New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ESP32S3 efuses real for production won't work, flash crypted, secure boot v2 enabled, .bin signed, with efuses virtual work (IDFGH-7702) #9244
Comments
Hello Espressif guys, Please help us... What is the problem:
|
From eFuse summary, both secure boot and flash encryption schemes have been correctly configured. Following bootloader log confirms this.
Moreover, bootloader is also successful in verifying firmware (its signature and hence integrity) and then it successfully hands over control to it.
I have few questions here:
CC @igrr |
Good morning @mahavirj , After a hundred test we find that problem is with PSRAM enabled, encryption and in specific esp_partition_write stop work. We have also try Espressif example flash_encryption and with PSRAM disabled work fine, if we enable it, also the example stop to work.
|
Thanks for confirming! Can you please share your |
Hi @mahavirj , Yes i confirm that module is ESP32-S3-WROOM-1-N16R8 |
I can also confirm this issue, running on ESP32-S3-WROOM-1-N16R8. Flash encryption is enabled (BLOCK_KEY0 has been set, KEY_PURPOSE_0 = XTS_AES_128_KEY, RD_DIS = 1, WR_DIS = 0x00800100, SPI_BOOT_CRYPT_CNT = 1). Secure boot has not been enabled. Without PSRAM enabled in menuconfig, After enabling PSRAM in menuconfig, setting it to octal mode and leaving all other PSRAM settings as-is, the For example, I tried to write 65536 bytes of data filled with I dumped the raw contents using |
I did some more debugging. First I tested the latest release/v5.0 branch to see if that would help. I had to migrate to the new I then found out that the driver writes the correct data, but instead of writing to The reason the flash dump contains 64 byte "garbage" every 16 384 byte blocks is due to the By using a debugger and setting a breakpoint at the beginning of I saw that the octal PSRAM uses 32-bit address. After some investigation I found that the So for now I added this line: SET_PERI_REG_BITS(SPI_MEM_CACHE_FCTRL_REG(1), SPI_MEM_CACHE_USR_CMD_4BYTE_V, 0, SPI_MEM_CACHE_USR_CMD_4BYTE_S); to the function Another alternative might be to set |
Hello Emill, |
I personally share your frustration and have often wondered if espressif intends to sell only to hobbyists. But on the other hand, there is a huge price difference between esp products and other companies. No other company offers an mcu with integrated wifi/bt/usb/psram for such a low price (which I find attractive, like probably yourself too). I try to remind myself about that everytime I grind my teeth wondering why something isn't working as I hoped. Moreover, the price of psram is merely a few cents depending on where/how one purchases. More importantly, how often does a microsoft update end up doing more damage than help? Or a linux kernel upgrade that causes some driver to stop working? I used to rely heavily on PIC controllers in the past, specifically the Microchip Code Configurator. All of a sudden they bump the version, and it stopped calculating pwm frequencies correctly. Every SDK has bugs at any moment. |
Environment
Problem Description
Hello guys,
If i flash all .bin system for production (ota, ota_data, factory, partition table, bootloader ecc) with efuses virtual enabled in partition emul_efuse, all work fine.
If i disable virtual efuses for real burn efuses, start the problem, i think to see 2 problems:
esp_partition_get_sha256
on ota return code 0x2002esp_vfs_fat_spiflash_mount
format the FAT like it lose the last formatted procedure on power offI have made many test, sdkconfig and different flash procedures and i have briked 10 module, till now i dont have found solution!
Project
I have 2 project in Espressif IDE (Eclipse):
The 2 project have the same sdkconfig and the same custom partition.csv file (they are ugual and i keep ugual)
In both there are enabled Flash encryption AES-256, Secure Boot V2 with sign binary during build with my generated key (openssl), ROM download mode is enabled (insecure for now).
Sign key is the same for the loader project and firmware project
I dont encrypt NVS data
SDKconfig image encryption
Bootloader of loader project is customized for run all the time at power on Factory partition and for run all the time ota partition from deep sleep wakeup.
Bootloader of firmware project it's the original from Espressif, isn't customized, but i dont use it.
When bootloader run my loader app from factory partition, after some check i launch deep sleep for hundred ms (100) and at wake up bootloader run ota partition (i use only 2 partition for update: 1 factory and 1 ota, this for don't lose flash space of 3 partition like 1 factory and 2 ota as a espressif default).
Partition table offset is set to "0xb000" for enlarge bootloader space (because crypt and info logs) as a documentation explain.
Partitions
Write to flash
After build, i flash all binary with manual command from prompt:
esptool.py -p COM7 --chip esp32s3 erase_flash
esptool.py -p COM7 --chip esp32s3 --before=default_reset --after=no_reset --no-stub write_flash --flash_mode dio --flash_freq 80m --flash_size 16MB 0x20000 loader.bin 0xb000 partition-table.bin 0x10000 ota_data_initial.bin 0x120000 firmware.bin
esptool.py -p COM7 --chip esp32s3 --before=default_reset --after=no_reset --no-stub write_flash --flash_mode dio --flash_freq 80m --flash_size 16MB 0x0 bootloader.bin
In all command i dont reset after all bin file are flashed and Bootloader as the last as documentation mention because at restart it will start to burn the efuses if all crypt process is fine.
It will reset when i start monitor:
idf.py -p COM7 monitor
Expected Behavior
Firmware.bin file is signed at build and ota partition is crypted at first start of bootloader, i will expect that esp_partition_get_sha256 of ota is valid, but isn't.
Storage partition isn't flashed and i think is empty (maybe is 0xFF) and i will expect at first start that is crypted and after formatted as a FAT when is mounted in automatic from API function,
If i start to upload new ota firmware.bin with bluetooth and my protocol, file is saved in FAT and i run esp_reset(), then factory run check firmware.bin present in FAT and reflash ota partition with it.
Actual Behavior
Due to the ota is invalid my loader dont deep sleep and stay inside itself, wait for ota update via bluetooth with our protocol.
At every power on i see that loader formatting every time the FAT, this is not correct.
If i try to upload new ota firmware.bin with bluetooth and my protocol, function f_getfree on FAT error like the FAT is corrupted or not present
Debug Logs
Flash Log
Monitor Log
EFUSES LOG
Other items if possible
The text was updated successfully, but these errors were encountered: