I am trying to implement OTA update on esp32 which has secure boot enabled.
Secure Boot works fine as flashing an unsigned image results in "secure boot failed" error. And after flashing a signed image it boots properly.
Sdkconfig settings are as follows .
In order to enable OTA update I have followed the "remote signing of images".#
# Bootloader config
#
CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y
# CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_DEBUG is not set
# CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_PERF is not set
# CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_NONE is not set
# CONFIG_BOOTLOADER_LOG_LEVEL_NONE is not set
# CONFIG_BOOTLOADER_LOG_LEVEL_ERROR is not set
CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
# CONFIG_BOOTLOADER_LOG_LEVEL_INFO is not set
# CONFIG_BOOTLOADER_LOG_LEVEL_DEBUG is not set
# CONFIG_BOOTLOADER_LOG_LEVEL_VERBOSE is not set
CONFIG_BOOTLOADER_LOG_LEVEL=2
# CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_8V is not set
CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V=y
# CONFIG_BOOTLOADER_FACTORY_RESET is not set
# CONFIG_BOOTLOADER_APP_TEST is not set
CONFIG_BOOTLOADER_WDT_ENABLE=y
# CONFIG_BOOTLOADER_WDT_DISABLE_IN_USER_CODE is not set
CONFIG_BOOTLOADER_WDT_TIME_MS=9000
# CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE is not set
CONFIG_BOOTLOADER_RESERVE_RTC_SIZE=0
# CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC is not set
# end of Bootloader config
#
# Security features
#
CONFIG_SECURE_SIGNED_ON_BOOT=y
CONFIG_SECURE_SIGNED_ON_UPDATE=y
CONFIG_SECURE_SIGNED_APPS=y
CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME=y
CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V1_ENABLED=y
# CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH is not set
CONFIG_SECURE_BOOTLOADER_REFLASHABLE=y
# CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES is not set
CONFIG_SECURE_BOOT_VERIFICATION_KEY="signature_verification_key.bin"
CONFIG_SECURE_BOOTLOADER_KEY_ENCODING_256BIT=y
# CONFIG_SECURE_BOOTLOADER_KEY_ENCODING_192BIT is not set
# CONFIG_SECURE_BOOT_INSECURE is not set
# CONFIG_SECURE_FLASH_ENC_ENABLED is not set
# end of Security features
The steps are as follows :
1.) Enable "Hardware Secure Boot in bootloader".
2.) Disable "Sign binaries during build"
3.) Build bootloader using "idf.py bootloader"
4.) Flash bootloader with "esptool.py write_flash ...." and alson burn the bootloader key in efuse as instructed in docs.
5.) Build app with "idf.py build"
6) Sign app with "espsecure.py sign_data" . The signed bin was verified with "espsecure.py verify_signature".
7) App was written to esp32 with "esptool.py write_flash .... "
After a reboot ESP boots up without any issue but, if I try to update the firmware using OTA update then i am met with error :
I (76660) esp_image: Verifying image signature...
E (76660) secure_boot_v1: image has invalid signature version field 0xffffffff
E (76660) esp_image: Secure boot signature verification failed
I (76670) esp_image: Calculating simple hash to check for corruption...
W (77060) esp_image: image valid, signature bad
Any steps that I might be missing or doing wrong?
Any suggestions ?
Thanks.