"Secure Boot Check Fail " error in ESP32 when using Secure Boot and Flash Encryption. #3051
Comments
Hi @Raghav3107 By default the secure boot and flash encryption is not enabled on the esp32 port in this repo so I am not able to reproduce this behavior. I tried the above partition table without secure boot and flash encryption option and it builds. However after going through ESP docs, enabling secure boot and flash encryption can increase the size of the bootloader. So it could be possible that the partition table offset (0x8000) configured is not enough. Did you try adjusting the partition table offset as mentioned in this doc: |
Hello @ravibhagavandas I already tried adjusting the partition table offset from (0x8000) to (0x10000). I was searching for the solution I find one comment-> Here, he set the partition table offset to 0x0000 and it worked for him. |
Hi @Raghav3107 ,
|
Hello @ravibhagavandas I tried to do as per your suggestion. I set the partition offset to 0x8000 and modified the partition table CSV file as you have shown in your example. Now It did not show the partition overlapping error. It builds perfectly but after flash, it showing a flash read error. Error Log: rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT) rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT) |
Hi @Raghav3107, From the logs, it seems you have enabled flash encryption and bootloader is not encrypted. Please try the steps as below:
|
Hello @shubhamkulkarni97 I m using esp-idf 3.3, I tried to follow your steps but when I m trying to build them as per your command it shows some cmake error. Error:
So, I tried to
|
@Raghav3107, Steps mentioned in above comment are for IDF v4.2 Please check following points:
|
Hello @shubhamkulkarni97 Can you explain to me the 5th point? What is the partition table size and how will I know partition table size? And I tried flash encryption as per the remaining point.
And flashed all this
After this, I got an error like this.
So, I search for a solution to the issue. The solution I found is to increase the partition offset. I encrypted and flash the partition bin to After this I got a secure boot check fail error. ets Jun 8 2016 00:22:57
Can you tell me what wrong I m doing or if possible can you tell me the overall step of secure boot and flash encryption for esp-idf 3.3? |
@Raghav3107, Sorry for late response.
After build is completed, you can check file size for Steps you have followed look fine. Please note that you should use same flash encryption and secure boot keys that are written in the device. Please check below pointers for secure boot and flash encryption documentation: |
Hello @shubhamkulkarni97 I tried as per suggestion still I m getting the same " Let me tell you the overall steps.
I check the partition-table.bin files it is 3104 bytes and I set the offset to Here is the partition file Also, I used the same key which I used in a secure boot. Still, I m getting the Some doubt which I want clear.
|
thanks, @shubhamkulkarni97 @ravibhagavandas for your help. Got some suggestion on esp-forum from ESP_Angus, to flash only Steps:
|
Has anyone written a complete step by step - it is almost done above, but at the last moment the solution steps are vague: Steps: Partition table offset + size of partition-table.bin should be less than offset for the first app partition. |
One thing you need to add in you step:
|
@horsemann07 |
Hello, @ABHITHLALC Actually, they did not given the clear answer on the above questions.
Hope your doubts will be clear now. |
Thanks for replay, my partition table offset is set to 0x10000, and partition-table.bin size is 3140 bytes.
so in this case I should change the 1 st app partition ? If so how can I |
If you are using re-flashable software bootloader then it is possible to update bootloader. It is not mandatory to flash bootloader everytime, unless you have some changes in it.
Your partition table looks fine. There is no need for any change. |
Thanks for the reply @mahavirj
Using custom partition table with offset 0x8000 After enabling secure boot , I changed the offset 0x8000 to 0x10000
But due to some other issues I could not try it in my project. |
Updated partition table looks good to me. |
Thank you, @mahavirj |
I was trying to use an OTA with Secure Boot and Flash Encryption.
When I trying to build the application it's giving an error.
First partition offset 0x10000 overlaps end of partition table 0x11000
I tried to adjust the partition, but the same issue is occurring continuously.
Log:
CSV Error: First partition offset 0x10000 overlaps end of partition table 0x11000
make: *** [/home/horsemann/Desktop/WorkSpace/WIFIlist_fix/ota_test_starboard/vendors/espressif/esp-idf/components/partition_table/Makefile.projbuild:61: /home/horsemann/Desktop/WorkSpace/WIFIlist_fix/ota_test_starboard/vendors/espressif/boards/esp32/aws_demos/build/partition-table-unsigned.bin] Error 2
Partition Table:
Can anyone help me with this?
Thanks In Advance
The text was updated successfully, but these errors were encountered: