Closed AndreasKohn closed 1 year ago
radimkarnis
commented
1 year ago Hi @AndreasKohn, thanks for reporting this! I have been able to reproduce the issue and will fix it soon.
In the meantime, as a workaround, you can remove the --chip esp32c2 part from the command. This issue doesn't occur if autodetection is attempted.
radimkarnis
commented
1 year ago The fix has been merged. Feel free to test! Thank you.
AndreasKohn
commented
1 year ago hi @radimkarnis thanks for taking care of it. Unfortunately I con not confirm that it works. Neither the work around with the old version not the new version I pulled from git (e862e10e63d587dcfa1a9f683791543cb33c5769). Is there anything else I need to do to make it work?
radimkarnis
commented
1 year ago @AndreasKohn try writing anything to the C2 by running the command esptool.py -c esp32c2 write_flash 0 <yourfile>.bin. This doesn't work for me before the fix but works after pulling https://github.com/espressif/esptool/commit/e862e10e63d587dcfa1a9f683791543cb33c5769. chip_id will not work, because it is not supported in the secure download mode.
AndreasKohn
commented
1 year ago @radimkarnis tried this command, but I am really not convinced to continue with this warning:
`python .\esptool.py -p COM20 -c esp32c2 write_flash 0 C:\WorkingArea\mitteWorkspace\helloWorldFirmware\build\helloWorldFirmware.bin esptool.py v4.7-dev Serial port COM20 Connecting.... Chip is ESP32-C2 in Secure Download Mode WARNING: Stub loader is not supported in Secure Download Mode, setting --no-stub Enabling default SPI flash mode... Configuring flash size...
A fatal error occurred: WARNING: Detected flash encryption and secure download mode enabled. Flashing plaintext binary may brick your device! Use --force to override the warning.`
Why is a plaintext binary a problem? I thought the UART bootloader will perform the flash encryption of the plaintext image in development mode? Is this a serious message in my case or can I safely ignore it? Also I think it is not the best idea to write to the wrong address, I guess 0x0 is reserved for the bootloader that I will overwrite in this case.
radimkarnis
commented
1 year ago Sorry, I didn't realize you have flash encryption enabled. In that case, don't continue, we don't want to overwrite the bootloader. Getting to this point is a confirmation that the original issue is solved, thank you!
AndreasKohn
commented
1 year ago @radimkarnis will you still look into this issue, or is it solved for you? Obviously it is not solved for me. Thanks
radimkarnis
commented
1 year ago @AndreasKohn I am sorry, but what issue are you having now?
The original report was about esptool.util.UnsupportedCommandError: This command (0xa) is not supported in Secure Download Mode happening during write_flash operation. That is solved and verified by both me and you (your log doesn't show this anymore).
What you are now seeing are esptool security checks, that prevent users from damaging their devices. You can skip the checks with --force option, but ONLY if you know what you are doing. You can read about flash encryption on the ESP32-C2 here: https://docs.espressif.com/projects/esp-idf/en/latest/esp32c2/security/flash-encryption.html.
mahavirj
commented
1 year ago @AndreasKohn
`python .\esptool.py -p COM20 -c esp32c2 write_flash 0 C:\WorkingArea\mitteWorkspace\helloWorldFirmware\build\helloWorldFirmware.bin
--encrypt argument to above command (Reference)idf.py encrypted-app-flash command to write the new firmware imageIf you still run into any issues, please share your EFuse summary of the device (espefuse.py summary).
