What means "Flags" of esptool.py get_security_info?

kneko715
Posts: 9
Joined: Fri Dec 17, 2021 12:43 pm

What means "Flags" of esptool.py get_security_info?

Postby kneko715 » Wed Nov 09, 2022 1:44 pm

esptool.py get_security_info for ESP32-S3 which enabled flash encryption returns as the following.

Code: Select all

> esptool.py --chip esp32s3 -p COM24 --before=default_reset --after=no_reset --no-stub  get_security_info
esptool.py v4.3
Serial port COM24
Connecting....
Chip is ESP32-S3 in Secure Download Mode
Enabling default SPI flash mode...
Flags: 0x00000684 (0b11010000100)
Flash_Crypt_Cnt: 0x7
Key_Purposes: (4, 0, 0, 0, 0, 0, 12)
Chip_ID: 9
Api_Version: 0
Staying in bootloader.
Bit2 of "Flags" means the SECURE_DOWNLOAD_ENABLE or not.
This is described in `esptool.py` source code on ESP-IDF.

Other bits are not described in any documents or source code.
Does anyone know these meaning ?

I want to detect flash encryption status by using this flags on mass production line.
I expect this flags has these information.

Thank you.

ESP_Mahavir
Posts: 190
Joined: Wed Jan 24, 2018 6:51 am

Re: What means "Flags" of esptool.py get_security_info?

Postby ESP_Mahavir » Fri Nov 11, 2022 7:43 am

Hello,

Please find details about bit-fields in `Flags` value below:

Code: Select all

FLAG_SECURE_BOOT_EN                (1 << 0)
FLAG_SECURE_BOOT_AGGRESSIVE_REVOKE (1 << 1)
FLAG_SECURE_DOWNLOAD_ENABLE        (1 << 2)
FLAG_SECURE_BOOT_KEY_REVOKE0       (1 << 3)
FLAG_SECURE_BOOT_KEY_REVOKE1       (1 << 4)
FLAG_SECURE_BOOT_KEY_REVOKE2       (1 << 5)
FLAG_SOFT_DIS_JTAG                 (1 << 6)
FLAG_HARD_DIS_JTAG                 (1 << 7)
FLAG_DIS_USB                       (1 << 8)
FLAG_DIS_DOWNLOAD_DCACHE           (1 << 9)
FLAG_DIS_DOWNLOAD_ICACHE           (1 << 10)
We will soon add this information in our docs too. Thank you for the feedback.
Flash_Crypt_Cnt: 0x7
This value can help you to understand status of the flash encryption on the device. This field is of 3 bits (`SPI_BOOT_CRYPT_CNT`) and odd number of 1's here indicates that flash encryption is enabled on the device.

Hope this helps!

kneko715
Posts: 9
Joined: Fri Dec 17, 2021 12:43 pm

Re: What means "Flags" of esptool.py get_security_info?

Postby kneko715 » Mon Nov 14, 2022 3:58 am

Thanks ESP_Mahavir.
It's so helpful !

Who is online

Users browsing this forum: No registered users and 102 guests