Unable to flash image once Secure Boot / Flash Encryption has been enabled (ESP-C2/8684) (ESPTOOL-709) #895
Comments
github-actions
bot
changed the title
|
Hi @AndreasKohn, In the meantime, as a workaround, you can remove the |
|
The fix has been merged. Feel free to test! Thank you. |
|
hi @radimkarnis thanks for taking care of it. Unfortunately I con not confirm that it works. Neither the work around with the old version not the new version I pulled from git (e862e10). |
|
@AndreasKohn try writing anything to the C2 by running the command |
|
@radimkarnis tried this command, but I am really not convinced to continue with this warning: `python .\esptool.py -p COM20 -c esp32c2 write_flash 0 C:\WorkingArea\mitteWorkspace\helloWorldFirmware\build\helloWorldFirmware.bin A fatal error occurred: WARNING: Detected flash encryption and secure download mode enabled. Why is a plaintext binary a problem? I thought the UART bootloader will perform the flash encryption of the plaintext image in development mode? Is this a serious message in my case or can I safely ignore it? |
|
Sorry, I didn't realize you have flash encryption enabled. In that case, don't continue, we don't want to overwrite the bootloader. Getting to this point is a confirmation that the original issue is solved, thank you! |
|
@radimkarnis will you still look into this issue, or is it solved for you? Obviously it is not solved for me. Thanks |
|
@AndreasKohn I am sorry, but what issue are you having now? The original report was about What you are now seeing are esptool security checks, that prevent users from damaging their devices. You can skip the checks with |
If you still run into any issues, please share your EFuse summary of the device ( |
|
@radimkarnis @mahavirj maybe I was not clear in my post above, but the problem command (0xa) is still present.
If I add the additional option: --encrypt I get the inof that this argument is unknown:
If I want to execute the efuse summary I get this:
|
|
|
@radimkarnis OK I tried your suggestions with the following outcome:
A fatal error occurred: WARNING: Detected flash encryption and secure download mode enabled.
A fatal error occurred: Secure Download Mode is enabled. The tool can not read eFuses. |
|
@radimkarnis @mahavirj can I still expect a feedback on my reply post above? The problem is still not solved and I do not see what I am doing wrong here. I have configured the C2 as described in the documentation and can still not download a FW in development mode. Any help suggestion is appreciated. |
|
ad 2) your command still contains the |
|
@radimkarnis I removed the |
* docs: espsecure remote signing using a HSM broken link fix * fix(rfc2217_server): Use new reset sequences * fix(ESP32-S3): Lower CPU freq to improve flasher stub stability Closes espressif#832 * fix: Unknown chip (ID or magic number) error * pyinstaller: fix glibc dependency on gnu/linux pyinstaller package for linux is built within the ubuntu-latest image in github workflow. This may cause prbolem with glibc symbol versions on older distributions, where the new symbol versions are not available. Fix this by building on the older ubuntu version. Closes espressif#843 Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> * tests: Create custom `host_test` marker for tests without real chip connected Closes espressif#838 * fix(ESP32-S3): Temporarily disable increasing CPU freq Related to espressif#848 Related to espressif#842 * build: add esp_rfc2217_server to published scripts Closes espressif#846 * Update version to v4.5.1 * Update version to v4.6-dev * espefuse: Hide sensitive info by default during burning burn_key and burn_key_digest Adds --show-sensitive-info flag for two commands: burn_key and burn_key_digest. * flasher_stub: pass -mabi=ilp32 to the RISC-V compiler This is a no-op change for the upstream toolchain (compiled stubs are binary identical), but is required when building with Debian's riscv64-unknown-elf-gcc compiler. * flasher_stub: allow passing extra CFLAGS The flasher_stub Makefile allows for some system-local configuration, either through local.mk, or through environment variables. For example, the compiler prefix can be overridden, by defining e.g. CROSS_ESPRISCV32. However, passing additional flags to the compiler isn't possible right now. Add EXTRA_CFLAGS and EXTRA_CFLAGS_ESPRISCV32 to allow for that option. * flasher_stub: collect all