Hi Especially_Embedded, I did use the enable-flash-encryption-externally instruction, does this essentially set all bits required for "release" mode? Yes, the instructions are provided for the release mode. The step related to burning security related eFuses in https://docs.espressif.com/projects/es...

Hi Especially_Embedded, Thanks for the issue, sorry for the delayed reply. In the steps that you have mentioned below . BURN a known encryption key to BLOCK1 from file via espefuse.py burn_key so that it is not auto-generated on boot 2. Enable encryption in development mode via menuconfig, then buil...

Hi stan-k I see. Since Secure Boot is a security feature on which the root of trust depends completely, hence it is not possible to disable secure boot once it is enabled for the device. After you have disabled the ROM DL mode then the espefuse script would not work with the chip. So no more eFuse r...

Hi stan-k,

As Nespressif has suggested, are you able to obtain the eFuse summary, can you share it with us?

I am sharing a link to a similar issue faced on esp32 https://github.com/espressif/esptool/issues/741 Can you see if the steps given there help your use-case?

Thanks,
Aditya

Hi ChrisAlfred and Nespressif, Please allow me to clear your doubts. Here is my explanation for the questions raised above. Question 1 (1) In step "5. Encrypt and flash the binaries." there is the command line: CODE: SELECT ALL espsecure.py encrypt_flash_data --keyfile my_flash_encryption_key.bin --...

Hi oedzee, It looks like this issue is related to the Serial Port. The script esp_cryptoauth_utility internally uses esptool. Below are some requirements for serial connection with esptool related to Serial Port. https://docs.espressif.com/projects/esptool/en/latest/esp32/esptool/basic-options.html#...

Hi MauroDiam, I'm not using the reflashing option (see here) of the Flash encryption Development mode, bacause the efuse FLASH_CRYPT_CNT has just 7 bits so the board could be reflashed just 4 times, is it correct? Please note that the 7 bits are not related to the flashing. Those 7 bits indicate the...

Hi Joel, I see a couple of questions answered already, I will add my thoughts on them as well. I wonder bout one thing there: why the signer certificate validity should be 365 days only? Is it a good practice only or is there a technical reason ? What append / what is the risk if the signer certific...

Hi Alex, Sorry for the delayed reply. Please find the patch at this link https://gist.github.com/AdityaHPatwardhan/acaa24634f2f895c7b72b4fa56703e17#file-ota_ds_peripheral-patch With this you would have to provide the DS context to the esp_http_client configuration structure. Just for reference - The...

Hi Alex,
Yes you are right, the DS support is not present in the client configuration structure.
I will soon share a patch with you that shall enable you to use DS peripheral for establishing the TLS connection at the time of OTA.