ESP32 secure boot problem

Aniket Patel
Posts: 10
Joined: Fri May 11, 2018 11:54 am

ESP32 secure boot problem

Postby Aniket Patel » Mon Feb 24, 2020 1:40 pm

Hi All,
I tried enabling hardware secure boot in esp32 and but when I flashed bootloader, app-image, and partition table in esp32 then my device does not boot properly. Find the attachment of the esp32 booting log.

Note:- I have followed the esp32 standard procedure show below link.

https://docs.espressif.com/projects/esp ... oot.html

Code: Select all

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0018,len:4
load:0x3fff001c,len:12836
load:0x40078000,len:22160
load:0x40080400,len:4784
csum err:0xb3!=0x87
ets_main.c 371 
ets Jun  8 2016 00:22:57

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0018,len:4
load:0x3fff001c,len:12836
load:0x40078000,len:22160
load:0x40080400,len:4784
csum err:0xb3!=0x87
ets_main.c 371 
ets Jun  8 2016 00:22:57
Attachments
Screenshot from 2020-02-19 11-58-28 (copy).png
Secure boot-loader image
Screenshot from 2020-02-19 11-58-28 (copy).png (90.83 KiB) Viewed 5805 times
Screenshot from 2020-02-24 18-15-12.png
Enable hardware secure boot in esp32 make menuconfig
Screenshot from 2020-02-24 18-15-12.png (32.25 KiB) Viewed 5805 times

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: ESP32 secure boot problem

Postby WiFive » Mon Feb 24, 2020 2:43 pm


Aniket Patel
Posts: 10
Joined: Fri May 11, 2018 11:54 am

Re: ESP32 secure boot problem

Postby Aniket Patel » Tue Feb 25, 2020 7:40 am

WiFive wrote:
Mon Feb 24, 2020 2:43 pm
Common issue, try searching.

https://docs.espressif.com/projects/esp ... oader-size
Hi WiFive,
Thanks for quick replay, I had tried procedure as per your suggested link but I have found another issue and checksum error is resolved.

my esp32 SDK version: v4.1-dev-815-ga45e99853-dirty
Toolchain version: esp32-2019r1
Compiler version: 8.2.0

Find the attachment of the esp32 booting log.

Code: Select all

rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0018,len:4
load:0x3fff001c,len:1900
load:0x40078000,len:18476
ho 0 tail 12 room 4
load:0x40080400,len:3656
entry 0x40080628
Fatal exception (28): LoadProhibited
epc1=0x40006843, epc2=0x00000000, epc3=0x00000000, excvaddr=0x80079a81, depc=0x00000000
ets Jun  8 2016 00:22:57

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0018,len:4
load:0x3fff001c,len:1900
load:0x40078000,len:18476
ho 0 tail 12 room 4
load:0x40080400,len:3656
entry 0x40080628
Fatal exception (28): LoadProhibited
epc1=0x40006843, epc2=0x00000000, epc3=0x00000000, excvaddr=0x80079a81, depc=0x00000000
My device efuse Summary

Code: Select all

espefuse.py -p /dev/ttyUSB0 summary
espefuse.py v2.9-dev
Connecting.....
EFUSE_NAME             Description = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Security fuses:
FLASH_CRYPT_CNT        Flash encryption mode counter                     = 0 R/W (0x0)
FLASH_CRYPT_CONFIG     Flash encryption config (key tweak bits)          = 0 R/W (0x0)
CONSOLE_DEBUG_DISABLE  Disable ROM BASIC interpreter fallback            = 1 R/W (0x1)
ABS_DONE_0             secure boot enabled for bootloader                = 0 R/W (0x0)
ABS_DONE_1             secure boot abstract 1 locked                     = 0 R/W (0x0)
JTAG_DISABLE           Disable JTAG                                      = 0 R/W (0x0)
DISABLE_DL_ENCRYPT     Disable flash encryption in UART bootloader       = 0 R/W (0x0)
DISABLE_DL_DECRYPT     Disable flash decryption in UART bootloader       = 0 R/W (0x0)
DISABLE_DL_CACHE       Disable flash cache in UART bootloader            = 0 R/W (0x0)
BLK1                   Flash encryption key                              
  = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W 
BLK2                   Secure boot key                                   
  = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/- 
BLK3                   Variable Block 3                                  
  = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W 

