I have tested on Qemu before use the real hardware, thank you.
If I understand you right, I should drop this device and take another one.
But can you confirm, the last my reply has the right way of usage?
Which version of SecureBoot should I use for ESP32-WROVER-E
-
- Posts: 25
- Joined: Mon Nov 21, 2022 3:47 pm
-
- Posts: 25
- Joined: Mon Nov 21, 2022 3:47 pm
Re: Which version of SecureBoot should I use for ESP32-WROVER-E
I have read the SecureBoot v2 part of documentation many times. I see that it never uses block 0x0000-0x0FFF for digest as it was with V1. Now the digest of signing key is stored in BLOCK2 and the block 0x0000-0FFF is not used anyway. Right?
-
- Posts: 25
- Joined: Mon Nov 21, 2022 3:47 pm
Re: Which version of SecureBoot should I use for ESP32-WROVER-E
SecureBoot works fine:
But there is signature for V2:
Does possible that the source of this error is the difference of espsecure versions:
Build machine:
Burn machine:
Please, help
Code: Select all
rst:0x3 (SW_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0038,len:13836
ho 0 tail 12 room 4
load:0x40078000,len:23580
load:0x40080400,len:3584
entry 0x40080660
I (56) boot: ESP-IDF v4.4-386-g9b75e5664e 2nd stage bootloader
I (56) boot: compile time 20:08:58
I (56) boot: chip revision: 3
I (61) boot.esp32: SPI Speed : 40MHz
I (66) boot.esp32: SPI Mode : DIO
I (70) boot.esp32: SPI Flash Size : 4MB
I (75) boot: Enabling RNG early entropy source...
I (80) boot: Partition Table:
I (84) boot: ## Label Usage Type ST Offset Length
I (91) boot: 0 phy_init RF data 01 01 0000d000 00001000
I (99) boot: 1 otadata OTA data 01 00 0000e000 00002000
I (106) boot: 2 ota_0 OTA app 00 10 00010000 00180000
I (114) boot: 3 ota_1 OTA app 00 11 00190000 00180000
I (121) boot: 4 nvs WiFi data 01 02 00379000 00004000
I (129) boot: 5 nvs_key NVS keys 01 04 0037d000 00001000
I (136) boot: 6 phones WiFi data 01 02 0037f000 00080000
I (144) boot: 7 phones_key NVS keys 01 04 003ff000 00001000
I (151) boot: End of partition table
I (156) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=22384h (140164) map
I (215) esp_image: segment 1: paddr=000323ac vaddr=3ffbdb60 size=02dd0h ( 11728) load
I (220) esp_image: segment 2: paddr=00035184 vaddr=40080000 size=0ae94h ( 44692) load
I (239) esp_image: segment 3: paddr=00040020 vaddr=400d0020 size=77f40h (491328) map
I (417) esp_image: segment 4: paddr=000b7f68 vaddr=4008ae94 size=04804h ( 18436) load
I (425) esp_image: segment 5: paddr=000bc774 vaddr=50000000 size=00010h ( 16) load
I (425) esp_image: segment 6: paddr=000bc78c vaddr=00000000 size=03844h ( 14404)
I (436) esp_image: Verifying image signature...
I (437) secure_boot_v2: Verifying with RSA-PSS...
I (446) secure_boot_v2: Signature verified successfully!
I (455) boot: Loaded app from partition at offset 0x10000
I (455) secure_boot_v2: enabling secure boot v2...
I (459) efuse: Batch mode of writing fields is enabled
I (465) esp_image: segment 0: paddr=00001020 vaddr=3fff0038 size=0360ch ( 13836)
I (478) esp_image: segment 1: paddr=00004634 vaddr=40078000 size=05c1ch ( 23580)
I (490) esp_image: segment 2: paddr=0000a258 vaddr=40080400 size=00e00h ( 3584)
I (492) esp_image: Verifying image signature...
I (496) secure_boot_v2: Verifying with RSA-PSS...
No signature block magic byte found at signature sector (found 0xaa not 0xe7). Image not V2 signed?
E (509) secure_boot_v2: Secure Boot V2 verification failed.
E (515) esp_image: Secure boot signature verification failed
I (521) esp_image: Calculating simple hash to check for corruption...
W (540) esp_image: image valid, signature bad
E (540) secure_boot_v2: bootloader image appears invalid! error 8194
I (543) efuse: Batch mode of writing fields is cancelled
E (549) boot: Secure Boot v2 failed (8194)
E (554) boot: OTA app partition slot 0 is not bootable
E (559) esp_image: image at 0x190000 has invalid magic byte (nothing flashed here?)
E (568) boot: OTA app partition slot 1 is not bootable
E (574) boot: No bootable app partitions in the partition table
ets Jul 29 2019 12:21:46
Code: Select all
espsecure.py verify_signature --version 2 --keyfile keys/6a74a53c-18ff-4b5a-8be4-aa661a0123c9/signing_key_v2.pem app.clear.bin
espsecure.py v4.1
Signature block 0 is valid (RSA).
Signature block 0 verification successful with keys/6a74a53c-18ff-4b5a-8be4-aa661a0123c9/signing_key_v2.pem (RSA).
Signature block 1 invalid. Skipping.
Signature block 2 invalid. Skipping.
Build machine:
Code: Select all
espsecure.py v3.3-dev
1 signing key(s) found.
Signed 720896 bytes of data from app-unsigned.bin. Signature sector now has 1 signature blocks.
Generated signed binary image app.bin from app-unsigned.bin
Code: Select all
espsecure.py v4.1
...
Who is online
Users browsing this forum: No registered users and 78 guests