When using configure_ds.py to setup the Digital Signature Peripheral, what is the before and after we should see in configure_ds.py --summary to verify it completed successfully or is ready to be run?
I also would like to know which --summary output matches the --efuse_key_id parameter, because I was running this on a WROVER for the first time and the script said "WARNING: previous ecrypted private key data exists." which was a surprise to me.
Thank you for the assistance!
-Patrick
Verifying configure_ds.py from --summary output
-
- Posts: 19
- Joined: Tue Jun 30, 2020 12:32 am
-
- Posts: 25
- Joined: Tue Aug 13, 2019 2:03 pm
Re: Verifying configure_ds.py from --summary output
Hi Patrick,
The command ` configure_ds.py --summary` prints the summary of the Efuse present on the ESP32-S2 Chip which is connected to the host machine. Before configuring the ESP chip, summary should show that the efuse blocks are empty ( Provided they are not already used for some other purpose). After configuring the chip for using the DS peripheral, the summary should show that the efuse block ID provided at the time of configuration contains the efuse key and the purpose for that block is set to "HMAC_DOWN_DIGITAL_SIGNATURE". For e.g. after executing command " python configure_ds.py --efuse_ke_id 2 (+ other req. info)" when you check the summary then "BLOCK_KEY_2" should contain the HMAC_KEY ( which is also stored in the "esp_ds_data" folder created on host machine ) and its purpose should be "HMAC_DOWN_DIGITAL_SIGNATURE".
As far as the warning that states " previous ecrypted private key data exists." is concerned, it only indicates that a folder named "esp_ds_data" ( result of previous usage of the script) which holds the encrypted_private_key parameters already exists on the host machine. If the script is used again then the previous encrypted private key data that is present on the host machine will be overwritten. The warning does not make any remark about contents of the ESP chip connected at that time. You can override the warning by providing the "--overwrite" option which is mentioned in the warning as well.
The command ` configure_ds.py --summary` prints the summary of the Efuse present on the ESP32-S2 Chip which is connected to the host machine. Before configuring the ESP chip, summary should show that the efuse blocks are empty ( Provided they are not already used for some other purpose). After configuring the chip for using the DS peripheral, the summary should show that the efuse block ID provided at the time of configuration contains the efuse key and the purpose for that block is set to "HMAC_DOWN_DIGITAL_SIGNATURE". For e.g. after executing command " python configure_ds.py --efuse_ke_id 2 (+ other req. info)" when you check the summary then "BLOCK_KEY_2" should contain the HMAC_KEY ( which is also stored in the "esp_ds_data" folder created on host machine ) and its purpose should be "HMAC_DOWN_DIGITAL_SIGNATURE".
As far as the warning that states " previous ecrypted private key data exists." is concerned, it only indicates that a folder named "esp_ds_data" ( result of previous usage of the script) which holds the encrypted_private_key parameters already exists on the host machine. If the script is used again then the previous encrypted private key data that is present on the host machine will be overwritten. The warning does not make any remark about contents of the ESP chip connected at that time. You can override the warning by providing the "--overwrite" option which is mentioned in the warning as well.
-
- Posts: 19
- Joined: Tue Jun 30, 2020 12:32 am
Re: Verifying configure_ds.py from --summary output
Thank you ESP_flying_raijin for that awesome response.
The error was the main thing that threw me off, as it didn't look like anything was successfully written to my device.
It appears as though you can also get intermittent failures when doing --summary or when writing and the workaround there is to just run it again.
example:
Thanks again!
The error was the main thing that threw me off, as it didn't look like anything was successfully written to my device.
It appears as though you can also get intermittent failures when doing --summary or when writing and the workaround there is to just run it again.
example:
Code: Select all
python configure_ds.py --summary --port /dev/tty.usbmodem01
Connecting...
Traceback (most recent call last):
File "~/.espressif/python_env/idf4.3_py3.8_env/lib/python3.8/site-packages/serial/serialposix.py", line 493, in read
buf = os.read(self.fd, size - len(read))
OSError: [Errno 6] Device not configured
Thanks again!
Re: Verifying configure_ds.py from --summary output
Hi askpatrickw,
for the Device not configured error take a look at viewtopic.php?t=2595#p12224
Hope this helps.
Jan
for the Device not configured error take a look at viewtopic.php?t=2595#p12224
Hope this helps.
Jan
-
- Posts: 25
- Joined: Tue Aug 13, 2019 2:03 pm
Re: Verifying configure_ds.py from --summary output
@askpatrickw,
I have updated the script recently to make it more user friendly. The new changes are available on the master branch of the esp-idf. I understand the error which were present previously might have been difficult to understand. I have tried to remove such errors. Please try the updated script and let me know if you face the same errors. Thank you for trying out the feature.
I have updated the script recently to make it more user friendly. The new changes are available on the master branch of the esp-idf. I understand the error which were present previously might have been difficult to understand. I have tried to remove such errors. Please try the updated script and let me know if you face the same errors. Thank you for trying out the feature.
Who is online
Users browsing this forum: No registered users and 464 guests