[Resolved] Unabled to burn_efuse FLASH_CRYPT_CNT

Cantonius99
Posts: 7
Joined: Fri Jun 05, 2020 1:40 am

[Resolved] Unabled to burn_efuse FLASH_CRYPT_CNT

Postby Cantonius99 » Tue Jan 11, 2022 6:06 am

Hello,

burn_efuse FLASH_CRYPT_CNT. However, I am getting this error and wondering if it's a library that I haven't installed properly? Or the bitstring is set to the end?

I'm getting:
bitstring.CreationError: 255 is too large an unsigned integer for a bitstring of length 7. The allowed range is [0, 127].
Here is the summary for the efuse (looks like I'm running espefuse.py 3.3, perhaps I haven't updated it yet? I'm running esp idf 4.4 right now)

Detecting chip type... ESP32
espefuse.py v3.3-dev
EFUSE_NAME (Block) Description = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Calibration fuses:
BLK3_PART_RESERVE (BLOCK0): BLOCK3 partially served for ADC calibration data = False R/W (0b0)
ADC_VREF (BLOCK0): Voltage reference calibration = 1114 R/W (0b00010)

Config fuses:
XPD_SDIO_FORCE (BLOCK0): Ignore MTDI pin (GPIO12) for VDD_SDIO on reset = False R/W (0b0)
XPD_SDIO_REG (BLOCK0): If XPD_SDIO_FORCE, enable VDD_SDIO reg on reset = False R/W (0b0)
XPD_SDIO_TIEH (BLOCK0): If XPD_SDIO_FORCE & XPD_SDIO_REG = 1.8V R/W (0b0)
CLK8M_FREQ (BLOCK0): 8MHz clock freq override = 50 R/W (0x32)
SPI_PAD_CONFIG_CLK (BLOCK0): Override SD_CLK pad (GPIO6/SPICLK) = 0 R/W (0b00000)
SPI_PAD_CONFIG_Q (BLOCK0): Override SD_DATA_0 pad (GPIO7/SPIQ) = 0 R/W (0b00000)
SPI_PAD_CONFIG_D (BLOCK0): Override SD_DATA_1 pad (GPIO8/SPID) = 0 R/W (0b00000)
SPI_PAD_CONFIG_HD (BLOCK0): Override SD_DATA_2 pad (GPIO9/SPIHD) = 0 R/W (0b00000)
SPI_PAD_CONFIG_CS0 (BLOCK0): Override SD_CMD pad (GPIO11/SPICS0) = 0 R/W (0b00000)
DISABLE_SDIO_HOST (BLOCK0): Disable SDIO host = False R/W (0b0)

Efuse fuses:
WR_DIS (BLOCK0): Efuse write disable mask = 0 R/W (0x0000)
RD_DIS (BLOCK0): Efuse read disable mask = 0 R/W (0x0)
CODING_SCHEME (BLOCK0): Efuse variable block length scheme
= NONE (BLK1-3 len=256 bits) R/W (0b00)
KEY_STATUS (BLOCK0): Usage of efuse block 3 (reserved) = False R/W (0b0)

Identity fuses:
MAC (BLOCK0): Factory MAC Address
= 1c:9d:c2:4b:76:d4 (CRC 0x99 OK) R/W
MAC_CRC (BLOCK0): CRC8 for factory MAC address = 153 R/W (0x99)
CHIP_VER_REV1 (BLOCK0): Silicon Revision 1 = True R/W (0b1)
CHIP_VER_REV2 (BLOCK0): Silicon Revision 2 = True R/W (0b1)
CHIP_VERSION (BLOCK0): Reserved for future chip versions = 2 R/W (0b10)
CHIP_PACKAGE (BLOCK0): Chip package identifier = 1 R/W (0b001)
MAC_VERSION (BLOCK3): Version of the MAC field = 0 R/W (0x00)

