Hi,
I am using pregenerated key without secure boot. I managed to do everything correctly as it was explained in the tutorial.
Now, I want to create a script to flash the whole firmware(including bootloader and everything). I managed to do so except small problem:
After burning the pregenerated key file, ESP32 wait to flash a plaintext bootloader and firmware so the bootloader will encrypt everything. In my case, I have already flashed encrypted firmware and bootlaoder and I do not want the boot loader to encrypt anything. I want everything to start working directly
How can I achieve this?
Thank you very muhc!
Flashing encrypted firmware for the first time after pregenerated key burned
-
- Posts: 19
- Joined: Tue May 29, 2018 10:24 pm
Re: Flashing encrypted firmware for the first time after pregenerated key burned
It is strongly recommended to use the supported workflow where the initial encryption happens on first boot. Doing it that way, there are less ways to accidentally leave the system unprotected.Humam Helfawi wrote: ↑Wed Apr 03, 2019 6:39 pmIn my case, I have already flashed encrypted firmware and bootlaoder and I do not want the boot loader to encrypt anything. I want everything to start working directly
However, you can do an initial encrypted flash by running two additional commands on the host:
Code: Select all
espefuse.py burn_efuse FLASH_CRYPT_CONFIG 0xF
espefuse.py burn_efuse FLASH_CRYPT_CNT 1
If this is for a secure device, you also need to burn a number of other efuses or the security will be compromised: DISABLE_DL_ENCRYPT, DISABLE_DL_DECRYPT, DISABLE_DL_CACHE, DISABLE_JTAG,
CONSOLE_DEBUG_DISABLE .
You can burn all of these additional efuses using "espefuse.py burn_efuse EFUSE", or you can do it from inside your firmware on first boot. Normally the bootloader does this during the initial encryption on first boot, which is why we recommend booting a plaintext firmware the first time around.
If using flash encryption without secure boot in production, please also read this section of the docs:
https://docs.espressif.com/projects/esp ... ecure-boot
-
- Posts: 19
- Joined: Tue May 29, 2018 10:24 pm
Re: Flashing encrypted firmware for the first time after pregenerated key burned
Thank you very much! Your reply is very helpful
Who is online
Users browsing this forum: No registered users and 125 guests