esptool.py flash fails with secure boot v2 on a ESP32-S3-WROOM-1 (IDFGH-9419) #10788
Closed
3 tasks done
Assignees
Labels
Resolution: Done
Issue is done internally
Status: Done
Issue is done internally
Type: Bug
bugs in IDF
Comments
github-actions
bot
changed the title
|
Hello @mhgue, This could be an esptool regression, could you please help with verification? I will investigate more, I have a similar report of this happening on the C3 with active secure boot. |
|
Hello @radimkarnis I do get from idf.py Try with direct call to esptool and without STUB So unfortunately no significant difference. |
|
Thanks a lot, let's investigate more. You can switch back to your original version of esptool with Also:
Thanks for your patience, I am trying to gain as much info as possible to reproduce this. |
|
Doing
|
|
@mahavirj Thank you. I will have a look, this might be a workaround for me. One unfavourable consequence of secure OTA without secure boot seems to be, that using multiple trusted public keys is no longer possible. Verification is always done with the public key of the running application in the first position only. |
|
Hi @mhgue, The We can try to narrow the problem down. For starters - could you please try the same process on a different host machine? Thank you. |
|
Hi @radimkarnis, |
|
Hi, I'am also facing similar issue with the ESP32 S3 N16R8 , my host machine is Windows 11, using VS code . tried IDF versions 4.4, 4.4.3 and 5.0 esptool.py v3.3.2 A fatal error occurred: Failed to enter Flash download mode (result was 01060000: Operation or feature not supported)My partition table is as below. Partition table binary generated. Contents: ESP-IDF Partition TableName, Type, SubType, Offset, Size, Flagsnvs_key,data,nvs_keys,0xc000,4K,encrypted Also I have configured PSRAM as octal OPI , 40 MHZ and serial flash as QIO , 80 MHZ, i have tried different configurations of PSRAM and FLASH but no luck. Also i tried to update binary via OTA, Iam not able to do OTA also as soon as binary gets downloaded and second stage bootloader verification of downloaded app is successful a stackover flow is happening. |
|
Hi @radimkarnis, p.s.: As suggested by @mahavirj I am currently using signature of application without secure boot, which is working fine, but full protection with more than one key and maybe later with encryption would be the goal. |
|
@mhgue Note that if secure boot v2 is enabled, then the ROM code will refuse to execute the stub even if the stub has been downloaded into RAM. Because we think it is not safe to execute stub. The correct logic should be bootROM(trusted) + efuse (trusted) ---> verify 2ndbootload ---> verify application. |
|
For errors |
|
Hi, @gm-jiang is there any other way to flash the 2nd partition, also why esptool.py not able to erase the second partition ? |
|
@Ramakrishna247 From what I can see so far, there are some reasons for flash erasing failure in ROM download stage.
If possible, could you connect a logic analyzer to see the signal on the SPI bus, this can determine whether the flash chip is hung up. |
|
Related with #10959 (comment) |
|
Hi @gm-jiang, concerning your second comment: Good point. I will try flash without stub on a device without secure boot. |
|
@gm-jiang, for ESP32-S3, when the |
|
@Emill Good question, but the bootROM does not support the feature of verifying the stub. |
|
It seems like the ROM loader by default fails the flash command for certain addresses for ESP32-S3 with a 16 MB flash. If the Not sure if this should be treated as a bug in the ROM loader, or something that should be expected. In any case, maybe it's possible to implement a workaround in esptool.py to maybe figure out the flash size by reading/writing SPI registers and automatically set it accordingly, if the user has not provided the flash size. Regarding the "security feature" to not allow execution of code passed in download mode, it's a bit strange that arbitrary register reads/writes are allowed (which basically gives full access anyway) but not code execution. I would rather write in the user manual that a "secure boot" enabled device is of course only actually protected if Download Mode is disabled (or maybe when Secure Download Mode is enabled). |
