WROVER-E Secure Boot V2 and Debugging

samc77
Posts: 7
Joined: Sun Feb 16, 2020 8:08 pm

WROVER-E Secure Boot V2 and Debugging

Postby samc77 » Sat May 23, 2020 6:22 pm

Hi

I am using the new WROVER-E module with secure boot V2 enabled. Also flash encryption is enabled in developer mode.
Jtag is enabled.

Openocd is started with this parameter: -c 'set ESP_FLASH_SIZE 0'

When trying to use the openocd in eclipse i get this error:

Code: Select all

I (49) boot: ESP-IDF 4.2-master 2nd stage bootloader
I (49) boot: compile time 21:10:49
I (49) boot: chip revision: 3
I (49) qio_mode: Enabling default flash chip QIO
I (50) boot.esp32: SPI Speed      : 80MHz
I (51) boot.esp32: SPI Mode       : QIO
I (51) boot.esp32: SPI Flash Size : 4MB
I (52) boot: Enabling RNG early entropy source...
I (52) boot: Partition Table:
I (53) boot: ## Label            Usage          Type ST Offset   Length
I (53) boot:  0 otadata          OTA data         01 00 0000d000 00002000
I (54) boot:  1 coredump         Unknown data     01 03 0000f000 00010000
I (55) boot:  2 ota_0            OTA app          00 10 00020000 001f0000
I (56) boot:  3 ota_1            OTA app          00 11 00210000 001f0000
I (57) boot: End of partition table
I (58) esp_image: segment 0: paddr=0x00020020 vaddr=0x3f400020 size=0x2b95c (178524) map
I (113) esp_image: segment 1: paddr=0x0004b984 vaddr=0x3ffbdb60 size=0x04694 ( 18068) load
I (120) esp_image: segment 2: paddr=0x00050020 vaddr=0x400d0020 size=0x7ea08 (518664) map
0x400d0020: _stext at ??:?

I (279) esp_image: segment 3: paddr=0x000cea30 vaddr=0x3ffc21f4 size=0x001a8 (   424) load
I (279) esp_image: segment 4: paddr=0x000cebe0 vaddr=0x40080000 size=0x00404 (  1028) load
0x40080000: _WindowOverflow4 at m:\mcu_workspace\controllerm4\build/../esp-idf/components/freertos/xtensa/xtensa_vectors.S:1730

I (280) esp_image: segment 5: paddr=0x000cefec vaddr=0x40080404 size=0x11e68 ( 73320) load
I (307) esp_image: segment 6: paddr=0x000e0e5c vaddr=0x400c0000 size=0x00064 (   100) load
I (307) esp_image: segment 7: paddr=0x000e0ec8 vaddr=0x00000000 size=0x0f108 ( 61704)
I (327) esp_image: Verifying image signature...
I (327) secure_boot: Verifying with RSA-PSS...
Sig block 0 invalid: Image digest does not match
E (328) secure_boot: Secure Boot V2 verification failed.
E (328) esp_image: Secure boot signature verification failed
I (329) esp_image: Calculating simple hash to check for corruption...
E (507) esp_image: Image hash failed - image is corrupt
W (508) esp_image: image corrupted on flash
E (508) boot: OTA app partition slot 0 is not bootable
I (508) esp_image: segment 0: paddr=0x00210020 vaddr=0x3f400020 size=0x30934 (198964) map
I (570) esp_image: segment 1: paddr=0x0024095c vaddr=0x3ffbdb60 size=0x0483c ( 18492) load
I (577) esp_image: segment 2: paddr=0x002451a0 vaddr=0x40080000 size=0x00404 (  1028) load
0x40080000: _WindowOverflow4 at m:\mcu_workspace\controllerm4\build/../esp-idf/components/freertos/xtensa/xtensa_vectors.S:1730

I (577) esp_image: segment 3: paddr=0x002455ac vaddr=0x40080404 size=0x0aa6c ( 43628) load
I (593) esp_image: segment 4: paddr=0x00250020 vaddr=0x400d0020 size=0x7e8d4 (518356) map
0x400d0020: _stext at ??:?

I (752) esp_image: segment 5: paddr=0x002ce8fc vaddr=0x4008ae70 size=0x074cc ( 29900) load
0x4008ae70: print_debug_exception_details at m:\mcu_workspace\controllerm4\build/../esp-idf/components/esp_system/port/panic_handler.c:126

I (764) esp_image: segment 6: paddr=0x002d5dd0 vaddr=0x400c0000 size=0x00064 (   100) load
I (764) esp_image: segment 7: paddr=0x002d5e3c vaddr=0x00000000 size=0x0a194 ( 41364)
I (777) esp_image: Verifying image signature...
I (777) secure_boot: Verifying with RSA-PSS...
Sig block 0 invalid: Image digest does not match
E (778) secure_boot: Secure Boot V2 verification failed.
E (778) esp_image: Secure boot signature verification failed
I (779) esp_image: Calculating simple hash to check for corruption...
E (958) esp_image: Image hash failed - image is corrupt
W (958) esp_image: image corrupted on flash
E (958) boot: OTA app partition slot 1 is not bootable
E (958) boot: No bootable app partitions in the partition table
Seems the openocd is setting breakpoints even it shouldnt. I have to reflash the app after this.
Tried to disable any breakpoints in eclipse, even the inital one at app_main(), didnt help.

Openocd is version v0.10.0-esp32-20200420 (2020-04-20-16:15)

Any idea what could be wrong?

Thanks,
Simon

Sweaps
Posts: 5
Joined: Fri May 29, 2020 6:44 am

Re: WROVER-E Secure Boot V2 and Debugging

Postby Sweaps » Tue Sep 22, 2020 9:52 am

Hi,

I have the exact same problem on my chip. Have you updated your problem ? :)

samc77
Posts: 7
Joined: Sun Feb 16, 2020 8:08 pm

Re: WROVER-E Secure Boot V2 and Debugging

Postby samc77 » Tue Sep 22, 2020 5:34 pm

Hi,

my workaround is to flash a debug bootloader (compile the app in debug mode) then compile in release mode and flash again.
Doing so will run the final code but the debug bootloader. Secure boot and encryption is turned off.
Nice to debug anything except OTA update and NVS encryption.

I did not find another solution yet...

But becareful, recently there was code added that disables the ROM console in the startup code. I had to comment this out.

in startup.c:


#endif

esp_err_t err;

#if CONFIG_SECURE_DISABLE_ROM_DL_MODE
// err = esp_efuse_disable_rom_download_mode();
// assert(err == ESP_OK && "Failed to disable ROM download mode");
#endif

#if CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE
err = esp_efuse_enable_rom_secure_download_mode();
assert(err == ESP_OK && "Failed to enable Secure Download mode");
#endif



Thanks,

Sweaps
Posts: 5
Joined: Fri May 29, 2020 6:44 am

Re: WROVER-E Secure Boot V2 and Debugging

Postby Sweaps » Wed Sep 23, 2020 8:57 am

Hi samc77,

Well I have found in the espressif docs that it is not possible to use software breakpoints ( https://docs.espressif.com/projects/esp ... y-features ).

I saw that they just released the v4.1 tag on ESP-IDF github and it makes it possible to debug using Flash encryption. On my side, the problem is solved. I hope it helps you.

Thanks for your answer and good luck !

Who is online

Users browsing this forum: No registered users and 134 guests