I am working on project that enables secure boot v2 and supports ota update on esp32s3.
The patition table is:
Code: Select all
*******************************************************************************
# ESP-IDF Partition Table
# Name, Type, SubType, Offset, Size, Flags
nvs,data,nvs,0x11000,16K,
otadata,data,ota,0x15000,8K,
phy_init,data,phy,0x17000,4K,
factory,app,factory,0x20000,1M,
ota_0,app,ota_0,0x120000,1M,
ota_1,app,ota_1,0x220000,1M,
*******************************************************************************
Code: Select all
SECURE_BOOT_KEY_REVOKE0 (BLOCK0) Revoke 1st secure boot key = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE1 (BLOCK0) Revoke 2nd secure boot key = True R/W (0b1)
SECURE_BOOT_KEY_REVOKE2 (BLOCK0) Revoke 3rd secure boot key = True R/W (0b1)
KEY_PURPOSE_0 (BLOCK0) Purpose of Key0 = SECURE_BOOT_DIGEST0 R/- (0x9)
KEY_PURPOSE_1 (BLOCK0) Purpose of Key1 = USER R/W (0x0)
KEY_PURPOSE_2 (BLOCK0) Purpose of Key2 = USER R/W (0x0)
KEY_PURPOSE_3 (BLOCK0) Purpose of Key3 = USER R/W (0x0)
KEY_PURPOSE_4 (BLOCK0) Purpose of Key4 = USER R/W (0x0)
KEY_PURPOSE_5 (BLOCK0) Purpose of Key5 = USER R/W (0x0)
SECURE_BOOT_EN (BLOCK0) Set this bit to enable secure boot = True R/W (0b1)
SECURE_BOOT_AGGRESSIVE_REVOKE (BLOCK0) Set this bit to enable revoking aggressive secure = False R/W (0b0)
boot
DIS_DOWNLOAD_MODE (BLOCK0) Set this bit to disable download mode (boot_mode[3 = False R/W (0b0)
:0] = 0; 1; 2; 3; 6; 7)
ENABLE_SECURITY_DOWNLOAD (BLOCK0) Set this bit to enable secure UART download mode = False R/W (0b0)
SECURE_VERSION (BLOCK0) Secure version (used by ESP-IDF anti-rollback feat = 0 R/W (0x0000)
ure)
BLOCK_KEY0 (BLOCK4)
Purpose: SECURE_BOOT_DIGEST0
Key0 or user data
= 06 ba 0a 9e db 75 aa 02 29 b1 90 ea 47 17 34 2e f5 64 d3 1f bf 30 c0 a4 2c 24 93 64 1f 7c 35 1a R/-
BLOCK_KEY1 (BLOCK5)
Purpose: USER
Key1 or user data
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY2 (BLOCK6)
Purpose: USER
Key2 or user data
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY3 (BLOCK7)
Purpose: USER
Key3 or user data
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY4 (BLOCK8)
Purpose: USER
Key4 or user data
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY5 (BLOCK9)
Purpose: USER
Key5 or user data
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
Code: Select all
I (103940) secure_boot_v2: Take trusted digest key(s) from eFuse block(s)Code: Select all
I (0) cpu_start: App cpu up.
I (276) cpu_start: Pro cpu start user code
I (276) cpu_start: cpu freq: 160000000 Hz
I (276) cpu_start: Application information:
I (279) cpu_start: Project name: simple_ota
I (284) cpu_start: App version: 1
I (288) cpu_start: Compile time: Jan 15 2024 12:55:43
I (295) cpu_start: ELF file SHA256: e75022a1149faf85...
I (300) cpu_start: ESP-IDF: v5.1.2-dirty
I (306) cpu_start: Min chip rev: v0.0
I (311) cpu_start: Max chip rev: v0.99
I (315) cpu_start: Chip rev: v0.1
I (320) heap_init: Initializing. RAM available for dynamic allocation:
I (327) heap_init: At 3FC9F6D8 len 0004A038 (296 KiB): DRAM
I (334) heap_init: At 3FCE9710 len 00005724 (21 KiB): STACK/DRAM
I (340) heap_init: At 3FCF0000 len 00008000 (32 KiB): DRAM
I (346) heap_init: At 600FE010 len 00001FD8 (7 KiB): RTCRAM
I (354) spi_flash: detected chip: gd
I (357) spi_flash: flash io: dio
I (362) sleep: Configure to isolate all GPIO pins in sleep state
I (368) sleep: Enable automatic switching of GPIO sleep configuration
I (375) app_start: Starting scheduler on CPU0
I (380) app_start: Starting scheduler on CPU1
I (380) main_task: Started on CPU0
I (390) main_task: Calling app_main()
I (390) simple_ota_example: secureBoot enabled!