Yes, ideally the secure DL mode along with the secure boot should control the stub execution over UART. We have this addressed in our recent chips like C6/H2 but for S3 as you rightly mentioned that only secure boot configuration disallows the stub execution. Just a note that we always recommend enabling secure DL mode along with any security features, please see: https://docs.espressif.com/projects/esp-idf/en/latest/esp32s3/security/security.html#debug-interfaces |
espressif-bot
pushed a commit
to espressif/esptool
that referenced
this issue
Apr 5, 2023
|
This has been fixed in esptool v4.6. Running the install script again should install the latest available version. If you are using the secure download mode, the flash size has to be explicitly set in menuconfig. Closing this issue. Thanks everyone for the investigation. |
espressif-bot
added
Status: In Progress
espressif-bot
added
Resolution: Done
3 tasks
Jason2866
added a commit
to Jason2866/esptool
that referenced
this issue
Nov 4, 2023
* docs: espsecure remote signing using a HSM broken link fix * fix(rfc2217_server): Use new reset sequences * fix(ESP32-S3): Lower CPU freq to improve flasher stub stability Closes espressif#832 * fix: Unknown chip (ID or magic number) error * pyinstaller: fix glibc dependency on gnu/linux pyinstaller package for linux is built within the ubuntu-latest image in github workflow. This may cause prbolem with glibc symbol versions on older distributions, where the new symbol versions are not available. Fix this by building on the older ubuntu version. Closes espressif#843 Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> * tests: Create custom `host_test` marker for tests without real chip connected Closes espressif#838 * fix(ESP32-S3): Temporarily disable increasing CPU freq Related to espressif#848 Related to espressif#842 * build: add esp_rfc2217_server to published scripts Closes espressif#846 * Update version to v4.5.1 * Update version to v4.6-dev * espefuse: Hide sensitive info by default during burning burn_key and burn_key_digest Adds --show-sensitive-info flag for two commands: burn_key and burn_key_digest. * flasher_stub: pass -mabi=ilp32 to the RISC-V compiler This is a no-op change for the upstream toolchain (compiled stubs are binary identical), but is required when building with Debian's riscv64-unknown-elf-gcc compiler. * flasher_stub: allow passing extra CFLAGS The flasher_stub Makefile allows for some system-local configuration, either through local.mk, or through environment variables. For example, the compiler prefix can be overridden, by defining e.g. CROSS_ESPRISCV32. However, passing additional flags to the compiler isn't possible right now. Add EXTRA_CFLAGS and EXTRA_CFLAGS_ESPRISCV32 to allow for that option. * flasher_stub: collect all targets at the top, DRY * flasher_stub: make target selection more modular Rather than a special "make esp32", create WITHOUT_* variables to selectively disable chip families. Currently, WITHOUT_ESP8266, WITHOUT_ESP32_XTENSA and WITHOUT_ESP32_RISCV32 are defined, but the code can be easily adjusted to allow for all kinds of other sets/combinations. * flasher_stub: create %.json targets, make all a proper PHONY * flasher_stub: drop --embed from wrap_stub.py Since commit 94f29a5 the flasher stub is not embedded in the Python source, but rather included as simple json files. As such, wrap_stub.py --embed was converted to basically just vary the build dir. Rather than keep this indirection and for better clarity, remove that piece of code and replace it by a simple "cp" in the Makefile. While at it, replace the target name from "embed" to "install", as this more akin to a "make install" step. * espefuse: Support burning ECDSA_KEY from pem file - fix some assert check in test_espefuse.py - add tests to cover the new functionality * espefuse(c2): Fix BLOCK_KEY0 view for summary cmd when SB + FE keys are burnt For C2 secure boot + flash enc block, we saw that in summary cmd "0's" from secure boot digest part (upper 128 