = 0 R/W (0x0)
FLASH_CRYPT_CONFIG Flash encryption config (key tweak bits) = 0 R/W (0x0)
CONSOLE_DEBUG_DISABLE Disable ROM BASIC interpreter fallback = 1 R/W (0x1)
ABS_DONE_0 secure boot enabled for bootloader = 0 R/W (0x0)
ABS_DONE_1 secure boot abstract 1 locked = 0 R/W (0x0)
JTAG_DISABLE Disable JTAG = 0 R/W (0x0)
DISABLE_DL_ENCRYPT Disable flash encryption in UART bootloader = 0 R/W (0x0)
DISABLE_DL_DECRYPT Disable flash decryption in UART bootloader = 0 R/W (0x0)
DISABLE_DL_CACHE Disable flash cache in UART bootloader = 0 R/W (0x0)
BLK1 Flash encryption key
= ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLK2 Secure boot key
= ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLK3 Variable Block 3
= 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W


BLK1 and BLK2 are not zero, So I wrote key files to efuse.


I change security features from menuconfig. Enabled both. secure-boot(onetime flash), flash encryption(Release).
Then I did make bootloader with key file that I defined Secure boot private signing key then bootloader built successfuly.

However when I try to One-time flash command,

$ python /home/x/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port COM9 --baud 115200 --before default_reset --after no_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size 2MB 0x1000 /c/Users/x/Downloads/efuse/build/bootloader/bootloader.bin
esptool.py v2.8-dev
Serial port COM9
Connecting....
Chip is ESP32D0WDQ6 (revision 1)
Features: WiFi, BT, Dual Core, Coding Scheme None
Crystal is 40MHz
MAC: 24:0a:c4:08:99:50
Uploading stub...
Running stub...
Stub running...
Configuring flash size...
Flash params set to 0x0210
Compressed 37776 bytes to 22101...

A fatal error occurred: Timed out waiting for packet content


What sould I do? Now, I could not upload another code without secure boot and encryption. Did I do something harmful? How can I change this situation?
My aim was nobody could not flash mydevice without my key, but unfortunately I could not flash my device now.

Hi mu

muhambykar wrote: ↑

Wed Oct 09, 2019 8:33 am

My aim was nobody could not flash mydevice without my key, but unfortunately I could not flash my device now.

From the description, the steps you've followed are the right steps for this goal.

Neither flash encryption or secure boot are actually enabled yetr (FLASH_CRYPT_CNT==0, ABS_DONE_0==0). They aren't enabled until the first boot, after flashing the plaintext bootloader with these features enabling in config.

muhambykar wrote: ↑

Wed Oct 09, 2019 8:33 am

A fatal error occurred: Timed out waiting for packet content


What sould I do? Now, I could not upload another code without secure boot and encryption. Did I do something harmful? How can I change this situation?

I think this error is unrelated to enabling secure boot and flash encryption. Normally the root cause is some kind of problem with the serial connection to the module, or the power supply to the module.

Were you able to flash this hardware setup in the past?

Suggest checking over the list of items mentioned here:
https://github.com/espressif/esptool#troubleshooting

You can also try replacing the "-z" option with "--no-compress" to disable compressed upload, in case this is somehow triggering the problem.

If you can give more details about the module and how it's connected (maybe a photo), then we may be able to help further.

Actually I were able flash this hardware past. After first try enabling secure boot and flash encryption, I got this error. I did not any change on hardware, it is esp32_core_board_v2 module. I could not understand difference between one-time flash and reflashable mode, and I chose one time flash mode, is it cause of my error?
As I understood, I could not flash and not enabled secure boot yet. So, with same key file and choosing reflashable mode, I should be able upload my code?

I have tried --no-compress methode but my result is same.
Additionally, I could not even erase the flash...

Erasing entire flash...
esptool.py v2.8-dev
Serial port COM9
Connecting....
Chip is ESP32D0WDQ6 (revision 1)
Features: WiFi, BT, Dual Core, Coding Scheme None
Crystal is 40MHz
MAC: xxxxxxxxxxxx
Uploading stub...
Running stub...
Stub running...
Erasing flash (this may take a while)...

A fatal error occurred: Timed out waiting for packet content
make: *** [/home/user/esp/esp-idf/components/esptool_py/Makefile.projbuild:117: erase_flash] Error 2

muhambykar wrote: ↑

Fri Oct 11, 2019 10:55 am

I chose one time flash mode, is it cause of my error?
As I understood, I could not flash and not enabled secure boot yet. So, with same key file and choosing reflashable mode, I should be able upload my code?

No. Whatever the cause of these errors is, it's not caused by enabling flash encryption or secure boot.

Even a "bricked" ESP32 where flash encryption and secure boot are enabled but the keys are lost can still be reflashed (but it will not be able to boot the newly flashed firmware).