Security fuses:
FLASH_CRYPT_CNT (BLOCK0): Flash encryption mode counter = 127 R/W (0b1111111)
UART_DOWNLOAD_DIS (BLOCK0): Disable UART download mode (ESP32 rev3 only) = False R/W (0b0)
FLASH_CRYPT_CONFIG (BLOCK0): Flash encryption config (key tweak bits) = 0 R/W (0x0)
CONSOLE_DEBUG_DISABLE (BLOCK0): Disable ROM BASIC interpreter fallback = True R/W (0b1)
ABS_DONE_0 (BLOCK0): Secure boot V1 is enabled for bootloader image = False R/W (0b0)
ABS_DONE_1 (BLOCK0): Secure boot V2 is enabled for bootloader image = False R/W (0b0)
JTAG_DISABLE (BLOCK0): Disable JTAG = False R/W (0b0)
DISABLE_DL_ENCRYPT (BLOCK0): Disable flash encryption in UART bootloader = False R/W (0b0)
DISABLE_DL_DECRYPT (BLOCK0): Disable flash decryption in UART bootloader = False R/W (0b0)
DISABLE_DL_CACHE (BLOCK0): Disable flash cache in UART bootloader = False R/W (0b0)
BLOCK1 (BLOCK1): Flash encryption key
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK2 (BLOCK2): Secure boot key
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK3 (BLOCK3): Variable Block 3
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Flash voltage (VDD_SDIO) determined by GPIO12 on reset (High for 1.8V, Low/NC for 3.3V).
Last edited by Cantonius99 on Tue Jan 11, 2022 2:55 pm, edited 1 time in total.

User avatar
Vader_Mester
Posts: 300
Joined: Tue Dec 05, 2017 8:28 pm
Location: Hungary
Contact:

Re: Unable to Reset Efuse

Postby Vader_Mester » Tue Jan 11, 2022 6:20 am

Cantonius99 wrote:
Tue Jan 11, 2022 6:06 am
Hello,

I am trying to reset the Efuse (enabled flash encryption). However, I am getting this error and wondering if it's a library that I haven't installed properly?

I'm getting:
bitstring.CreationError: 255 is too large an unsigned integer for a bitstring of length 7. The allowed range is [0, 127].
Here is the summary for the efuse (looks like I'm running espefuse.py 3.3, perhaps I haven't updated it yet? I'm running esp idf 4.4 right now)
I'm not sure what you want to do. Efuse can not be reset, it is a one-time programabble memory. Bits in the Efuse can only be set ONCE!
The only thing you can change is you can make bits that are 0 to 1, but it is not possible to do it backwards, so once the EFUSE is set to use encryption, you can not change it back.

If you are using an ESP with enabled flash encription - as far as my knowledge goes - you either have to compile to that ESP using flash encription and it's keys (see the documentations for this), or you have get a new ESP.

Flash encription is only used for production and firmware protection, so only use it if you follow the rules and keep the encription keys around. If you loose the keys then, you can no longer flash the ESP the traditional way.

I suggest you thoroughly read this, very useful :)
https://docs.espressif.com/projects/esp ... ption.html

Code: Select all

task_t coffeeTask()
{
	while(atWork){
		if(!xStreamBufferIsEmpty(mug)){
			coffeeDrink(mug);
		} else {
			xTaskCreate(sBrew, "brew", 9000, &mug, 1, NULL);
			xSemaphoreTake(sCoffeeRdy, portMAX_DELAY);
		}
	}
	vTaskDelete(NULL);
}

Cantonius99
Posts: 7
Joined: Fri Jun 05, 2020 1:40 am

Re: Unabled to burn_efuse FLASH_CRYPT_CNT

Postby Cantonius99 » Tue Jan 11, 2022 3:00 pm

Sorry, I updated the question!

Essentially I am trying to set burn_efuse FLASH_CRYPT_CNT to increment the Count. But with FLASH_CRYPT_CNT = 127 (0b1111111) does that mean it's incremented to the maximum?

For some reason it looks like a few other boards I flashed with flash encryption on also has FLASH_CRYPT_CNT = 127 (0b1111111). Just wondering what I am doing since I just flashed it once. Secure Boot is off btw.

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: Unabled to burn_efuse FLASH_CRYPT_CNT

Postby WiFive » Tue Jan 11, 2022 7:26 pm

Yes it is set to maximum to permanently enable encryption. However because DISABLE_DL_ENCRYPT is false you can still flash using esptool encrypt option.

