Will secure boot work after upgrade esp-idf version?

minhbka
Posts: 8
Joined: Mon Dec 18, 2023 3:15 am

Will secure boot work after upgrade esp-idf version?

Postby minhbka » Mon Jan 08, 2024 2:36 am

Hi everybody,
I am testing secureboot v1 with esp32 dev kit.
I use the blink example and enable secure boot with reflashable option.
The private key is pre-generated.
Actually, the project worked properly when I use with esp_idf version 4.4.
After that, I upgraded esp_idf version to 5.1.2
Then I test the blink example again with same private key and bootloader digest key.
I also change the partition table to support ota in future.
After that I flashed both app binary bin file and bootloader_reflash_digest bin file to the dev kit.
The result shows "secure boot check fail" message as below:

Code: Select all

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff00b8,len:7684
load:0x40078000,len:24116
load:0x40080400,len:4
0x40080400: _init at ??:?

ho 8 tail 4 room 4
load:0x40080404,len:3176
secure boot check fail
ets_main.c 371
My question is that if I upgrade the esp_idf version, will the secure boot work with same private key ?
Thank you.

ESP_harshal
Posts: 24
Joined: Wed Jul 06, 2022 8:36 am

Re: Will secure boot work after upgrade esp-idf version?

Postby ESP_harshal » Tue Jan 09, 2024 9:48 am

Hello @minhbka,

Secure boot should work even after an ESP-IDF version update.

Taking a look at the error log, it looks like bootloader verification has failed.

And by the steps that you have mentioned, seems like you flashed the new reflashable bootloader digest, app, and partition table, but missed flashing the new bootloader binary at 0x1000.

Could you confirm if you have re-flashed the newer bootloader binary?

Thank you!

minhbka
Posts: 8
Joined: Mon Dec 18, 2023 3:15 am

Re: Will secure boot work after upgrade esp-idf version?

Postby minhbka » Fri Jan 12, 2024 2:13 am

Hello @ESP_harshal
Below is project partition table map

Code: Select all

# ESP-IDF Partition Table
# Name, Type, SubType, Offset, Size, Flags
nvs,data,nvs,0xb000,24K,
phy_init,data,phy,0x11000,4K,
factory,app,factory,0x20000,1M,
I already read current data in flash memory.
Below are some image of data in flash with realative address.

at 0x00:
digest.jpg
digest.jpg (161.53 KiB) Viewed 18337 times
bootloader at 0x1000
bootloader.jpg
bootloader.jpg (319.98 KiB) Viewed 18337 times
app at 0x 20000
app.jpg
app.jpg (363.25 KiB) Viewed 18337 times
Could you help me to check if there is any problem here?
Actually, I rebuilded project before write to flash. Could it be problem?

Who is online

Users browsing this forum: No registered users and 182 guests