targets at the top, DRY * flasher_stub: make target selection more modular Rather than a special "make esp32", create WITHOUT_* variables to selectively disable chip families. Currently, WITHOUT_ESP8266, WITHOUT_ESP32_XTENSA and WITHOUT_ESP32_RISCV32 are defined, but the code can be easily adjusted to allow for all kinds of other sets/combinations. * flasher_stub: create %.json targets, make all a proper PHONY * flasher_stub: drop --embed from wrap_stub.py Since commit 94f29a5 the flasher stub is not embedded in the Python source, but rather included as simple json files. As such, wrap_stub.py --embed was converted to basically just vary the build dir. Rather than keep this indirection and for better clarity, remove that piece of code and replace it by a simple "cp" in the Makefile. While at it, replace the target name from "embed" to "install", as this more akin to a "make install" step. * espefuse: Support burning ECDSA_KEY from pem file - fix some assert check in test_espefuse.py - add tests to cover the new functionality * espefuse(c2): Fix BLOCK_KEY0 view for summary cmd when SB + FE keys are burnt For C2 secure boot + flash enc block, we saw that in summary cmd "0's" from secure boot digest part (upper 128 bit) were translated into "?'s" when the block was read protected. For C2, we should apply this translation for lower 128 bits only. * fix(ESP32-C6): Fix get_pkg_version and get_{major,minor}_chip_version * image_info: removed check that reserved bytes in image header are zero IDF may start using parts of the reserved bytes in the extended header at any time, which will break chip auto-detect in image_info. * build: limit max cryptography version to 40 * fix: Set flash parameters even with --flash_size keep Related to espressif/esp-idf#10788 Related to espressif/esp-idf#10959 * build: add arm and arm64 as build target Closes espressif#845 * Fix typo in serial protocol docs Fixes misspelling of `triggered` in serial protocol docs. Signed-off-by: hasheddan <georgedanielmangum@gmail.com> * Support more recent reedsolo packages - https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.6.1 - this seems to be related to licenses only. - https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.7.0 - this is related to installation. Closes espressif#872 * build(arm): add pip extra url for github action build * ci: Fix libffi symlinks for cryptography>=40 * espefuse: Prevent burning XTS_AES and ECDSA keys into BLOCK9 (BLOCK_KEY5) eFuse module has a hardware bug. It is related to ESP32-C3, C6, S3, H2 chips: - BLOCK9 (BLOCK_KEY5) can not be used by XTS_AES keys. For H2 chips, the BLOCK9 (BLOCK_KEY5) can not be used by ECDSA keys. S2 does not have such a hardware bug. * image_info: Display disabled WP pin as disabled The image formats know about the special value 0xee used to disable WP. Display this with image_info. E.g.: ESP32-C3 extended image header ============================== WP pin: 0xee (disabled) * image_info: Print chip ID's name if known Example: Flash pins drive settings: clk_drv: 0x0, q_drv: 0x0, d_drv: 0x0, cs0_drv: 0x0, hd_drv: 0x0, wp_drv: 0x0 Chip ID: 5 (ESP32-C3) Minimal chip revision: v0.0, (legacy min_rev = 0) Maximal chip revision: v655.35 An unknown ID will be printed as: Chip ID: 42 (Unknown ID) * tests: Make the testsuite Windows compatible * espefuse: Adds external esp instance Closes espressif#873 * espefuse: Improve efuse error viewing * espefuse: Explicit setting of efuse time settings EFUSE_PWR_ON_NUM in C3 has default value = 0x2880, now = 0x3000 * docs(Boot log): Add all esp targets to cover boot troubleshooting Closes espressif#732 * fix: USB-JTAG-Serial PID detection error * esptool: Move bootdesc on the top of the ram segment * espefuse: Move some vars under init method to speedup tool after adding yaml support * espefuse: Adds yaml efuse description files for all chip - esptool: Updates eFuses wafer major&minor versions - esptool(esp32c6): Adds package versions - espefuse(esp32c6): Replace PKG_VERSION BLK_VERSION_MINOR BLK_VERSION_MAJOR - espefuse(esp32c6): Adds adc calib efuses - espefuse: Adds yaml files for Build with PyInstaller * efuse(H2): Adds RF Calibration Information * espsecure: Improve error message for incorrect PEM format Closes espressif#881 * bugfix(usb_jtag_serial): Autofeed super watchdog (SWD) to avoid resets during flashing * esptool: Read 64-bit MAC address on C6 and H2 * bugfix: Adjust wrapper scripts to not import themselves * bugfix(espsecure): Print a clear error message if incompatible OpenSSL backend is used Closes espressif#878 * fix: inconsistent usage of dirs separator * feat(esptool): add option to dump whole flash based on detected size Closes espressif#461 * Update version to v4.6 * Update version to v4.7-dev * fix(ESP32-S3): Correct RTC WDT registers to fix resets during flashing * Update version to v4.6.1 * Update version to v4.7-dev * docs: add explanation for flash_id example to avoid confusion * docs(boot-log): fix list formatting * docs: add c2, c6 and h2 as build targets * fix(compressed upload): Accept short data blocks with only Adler-32 bytes * fix(CH9102F): Suggest to install new serial drivers if writing to RAM fails * esptool & espefuse: Fix byte order in MAC (for C6 and H2) MAC: 60:55:f9:ff:fe:f7:2c:a2 (EUI64, used for IEEE802154) BASE MAC: 60:55:f9:f7:2c:a2 (used for BT) MAC_EXT: ff:fe * Update version to v4.6.2 * Update version to v4.7 * change: Add conventional precommit linter * ci(pre-commit): Update version of `conventional-precommit-linter` * feat(get_security_info): Improved the output format and added more details * fix(esp32-c2): Enable flashing in secure download mode Closes espressif#895 * ci: Add DangerJS checks to GL and GH * feat(esptool): Add PICO package for ESP32S3 and flash/psram efuses * feat(esptool): Add tests for get_chip_features * feat(esptool): Add new packages for ESP32C3 and flash efuses * fix(expand file args): Correctly print the expanded command * feat(espsecure): Allow prompting for HSM PIN in read_hsm_config If hsm_config does not contain "credentials" the user will be prompted for the HSM PIN. This avoids the need to have HSM PINs typed in config files which is not a good security practice. ADJUNCT: Updated documentation to reflect new usage Closes espressif#900 * fix(dangerGH): Update token permissions - allow Danger to add comments to PR * fix(elf2image): fix text/rodata mapping overlap issue on uni-idrom bus chips * fix: assert in esp32 exclusive workaround * docs: Add other resources page * fix(autodetection): Remove the ESP32-S2 ROM class from get_security_info autodetection * change(pre-commit): Bump version conventional-precommit-linter to 1.2.1 * feat(esptool): added target to esp32p4 * feat(espefuse): Add support for esp32p4 chip * fix: Fix redirection of STDOUT Closes espressif#904 * fix(danger-github): Fir Danger GitHub token permission * ci(danger-github): Fix github-action-bot permissions for posting Danger output * ci: Shared danger to local stage (remove possible double CI pipelines) * ci: add 'flake8-import-order' as a dependecy to flake8 * fix(bin_image): Check only ELF sections when searching for .flash.appdesc Closes espressif#917 * feat(efuse): ESP32P4 adds ecdsa_key support * feat(efuse): Update key purpose table and tests * feat(esp32-s3): Support >16MB quad flash chips Adds support for the W25Q256 and GD25Q256 flash chips. Closes espressif#883 * ci(dev_release): Upload dev releases to PyPI with GH Actions * ci: fix pipeline for building docs * feat(merge_bin): add support for uf2 format * feat(esp32c3): Support ECO6 and ECO7 magic numbers * ci(gitlab_ci): Change only/except syntax to rules * fix(flasher_stub): fix usb-serial-jtag enabled non-related intr source * fix(loader): Could not open serial port message adjusted * ci(gitlab): Fix deploying docs to production * ci(github): Fix pyinstaller builds on ubuntu * docs(basic-commands): added note for PowerShell users for merge_bin command Closes espressif#923 * feat: Add support for Python 3.12 * feat(loader): Added hints for some serial port issues when rising port error Closes espressif/esp-idf#12366 * feat: add support for get_security_info on esp32c3 ECO7 * docs(troubleshooting): Explain issues when flashing with USB-Serial/JTAG or USB-OTG Closes espressif#924 * feat(espefuse): Update the way to complete the operation * docs(boot_mode_selection): Correct secondary strapping pin boot mode levels Closes espressif#928 * feat(espefuse): Adds efuse ADC calibration data for ESP32H2 * feat(rfc2217_server): Add hard reset sequence * feat(elf2image): add ram-only-header argument The ram-only-header configuration makes only the RAM segments visible to the ROM bootloader placing them at the beginning of the file and altering the segment count from the image header with the quantity