bit) were translated into "?'s" when the block was read protected. For C2, we should apply this translation for lower 128 bits only. * fix(ESP32-C6): Fix get_pkg_version and get_{major,minor}_chip_version * image_info: removed check that reserved bytes in image header are zero IDF may start using parts of the reserved bytes in the extended header at any time, which will break chip auto-detect in image_info. * build: limit max cryptography version to 40 * fix: Set flash parameters even with --flash_size keep Related to espressif/esp-idf#10788 Related to espressif/esp-idf#10959 * build: add arm and arm64 as build target Closes espressif#845 * Fix typo in serial protocol docs Fixes misspelling of `triggered` in serial protocol docs. Signed-off-by: hasheddan <georgedanielmangum@gmail.com> * Support more recent reedsolo packages - https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.6.1 - this seems to be related to licenses only. - https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.7.0 - this is related to installation. Closes espressif#872 * build(arm): add pip extra url for github action build * ci: Fix libffi symlinks for cryptography>=40 * espefuse: Prevent burning XTS_AES and ECDSA keys into BLOCK9 (BLOCK_KEY5) eFuse module has a hardware bug. It is related to ESP32-C3, C6, S3, H2 chips: - BLOCK9 (BLOCK_KEY5) can not be used by XTS_AES keys. For H2 chips, the BLOCK9 (BLOCK_KEY5) can not be used by ECDSA keys. S2 does not have such a hardware bug. * image_info: Display disabled WP pin as disabled The image formats know about the special value 0xee used to disable WP. Display this with image_info. E.g.: ESP32-C3 extended image header ============================== WP pin: 0xee (disabled) * image_info: Print chip ID's name if known Example: Flash pins drive settings: clk_drv: 0x0, q_drv: 0x0, d_drv: 0x0, cs0_drv: 0x0, hd_drv: 0x0, wp_drv: 0x0 Chip ID: 5 (ESP32-C3) Minimal chip revision: v0.0, (legacy min_rev = 0) Maximal chip revision: v655.35 An unknown ID will be printed as: Chip ID: 42 (Unknown ID) * tests: Make the testsuite Windows compatible * espefuse: Adds external esp instance Closes espressif#873 * espefuse: Improve efuse error viewing * espefuse: Explicit setting of efuse time settings EFUSE_PWR_ON_NUM in C3 has default value = 0x2880, now = 0x3000 * docs(Boot log): Add all esp targets to cover boot troubleshooting Closes espressif#732 * fix: USB-JTAG-Serial PID detection error * esptool: Move bootdesc on the top of the ram segment * espefuse: Move some vars under init method to speedup tool after adding yaml support * espefuse: Adds yaml efuse description files for all chip - esptool: Updates eFuses wafer major&minor versions - esptool(esp32c6): Adds package versions - espefuse(esp32c6): Replace PKG_VERSION BLK_VERSION_MINOR BLK_VERSION_MAJOR - espefuse(esp32c6): Adds adc calib efuses - espefuse: Adds yaml files for Build with PyInstaller * efuse(H2): Adds RF Calibration Information * espsecure: Improve error message for incorrect PEM format Closes espressif#881 * bugfix(usb_jtag_serial): Autofeed super watchdog (SWD) to avoid resets during flashing * esptool: Read 64-bit MAC address on C6 and H2 * bugfix: Adjust wrapper scripts to not import themselves * bugfix(espsecure): Print a clear error message if incompatible OpenSSL backend is used Closes espressif#878 * fix: inconsistent usage of dirs separator * feat(esptool): add option to dump whole flash based on detected size Closes espressif#461 * Update version to v4.6 * Update version to v4.7-dev * fix(ESP32-S3): Correct RTC WDT registers to fix resets during flashing * Update version to v4.6.1 * Update version to v4.7-dev * docs: add explanation for flash_id example to avoid confusion * docs(boot-log): fix list formatting * docs: add c2, c6 and h2 as build targets * fix(compressed upload): Accept short data blocks with only Adler-32 bytes * fix(CH9102F): Suggest to install new serial drivers if writing to RAM fails * esptool & espefuse: Fix byte order in MAC (for C6 and H2) MAC: 60:55:f9:ff:fe:f7:2c:a2 (EUI64, used for IEEE802154) BASE MAC: 60:55:f9:f7:2c:a2 (used for BT) MAC_EXT: ff:fe * Update version to v4.6.2 * Update version to v4.7 * change: Add conventional precommit linter * ci(pre-commit): Update version of `conventional-precommit-linter` * feat(get_security_info): Improved the output format and added more details * fix(esp32-c2): Enable flashing in secure download mode Closes espressif#895 * ci: Add DangerJS checks to GL and GH * feat(esptool): Add PICO package for ESP32S3 and flash/psram efuses * feat(esptool): Add tests for get_chip_features * feat(esptool): Add new packages for ESP32C3 and flash efuses * fix(expand file args): Correctly print the expanded command * feat(espsecure): Allow prompting for HSM PIN in read_hsm_config If hsm_config does not contain "credentials" the user will be prompted for the HSM PIN. This avoids the need to have HSM PINs typed in config files which is not a good security practice. ADJUNCT: Updated documentation to reflect new usage Closes espressif#900 * fix(dangerGH): Update token permissions - allow Danger to add comments to PR * fix(elf2image): fix text/rodata mapping overlap issue on uni-idrom bus chips * fix: assert in esp32 exclusive workaround * docs: Add other resources page * fix(autodetection): Remove the ESP32-S2 ROM class from get_security_info autodetection * change(pre-commit): Bump version conventional-precommit-linter to 1.2.1 * feat(esptool): added target to esp32p4 * feat(espefuse): Add support for esp32p4 chip * fix: Fix redirection of STDOUT Closes espressif#904 * fix(danger-github): Fir Danger GitHub token permission * ci(danger-github): Fix github-action-bot permissions for posting Danger output * ci: Shared danger to local stage (remove possible double CI pipelines) * ci: add 'flake8-import-order' as a dependecy to flake8 * fix(bin_image): Check only ELF sections when searching for .flash.appdesc Closes espressif#917 * feat(efuse): ESP32P4 adds ecdsa_key support * feat(efuse): Update key purpose table and tests * feat(esp32-s3): Support >16MB quad flash chips Adds support for the W25Q256 and GD25Q256 flash chips. Closes espressif#883 * ci(dev_release): Upload dev releases to PyPI with GH Actions * ci: fix pipeline for building docs * feat(merge_bin): add support for uf2 format * feat(esp32c3): Support ECO6 and ECO7 magic numbers * ci(gitlab_ci): Change only/except syntax to rules * fix(flasher_stub): fix usb-serial-jtag enabled non-related intr source * fix(loader): Could not open serial port message adjusted * ci(gitlab): Fix deploying docs to production * ci(github): Fix pyinstaller builds on ubuntu * docs(basic-commands): added note for PowerShell users for merge_bin command Closes espressif#923 * feat: Add support for Python 3.12 * feat(loader): Added hints for some serial port issues when rising port error Closes espressif/esp-idf#12366 * feat: add support for get_security_info on esp32c3 ECO7 * docs(troubleshooting): Explain issues when flashing with USB-Serial/JTAG or USB-OTG Closes espressif#924 * feat(espefuse): Update the way to complete the operation * docs(boot_mode_selection): Correct secondary strapping pin boot mode levels Closes espressif#928 * feat(espefuse): Adds efuse ADC calibration data for ESP32H2 * feat(rfc2217_server): Add hard reset sequence * feat(elf2image): add ram-only-header argument The ram-only-header configuration makes only the RAM segments visible to the ROM bootloader placing them at the beginning of the file and altering the segment count from the image header with the quantity of these segments, and also writing only their checksum. This segment placement also may not result as optimal as the standard way regarding the padding gap use among the flash segments that could result in a less fragmented binary. The image built must then handle the basic hardware initialization and the flash mapping for code execution after ROM bootloader boot it. Signed-off-by: Marek Matej <marek.matej@espressif.com> Signed-off-by: Almir Okato <almir.okato@espressif.com> * feat(esp32p4): Stub flasher support * refactor(stub_flasher): Cleanup, make adding new targets easier * feat: add support for intel hex format --------- Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> Signed-off-by: