[Solved] Disabling the Flash encryption

JainamShah
Posts: 16
Joined: Thu Jul 29, 2021 6:52 am

[Solved] Disabling the Flash encryption

Postby JainamShah » Thu Aug 18, 2022 5:41 am

Hello,

I have enabled the Secure boot V2 + flash encryption in my code.. I want to disable the flash encryption in EPS32. Can anyone provide the proper steps for Disable the Flash encryption?

Thanks In Advance,
Jainam Shah

Alberk
Posts: 55
Joined: Sat Jun 19, 2021 1:49 am

Re: Disabling the Flash encryption

Postby Alberk » Thu Aug 18, 2022 5:56 am

As far as I know if the efuse is burned then it cannot be reversed.

ESP_Mahavir
Posts: 190
Joined: Wed Jan 24, 2018 6:51 am

Re: Disabling the Flash encryption

Postby ESP_Mahavir » Thu Aug 18, 2022 7:01 am

If you had enabled flash encryption in "Development" mode then it should be possible to disable it (based on value of FLASH_CRYPT_CNT field). Please refer to documentation at https://docs.espressif.com/projects/esp ... encryption for details.

JainamShah
Posts: 16
Joined: Thu Jul 29, 2021 6:52 am

Re: Disabling the Flash encryption

Postby JainamShah » Mon Aug 22, 2022 6:01 am

ESP_Mahavir wrote:
Thu Aug 18, 2022 7:01 am
If you had enabled flash encryption in "Development" mode then it should be possible to disable it (based on value of FLASH_CRYPT_CNT field). Please refer to documentation at https://docs.espressif.com/projects/esp ... encryption for details.
Hello Mahavir,

Yes, I am using it in "Development" mode. I have followed the steps described in the following link. But when I burn the FLASH_CRYPT_CNT in Efuse, It got incremented in odd numbers like 1 to 3 and 3 to 7. And when I flash the firmware. It still restarting continuously.

As described in the espressif docs, I am afraid that it might be last chance to burn the FLASH_CRYPT_CNT. As I have tried it twice.

Can you help me with this.

Thanks & Regards
Jainam Shah

ESP_Mahavir
Posts: 190
Joined: Wed Jan 24, 2018 6:51 am

Re: Disabling the Flash encryption

Postby ESP_Mahavir » Mon Aug 22, 2022 12:27 pm

Hello,

If even number of bits are set in `FLASH_CRYPT_CNT` (e.g., 0/2/4/6), then contents from flash are treated as if they are not encrypted. As an example, if value of this field is 1 then flash encryption is enabled (set bits count is odd), and if value is 3, then its disabled (set bit count is 2 - even).

Please check EFuse summary using `espefuse.py -p PORT summary` and confirm the set bits from this field. Post that you may flash plaintext bootloader with flash encryption configuration disabled and it should work.

Please post detailed logs and output of EFuse summary if you run into any issues.

Hope this helps!

JainamShah
Posts: 16
Joined: Thu Jul 29, 2021 6:52 am

Re: Disabling the Flash encryption

Postby JainamShah » Mon Aug 22, 2022 1:10 pm

Hello,

Yes, I am following the steps as mentioned. But still the counter is incremented in odd number. You can see this in below logs.
Connecting......
Detecting chip type... Unsupported detection protocol, switching and trying again...
Connecting....
Detecting chip type... ESP32
espefuse.py v3.3-dev

=== Run "burn_efuse" command ===
The efuses to burn:
from BLOCK0
- FLASH_CRYPT_CNT

Burning efuses:

- 'FLASH_CRYPT_CNT' (Flash encryption mode counter) 0b0000111 -> 0b0001111

Check all blocks for burn...
idx, BLOCK_NAME, Conclusion
[00] BLOCK0 is not empty
Here the flash encryption counter is changes 7 to 15.. Not 7 to 8.

Is there anything I am doing wrong?