Efuse fuses:
WR_DIS                 Efuse write disable mask                          = 256 R/W (0x100)
RD_DIS                 Efuse read disablemask                            = 2 R/W (0x2)
CODING_SCHEME          Efuse variable block length scheme                = 0 R/W (0x0)
KEY_STATUS             Usage of efuse block 3 (reserved)                 = 0 R/W (0x0)

Config fuses:
XPD_SDIO_FORCE         Ignore MTDI pin (GPIO12) for VDD_SDIO on reset    = 0 R/W (0x0)
XPD_SDIO_REG           If XPD_SDIO_FORCE, enable VDD_SDIO reg on reset   = 0 R/W (0x0)
XPD_SDIO_TIEH          If XPD_SDIO_FORCE & XPD_SDIO_REG, 1=3.3V 0=1.8V   = 0 R/W (0x0)
CLK8M_FREQ             8MHz clock freq override                          = 52 R/W (0x34)
SPI_PAD_CONFIG_CLK     Override SD_CLK pad (GPIO6/SPICLK)                = 0 R/W (0x0)
SPI_PAD_CONFIG_Q       Override SD_DATA_0 pad (GPIO7/SPIQ)               = 0 R/W (0x0)
SPI_PAD_CONFIG_D       Override SD_DATA_1 pad (GPIO8/SPID)               = 0 R/W (0x0)
SPI_PAD_CONFIG_HD      Override SD_DATA_2 pad (GPIO9/SPIHD)              = 0 R/W (0x0)
SPI_PAD_CONFIG_CS0     Override SD_CMD pad (GPIO11/SPICS0)               = 0 R/W (0x0)
DISABLE_SDIO_HOST      Disable SDIO host                                 = 0 R/W (0x0)

Identity fuses:
MAC                    Factory MAC Address                               
  = 24:6f:28:9c:fe:d8 (CRC 0x3b OK) R/W 
CHIP_VER_REV1          Silicon Revision 1                                = 1 R/W (0x1)
CHIP_VER_REV2          Silicon Revision 2                                = 0 R/W (0x0)
CHIP_VERSION           Reserved for future chip versions                 = 2 R/W (0x2)
CHIP_PACKAGE           Chip package identifier                           = 0 R/W (0x0)

Calibration fuses:
BLK3_PART_RESERVE      BLOCK3 partially served for ADC calibration data  = 0 R/W (0x0)
ADC_VREF               Voltage reference calibration                     = 1121 R/W (0x3)

Flash voltage (VDD_SDIO) determined by GPIO12 on reset (High for 1.8V, Low/NC for 3.3V).
Attachments
Screenshot from 2020-02-25 12-46-05.png
Boot-loader log level changed
Screenshot from 2020-02-25 12-46-05.png (23.59 KiB) Viewed 5738 times
Screenshot from 2020-02-25 12-45-13.png
partition table offset changed
Screenshot from 2020-02-25 12-45-13.png (12.61 KiB) Viewed 5738 times

Aniket Patel
Posts: 10
Joined: Fri May 11, 2018 11:54 am

Re: ESP32 secure boot problem

Postby Aniket Patel » Tue Feb 25, 2020 11:41 am

Hi WiFive,
Thanks for the provided support. My issue has been resolved with the use of the "espefuse.py burn_efuse ABS_DONE_0" command to enable the "secure boot enabled for bootloader" feature.