AndreasKohn
commented
1 year ago @radimkarnis @mahavirj maybe I was not clear in my post above, but the problem command (0xa) is still present. If I execute the same command line as in my initial post with the updated esptool, I get the same error message:
python .\esptool.py --chip esp32c2 -p COM20 -b 460800 --before=default_reset --after=no_reset --no-stub write_flash --flash_mode dio --flash_freq 60m --flash_size 2MB 0x20000 C:\WorkingArea\mitteWorkspace\helloWorldFirmware\build\helloWorldFirmware.bin 0xc000 C:\WorkingArea\mitteWorkspace\helloWorldFirmware\build\partition_table/partition-table.bin esptool.py v4.7-dev Serial port COM20 Connecting.... Chip is ESP32-C2 in Secure Download Mode Traceback (most recent call last): File ".\esptool.py", line 37, in <module> esptool._main() File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\__init__.py", line 1073, in _main main() File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\__init__.py", line 732, in main esp.change_baud(args.baud) File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\targets\esp32c2.py", line 90, in change_baud rom_with_26M_XTAL = not self.IS_STUB and self.get_crystal_freq() == 26 File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\targets\esp32c2.py", line 87, in get_crystal_freq return ESPLoader.get_crystal_freq(self) File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\loader.py", line 1415, in get_crystal_freq uart_div = self.read_reg(self.UART_CLKDIV_REG) & self.UART_CLKDIV_MASK File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\loader.py", line 712, in read_reg val, data = self.command( File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\loader.py", line 419, in command raise UnsupportedCommandError(self, op) esptool.util.UnsupportedCommandError: This command (0xa) is not supported in Secure Download Mode
If I add the additional option: --encrypt I get the inof that this argument is unknown:
python .\esptool.py --chip esp32c2 -p COM20 -b 460800 --before=default_reset --after=no_reset --no-stub --encrypt write_flash --flash_mode dio --flash_freq 60m --flash_size 2MB 0x20000 C:\WorkingArea\mitteWorkspace\helloWorldFirmware\build\helloWorldFirmware.bin 0xc000 C:\WorkingArea\mitteWorkspace\helloWorldFirmware\build\partition_table/partition-table.bin usage: esptool [-h] [--chip {auto,esp8266,esp32,esp32s2,esp32s3beta2,esp32s3,esp32c3,esp32c6beta,esp32h2beta1,esp32h2beta2,esp32c2,esp32c6,esp32h2}] [--port PORT] [--baud BAUD] [--before {default_reset,usb_reset,no_reset,no_reset_no_sync}] [--after {hard_reset,soft_reset,no_reset,no_reset_stub}] [--no-stub] [--trace] [--override-vddsdio [{1.8V,1.9V,OFF}]] [--connect-attempts CONNECT_ATTEMPTS] {load_ram,dump_mem,read_mem,write_mem,write_flash,run,image_info,make_image,elf2image,read_mac,chip_id,flash_id,read_flash_status,write_flash_status,read_flash,verify_flash,erase_flash,erase_region,merge_bin,get_security_info,version} ... esptool: error: unrecognized arguments: --encrypt
If I want to execute the efuse summary I get this:
python .\espefuse.py summary Traceback (most recent call last): File ".\espefuse.py", line 34, in <module> import espefuse File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\espefuse\__init__.py", line 11, in <module> import espefuse.efuse.esp32 as esp32_efuse File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\espefuse\efuse\esp32\__init__.py", line 1, in <module> from . import operations File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\espefuse\efuse\esp32\operations.py", line 11, in <module> import espsecure File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\espsecure\__init__.py", line 15, in <module> from cryptography import exceptions ModuleNotFoundError: No module named 'cryptography'
radimkarnis
commented
1 year ago 1) This seems like another issue - that has to be fixed in a different place. Please try running the command without changing the baudrate (remove the -b 460800 part) and let me know if that works. If it does, this also has to be fixed.
2) The --encrypt option has to be added after the write_flash part of the command.