of these segments, and also writing only their checksum. This segment placement also may not result as optimal as the standard way regarding the padding gap use among the flash segments that could result in a less fragmented binary. The image built must then handle the basic hardware initialization and the flash mapping for code execution after ROM bootloader boot it. Signed-off-by: Marek Matej <marek.matej@espressif.com> Signed-off-by: Almir Okato <almir.okato@espressif.com> * feat(esp32p4): Stub flasher support * refactor(stub_flasher): Cleanup, make adding new targets easier * feat: add support for intel hex format --------- Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> Signed-off-by: hasheddan <georgedanielmangum@gmail.com> Signed-off-by: Marek Matej <marek.matej@espressif.com> Signed-off-by: Almir Okato <almir.okato@espressif.com> Co-authored-by: harshal.patil <harshal.patil@espressif.com> Co-authored-by: radim.karnis <radim.karnis@espressif.com> Co-authored-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> Co-authored-by: Peter Dragun <peter.dragun@espressif.com> Co-authored-by: KonstantinKondrashov <konstantin@espressif.com> Co-authored-by: Faidon Liambotis <paravoid@debian.org> Co-authored-by: XiNGRZ <hi@xingrz.me> Co-authored-by: Marius Vikhammer <marius.vikhammer@espressif.com> Co-authored-by: hasheddan <georgedanielmangum@gmail.com> Co-authored-by: Roland Dobai <roland@espressif.com> Co-authored-by: Trent Piepho <tpiepho@gmail.com> Co-authored-by: Dean Gardiner <me@dgardiner.net> Co-authored-by: Massimiliano Montagni <massimiliano@solutiontech.tech> Co-authored-by: Tomas Sebestik <tomas.sebestik@espressif.com> Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com> Co-authored-by: Richard Retanubun <richard.retanubun@mmbnetworks.com> Co-authored-by: wuzhenghui <wuzhenghui@espressif.com> Co-authored-by: Armando <douyiwen@espressif.com> Co-authored-by: Jakub Kocka <jakub.kocka@espressif.com> Co-authored-by: 20162026 <36726858+20162026@users.noreply.github.com> Co-authored-by: Almir Okato <almir.okato@espressif.com>
* docs: espsecure remote signing using a HSM broken link fix * fix(rfc2217_server): Use new reset sequences * fix(ESP32-S3): Lower CPU freq to improve flasher stub stability Closes espressif#832 * fix: Unknown chip (ID or magic number) error * pyinstaller: fix glibc dependency on gnu/linux pyinstaller package for linux is built within the ubuntu-latest image in github workflow. This may cause prbolem with glibc symbol versions on older distributions, where the new symbol versions are not available. Fix this by building on the older ubuntu version. Closes espressif#843 Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> * tests: Create custom `host_test` marker for tests without real chip connected Closes espressif#838 * fix(ESP32-S3): Temporarily disable increasing CPU freq Related to espressif#848 Related to espressif#842 * build: add esp_rfc2217_server to published scripts Closes espressif#846 * Update version to v4.5.1 * Update version to v4.6-dev * espefuse: Hide sensitive info by default during burning burn_key and burn_key_digest Adds --show-sensitive-info flag for two commands: burn_key and burn_key_digest. * flasher_stub: pass -mabi=ilp32 to the RISC-V compiler This is a no-op change for the upstream toolchain (compiled stubs are binary identical), but is required when building with Debian's riscv64-unknown-elf-gcc compiler. * flasher_stub: allow passing extra CFLAGS The flasher_stub Makefile allows for some system-local configuration, either through local.mk, or through environment variables. For example, the compiler prefix can be overridden, by defining e.g. CROSS_ESPRISCV32. However, passing additional flags to the compiler isn't possible right now. Add EXTRA_CFLAGS and EXTRA_CFLAGS_ESPRISCV32 to allow for that option. * flasher_stub: collect all targets at the top, DRY * flasher_stub: make target selection more modular Rather than a special "make esp32", create WITHOUT_* variables to selectively disable chip families. Currently, WITHOUT_ESP8266, WITHOUT_ESP32_XTENSA and WITHOUT_ESP32_RISCV32 are defined, but the code can be easily adjusted to allow for all kinds of other sets/combinations. * flasher_stub: create %.json targets, make all a proper PHONY * flasher_stub: drop --embed from wrap_stub.py Since commit 94f29a5 the flasher stub is not embedded in the Python source, but rather