hasheddan <georgedanielmangum@gmail.com> Signed-off-by: Marek Matej <marek.matej@espressif.com> Signed-off-by: Almir Okato <almir.okato@espressif.com> Co-authored-by: harshal.patil <harshal.patil@espressif.com> Co-authored-by: radim.karnis <radim.karnis@espressif.com> Co-authored-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> Co-authored-by: Peter Dragun <peter.dragun@espressif.com> Co-authored-by: KonstantinKondrashov <konstantin@espressif.com> Co-authored-by: Faidon Liambotis <paravoid@debian.org> Co-authored-by: XiNGRZ <hi@xingrz.me> Co-authored-by: Marius Vikhammer <marius.vikhammer@espressif.com> Co-authored-by: hasheddan <georgedanielmangum@gmail.com> Co-authored-by: Roland Dobai <roland@espressif.com> Co-authored-by: Trent Piepho <tpiepho@gmail.com> Co-authored-by: Dean Gardiner <me@dgardiner.net> Co-authored-by: Massimiliano Montagni <massimiliano@solutiontech.tech> Co-authored-by: Tomas Sebestik <tomas.sebestik@espressif.com> Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com> Co-authored-by: Richard Retanubun <richard.retanubun@mmbnetworks.com> Co-authored-by: wuzhenghui <wuzhenghui@espressif.com> Co-authored-by: Armando <douyiwen@espressif.com> Co-authored-by: Jakub Kocka <jakub.kocka@espressif.com> Co-authored-by: 20162026 <36726858+20162026@users.noreply.github.com> Co-authored-by: Almir Okato <almir.okato@espressif.com>
Jason2866
added a commit
to Jason2866/esptool
that referenced
this issue
Nov 7, 2023
* docs: espsecure remote signing using a HSM broken link fix * fix(rfc2217_server): Use new reset sequences * fix(ESP32-S3): Lower CPU freq to improve flasher stub stability Closes espressif#832 * fix: Unknown chip (ID or magic number) error * pyinstaller: fix glibc dependency on gnu/linux pyinstaller package for linux is built within the ubuntu-latest image in github workflow. This may cause prbolem with glibc symbol versions on older distributions, where the new symbol versions are not available. Fix this by building on the older ubuntu version. Closes espressif#843 Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> * tests: Create custom `host_test` marker for tests without real chip connected Closes espressif#838 * fix(ESP32-S3): Temporarily disable increasing CPU freq Related to espressif#848 Related to espressif#842 * build: add esp_rfc2217_server to published scripts Closes espressif#846 * Update version to v4.5.1 * Update version to v4.6-dev * espefuse: Hide sensitive info by default during burning burn_key and burn_key_digest Adds --show-sensitive-info flag for two commands: burn_key and burn_key_digest. * flasher_stub: pass -mabi=ilp32 to the RISC-V compiler This is a no-op change for the upstream toolchain (compiled stubs are binary identical), but is required when building with Debian's riscv64-unknown-elf-gcc compiler. * flasher_stub: allow passing extra CFLAGS The flasher_stub Makefile allows for some system-local configuration, either through local.mk, or through environment variables. For example, the compiler prefix can be overridden, by defining e.g. CROSS_ESPRISCV32. However, passing additional flags to the compiler isn't possible right now. Add EXTRA_CFLAGS and EXTRA_CFLAGS_ESPRISCV32 to allow for that option. * flasher_stub: collect all targets at the top, DRY * flasher_stub: make target selection more modular Rather than a special "make esp32", create WITHOUT_* variables to selectively disable chip families. Currently, WITHOUT_ESP8266, WITHOUT_ESP32_XTENSA and WITHOUT_ESP32_RISCV32 are defined, but the code can be easily adjusted to allow for all kinds of other sets/combinations. * flasher_stub: create %.json targets, make all a proper PHONY * flasher_stub: drop --embed from wrap_stub.py Since commit 94f29a5 the flasher stub is not embedded in the Python source, but rather included as simple json files. As such, wrap_stub.py --embed was converted to basically just vary the build dir. Rather than keep this indirection and for better clarity, remove that piece of code and replace it by a simple "cp" in the Makefile. While at it, replace the target name from "embed" to "install", as