Page 1 of 1

Verifying configure_ds.py from --summary output

Posted: Mon Dec 21, 2020 8:41 pm
by askpatrickw
When using configure_ds.py to setup the Digital Signature Peripheral, what is the before and after we should see in configure_ds.py --summary to verify it completed successfully or is ready to be run?

I also would like to know which --summary output matches the --efuse_key_id parameter, because I was running this on a WROVER for the first time and the script said "WARNING: previous ecrypted private key data exists." which was a surprise to me.

Thank you for the assistance!
-Patrick

Re: Verifying configure_ds.py from --summary output

Posted: Tue Dec 22, 2020 4:51 am
by ESP_flying_raijin
Hi Patrick,
The command ` configure_ds.py --summary` prints the summary of the Efuse present on the ESP32-S2 Chip which is connected to the host machine. Before configuring the ESP chip, summary should show that the efuse blocks are empty ( Provided they are not already used for some other purpose). After configuring the chip for using the DS peripheral, the summary should show that the efuse block ID provided at the time of configuration contains the efuse key and the purpose for that block is set to "HMAC_DOWN_DIGITAL_SIGNATURE". For e.g. after executing command " python configure_ds.py --efuse_ke_id 2 (+ other req. info)" when you check the summary then "BLOCK_KEY_2" should contain the HMAC_KEY ( which is also stored in the "esp_ds_data" folder created on host machine ) and its purpose should be "HMAC_DOWN_DIGITAL_SIGNATURE".
As far as the warning that states " previous ecrypted private key data exists." is concerned, it only indicates that a folder named "esp_ds_data" ( result of previous usage of the script) which holds the encrypted_private_key parameters already exists on the host machine. If the script is used again then the previous encrypted private key data that is present on the host machine will be overwritten. The warning does not make any remark about contents of the ESP chip connected at that time. You can override the warning by providing the "--overwrite" option which is mentioned in the warning as well.

Re: Verifying configure_ds.py from --summary output

Posted: Tue Dec 29, 2020 10:56 pm
by askpatrickw
Thank you ESP_flying_raijin for that awesome response.

The error was the main thing that threw me off, as it didn't look like anything was successfully written to my device.
It appears as though you can also get intermittent failures when doing --summary or when writing and the workaround there is to just run it again.

example:

Code: Select all

python configure_ds.py --summary --port /dev/tty.usbmodem01
Connecting...
Traceback (most recent call last):
  File "~/.espressif/python_env/idf4.3_py3.8_env/lib/python3.8/site-packages/serial/serialposix.py", line 493, in read
    buf = os.read(self.fd, size - len(read))
OSError: [Errno 6] Device not configured

Thanks again!

Re: Verifying configure_ds.py from --summary output

Posted: Wed Dec 30, 2020 3:04 am
by ESP_Jan
Hi askpatrickw,

for the Device not configured error take a look at viewtopic.php?t=2595#p12224

Hope this helps.

Jan

Re: Verifying configure_ds.py from --summary output

Posted: Tue Jan 19, 2021 1:25 pm
by ESP_flying_raijin
@askpatrickw,
I have updated the script recently to make it more user friendly. The new changes are available on the master branch of the esp-idf. I understand the error which were present previously might have been difficult to understand. I have tried to remove such errors. Please try the updated script and let me know if you face the same errors. Thank you for trying out the feature.