included as simple json files. As such, wrap_stub.py --embed was converted to basically just vary the build dir. Rather than keep this indirection and for better clarity, remove that piece of code and replace it by a simple "cp" in the Makefile. While at it, replace the target name from "embed" to "install", as this more akin to a "make install" step. * espefuse: Support burning ECDSA_KEY from pem file - fix some assert check in test_espefuse.py - add tests to cover the new functionality * espefuse(c2): Fix BLOCK_KEY0 view for summary cmd when SB + FE keys are burnt For C2 secure boot + flash enc block, we saw that in summary cmd "0's" from secure boot digest part (upper 128 bit) were translated into "?'s" when the block was read protected. For C2, we should apply this translation for lower 128 bits only. * fix(ESP32-C6): Fix get_pkg_version and get_{major,minor}_chip_version * image_info: removed check that reserved bytes in image header are zero IDF may start using parts of the reserved bytes in the extended header at any time, which will break chip auto-detect in image_info. * build: limit max cryptography version to 40 * fix: Set flash parameters even with --flash_size keep Related to espressif/esp-idf#10788 Related to espressif/esp-idf#10959 * build: add arm and arm64 as build target Closes espressif#845 * Fix typo in serial protocol docs Fixes misspelling of `triggered` in serial protocol docs. Signed-off-by: hasheddan <georgedanielmangum@gmail.com> * Support more recent reedsolo packages - https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.6.1 - this seems to be related to licenses only. - https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.7.0 - this is related to installation. Closes espressif#872 * build(arm): add pip extra url for github action build * ci: Fix libffi symlinks for cryptography>=40 * espefuse: Prevent burning XTS_AES and ECDSA keys into BLOCK9 (BLOCK_KEY5) eFuse module has a hardware bug. It is related to ESP32-C3, C6, S3, H2 chips: - BLOCK9 (BLOCK_KEY5) can not be used by XTS_AES keys. For H2 chips, the BLOCK9 (BLOCK_KEY5) can not be used by ECDSA keys. S2 does not have such a hardware bug. * image_info: Display disabled WP pin as disabled The image formats know about the special value 0xee used to disable WP. Display this with image_info. E.g.: ESP32-C3 extended image header ============================== WP pin: 0xee (disabled) * image_info: Print chip ID's name if known Example: Flash pins drive settings: clk_drv: 0x0, q_drv: 0x0, d_drv: 0x0, cs0_drv: 0x0, hd_drv: 0x0, wp_drv: 0x0 Chip ID: 5 (ESP32-C3) Minimal chip revision: v0.0, (legacy min_rev = 0) Maximal chip revision: v655.35 An unknown ID will be printed as: Chip ID: 42 (Unknown ID) * tests: Make the testsuite Windows compatible * espefuse: Adds external esp instance Closes espressif#873 * espefuse: Improve efuse error viewing * espefuse: Explicit setting of efuse time settings EFUSE_PWR_ON_NUM in C3 has default value = 0x2880, now = 0x3000 * docs(Boot log): Add all esp targets to cover boot troubleshooting Closes espressif#732 * fix: USB-JTAG-Serial PID detection error * esptool: Move bootdesc on the top of the ram segment * espefuse: Move some vars under init method to speedup tool after adding yaml support * espefuse: Adds yaml efuse description files for all chip - esptool: Updates eFuses wafer major&minor versions - esptool(esp32c6): Adds package versions - espefuse(esp32c6): Replace PKG_VERSION BLK_VERSION_MINOR BLK_VERSION_MAJOR - espefuse(esp32c6): Adds adc calib efuses - espefuse: Adds yaml files for Build with PyInstaller * efuse(H2): Adds RF Calibration Information * espsecure: Improve error message for incorrect PEM format Closes espressif#881 * bugfix(usb_jtag_serial): Autofeed super watchdog (SWD) to avoid resets during flashing * esptool: Read 64-bit MAC address on C6 and H2 * bugfix: Adjust wrapper scripts to not import themselves * bugfix(espsecure): Print a clear error message if incompatible OpenSSL backend is used Closes espressif#878 * fix: inconsistent usage of dirs separator * feat(esptool): add option to dump whole flash based on detected size Closes espressif#461 * Update version to v4.6 * Update version to v4.7-dev * fix(ESP32-S3): Correct RTC WDT registers to fix resets during flashing * Update version to v4.6.1 * Update version to v4.7-dev * docs: add explanation for flash_id example to avoid confusion * docs(boot-log): fix list formatting * docs: add c2, c6 and h2 as build targets * fix(compressed upload): Accept short data blocks with only Adler-32 bytes * fix(CH9102F): Suggest to install new serial drivers if writing to RAM fails * esptool & espefuse: Fix byte order in MAC (for C6 and H2) MAC: 60:55:f9:ff:fe:f7:2c:a2 (EUI64, used for IEEE802154) BASE MAC: 60:55:f9:f7:2c:a2 (used for BT) MAC_EXT: ff:fe * Update version to v4.6.2 * Update version to v4.7 * change: Add conventional precommit linter * ci(pre-commit): Update version of `conventional-precommit-linter` * feat(get_security_info): Improved the output format and added more details * fix(esp32-c2): Enable flashing in secure download mode Closes espressif#895 * ci: Add DangerJS checks to GL and GH * feat(esptool): Add PICO package for ESP32S3 and flash/psram efuses * feat(esptool): Add tests for get_chip_features * feat(esptool): Add new packages for ESP32C3 and flash efuses * fix(expand file args): Correctly print the expanded command * feat(espsecure): Allow prompting for HSM PIN in read_hsm_config If hsm_config does not contain "credentials" the user will be prompted for the HSM PIN. This avoids the need to have HSM PINs typed in config files which is not a good security practice. ADJUNCT: Updated documentation to reflect new usage Closes espressif#900 * fix(dangerGH): Update token permissions - allow Danger to add comments to PR * fix(elf2image): fix text/rodata mapping overlap issue on uni-idrom bus chips * fix: assert in esp32 exclusive workaround * docs: Add other resources page * fix(autodetection): Remove the ESP32-S2 ROM class from get_security_info autodetection * change(pre-commit): Bump version conventional-precommit-linter to 1.2.1 * feat(esptool): added target to esp32p4 * feat(espefuse): Add support for esp32p4 chip * fix: Fix redirection of STDOUT Closes espressif#904 * fix(danger-github): Fir Danger GitHub token permission * ci(danger-github): Fix github-action-bot permissions for posting Danger output * ci: Shared danger to local stage (remove possible double CI pipelines) * ci: add 'flake8-import-order' as a dependecy to flake8 * fix(bin_image): Check only ELF sections when searching for .flash.appdesc Closes espressif#917 * feat(efuse): ESP32P4 adds ecdsa_key support * feat(efuse): Update key purpose table and tests * feat(esp32-s3): Support >16MB quad flash chips Adds support for the W25Q256 and GD25Q256 flash chips. Closes espressif#883 * ci(dev_release): Upload dev releases to PyPI with GH Actions * ci: fix pipeline for building docs * feat(merge_bin): add support for uf2 format * feat(esp32c3): Support ECO6 and ECO7 magic numbers * ci(gitlab_ci): Change only/except syntax to rules * fix(flasher_stub): fix usb-serial-jtag enabled non-related intr source * fix(loader): Could not open serial port message adjusted * ci(gitlab): Fix deploying docs to production * ci(github): Fix pyinstaller builds on ubuntu * docs(basic-commands): added note for PowerShell users for merge_bin command Closes espressif#923 * feat: Add support for Python 3.12 * feat(loader): Added hints for some serial port issues when rising port error Closes espressif/esp-idf#12366 * feat: add support for get_security_info on esp32c3 ECO7 * docs(troubleshooting): Explain issues when flashing with USB-Serial/JTAG or USB-OTG Closes espressif#924 * feat(espefuse): Update the way to complete the operation * docs(boot_mode_selection): Correct secondary strapping pin boot mode levels Closes espressif#928 * feat(espefuse): Adds efuse ADC calibration data for ESP32H2 * feat(rfc2217_server): Add hard reset sequence * feat(elf2image): add ram-only-header argument The ram-only-header configuration makes only the RAM segments visible to the ROM bootloader placing them at the beginning of the file and altering the segment count from the image header with the quantity of these segments, and also writing only their checksum. This segment placement also may not result as optimal as the standard way regarding the padding gap use among the flash segments that could result in a less fragmented binary. The image built must then handle the basic hardware initialization and the flash mapping for code execution after ROM bootloader boot it. Signed-off-by: Marek Matej <marek.matej@espressif.com> Signed-off-by: Almir Okato <almir.okato@espressif.com> * feat(esp32p4): Stub flasher support * refactor(stub_flasher): Cleanup, make