ESP32 Forum

ESP32 Official Forum
http://forum.esp32.com/

secure boot and flash encryption error when enabling together

http://forum.esp32.com/viewtopic.php?f=2&t=39956

Page 1 of 1

secure boot and flash encryption error when enabling together

Posted: Tue May 21, 2024 6:55 am
by chandramauli
Hello,

I am trying to enable secure boot and flash encryption together in ESP32-S3 with below macros. In this configuration development mode is enabled for both.

Code: Select all

CONFIG_SECURE_SIGNED_ON_BOOT=y
CONFIG_SECURE_SIGNED_ON_UPDATE=y
CONFIG_SECURE_SIGNED_APPS=y 
CONFIG_SECURE_BOOT_V2_RSA_SUPPORTED=y
CONFIG_SECURE_BOOT_V2_PREFERRED=y
CONFIG_SECURE_BOOT_V2_RSA_ENABLED=y
CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=y
CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=y
CONFIG_SECURE_BOOT_SIGNING_KEY="secure_boot_signing_key.pem"
CONFIG_SECURE_BOOT_ENABLE_AGGRESSIVE_KEY_REVOKE=n
CONFIG_SECURE_BOOT_INSECURE=y
CONFIG_SECURE_ROM_DL_MODE_ENABLED=y
CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE=y
CONFIG_ESPTOOLPY_NO_STUB=y
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_SECURE_FLASH_ENCRYPTION_AES128=y
CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
CONFIG_SECURE_FLASH_HAS_WRITE_PROTECTION_CACHE=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
CONFIG_SECURE_FLASH_SKIP_WRITE_PROTECTION_CACHE=y
CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP=y
CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
CONFIG_FLASH_ENCRYPTION_ENABLED=y
CONFIG_FLASH_ENCRYPTION_INSECURE=y
CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_ENCRYPT=y
CONFIG_NVS_ENCRYPTION=n
Secure boot is successfully enabled in the device but not able to enable flash encryption. I am not able to read efuse values as it shows "A fatal error occurred: Secure Download Mode is enabled. The tool can not read eFuses."
I have flashed bootloader,partition table and application binaries with esptool.py tool at specific location.
Can someone help to follow exact steps to avoid device breaking up? I am clueless for the new implementation.

Regards,
Chandramauli

Re: secure boot and flash encryption error when enabling together

Posted: Tue May 21, 2024 6:20 pm
by liaifat85
Did you check here for answers?
https://esp32.com/viewtopic.php?f=13&t=33828

Re: secure boot and flash encryption error when enabling together

Posted: Wed May 29, 2024 11:51 am
by chandramauli
Hi

Yes, I had a chance to visit this but didn't find any useful information for my case. can anyone help me with exact steps to be followed to enable flash encryption and secure boot together in ESP32-S3?

Regards,
Chandramauli
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/