Thanks,
Jainam Shah

JainamShah
Posts: 16
Joined: Thu Jul 29, 2021 6:52 am

Re: Disabling the Flash encryption

Postby JainamShah » Mon Aug 22, 2022 1:16 pm

FYI.
  1. Calibration fuses:
  2. BLK3_PART_RESERVE (BLOCK0):                        BLOCK3 partially served for ADC calibration data   = False R/W (0b0)
  3. ADC_VREF (BLOCK0):                                 Voltage reference calibration                      = 1058 R/- (0b10110)
  4.  
  5. Config fuses:
  6. XPD_SDIO_FORCE (BLOCK0):                           Ignore MTDI pin (GPIO12) for VDD_SDIO on reset     = False R/W (0b0)
  7. XPD_SDIO_REG (BLOCK0):                             If XPD_SDIO_FORCE, enable VDD_SDIO reg on reset    = False R/W (0b0)
  8. XPD_SDIO_TIEH (BLOCK0):                            If XPD_SDIO_FORCE & XPD_SDIO_REG                   = 1.8V R/W (0b0)
  9. CLK8M_FREQ (BLOCK0):                               8MHz clock freq override                           = 57 R/W (0x39)
  10. SPI_PAD_CONFIG_CLK (BLOCK0):                       Override SD_CLK pad (GPIO6/SPICLK)                 = 0 R/W (0b00000)
  11. SPI_PAD_CONFIG_Q (BLOCK0):                         Override SD_DATA_0 pad (GPIO7/SPIQ)                = 0 R/W (0b00000)
  12. SPI_PAD_CONFIG_D (BLOCK0):                         Override SD_DATA_1 pad (GPIO8/SPID)                = 0 R/W (0b00000)
  13. SPI_PAD_CONFIG_HD (BLOCK0):                        Override SD_DATA_2 pad (GPIO9/SPIHD)               = 0 R/W (0b00000)
  14. SPI_PAD_CONFIG_CS0 (BLOCK0):                       Override SD_CMD pad (GPIO11/SPICS0)                = 0 R/W (0b00000)
  15. DISABLE_SDIO_HOST (BLOCK0):                        Disable SDIO host                                  = False R/W (0b0)
  16.  
  17. Efuse fuses:
  18. WR_DIS (BLOCK0):                                   Efuse write disable mask                           = 385 R/W (0x0181)
  19. RD_DIS (BLOCK0):                                   Efuse read disable mask                            = 0 R/- (0x0)
  20. CODING_SCHEME (BLOCK0):                            Efuse variable block length scheme
  21.    = NONE (BLK1-3 len=256 bits) R/W (0b00)
  22. KEY_STATUS (BLOCK0):                               Usage of efuse block 3 (reserved)                  = False R/W (0b0)
  23.  
  24. Identity fuses:
  25. MAC (BLOCK0):                                      Factory MAC Address
  26.    = 7c:87:ce:f4:a1:78 (CRC 0x50 OK) R/W
  27. MAC_CRC (BLOCK0):                                  CRC8 for factory MAC address                       = 80 R/W (0x50)
  28. CHIP_VER_REV1 (BLOCK0):                            Silicon Revision 1                                 = True R/W (0b1)
  29. CHIP_VER_REV2 (BLOCK0):                            Silicon Revision 2                                 = True R/W (0b1)
  30. CHIP_VERSION (BLOCK0):                             Reserved for future chip versions                  = 2 R/W (0b10)
  31. CHIP_PACKAGE (BLOCK0):                             Chip package identifier                            = 1 R/W (0b001)
  32. MAC_VERSION (BLOCK3):                              Version of the MAC field                           = 0 R/W (0x00)
  33.  
  34. Security fuses:
  35. FLASH_CRYPT_CNT (BLOCK0):                          Flash encryption mode counter                      = 7 R/W (0b0000111)
  36. UART_DOWNLOAD_DIS (BLOCK0):                        Disable UART download mode (ESP32 rev3 only)       = False R/W (0b0)
  37. FLASH_CRYPT_CONFIG (BLOCK0):                       Flash encryption config (key tweak bits)           = 15 R/W (0xf)
  38. CONSOLE_DEBUG_DISABLE (BLOCK0):                    Disable ROM BASIC interpreter fallback             = True R/W (0b1)
  39. ABS_DONE_0 (BLOCK0):                               Secure boot V1 is enabled for bootloader image     = False R/W (0b0)
  40. ABS_DONE_1 (BLOCK0):                               Secure boot V2 is enabled for bootloader image     = True R/W (0b1)
  41. JTAG_DISABLE (BLOCK0):                             Disable JTAG                                       = True R/W (0b1)
  42. DISABLE_DL_ENCRYPT (BLOCK0):                       Disable flash encryption in UART bootloader        = False R/W (0b0)
  43. DISABLE_DL_DECRYPT (BLOCK0):                       Disable flash decryption in UART bootloader        = True R/W (0b1)
  44. DISABLE_DL_CACHE (BLOCK0):                         Disable flash cache in UART bootloader             = True R/W (0b1)

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: Disabling the Flash encryption

Postby WiFive » Mon Aug 22, 2022 5:45 pm

Even number of bits. Numeric value will always be odd. Value 7 has 3 set bits but value 15 has 4 set bits.

JainamShah
Posts: 16
Joined: Thu Jul 29, 2021 6:52 am

Re: Disabling the Flash encryption

Postby JainamShah » Tue Aug 23, 2022 6:42 am

Yes!
That's solved my problem.. Thank you

Who is online

Users browsing this forum: No registered users and 379 guests