3) Your installation is missing some modules (cryptography in this case). Please install the package by running pip install . (with the dot) in the cloned esptool folder. Then run your commands simply as espefuse.py -p COM20 summary
AndreasKohn
commented
1 year ago @radimkarnis OK I tried your suggestions with the following outcome:
A fatal error occurred: WARNING: Detected flash encryption and secure download mode enabled. Flashing plaintext binary may brick your device! Use --force to override the warning. `
command line output:
python .\esptool.py --chip esp32c2 -p COM20 -b 460800 --before=default_reset --after=no_reset --no-stub write_flash --encrypt --flash_mode dio --flash_freq 60m --flash_size 2MB 0x20000 C:\WorkingArea\mitteWorkspace\mitteInsideFirmware\build\mitteInsideFirmware.bin 0xc000 C:\WorkingArea\mitteWorkspace\mitteInsideFirmware\build\partition_table/partition-table.bin esptool.py v4.7-dev Serial port COM20 Connecting.... Chip is ESP32-C2 in Secure Download Mode Traceback (most recent call last): File ".\esptool.py", line 37, in <module> esptool._main() File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\__init__.py", line 1073, in _main main() File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\__init__.py", line 732, in main esp.change_baud(args.baud) File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\targets\esp32c2.py", line 90, in change_baud rom_with_26M_XTAL = not self.IS_STUB and self.get_crystal_freq() == 26 File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\targets\esp32c2.py", line 87, in get_crystal_freq return ESPLoader.get_crystal_freq(self) File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\loader.py", line 1415, in get_crystal_freq uart_div = self.read_reg(self.UART_CLKDIV_REG) & self.UART_CLKDIV_MASK File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\loader.py", line 712, in read_reg val, data = self.command( File "C:\WorkingArea\mitteTools\Espressif-IDF\esptool\esptool\loader.py", line 419, in command raise UnsupportedCommandError(self, op) esptool.util.UnsupportedCommandError: This command (0xa) is not supported in Secure Download Mode
command line output: `python .\espefuse.py -p COM20 summary espefuse.py v4.7-dev Connecting.... Detecting chip type... ESP32-C2
A fatal error occurred: Secure Download Mode is enabled. The tool can not read eFuses. `
AndreasKohn
commented
1 year ago @radimkarnis @mahavirj can I still expect a feedback on my reply post above? The problem is still not solved and I do not see what I am doing wrong here. I have configured the C2 as described in the documentation and can still not download a FW in development mode. Any help suggestion is appreciated.
radimkarnis
commented
1 year ago @AndreasKohn
ad 2) your command still contains the -b 460800 option, please remove it (mentioned here)
AndreasKohn
commented
1 year ago @radimkarnis I removed the -b 460800 in ad 1) and get this warning again that I might brick my device. Again, how serious is this message? Can I safely ignore it and proceed? This is not a message I would expect in my case, because it should be OK to flash a plain text binary in development mode. Therefore I am irritated.
Operating System
Windows 10
Esptool Version
v4.5.1 and latest (v4.7-dev)
Python Version
Python 3.8.3
Chip Description
ESP-C2/8684
Device Description
I am testing on a ESP8684-DevKitM-1
Hardware Configuration
GPIO_8 and GPIO_3 are connect to an I2C device, JTAG is connected using the usual pins
How is Esptool Run
I am running it using the Eclipse IDE but during trouble shooting I ectrated the call to esptool and reproduced it only using the command line in a power shell
Full Esptool Command Line that Was Run
python .\esptool.py --chip esp32c2 -p COM20 -b 460800 --before=default_reset --after=no_reset --no-stub write_flash --flash_mode dio --flash_freq 60m --flash_size 2MB 0x20000 C:\WorkingArea\mitteWorkspace\helloWorldFirmware\build\helloWorldFirmware.bin 0xc000 C:\WorkingArea\mitteWorkspace\helloWorldFirmware\build\partition_table/partition-table.bin
Esptool Output
More Information
I have setup my devKit to run in secure boot mode and flash encryption enabled. The first flash operation out of IDE worked as expected. The device is running in secure boot mode and flash encryption is enabled. I can see that the verification steps for both features have been successfully performed. I am in flash encryption developer mode and assume that I can still flash plain text images via the UART bootloader. At least that is was the documentation says. Here and extract of the traces during boot:'
I (412) esp_image: Verifying image signature... I (413) secure_boot_v2: Verifying with ECDSA... ECDSA I (465) secure_boot_v2: Signature verified successfully! I (470) boot: Loaded app from partition at offset 0x20000 I (470) secure_boot_v2: enabling secure boot v2... I (474) secure_boot_v2: secure boot v2 is already enabled, continuing.. I (486) boot: Checking flash encryption... I (493) flash_encrypt: flash encryption is enabled (1 plaintext flashes left) W (680) flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)
If I now want to flash a modified image with the device in this state, I get the above mentioned error from esptool.py that command 0xa is not supported in secure download mode.
Maybe this is not a bug, but needs to be changed to get the flash procedure successful?
Other Steps to Reproduce
I also used this simple command to query the chip id, which results in the same error. See traces above:
python .\esptool.py -p COM20 chip_id
Not sure if I understand the traces correctly, but is seems that the command 0xa is executed several times and works that respect.
I Have Read the Troubleshooting Guide