My device efuse summary

Code: Select all

espefuse.py -p /dev/ttyUSB0 summary
espefuse.py v2.9-dev
Connecting....
EFUSE_NAME             Description = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Security fuses:
FLASH_CRYPT_CNT        Flash encryption mode counter                     = 0 R/W (0x0)
FLASH_CRYPT_CONFIG     Flash encryption config (key tweak bits)          = 0 R/W (0x0)
CONSOLE_DEBUG_DISABLE  Disable ROM BASIC interpreter fallback            = 1 R/W (0x1)
ABS_DONE_0             secure boot enabled for bootloader                = 1 R/W (0x1)
ABS_DONE_1             secure boot abstract 1 locked                     = 0 R/W (0x0)
JTAG_DISABLE           Disable JTAG                                      = 0 R/W (0x0)
DISABLE_DL_ENCRYPT     Disable flash encryption in UART bootloader       = 0 R/W (0x0)
DISABLE_DL_DECRYPT     Disable flash decryption in UART bootloader       = 0 R/W (0x0)
DISABLE_DL_CACHE       Disable flash cache in UART bootloader            = 0 R/W (0x0)
BLK1                   Flash encryption key                              
  = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W 
BLK2                   Secure boot key                                   
  = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/- 
BLK3                   Variable Block 3                                  
  = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W 

Efuse fuses:
WR_DIS                 Efuse write disable mask                          = 256 R/W (0x100)
RD_DIS                 Efuse read disablemask                            = 2 R/W (0x2)
CODING_SCHEME          Efuse variable block length scheme                = 0 R/W (0x0)
KEY_STATUS             Usage of efuse block 3 (reserved)                 = 0 R/W (0x0)

Config fuses:
XPD_SDIO_FORCE         Ignore MTDI pin (GPIO12) for VDD_SDIO on reset    = 0 R/W (0x0)
XPD_SDIO_REG           If XPD_SDIO_FORCE, enable VDD_SDIO reg on reset   = 0 R/W (0x0)
XPD_SDIO_TIEH          If XPD_SDIO_FORCE & XPD_SDIO_REG, 1=3.3V 0=1.8V   = 0 R/W (0x0)
CLK8M_FREQ             8MHz clock freq override                          = 52 R/W (0x34)
SPI_PAD_CONFIG_CLK     Override SD_CLK pad (GPIO6/SPICLK)                = 0 R/W (0x0)
SPI_PAD_CONFIG_Q       Override SD_DATA_0 pad (GPIO7/SPIQ)               = 0 R/W (0x0)
SPI_PAD_CONFIG_D       Override SD_DATA_1 pad (GPIO8/SPID)               = 0 R/W (0x0)
SPI_PAD_CONFIG_HD      Override SD_DATA_2 pad (GPIO9/SPIHD)              = 0 R/W (0x0)
SPI_PAD_CONFIG_CS0     Override SD_CMD pad (GPIO11/SPICS0)               = 0 R/W (0x0)
DISABLE_SDIO_HOST      Disable SDIO host                                 = 0 R/W (0x0)

Identity fuses:
MAC                    Factory MAC Address                               
  = 24:6f:28:9c:fe:d8 (CRC 0x3b OK) R/W 
CHIP_VER_REV1          Silicon Revision 1                                = 1 R/W (0x1)
CHIP_VER_REV2          Silicon Revision 2                                = 0 R/W (0x0)
CHIP_VERSION           Reserved for future chip versions                 = 2 R/W (0x2)
CHIP_PACKAGE           Chip package identifier                           = 0 R/W (0x0)

Calibration fuses:
BLK3_PART_RESERVE      BLOCK3 partially served for ADC calibration data  = 0 R/W (0x0)
ADC_VREF               Voltage reference calibration                     = 1121 R/W (0x3)

Flash voltage (VDD_SDIO) determined by GPIO12 on reset (High for 1.8V, Low/NC for 3.3V).

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: ESP32 secure boot problem

Postby ESP_Angus » Tue Feb 25, 2020 10:59 pm

Hi Aniket,

I'm glad you've resolved the problem. I'm not sure why you needed to burn this efuse manually, but it seems that reflashing with the bootloader digest file afterwards has solved the issue.

If you find yourself in a similar situation again, I suggest checking if the bootloader.bin is still too large to fit in 0x8000 bytes (offset 0x1000 to 0x9000), this can happen in which case we recommend changing the offset to 0x10000. However with all bootloader logging off, you should be fine (suggest trying Error level logging if possible, in case there is some other problem in future).

Angus

Who is online

Users browsing this forum: artisdom, Majestic-12 [Bot], sayid_ehd and 65 guests