Cantonius99
Posts: 7
Joined: Fri Jun 05, 2020 1:40 am

Re: Unabled to burn_efuse FLASH_CRYPT_CNT

Postby Cantonius99 » Wed Jan 12, 2022 5:50 am

great thank you!

whoim2
Posts: 4
Joined: Thu Nov 09, 2023 1:56 pm

Re: [Resolved] Unabled to burn_efuse FLASH_CRYPT_CNT

Postby whoim2 » Thu Nov 09, 2023 2:05 pm

Hello! My problem probably relates to this topic, try to describe it.
I wanted to use the generated esp-idf bootloader for the encryption section with the firmware created in Arduino (binary file). Everything worked out for me, I left the option to download via USB and turned on the development mode for encryption. I am creating a partition file from Arduino. Everything worked out, the firmware was encrypted in a few minutes and started working a couple of times. In the espfuse summary I see that key 1 is installed.

I decided to return the regular bootloader (from Arduino) and flashed it along with the firmware binary. Since then, not a single firmware has worked, even downloaded from Arduino, or re-downloaded with a bootloader from IDF, which encrypts the firmware.

As far as I understand, encryption was performed only the first time during the firmware, and it is not carried out during subsequent ones. Can I somehow return the normal bootloader or force the bootloader from IDF to re-encrypt the firmware so that it works?
My board is esp32-s2, it is currently entering boot mode (button 0) and I can see the fuses.

Code: Select all

=== Run "summary" command ===
EFUSE_NAME (Block) Description  = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Config fuses:
DIS_RTC_RAM_BOOT (BLOCK0)                          Disables boot from RTC RAM                         = False R/W (0b0)
DIS_ICACHE (BLOCK0)                                Disables ICache                                    = False R/W (0b0)
DIS_DCACHE (BLOCK0)                                Disables DCache                                    = False R/W (0b0)
DIS_DOWNLOAD_ICACHE (BLOCK0)                       Disables Icache when SoC is in Download mode       = True R/W (0b1)
DIS_DOWNLOAD_DCACHE (BLOCK0)                       Disables Dcache when SoC is in Download mode       = True R/W (0b1)
DIS_FORCE_DOWNLOAD (BLOCK0)                        Disables forcing chip into Download mode           = False R/W (0b0)
DIS_CAN (BLOCK0)                                   Disables the TWAI Controller hardware              = False R/W (0b0)
DIS_BOOT_REMAP (BLOCK0)                            Disables capability to Remap RAM to ROM address sp = True R/W (0b1)
                                                   ace
FLASH_TPUW (BLOCK0)                                Configures flash startup delay after SoC power-up, = 0 R/W (0x0)
                                                    unit is (ms/2). When the value is 15, delay is 7.
                                                   5 ms
DIS_LEGACY_SPI_BOOT (BLOCK0)                       Disables Legacy SPI boot mode                      = True R/W (0b1)
UART_PRINT_CHANNEL (BLOCK0)                        Selects the default UART for printing boot msg     = UART0 R/W (0b0)
DIS_USB_DOWNLOAD_MODE (BLOCK0)                     Disables use of USB in UART download boot mode     = False R/W (0b0)
UART_PRINT_CONTROL (BLOCK0)                        Sets the default UART boot message output mode     = Enabled R/W (0b0
0)
FLASH_TYPE (BLOCK0)                                Selects SPI flash type                             = 4 data lines R/W
 (0b0)
FORCE_SEND_RESUME (BLOCK0)                         Forces ROM code to send an SPI flash resume comman = False R/W (0b0)
                                                   d during SPI boot
BLOCK_USR_DATA (BLOCK3)                            User data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Efuse fuses:
WR_DIS (BLOCK0)                                    Disables programming of individual eFuses          = 8388864 R/W (0x0
0800100)
RD_DIS (BLOCK0)                                    Disables software reading from BLOCK4-10           = 1 R/W (0b0000001
)

