After I flash the boot loader and the application image, it show in the log:
Code: Select all
ESP-ROM:esp32s3-20210327
Build:Mar 27 2021
rst:0x15 (USB_UART_CHIP_RESET),boot:0x8 (SPI_FAST_FLASH_BOOT)
Saved PC:0x40048d46
invalid header: 0x20a36bad
invalid header: 0x20a36bad
invalid header: 0x20a36bad
invalid header: 0x20a36bad
invalid header: 0x20a36bad
invalid header: 0x20a36bad
invalid header: 0x20a36bad
1, Flash Encryption, follow the official guide: https://docs.espressif.com/projects/esp ... lease-mode.
2, Secure boot v2, follow the official guide: https://docs.espressif.com/projects/esp ... re-boot-v2
3, Erase the flash and build the boot loader with command: idf.py bootloader and flash follow the output result.
4, Flash the remain part of the project with command: idf.py flash
Below is the screenshot with menuconfig: This is the part of sdkconfig content to enable flash encryption and secure boot
Code: Select all
#
# Security features
#
CONFIG_SECURE_SIGNED_ON_BOOT=y
CONFIG_SECURE_SIGNED_ON_UPDATE=y
CONFIG_SECURE_SIGNED_APPS=y
CONFIG_SECURE_BOOT_SUPPORTS_RSA=y
CONFIG_SECURE_TARGET_HAS_SECURE_ROM_DL_MODE=y
CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=y
CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=y
CONFIG_SECURE_BOOT_SIGNING_KEY="sbv2_private.pem"
# CONFIG_SECURE_BOOT_ENABLE_AGGRESSIVE_KEY_REVOKE is not set
# CONFIG_SECURE_BOOT_INSECURE is not set
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_SECURE_FLASH_ENCRYPTION_AES128=y
# CONFIG_SECURE_FLASH_ENCRYPTION_AES256 is not set
# CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT is not set
CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE=y
CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP=y
# CONFIG_SECURE_DISABLE_ROM_DL_MODE is not set
CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE=y
# CONFIG_SECURE_INSECURE_ALLOW_DL_MODE is not set
# end of Security features
Output by the command: esptool.py --chip esp32s3 --no-stub get_security_info
Code: Select all
esptool.py --chip esp32s3 --no-stub get_security_info
esptool.py v3.3.4-dev
Found 2 serial ports
Serial port /dev/cu.usbmodem101
Connecting...
Chip is ESP32-S3 in Secure Download Mode
Enabling default SPI flash mode...
Flags: 0x000006f5 (0b11011110101)
Flash_Crypt_Cnt: 0x0
Key_Purposes: (9, 4, 0, 0, 0, 0, 12)
Chip_ID: 9
Api_Version: 0
Hard resetting via RTS pin...
I does not manual burn any Efuse key, just let it does automatically by the chip. I flash the boot loader first then flash all later. The guide too complex and I have bricked many ESP32 chip before it work, this time occur with the S3 too, QEMU not working with the S3, so I have some esp32s3 to try, but before try the second one, I need some more clear guide.
This also post on the github issue https://github.com/espressif/esp-idf/issues/14172