adding new targets easier * feat: add support for intel hex format * feat(xip_psram): support xip psram feature on esp32p4 Expanded IROM / DROM range to include psram space as well * Delete docs directory * Delete .gitlab-ci.yml * Delete .pre-commit-config.yaml * Delete MANIFEST.in * Update build_esptool.yml * Delete .github/workflows/test_esptool.yml --------- Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> Signed-off-by: hasheddan <georgedanielmangum@gmail.com> Signed-off-by: Marek Matej <marek.matej@espressif.com> Signed-off-by: Almir Okato <almir.okato@espressif.com> Co-authored-by: harshal.patil <harshal.patil@espressif.com> Co-authored-by: radim.karnis <radim.karnis@espressif.com> Co-authored-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> Co-authored-by: Peter Dragun <peter.dragun@espressif.com> Co-authored-by: KonstantinKondrashov <konstantin@espressif.com> Co-authored-by: Faidon Liambotis <paravoid@debian.org> Co-authored-by: XiNGRZ <hi@xingrz.me> Co-authored-by: Marius Vikhammer <marius.vikhammer@espressif.com> Co-authored-by: hasheddan <georgedanielmangum@gmail.com> Co-authored-by: Roland Dobai <roland@espressif.com> Co-authored-by: Trent Piepho <tpiepho@gmail.com> Co-authored-by: Dean Gardiner <me@dgardiner.net> Co-authored-by: Massimiliano Montagni <massimiliano@solutiontech.tech> Co-authored-by: Tomas Sebestik <tomas.sebestik@espressif.com> Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com> Co-authored-by: Richard Retanubun <richard.retanubun@mmbnetworks.com> Co-authored-by: wuzhenghui <wuzhenghui@espressif.com> Co-authored-by: Armando <douyiwen@espressif.com> Co-authored-by: Jakub Kocka <jakub.kocka@espressif.com> Co-authored-by: 20162026 <36726858+20162026@users.noreply.github.com> Co-authored-by: Almir Okato <almir.okato@espressif.com>
Operating System
Windows 10
Esptool Version
v4.5.1 and latest (v4.7-dev)
Python Version
Python 3.8.3
Chip Description
ESP-C2/8684
Device Description
I am testing on a ESP8684-DevKitM-1
Hardware Configuration
GPIO_8 and GPIO_3 are connect to an I2C device, JTAG is connected using the usual pins
How is Esptool Run
I am running it using the Eclipse IDE but during trouble shooting I ectrated the call to esptool and reproduced it only using the command line in a power shell
Full Esptool Command Line that Was Run
python .\esptool.py --chip esp32c2 -p COM20 -b 460800 --before=default_reset --after=no_reset --no-stub write_flash --flash_mode dio --flash_freq 60m --flash_size 2MB 0x20000 C:\WorkingArea\mitteWorkspace\helloWorldFirmware\build\helloWorldFirmware.bin 0xc000 C:\WorkingArea\mitteWorkspace\helloWorldFirmware\build\partition_table/partition-table.bin
Esptool Output
More Information
I have setup my devKit to run in secure boot mode and flash encryption enabled. The first flash operation out of IDE worked as expected. The device is running in secure boot mode and flash encryption is enabled. I can see that the verification steps for both features have been successfully performed. I am in flash encryption developer mode and assume that I can still flash plain text images via the UART bootloader. At least that is was the documentation says. Here and extract of the traces during boot:'
I (412) esp_image: Verifying image signature...
I (413) secure_boot_v2: Verifying with ECDSA...
ECDSA I (465) secure_boot_v2: Signature verified successfully!
I (470) boot: Loaded app from partition at offset 0x20000
I (470) secure_boot_v2: enabling secure boot v2...
I (474) secure_boot_v2: secure boot v2 is already enabled, continuing..
I (486) boot: Checking flash encryption...
I (493) flash_encrypt: flash encryption is enabled (1 plaintext flashes left)
W (680) flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)
If I now want to flash a modified image with the device in this state, I get the above mentioned error from esptool.py that command 0xa is not supported in secure download mode.
Maybe this is not a bug, but needs to be changed to get the flash procedure successful?
Other Steps to Reproduce
I also used this simple command to query the chip id, which results in the same error. See traces above:
python .\esptool.py -p COM20 chip_id
Not sure if I understand the traces correctly, but is seems that the command 0xa is executed several times and works that respect.
I Have Read the Troubleshooting Guide
The text was updated successfully, but these errors were encountered: