JTAG and Secure Boot + Flash Encryption
Posted: Sun Mar 22, 2020 9:20 pm
Hi,
after I successfully enabled Secure Boot and Flash Encryption, both in development mode, the JTAG now fails.
IDF Version: 4.0
OpenOCD Version: 20200309
Flashing is done by esptool.py, works.
The debugger tries to connect but fails like this:
After these errors, the debugger seems to be running, but never reaches the app_main breakpoint and cannot be paused.
Seems I am missing something, but what?
As soon as I disable the Secure Boot + Flash Encryption and run it on another PCB, debugging works fine again.
Thanks,
Simon
after I successfully enabled Secure Boot and Flash Encryption, both in development mode, the JTAG now fails.
IDF Version: 4.0
OpenOCD Version: 20200309
Code: Select all
# CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK is not set
CONFIG_SECURE_SIGNED_ON_BOOT=y
CONFIG_SECURE_SIGNED_ON_UPDATE=y
CONFIG_SECURE_SIGNED_APPS=y
CONFIG_SECURE_BOOT_ENABLED=y
# CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH is not set
CONFIG_SECURE_BOOTLOADER_REFLASHABLE=y
CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=y
CONFIG_SECURE_BOOT_SIGNING_KEY="main/key.pem"
CONFIG_SECURE_BOOTLOADER_KEY_ENCODING_256BIT=y
# CONFIG_SECURE_BOOTLOADER_KEY_ENCODING_192BIT is not set
# CONFIG_SECURE_BOOT_INSECURE is not set
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
# CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE is not set
# CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC is not set
CONFIG_SECURE_BOOT_ALLOW_JTAG=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
The debugger tries to connect but fails like this:
Code: Select all
Info : accepting 'gdb' connection on tcp/3333
Info : JTAG tap: esp32.cpu0 tap/device found: 0x120034e5 (mfg: 0x272 (Tensilica), part: 0x2003, ver: 0x1)
Info : JTAG tap: esp32.cpu1 tap/device found: 0x120034e5 (mfg: 0x272 (Tensilica), part: 0x2003, ver: 0x1)
Info : cpu0: Debug controller 0 was reset.
Info : cpu0: Core 0 was reset.
Info : cpu0: Target halted, PC=0x500000CF, debug_reason=00000000
Info : esp32: Core 0 was reset.
Info : esp32: Debug controller 1 was reset.
Info : esp32: Core 1 was reset.
Info : Target halted. CPU0: PC=0x40000400 (active)
Info : Target halted. CPU1: PC=0x40000400
Error: cpu0: Failed to write breakpoint instruction (-4)!
Error: cpu0: Failed to add SW breakpoint!
Error: can't add breakpoint: unknown reason
Error: cpu0: Failed to write breakpoint instruction (-4)!
Error: cpu0: Failed to add SW breakpoint!
Error: can't add breakpoint: unknown reason
Error: cpu0: Failed to write breakpoint instruction (-4)!
Error: cpu0: Failed to add SW breakpoint!
Error: can't add breakpoint: unknown reason
Seems I am missing something, but what?
As soon as I disable the Secure Boot + Flash Encryption and run it on another PCB, debugging works fine again.
Thanks,
Simon