UART_DOWNLOAD_DIS is not disabled when in Release Mode (IDF v4.1) [IDFGH-4366]

eriknorth
Posts: 6
Joined: Mon Nov 16, 2020 7:34 pm

UART_DOWNLOAD_DIS is not disabled when in Release Mode (IDF v4.1) [IDFGH-4366]

Postby eriknorth » Tue Dec 01, 2020 3:18 pm

Hi,

We have an issue that UART_DOWNLOAD_DIS is not being disabled when we enabled Secure Boot v2 and Flash Encryption.
We have tried to burn this fuse after enabling Secure Boot and Flash Encryption, however the fuse is set as "read only" and we are not able to burn it anymore. We are using ESP-IDF 4.1 (573f5de99ad615364d9acf0f22fc9ee34bacbb09)

Here is summary from espefuse.py:

Code: Select all

espefuse.py v3.0
EFUSE_NAME (Block)                       Description  = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Calibration fuses:
BLK3_PART_RESERVE (BLOCK0):              BLOCK3 partially served for ADC calibration data   = False R/W (0b0)
ADC_VREF (BLOCK0):                       Voltage reference calibration                      = 1100 R/- (0b10000)

Config fuses:
XPD_SDIO_FORCE (BLOCK0):                 Ignore MTDI pin (GPIO12) for VDD_SDIO on reset     = False R/W (0b0)
XPD_SDIO_REG (BLOCK0):                   If XPD_SDIO_FORCE, enable VDD_SDIO reg on reset    = False R/W (0b0)
XPD_SDIO_TIEH (BLOCK0):                  If XPD_SDIO_FORCE & XPD_SDIO_REG                   = 1.8V R/W (0b0)
CLK8M_FREQ (BLOCK0):                     8MHz clock freq override                           = 49 R/W (0x31)
SPI_PAD_CONFIG_CLK (BLOCK0):             Override SD_CLK pad (GPIO6/SPICLK)                 = 0 R/W (0b00000)
SPI_PAD_CONFIG_Q (BLOCK0):               Override SD_DATA_0 pad (GPIO7/SPIQ)                = 0 R/W (0b00000)
SPI_PAD_CONFIG_D (BLOCK0):               Override SD_DATA_1 pad (GPIO8/SPID)                = 0 R/W (0b00000)
SPI_PAD_CONFIG_HD (BLOCK0):              Override SD_DATA_2 pad (GPIO9/SPIHD)               = 0 R/W (0b00000)
SPI_PAD_CONFIG_CS0 (BLOCK0):             Override SD_CMD pad (GPIO11/SPICS0)                = 0 R/W (0b00000)
DISABLE_SDIO_HOST (BLOCK0):              Disable SDIO host                                  = False R/W (0b0)

Efuse fuses:
WR_DIS (BLOCK0):                         Efuse write disable mask                           = 389 R/W (0x0185)
RD_DIS (BLOCK0):                         Efuse read disable mask                            = 1 R/- (0x1)
CODING_SCHEME (BLOCK0):                  Efuse variable block length scheme                
   = NONE (BLK1-3 len=256 bits) R/W (0b00)
KEY_STATUS (BLOCK0):                     Usage of efuse block 3 (reserved)                  = False R/W (0b0)

Identity fuses:
MAC (BLOCK0):                            Factory MAC Address                               
   = b8:f0:09:92:13:28 (CRC 0xac OK) R/W 
MAC_CRC (BLOCK0):                        CRC8 for factory MAC address                       = 172 R/W (0xac)
CHIP_VER_REV1 (BLOCK0):                  Silicon Revision 1                                 = True R/W (0b1)
CHIP_VER_REV2 (BLOCK0):                  Silicon Revision 2                                 = True R/W (0b1)
CHIP_VERSION (BLOCK0):                   Reserved for future chip versions                  = 2 R/W (0b10)
CHIP_PACKAGE (BLOCK0):                   Chip package identifier                            = 1 R/W (0b001)
MAC_VERSION (BLOCK3):                    Version of the MAC field                           = 0 R/W (0x00)

Security fuses:
FLASH_CRYPT_CNT (BLOCK0):                Flash encryption mode counter                      = 127 R/- (0b1111111)
UART_DOWNLOAD_DIS (BLOCK0):              Disable UART download mode (ESP32 rev3 only)       = False R/- (0b0)
FLASH_CRYPT_CONFIG (BLOCK0):             Flash encryption config (key tweak bits)           = 15 R/W (0xf)
CONSOLE_DEBUG_DISABLE (BLOCK0):          Disable ROM BASIC interpreter fallback             = True R/W (0b1)
ABS_DONE_0 (BLOCK0):                     Secure boot V1 is enabled for bootloader image     = False R/W (0b0)
ABS_DONE_1 (BLOCK0):                     Secure boot V2 is enabled for bootloader image     = True R/W (0b1)
JTAG_DISABLE (BLOCK0):                   Disable JTAG                                       = True R/W (0b1)
DISABLE_DL_ENCRYPT (BLOCK0):             Disable flash encryption in UART bootloader        = True R/W (0b1)
DISABLE_DL_DECRYPT (BLOCK0):             Disable flash decryption in UART bootloader        = True R/W (0b1)
DISABLE_DL_CACHE (BLOCK0):               Disable flash cache in UART bootloader             = True R/W (0b1)
BLOCK1 (BLOCK1):                         Flash encryption key                              
   = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/- 
BLOCK2 (BLOCK2):                         Secure boot key                                   
   = 15 76 89 7b 42 db fb f1 3b 5f 54 f9 ec cb 0d 3d 87 5f 41 84 d0 84 8f eb 37 d9 09 88 36 41 07 95 R/- 
BLOCK3 (BLOCK3):                         Variable Block 3                                  
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W 

Flash voltage (VDD_SDIO) determined by GPIO12 on reset (High for 1.8V, Low/NC for 3.3V).
Best regards,
/Erik

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: UART_DOWNLOAD_DIS is not disabled when in Release Mode (IDF v4.1)

Postby ESP_Angus » Thu Dec 03, 2020 5:51 am

Hi Erik,

Thanks for reporting this. This is a bug in ESP-IDF V4.1, on first boot the app is incorrectly write-protecting the FLASH_CRYPT_CNT eFuse (which is already at a maximum value due to the configuration, so doesn't need to be write protected), and this also write-protects the UART_DOWNLOAD_DIS eFuse.

This is a bug in V4.1 but not in V4.2. Will provide a fix for it ASAP.

In the meantime, you should be able to work around it by commenting this line:
https://github.com/espressif/esp-idf/bl ... rypt.c#L40

If you prefer to wait for a tested fix, we will merge one ASAP.

Angus

eriknorth
Posts: 6
Joined: Mon Nov 16, 2020 7:34 pm

Re: UART_DOWNLOAD_DIS is not disabled when in Release Mode (IDF v4.1) [IDFGH-4366]

Postby eriknorth » Wed Dec 16, 2020 5:51 am

Hi Angus,

Thanks for the answer. We have migrated to 4.2 and now I see an option to disable UART Downlaod.

/Erik

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: UART_DOWNLOAD_DIS is not disabled when in Release Mode (IDF v4.1) [IDFGH-4366]

Postby ESP_Angus » Wed Jan 06, 2021 7:22 am

Glad to hear you found a workaround, Erik.

For anyone else reading this, the fix for v4.1 will be available in v4.1.1 release although it hasn't deployed to GitHub yet.

Who is online

Users browsing this forum: Baidu [Spider], Dhruvit and 139 guests