Identity fuses:
BLOCK0_VERSION (BLOCK0)                            BLOCK0 efuse version                               = 0 R/W (0b00)
SECURE_VERSION (BLOCK0)                            Secure version (used by ESP-IDF anti-rollback feat = 0 R/W (0x0000)
                                                   ure)
MAC (BLOCK1)                                       Factory MAC Address
   = 84:fc:e6:c7:1c:3c (OK) R/W
WAFER_VERSION (BLOCK1)                             WAFER version                                      = A R/W (0b000)
FLASH_VERSION (BLOCK1)                             Flash version                                      = Embedded Flash 4
MB R/W (0x2)
BLOCK1_VERSION (BLOCK1)                            BLOCK1 efuse version                               = 0 R/W (0b000)
PSRAM_VERSION (BLOCK1)                             PSRAM version                                      = Embedded PSRAM 2
MB R/W (0x1)
PKG_VERSION (BLOCK1)                               Package version                                    = ESP32-S2 R/W (0x
0)
OPTIONAL_UNIQUE_ID (BLOCK2)                        Optional unique 128-bit ID
   = 0e 77 c7 ba c5 55 7f b4 a1 6d 5f 42 4a a8 69 1b R/W
BLOCK2_VERSION (BLOCK2)                            Version of BLOCK2
   = With ADC calibration V2 R/W (0b010)
CUSTOM_MAC (BLOCK3)                                Custom MAC Address
   = 00:00:00:00:00:00 (OK) R/W

Security fuses:
SOFT_DIS_JTAG (BLOCK0)                             Software disables JTAG. When software disabled, JT = False R/W (0b0)
                                                   AG can be activated temporarily by HMAC peripheral
HARD_DIS_JTAG (BLOCK0)                             Hardware disables JTAG permanently                 = True R/W (0b1)
DIS_DOWNLOAD_MANUAL_ENCRYPT (BLOCK0)               Disables flash encryption when in download boot mo = False R/W (0b0)
                                                   des
SPI_BOOT_CRYPT_CNT (BLOCK0)                        Enables encryption and decryption, when an SPI boo = Enable R/W (0b00
1)
                                                   t mode is set. Enabled when 1 or 3 bits are set,di
                                                   sabled otherwise
SECURE_BOOT_KEY_REVOKE0 (BLOCK0)                   If set, revokes use of secure boot key digest 0    = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE1 (BLOCK0)                   If set, revokes use of secure boot key digest 1    = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE2 (BLOCK0)                   If set, revokes use of secure boot key digest 2    = False R/W (0b0)
KEY_PURPOSE_0 (BLOCK0)                             KEY0 purpose                                       = XTS_AES_128_KEY
R/- (0x4)
KEY_PURPOSE_1 (BLOCK0)                             KEY1 purpose                                       = USER R/W (0x0)
KEY_PURPOSE_2 (BLOCK0)                             KEY2 purpose                                       = USER R/W (0x0)
KEY_PURPOSE_3 (BLOCK0)                             KEY3 purpose                                       = USER R/W (0x0)
KEY_PURPOSE_4 (BLOCK0)                             KEY4 purpose                                       = USER R/W (0x0)
KEY_PURPOSE_5 (BLOCK0)                             KEY5 purpose                                       = USER R/W (0x0)
SECURE_BOOT_EN (BLOCK0)                            Enables secure boot                                = False R/W (0b0)
SECURE_BOOT_AGGRESSIVE_REVOKE (BLOCK0)             Enables aggressive secure boot key revocation mode = False R/W (0b0)
DIS_DOWNLOAD_MODE (BLOCK0)                         Disables all Download boot modes                   = False R/W (0b0)
ENABLE_SECURITY_DOWNLOAD (BLOCK0)                  Enables secure UART download mode (read/write flas = False R/W (0b0)
                                                   h only)
BLOCK_KEY0 (BLOCK4)
  Purpose: XTS_AES_128_KEY
    Encryption key0 or user data
   = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLOCK_KEY1 (BLOCK5)
  Purpose: USER
               Encryption key1 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY2 (BLOCK6)
  Purpose: USER
               Encryption key2 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY3 (BLOCK7)
  Purpose: USER
               Encryption key3 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY4 (BLOCK8)
  Purpose: USER
               Encryption key4 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY5 (BLOCK9)
  Purpose: USER
               Encryption key5 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_SYS_DATA2 (BLOCK10)                          System data (part 2)
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Spi_Pad_Config fuses:
SPI_PAD_CONFIG_CLK (BLOCK1)                        SPI CLK pad                                        = 0 R/W (0b000000)