this more akin to a "make install" step. * espefuse: Support burning ECDSA_KEY from pem file - fix some assert check in test_espefuse.py - add tests to cover the new functionality * espefuse(c2): Fix BLOCK_KEY0 view for summary cmd when SB + FE keys are burnt For C2 secure boot + flash enc block, we saw that in summary cmd "0's" from secure boot digest part (upper 128 bit) were translated into "?'s" when the block was read protected. For C2, we should apply this translation for lower 128 bits only. * fix(ESP32-C6): Fix get_pkg_version and get_{major,minor}_chip_version * image_info: removed check that reserved bytes in image header are zero IDF may start using parts of the reserved bytes in the extended header at any time, which will break chip auto-detect in image_info. * build: limit max cryptography version to 40 * fix: Set flash parameters even with --flash_size keep Related to espressif/esp-idf#10788 Related to espressif/esp-idf#10959 * build: add arm and arm64 as build target Closes espressif#845 * Fix typo in serial protocol docs Fixes misspelling of `triggered` in serial protocol docs. Signed-off-by: hasheddan <georgedanielmangum@gmail.com> * Support more recent reedsolo packages - https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.6.1 - this seems to be related to licenses only. - https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.7.0 - this is related to installation. Closes espressif#872 * build(arm): add pip extra url for github action build * ci: Fix libffi symlinks for cryptography>=40 * espefuse: Prevent burning XTS_AES and ECDSA keys into BLOCK9 (BLOCK_KEY5) eFuse module has a hardware bug. It is related to ESP32-C3, C6, S3, H2 chips: - BLOCK9 (BLOCK_KEY5) can not be used by XTS_AES keys. For H2 chips, the BLOCK9 (BLOCK_KEY5) can not be used by ECDSA keys. S2 does not have such a hardware bug. * image_info: Display disabled WP pin as disabled The image formats know about the special value 0xee used to disable WP. Display this with image_info. E.g.: ESP32-C3 extended image header ============================== WP pin: 0xee (disabled) * image_info: Print chip ID's name if known Example: Flash pins drive settings: clk_drv: 0x0, q_drv: 0x0, d_drv: 0x0, cs0_drv: 0x0, hd_drv: 0x0, wp_drv: 0x0 Chip ID: 5 (ESP32-C3) Minimal chip revision: v0.0, (legacy min_rev = 0) Maximal chip revision: v655.35 An unknown ID will be printed as: Chip ID: 42 (Unknown ID) * tests: Make the testsuite Windows compatible * espefuse: Adds external esp instance Closes espressif#873 * espefuse: Improve efuse error viewing * espefuse: Explicit setting of efuse time settings EFUSE_PWR_ON_NUM in C3 has default value = 0x2880, now = 0x3000 * docs(Boot log): Add all esp targets to cover boot troubleshooting Closes espressif#732 * fix: USB-JTAG-Serial PID detection error * esptool: Move bootdesc on the top of the ram segment * espefuse: Move some vars under init method to speedup tool after adding yaml support * espefuse: Adds yaml efuse description files for all chip - esptool: Updates eFuses wafer major&minor versions - esptool(esp32c6): Adds package versions - espefuse(esp32c6): Replace PKG_VERSION BLK_VERSION_MINOR BLK_VERSION_MAJOR - espefuse(esp32c6): Adds adc calib efuses - espefuse: Adds yaml files for Build with PyInstaller * efuse(H2): Adds RF Calibration Information * espsecure: Improve error message for incorrect PEM format Closes espressif#881 * bugfix(usb_jtag_serial): Autofeed super watchdog (SWD) to avoid resets during flashing * esptool: Read 64-bit MAC address on C6 and H2 * bugfix: Adjust wrapper scripts to not import themselves * bugfix(espsecure): Print a clear error message if incompatible OpenSSL backend is used Closes espressif#878 * fix: inconsistent usage of dirs separator * feat(esptool): add option to dump whole flash based on detected size Closes espressif#461 * Update version to v4.6 * Update version to v4.7-dev * fix(ESP32-S3): Correct RTC WDT registers to fix resets during flashing * Update version to v4.6.1 * Update version to v4.7-dev * docs: add explanation for flash_id example to avoid confusion * docs(boot-log): fix list formatting * docs: add c2, c6 and h2 as build targets * fix(compressed upload): Accept short data blocks with only Adler-32 bytes * fix(CH9102F): Suggest to install new serial drivers if writing to RAM fails * esptool & espefuse: Fix byte order in MAC (for C6 and H2) MAC: 60:55:f9:ff:fe:f7:2c:a2 (EUI64, used for IEEE802154) BASE MAC: 60:55:f9:f7:2c:a2 (used for BT) MAC_EXT: ff:fe * Update version to v4.6.2 * Update version to v4.7 * change: Add conventional precommit linter * ci(pre-commit): Update version of `conventional-precommit-linter` * feat(get_security_info): Improved the output format and added more details * fix(esp32-c2): Enable flashing in secure download mode Closes espressif#895 * ci: Add DangerJS checks to GL and GH * feat(esptool): Add PICO package for ESP32S3 and flash/psram efuses * feat(esptool): Add tests for get_chip_features * feat(esptool): Add new packages for ESP32C3 and flash efuses * fix(expand file args): Correctly print the expanded command * feat(espsecure): Allow prompting for HSM PIN in read_hsm_config If hsm_config does not contain "credentials" the user will be prompted for the HSM PIN. This avoids the need to have HSM PINs typed in config files which is not a good security practice. ADJUNCT: Updated documentation to reflect new usage Closes espressif#900 * fix(dangerGH): Update token permissions - allow Danger to add comments to PR * fix(elf2image): fix text/rodata mapping overlap issue on uni-idrom bus chips * fix: assert in esp32 exclusive workaround * docs: Add other resources page * fix(autodetection): Remove the ESP32-S2 ROM class from get_security_info autodetection * change(pre-commit): Bump version conventional-precommit-linter to 1.2.1 * feat(esptool): added target to esp32p4 * feat(espefuse): Add support for esp32p4 chip * fix: Fix redirection of STDOUT Closes espressif#904 * fix(danger-github): Fir Danger GitHub token permission * ci(danger-github): Fix github-action-bot permissions for posting Danger output * ci: Shared danger to local stage (remove possible double CI pipelines) * ci: add 'flake8-import-order' as a dependecy to flake8 * fix(bin_image): Check only ELF sections when searching for .flash.appdesc Closes espressif#917 * feat(efuse): ESP32P4 adds ecdsa_key support * feat(efuse): Update key purpose table and tests * feat(esp32-s3): Support >16MB quad flash chips Adds support for the W25Q256 and GD25Q256 flash chips. Closes espressif#883 * ci(dev_release): Upload dev releases to PyPI with GH Actions * ci: fix pipeline for building docs * feat(merge_bin): add support for uf2 format * feat(esp32c3): Support ECO6 and ECO7 magic numbers * ci(gitlab_ci): Change only/except syntax to rules * fix(flasher_stub): fix usb-serial-jtag enabled non-related intr source * fix(loader): Could not open serial port message adjusted * ci(gitlab): Fix deploying docs to production * ci(github): Fix pyinstaller builds on ubuntu * docs(basic-commands): added note for PowerShell users for merge_bin command Closes espressif#923 * feat: Add support for Python 3.12 * feat(loader): Added hints for some serial port issues when rising port error Closes espressif/esp-idf#12366 * feat: add support for get_security_info on esp32c3 ECO7 * docs(troubleshooting): Explain issues when flashing with USB-Serial/JTAG or USB-OTG Closes espressif#924 * feat(espefuse): Update the way to complete the operation * docs(boot_mode_selection): Correct secondary strapping pin boot mode levels Closes espressif#928 * feat(espefuse): Adds efuse ADC calibration data for ESP32H2 * feat(rfc2217_server): Add hard reset sequence * feat(elf2image): add ram-only-header argument The ram-only-header configuration makes only the RAM segments visible to the ROM bootloader placing them at the beginning of the file and altering the segment count from the image header with the quantity of these segments, and also writing only their checksum. This segment placement also may not result as optimal as the standard way regarding the padding gap use among the flash segments that could result in a less fragmented binary. The image built must then handle the basic hardware initialization and