Secure Boot V1 on ESP32 Rev1 OR Rev3

mikecarlos
Posts: 5
Joined: Mon Oct 02, 2023 7:34 pm

Secure Boot V1 on ESP32 Rev1 OR Rev3

Postby mikecarlos » Tue Mar 26, 2024 7:47 pm

Hi,

I have several ESP32 devices, some of them being REV1 and some of them REV3.

For REV3 chips I have implemented secure boot V2 and they are working as expected.

For REV1 chips I have to use Secure boot v1 since it is the only choice. However independent of chips being REV1 or REV3 I could not get secureboot V1 runnig. The devices I tried on are in a bootloop continuously printing
entry 0x40080614
ets Jul 29 2019 12:21:46

rst:0xc (SW_CPU_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:1
load:0x3fff00b8,len:2600
load:0x40078000,len:22352
load:0x40080400,len:3824
0x40080400: _init at ??:?
Steps I followed:

Here is security config:
image_2024-03-26_224155909.png
image_2024-03-26_224155909.png (24.89 KiB) Viewed 1723 times
This is my partition config with offset moved to 0x10000 (same as I did in rev3 chips, secure boot v2)
image_2024-03-26_224229275.png
image_2024-03-26_224229275.png (20.11 KiB) Viewed 1723 times
I test a simple arduino blink to check if the board is fine.

Then

Code: Select all

idf.py fullclean
idf.py bootloader
Last command gives a bootloader command which I copy and paste to flash the bootloader. Also I can see that the key is used for signing.. etc from the logs.

Then without touching the board

Code: Select all

idf.py build flash monitor
Again I see that the binaries are signed looking at the console. The flash completes successfully but as I said the device is in boot loop as I said earlier and never successfully boots.

Further insights:
with command

Code: Select all

espefuse.py --port COM10 summary
I get
image_2024-03-26_224316859.png
image_2024-03-26_224316859.png (34.06 KiB) Viewed 1723 times

with command

Code: Select all

espefuse.py dump -p COM10
I get
Detecting chip type... ESP32
BLOCK0 ( ) [0 ] read_regs: 00020100 1b604b8c 009fe05a 0000a200 00000632 00100000 00000054
BLOCK1 (flash_encryption) [1 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK2 (secure_boot_v1 s) [2 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
BLOCK3 ( ) [3 ] read_regs: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

EFUSE_REG_DEC_STATUS 0x00000000
The exact same happens with REV1 as well although here it is a REV3 chip.

CAn you please help?

ESP_harshal
Posts: 24
Joined: Wed Jul 06, 2022 8:36 am

Re: Secure Boot V1 on ESP32 Rev1 OR Rev3

Postby ESP_harshal » Wed Mar 27, 2024 7:10 am

Hello @mikecarlos,

The steps that you have followed are correct and even I tried them out at my end and the device boots correctly.
But I am not sure why the bootloader does not boot up in your case. Could you share your sdkconfig file to help me to reproduce the issue?

mikecarlos
Posts: 5
Joined: Mon Oct 02, 2023 7:34 pm

Re: Secure Boot V1 on ESP32 Rev1 OR Rev3

Postby mikecarlos » Wed Mar 27, 2024 1:37 pm

Hi ESP_harshal,

Thanks for your response. Attached
hello_world_sbv1.zip
(25.6 KiB) Downloaded 159 times
is a copy of esp-idf hello_world exmaple with my sdkconfig.

It also includes :
my custom partition file "nvs.csv"
and a dummy key I generated for test

Doing the same procedure again I got a device stuck at bootloop. The device is a ESP devkit module. Further commands I used and responses are in info.txt attached
info.txt
(3.05 KiB) Downloaded 177 times
Thanks for your help

mikecarlos
Posts: 5
Joined: Mon Oct 02, 2023 7:34 pm

Re: Secure Boot V1 on ESP32 Rev1 OR Rev3

Postby mikecarlos » Mon Apr 01, 2024 6:03 pm

Anyone able to try?

Who is online

Users browsing this forum: Gaston1980, Google [Bot] and 128 guests