I (400) simple_ota_example: OTA example app_main start
I (410) pp: pp rom version: e7ae62f
I (410) net80211: net80211 rom version: e7ae62f
I (440) wifi:wifi driver task: 3fca978c, prio:23, stack:6656, core=0
I (440) wifi:wifi firmware version: 91b9630
I (440) wifi:wifi certification version: v7.0
I (440) wifi:config NVS flash: enabled
I (440) wifi:config nano formating: disabled
I (450) wifi:Init data frame dynamic rx buffer num: 32
I (450) wifi:Init static rx mgmt buffer num: 5
I (460) wifi:Init management short buffer num: 32
I (460) wifi:Init dynamic tx buffer num: 32
I (470) wifi:Init static tx FG buffer num: 2
I (470) wifi:Init static rx buffer size: 1600
I (470) wifi:Init static rx buffer num: 10
I (480) wifi:Init dynamic rx buffer num: 32
I (480) wifi_init: rx ba win: 6
I (490) wifi_init: tcpip mbox: 32
I (490) wifi_init: udp mbox: 6
I (490) wifi_init: tcp mbox: 6
I (500) wifi_init: tcp tx win: 5744
I (500) wifi_init: tcp rx win: 5744
I (510) wifi_init: tcp mss: 1440
I (510) wifi_init: WiFi IRAM OP enabled
I (510) wifi_init: WiFi RX IRAM OP enabled
I (570) phy_init: phy_version 620,ec7ec30,Sep 5 2023,13:49:13
W (570) phy_init: failed to load RF calibration data (0x1102), falling back to full calibration
I (610) wifi:mode : sta (60:55:f9:f5:8f:70)
I (610) wifi:enable tsf
I (610) WIFI_LOG: wifi_init_sta finished.
I (620) wifi:new:<8,0>, old:<1,0>, ap:<255,255>, sta:<8,0>, prof:1
I (1110) wifi:state: init -> auth (b0)
I (1120) wifi:state: auth -> assoc (0)
I (1120) wifi:state: assoc -> run (10)
I (1130) wifi:<ba-add>idx:0 (ifx:0, 00:08:52:8b:43:01), tid:0, ssn:0, winSize:64
I (1150) wifi:connected with U+Net4303, aid = 3, channel 8, BW20, bssid = 00:08:52:8b:43:01
I (1150) wifi:security: WPA2-PSK, phy: bgn, rssi: -70
I (1200) wifi:pm start, type: 1
I (1200) wifi:set rx beacon pti, rx_bcn_pti: 0, bcn_timeout: 25000, mt_pti: 0, mt_time: 10000
I (1210) wifi:AP's beacon interval = 102400 us, DTIM period = 5
I (3200) esp_netif_handlers: sta ip: 192.168.219.116, mask: 255.255.255.0, gw: 192.168.219.1
I (3200) WIFI_LOG: got ip:192.168.219.116
I (3200) WIFI_LOG: connected to ap SSID:Myssid password:password
Looking for a new firmware...
I (3220) main_task: Returned from app_main()
I (3380) esp-x509-crt-bundle: Certificate validated
current firmware version (0.7) is lower than the available one (0.8), upgrading...
downloading and installing new firmware (https:${folder_url}/simple_ota.bin)...
I (4300) simple_ota_example: Attempting to download update from https:${folder_url}/simple_ota.bin
I (4310) simple_ota_example: OTA started
I (4850) esp-x509-crt-bundle: Certificate validated
I (5830) simple_ota_example: Connected to server
I (5830) esp_https_ota: Starting OTA...
I (5830) esp_https_ota: Writing to partition subtype 16 at offset 0x120000
I (5840) simple_ota_example: Verifying chip id of new image: 9
I (103800) esp_image: segment 0: paddr=00120020 vaddr=3c0a0020 size=2bc0ch (179212) map
I (103820) esp_image: segment 1: paddr=0014bc34 vaddr=3fc96d00 size=043e4h ( 17380)
I (103830) esp_image: segment 2: paddr=00150020 vaddr=42000020 size=9f464h (652388) map
I (103920) esp_image: segment 3: paddr=001ef48c vaddr=3fc9b0e4 size=002c8h ( 712)
I (103920) esp_image: segment 4: paddr=001ef75c vaddr=40374000 size=12ce4h ( 77028)
I (103930) esp_image: segment 5: paddr=00202448 vaddr=00000000 size=0db88h ( 56200)
I (103940) esp_image: Verifying image signature...
I (103940) secure_boot_v2: Take trusted digest key(s) from eFuse block(s)
Thank you.