SPI_PAD_CONFIG_Q (BLOCK1)                          SPI Q (D1) pad                                     = 0 R/W (0b000000)

SPI_PAD_CONFIG_D (BLOCK1)                          SPI D (D0) pad                                     = 0 R/W (0b000000)

SPI_PAD_CONFIG_CS (BLOCK1)                         SPI CS pad                                         = 0 R/W (0b000000)

SPI_PAD_CONFIG_HD (BLOCK1)                         SPI HD (D3) pad                                    = 0 R/W (0b000000)

SPI_PAD_CONFIG_WP (BLOCK1)                         SPI WP (D2) pad                                    = 0 R/W (0b000000)

SPI_PAD_CONFIG_DQS (BLOCK1)                        SPI DQS pad                                        = 0 R/W (0b000000)

SPI_PAD_CONFIG_D4 (BLOCK1)                         SPI D4 pad                                         = 0 R/W (0b000000)

SPI_PAD_CONFIG_D5 (BLOCK1)                         SPI D5 pad                                         = 0 R/W (0b000000)

SPI_PAD_CONFIG_D6 (BLOCK1)                         SPI D6 pad                                         = 0 R/W (0b000000)

SPI_PAD_CONFIG_D7 (BLOCK1)                         SPI D7 pad                                         = 0 R/W (0b000000)


Usb Config fuses:
DIS_USB (BLOCK0)                                   Disables the USB OTG hardware                      = False R/W (0b0)
USB_EXCHG_PINS (BLOCK0)                            Exchanges USB D+ and D- pins                       = False R/W (0b0)
EXT_PHY_ENABLE (BLOCK0)                            Enables external USB PHY                           = False R/W (0b0)
USB_FORCE_NOPERSIST (BLOCK0)                       Forces to set USB BVALID to 1                      = False R/W (0b0)

Vdd_Spi Config fuses:
VDD_SPI_FORCE (BLOCK0)                             Force using VDD_SPI_XPD and VDD_SPI_TIEH to config = False R/W (0b0)
                                                   ure VDD_SPI LDO
VDD_SPI_XPD (BLOCK0)                               The VDD_SPI regulator is powered on                = False R/W (0b0)
VDD_SPI_TIEH (BLOCK0)                              The VDD_SPI power supply voltage at reset          = Connect to 1.8V
LDO R/W (0b0)
PIN_POWER_SELECTION (BLOCK0)                       Sets default power supply for GPIO33..37, set when = VDD3P3_CPU R/W (
0b0)
                                                    SPI flash is initialized

Wdt Config fuses:
WDT_DELAY_SEL (BLOCK0)                             Selects RTC WDT timeout threshold at startup       = 0 R/W (0b00)

Flash voltage (VDD_SPI) determined by GPIO45 on reset (GPIO45=High: VDD_SPI pin is powered from internal 1.8V LDO
GPIO45=Low or NC: VDD_SPI pin is powered directly from VDD3P3_RTC_IO via resistor Rspi. Typically this voltage is 3.3 V)

ESP_Mahavir
Posts: 190
Joined: Wed Jan 24, 2018 6:51 am

Re: [Resolved] Unabled to burn_efuse FLASH_CRYPT_CNT

Postby ESP_Mahavir » Fri Nov 17, 2023 11:32 am

Hello,

> Can I somehow return the normal bootloader or force the bootloader from IDF to re-encrypt the firmware so that it works?

Yes, since you have enabled the flash encryption in development mode, you can disable it. Please see the following documentation section:

https://docs.espressif.com/projects/esp ... encryption

After this, you should be able to reflash plaintext artifacts (bootloader) and then re-enable the flash encryption again.

HTH!

Who is online

Users browsing this forum: No registered users and 94 guests