the flash mapping for code execution after ROM bootloader boot it. Signed-off-by: Marek Matej <marek.matej@espressif.com> Signed-off-by: Almir Okato <almir.okato@espressif.com> * feat(esp32p4): Stub flasher support * refactor(stub_flasher): Cleanup, make adding new targets easier * feat: add support for intel hex format * feat(xip_psram): support xip psram feature on esp32p4 Expanded IROM / DROM range to include psram space as well * Delete docs directory * Delete .gitlab-ci.yml * Delete .pre-commit-config.yaml * Delete MANIFEST.in * Update build_esptool.yml * Delete .github/workflows/test_esptool.yml --------- Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> Signed-off-by: hasheddan <georgedanielmangum@gmail.com> Signed-off-by: Marek Matej <marek.matej@espressif.com> Signed-off-by: Almir Okato <almir.okato@espressif.com> Co-authored-by: harshal.patil <harshal.patil@espressif.com> Co-authored-by: radim.karnis <radim.karnis@espressif.com> Co-authored-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> Co-authored-by: Peter Dragun <peter.dragun@espressif.com> Co-authored-by: KonstantinKondrashov <konstantin@espressif.com> Co-authored-by: Faidon Liambotis <paravoid@debian.org> Co-authored-by: XiNGRZ <hi@xingrz.me> Co-authored-by: Marius Vikhammer <marius.vikhammer@espressif.com> Co-authored-by: hasheddan <georgedanielmangum@gmail.com> Co-authored-by: Roland Dobai <roland@espressif.com> Co-authored-by: Trent Piepho <tpiepho@gmail.com> Co-authored-by: Dean Gardiner <me@dgardiner.net> Co-authored-by: Massimiliano Montagni <massimiliano@solutiontech.tech> Co-authored-by: Tomas Sebestik <tomas.sebestik@espressif.com> Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com> Co-authored-by: Richard Retanubun <richard.retanubun@mmbnetworks.com> Co-authored-by: wuzhenghui <wuzhenghui@espressif.com> Co-authored-by: Armando <douyiwen@espressif.com> Co-authored-by: Jakub Kocka <jakub.kocka@espressif.com> Co-authored-by: 20162026 <36726858+20162026@users.noreply.github.com> Co-authored-by: Almir Okato <almir.okato@espressif.com>
|
Using esptool.py 4.7, it looks like I am facing the same issue. Could it have to do that I am writing to ota_1 and not "factory"? Secure Boot v2 and flash encryption both enabled. I am able to flash bootloader and partition table. esptool.py -p /dev/cu.usbmodem101 --chip esp32c6 write_flash --flash_size keep 0x1a0000 firmware-ota1-enc.bin --force A fatal error occurred: Failed to enter Flash download mode (result was 01060000: Operation or feature not supported) |
|
Hello @discreetmayor, The solution is mentioned above:
Please change |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Answers checklist.
IDF version.
v5.0.1-3-g886e98a2c1
Operating System used.
Linux
How did you build your project?
Command line with idf.py
If you are using Windows, please specify command line type.
None
What is the expected behavior?
Ability to flash applications with correct signature.
What is the actual behavior?
1.) With --no-stub flash fails with: A fatal error occurred: Failed to enter Flash download mode (result was 01060000: Operation or feature not supported)
2.) Without --no-stub flash fails with: A fatal error occurred: Failed to start stub. There was no response.
Steps to reproduce.
Enable secure boot V2 on a ESP32-S3 as described in How To Enable Secure Boot V2
Build or installation Logs.
More Information.
Using head of release/v5.0 branch of IDF, components/bootloader/Kconfig.projbuild contains
and thus for IDF_TARGET_ESP32S3 activating
SECURE_BOOTwill activateESPTOOLPY_NO_STUB=ytoo and therefore theesptoolis called with option--no-stuband fails with:If changing the Kconfig entry to exclude S3 from
NO_STUBtoo (like done for S2):the option
--no-stubis not used, but after enabling secure boot theesptoolnow fails with:In my application secure boot is only needed to verify OTA updates. Protection against direct access to the HW is not needed. Is there a way to allow flash stubs even with secure boot enabled? Or is there a way to enable flashing without stubs on a ESP32-S3-WROOM-1?
The text was updated successfully, but these errors were encountered: