Closed ravinder-bb closed 2 months ago
Any update ?
@ravinder-bb
CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE
this means that secure ROM DL mode has been enabled on these devices and hence loading the stub code is not possible anymore (please see docs here). If the flash encryption key was internally generated then encrypting the artifacts is not possible and hence serial flashing without stub also won't work.Thank you for your replay.
Internally generated - CONFIG_SECURE_BOOT_SIGNING_KEY key to flash devices.
Devices were connected to WiFi, but By mistake added some wrong code. I need to update the application over the air (OTA), but I can't connect to the OTA server.
I have a signing key, but I'm having trouble flashing Devies Is there another way to flash the Devies?
Any update ?
@ravinder-bb
CONFIG_SECURE_FLASH_ENC_ENABLED=y CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE=y
Problem is with flash encryption scheme and not the secure boot. Since you have enabled release mode and the key was generated randomly on the device, it is not possible to encrypt the artifacts outside of the chip. Unfortunately, there is no way to flash the device. OTA update is the only recovery option here.
Just to double confirm, please share output of following commands:
esptool.py get_security_info
espefuse.py summary
@mahavirj,
esptool.py --chip esp32s2 --port /dev/ttyUSB1 get_security_info
esptool.py v3.0 Serial port /dev/ttyUSB1 Connecting.... Chip is ESP32-S2 in Secure Download Mode WARNING: Stub loader is not supported in Secure Download Mode, setting --no-stub Enabling default SPI flash mode... Flags: 0x000006f5 (0b11011110101) Flash_Crypt_Cnt: 0x1 Key_Purposes: (9, 4, 0, 0, 0, 0, 0) Hard resetting via RTS pin...
espefuse.py --chip esp32s2 --port /dev/ttyUSB1 -p /dev/ttyUSB1 summary
Connecting..... Traceback (most recent call last): File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/espefuse.py", line 131, in
_main() File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/espefuse.py", line 124, in _main main() File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/espefuse.py", line 104, in main efuses, efuse_operations = get_efuses(esp, just_print_help, debug_mode, args1.do_not_confirm) File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/espefuse.py", line 69, in get_efuses return (efuse.EspEfuses(esp, skip_connect, debug_mode, do_not_confirm), efuse.operations) File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/espressif/efuse/esp32s2/fields.py", line 81, in init self.blocks = [EfuseBlock(self, self.Blocks.get(block), skip_read=skip_connect) for block in self.Blocks.BLOCKS] File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/espressif/efuse/esp32s2/fields.py", line 81, in self.blocks = [EfuseBlock(self, self.Blocks.get(block), skip_read=skip_connect) for block in self.Blocks.BLOCKS] File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/espressif/efuse/esp32s2/fields.py", line 39, in init super(EfuseBlock, self).init(parent, param, skip_read=skip_read) File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/espressif/efuse/base_fields.py", line 133, in init self.read() File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/espressif/efuse/base_fields.py", line 179, in read words = self.get_words() File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/espressif/efuse/base_fields.py", line 176, in get_words return [self.parent.read_reg(offs) for offs in get_offsets(self)] File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/espressif/efuse/base_fields.py", line 176, in return [self.parent.read_reg(offs) for offs in get_offsets(self)] File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/espressif/efuse/base_fields.py", line 337, in read_reg return self._esp.read_reg(addr) File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/esptool.py", line 562, in read_reg val, data = self.command(self.ESP_READ_REG, struct.pack('<I', addr)) File "/home/shivay/esp/esp-idf/components/esptool_py/esptool/esptool.py", line 398, in command raise UnsupportedCommandError(self, op) esptool.UnsupportedCommandError: This command (0xa) is not supported in Secure Download Mode
Any update ?
@ravinder-bb
Based on the above efuse summary, looks like pretty much all security configurations are in their release mode. One thing that I am not sure is if you have flash encryption feature in development mode or release mode, because the sdkconfig
suggest that its release mode but the flash crypt count value (0x1) suggests that it might be development mode. Maybe you can confirm this once?
You may try following command and see if it helps (please use latest esptool
version for this):
esptool.py --no-stub write_flash --encrypt <address> <filename>
This command will work if the efuse bit DIS_DOWNLOAD_MANUAL_ENCRYPT
was not programmed (flash encryption development mode). If this command fails, then there is no way to reflash the device (unless you have flash encryption key in your possession).
Hope this helps!
We have tried but got this error.
esptool.py v4.7.0
Serial port /dev/ttyUSB1
Connecting......
Chip is ESP32-S2 in Secure Download Mode
Changing baud rate to 460800
Changed.
Enabling default SPI flash mode...
Configuring flash size...
Flash will be erased from 0x00040000 to 0x00190fff...
Erasing flash...
A fatal error occurred: Failed to enter Flash download mode (result was 01640000: Unknown result)
@mahavirj, Any other way is possiable just like otatool.py to update only OTA files?
@mahavirj, Any suggestion ?
@ravinder-bb Sorry, I don't have any other suggestions here. I gave you all possible information. If you don't have access to flash encryption key for these devices then unfortunately updating the firmware is not possible over serial in their current state.
Answers checklist.
General issue report
We have flashed MANY OF Devices with secured bootloader and application binaries. However, the devices that were connected to Wi-Fi experienced bugs in the code. How can I perform an over-the-air (OTA) update of all my devices using the command line? I've tried several methods, but haven't been successful.
otatool.py command - but not work
idf.py -p /dev/ttyUSB1 encrypted-flash - but not work is Flas
sdkconfig