What is the correct procedure to Enable Secure Boot in bootloader

HimaniU
Posts: 3
Joined: Fri May 10, 2024 5:58 am

What is the correct procedure to Enable Secure Boot in bootloader

Postby HimaniU » Fri May 10, 2024 6:22 am

I am attempting to enable a secure boot with an esp32-s3. I am sure I am overlooking something simple. Any advice would be appreciated
Firstly I have read all the documents regarding secure boot, and on-site of espressif read something regarding enabling secure boot. and found some relatable also, below are 2 points that I found.

1) How To Enable Secure Boot???
ans: Open the Project Configuration Menu, navigate to "Secure Boot Configuration" and select the option "One-time Flash". (To understand the alternative "Reflashable" choice, see Re-Flashable Software Bootloader.) [PS: I couldn't find this option in my menuconfig ]

2) How To Enable Secure Boot V2
ans: Open the Project Configuration Menu, in "Security features" set "Enable hardware Secure Boot in a bootloader" to enable Secure Boot.

and a few questions come to my mind
what is the key difference between Enable Secure Boot and Enable Secure Boot V2 ????


For exercise purposes, I attempt to Enable Secure Boot V2. but stuck at efuse related operation, got a error like
I do not know what is the actual procedure to do this.

ESP_adokitkat
Posts: 52
Joined: Thu Jun 22, 2023 12:50 pm

Re: What is the correct procedure to Enable Secure Boot in bootloader

Postby ESP_adokitkat » Sun May 12, 2024 10:41 pm

Hello.

Secure boot V1 is AES based Secure Boot Scheme used on ESP32 chips with revisions up to ECO2.
Secure boot V2 uses RSA-PSS based app and bootloader (Second Stage Bootloader) verification, is available for ESP32 from ECO3 revision and is preferred. Other ESP32-something boards can only use Secure boot V2. Newer boards can also use ECDSA instead of RSA-PSS signing.

You couldn't find a setting about Secure boot V1 in menuconfig because you are using ESP32-S3, which can only use Secure boot V2.
This is documentation page about Secure boot V2 for ESP32-S3 specifically: https://docs.espressif.com/projects/esp ... ot-v2.html

What is the exact problem you are having please?

HimaniU
Posts: 3
Joined: Fri May 10, 2024 5:58 am

Re: What is the correct procedure to Enable Secure Boot in bootloader

Postby HimaniU » Mon May 13, 2024 12:21 pm

Many thanks for your prompt reply.

Actually I have tried secureboot v2 with esp32s3 by following espressif documentation and I got the below error. I've been trying this from past week, but I haven't able to resolve this.
here I'm providing my menuconfig setting for reference.Image
My menuconfig setting. https://drive.google.com/file/d/1curkZX ... sp=sharing

ESP_adokitkat
Posts: 52
Joined: Thu Jun 22, 2023 12:50 pm

Re: What is the correct procedure to Enable Secure Boot in bootloader

Postby ESP_adokitkat » Mon May 13, 2024 12:57 pm

I am sorry but I can't see any log text or image in your answer. Please share it via google drive or use pastebin or some other service if the image embedding on this forum doesn't work for you.

HimaniU
Posts: 3
Joined: Fri May 10, 2024 5:58 am

Re: What is the correct procedure to Enable Secure Boot in bootloader

Postby HimaniU » Tue May 14, 2024 5:26 am

Hi , here is the error " Secure boot checks and validates signature for bootloader but seems not checking signature for application image"
and my sdk configuration(makemenu config) https://drive.google.com/file/d/1HV37a2 ... sp=sharing
I have another question regarding the implementation of Secure Boot Version 2. In my current ESP-IDF version, which is v4.4, I am unable to locate the option for Secure Boot mode in the menuconfig. Specifically, I am looking for the options related to 'one-time flash' and 'reflashable' modes. Could you please advise on how to proceed or where I can find these options?

Who is online

Users browsing this forum: Bing [Bot], prashant.anlg and 88 guests