Something else has gone wrong with the serial link, the hardware or the power supply. It just happens to have happened at the same time as enabling the security features.

Angus

I understood but I have use the uart cable with another esp32 module and it works good. I did not search well about encryption and secure boot, I have used one time flash and . After using erase_flash, I could not upload any code and I think pc could not communicate with flash. Here is some output :

FLASH_ID

Serial port COM9
Connecting.......
Chip is ESP32D0WDQ6 (revision 1)
Features: WiFi, BT, Dual Core, Coding Scheme None
Crystal is 40MHz
MAC: xxxxxxx
Uploading stub...
Running stub...
Stub running...
Manufacturer: ff
Device: ffff
Detected flash size: Unknown
(manuvacturer, device, and flash size seems there is a problem???)

CHIP_ID

Connecting....
Chip is ESP32D0WDQ6 (revision 1)
Features: WiFi, BT, Dual Core, Coding Scheme None
Crystal is 40MHz
MAC: xxxxxxxxxx
Uploading stub...
Running stub...
Stub running...
Warning: ESP32 has no Chip ID. Reading MAC instead.
MAC: xxxxxxxxxxx
Hard resetting via RTS pin...


SUMMARY

espefuse.py v2.8-dev
Connecting....
EFUSE_NAME Description = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Security fuses:
FLASH_CRYPT_CNT Flash encryption mode counter = 7 R/W (0x7)
FLASH_CRYPT_CONFIG Flash encryption config (key tweak bits) = 15 R/W (0xf)
CONSOLE_DEBUG_DISABLE Disable ROM BASIC interpreter fallback = 1 R/W (0x1)
ABS_DONE_0 secure boot enabled for bootloader = 1 R/W (0x1)
ABS_DONE_1 secure boot abstract 1 locked = 0 R/W (0x0)
JTAG_DISABLE Disable JTAG = 0 R/W (0x0)
DISABLE_DL_ENCRYPT Disable flash encryption in UART bootloader = 0 R/W (0x0)
DISABLE_DL_DECRYPT Disable flash decryption in UART bootloader = 0 R/W (0x0)
DISABLE_DL_CACHE Disable flash cache in UART bootloader = 0 R/W (0x0)
BLK1 Flash encryption key
= ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLK2 Secure boot key
= ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLK3 Variable Block 3
= 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Efuse fuses:
WR_DIS Efuse write disable mask = 384 R/W (0x180)
RD_DIS Efuse read disablemask = 3 R/W (0x3)
CODING_SCHEME Efuse variable block length scheme = 0 R/W (0x0)
KEY_STATUS Usage of efuse block 3 (reserved) = 0 R/W (0x0)

Config fuses:
XPD_SDIO_FORCE Ignore MTDI pin (GPIO12) for VDD_SDIO on reset = 1 R/W (0x1)
XPD_SDIO_REG If XPD_SDIO_FORCE, enable VDD_SDIO reg on reset = 1 R/W (0x1)
XPD_SDIO_TIEH If XPD_SDIO_FORCE & XPD_SDIO_REG, 1=3.3V 0=1.8V = 0 R/W (0x0)
CLK8M_FREQ 8MHz clock freq override = 54 R/W (0x36)
SPI_PAD_CONFIG_CLK Override SD_CLK pad (GPIO6/SPICLK) = 0 R/W (0x0)
SPI_PAD_CONFIG_Q Override SD_DATA_0 pad (GPIO7/SPIQ) = 0 R/W (0x0)
SPI_PAD_CONFIG_D Override SD_DATA_1 pad (GPIO8/SPID) = 0 R/W (0x0)
SPI_PAD_CONFIG_HD Override SD_DATA_2 pad (GPIO9/SPIHD) = 0 R/W (0x0)
SPI_PAD_CONFIG_CS0 Override SD_CMD pad (GPIO11/SPICS0) = 0 R/W (0x0)
DISABLE_SDIO_HOST Disable SDIO host = 0 R/W (0x0)

Identity fuses:
MAC Factory MAC Address
= xxxxxxxx (CRC 0x6f OK) R/W
CHIP_VER_REV1 Silicon Revision 1 = 1 R/W (0x1)
CHIP_VER_REV2 Silicon Revision 2 = 0 R/W (0x0)
CHIP_VERSION Reserved for future chip versions = 0 R/W (0x0)
CHIP_PACKAGE Chip package identifier = 0 R/W (0x0)

Calibration fuses:
BLK3_PART_RESERVE BLOCK3 partially served for ADC calibration data = 0 R/W (0x0)
ADC_VREF Voltage reference calibration = 1100 R/W (0x0)

Flash voltage (VDD_SDIO) set to 1.8V by efuse.

muhambykar wrote: ↑

Mon Oct 14, 2019 11:06 am

Flash voltage (VDD_SDIO) set to 1.8V by efuse.

Do you have a 1.8v flash?