Flash encryption
Posted: Sun Oct 18, 2020 8:58 pm
Hi all,
please help. I encrypted the flash on my ESP32 device and now I cannot write anything new.
I have five devices and I was learning with flash encryption. THe first one is not really good (the other are ok).
The first one summary:
I flashed it with my binary FW and it is working. It have OTA, but it is not working too on this device. I know my secure keys. Is it any solution for reflash it and fix my OTA?
If I want to flash it again with encrypted binary like this:
It seems that it is OK and it is flashing, but I cannot see the new FW in my device - still is OLD FW there.
Thank you very much.
please help. I encrypted the flash on my ESP32 device and now I cannot write anything new.
I have five devices and I was learning with flash encryption. THe first one is not really good (the other are ok).
The first one summary:
Code: Select all
# ./../esp-idf/components/esptool_py/esptool/espefuse.py --port COM39 summary
Connecting........_
Detecting chip type... ESP32
espefuse.py v3.0-dev
EFUSE_NAME (Block) Description = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Efuse fuses:
WR_DIS (BLOCK0): Efuse write disable mask = 388 R/W (0x0184)
RD_DIS (BLOCK0): Efuse read disable mask = 3 R/W (0x3)
CODING_SCHEME (BLOCK0): Efuse variable block length scheme
= NONE (BLK1-3 len=256 bits) R/W (0b00)
KEY_STATUS (BLOCK0): Usage of efuse block 3 (reserved) = False R/W (0b0)
Calibration fuses:
BLK3_PART_RESERVE (BLOCK0): BLOCK3 partially served for ADC calibration data = False R/W (0b0)
ADC_VREF (BLOCK0): Voltage reference calibration = 1121 R/W (0b00011)
Security fuses:
FLASH_CRYPT_CNT (BLOCK0): Flash encryption mode counter = 1 R/- (0b0000001)
UART_DOWNLOAD_DIS (BLOCK0): Disable UART download mode (ESP32 rev3 only) = False R/- (0b0)
FLASH_CRYPT_CONFIG (BLOCK0): Flash encryption config (key tweak bits) = 15 R/W (0xf)
CONSOLE_DEBUG_DISABLE (BLOCK0): Disable ROM BASIC interpreter fallback = True R/W (0b1)
ABS_DONE_0 (BLOCK0): secure boot enabled for bootloader = True R/W (0b1)
ABS_DONE_1 (BLOCK0): secure boot abstract 1 locked = False R/W (0b0)
JTAG_DISABLE (BLOCK0): Disable JTAG = True R/W (0b1)
DISABLE_DL_ENCRYPT (BLOCK0): Disable flash encryption in UART bootloader = True R/W (0b1)
DISABLE_DL_DECRYPT (BLOCK0): Disable flash decryption in UART bootloader = True R/W (0b1)
DISABLE_DL_CACHE (BLOCK0): Disable flash cache in UART bootloader = True R/W (0b1)
BLK1 (BLOCK1): Flash encryption key
= ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLK2 (BLOCK2): Secure boot key
= ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLK3 (BLOCK3): Variable Block 3
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
Identity fuses:
MAC (BLOCK0): Factory MAC Address
= 80:7d:3a:08:a7:dd (CRC 0x37 OK) R/W
MAC_CRC (BLOCK0): CRC8 for factory MAC address = 55 R/W (0x37)
CHIP_VER_REV1 (BLOCK0): Silicon Revision 1 = True R/W (0b1)
CHIP_VER_REV2 (BLOCK0): Silicon Revision 2 = False R/W (0b0)
CHIP_VERSION (BLOCK0): Reserved for future chip versions = 2 R/W (0b10)
CHIP_PACKAGE (BLOCK0): Chip package identifier = 1 R/W (0b001)
MAC_VERSION (BLOCK3): Version of the MAC field = 0 R/W (0x00)
Config fuses:
XPD_SDIO_FORCE (BLOCK0): Ignore MTDI pin (GPIO12) for VDD_SDIO on reset = False R/W (0b0)
XPD_SDIO_REG (BLOCK0): If XPD_SDIO_FORCE, enable VDD_SDIO reg on reset = False R/W (0b0)
XPD_SDIO_TIEH (BLOCK0): If XPD_SDIO_FORCE & XPD_SDIO_REG = 1.8V R/W (0b0)
CLK8M_FREQ (BLOCK0): 8MHz clock freq override = 57 R/W (0x39)
SPI_PAD_CONFIG_CLK (BLOCK0): Override SD_CLK pad (GPIO6/SPICLK) = 0 R/W (0b00000)
SPI_PAD_CONFIG_Q (BLOCK0): Override SD_DATA_0 pad (GPIO7/SPIQ) = 0 R/W (0b00000)
SPI_PAD_CONFIG_D (BLOCK0): Override SD_DATA_1 pad (GPIO8/SPID) = 0 R/W (0b00000)
SPI_PAD_CONFIG_HD (BLOCK0): Override SD_DATA_2 pad (GPIO9/SPIHD) = 0 R/W (0b00000)
SPI_PAD_CONFIG_CS0 (BLOCK0): Override SD_CMD pad (GPIO11/SPICS0) = 0 R/W (0b00000)
DISABLE_SDIO_HOST (BLOCK0): Disable SDIO host = False R/W (0b0)
If I want to flash it again with encrypted binary like this:
Code: Select all
# ./../esp-idf/components/esptool_py/esptool/espsecure.py encrypt_flash_data --keyfile tcs_boot_secure_key.bin --address 0x20000 -o build_release/tcs_controller_release-enc.bin build_release/tcs_controller_release.bin
# ../esp-idf/components/esptool_py/esptool/esptool.py --port COM39 -b 2000000 write_flash 0x20000 build_release/tcs_controller_release-enc.bin
Thank you very much.