ESP download modes
Posted: Mon Sep 13, 2021 6:51 am
Hi,
After enabling several security features of our ESP32-D0WD-V3 (revision 3) ESP32, I have some questions regarding the download modes possibilities of the ESP. We enabled flash encryption and secure boot V2 on our device, while trying to keep the possibility of reflashing it. These are my questions:
Is there a difference between ROM Download Mode and UART Download Mode? If so, what is the difference? Sometimes the former is used, sometimes the latter, sometimes mixed up.
- Related to the previous question, what is the difference between the config options CONFIG_SECURE_UART_ROM_DL_MODE and CONFIG_SECURE_DISABLE_ROM_DL_MODE? Is the latter some kind of option of the former?
- The documentation suggest there are 3 different ways to configure CONFIG_SECURE_UART_ROM_DL_MODE (https://docs.espressif.com/projects/esp ... om-dl-mode). Our subquestions:
Thanks in advance,
gd_code
After enabling several security features of our ESP32-D0WD-V3 (revision 3) ESP32, I have some questions regarding the download modes possibilities of the ESP. We enabled flash encryption and secure boot V2 on our device, while trying to keep the possibility of reflashing it. These are my questions:
Is there a difference between ROM Download Mode and UART Download Mode? If so, what is the difference? Sometimes the former is used, sometimes the latter, sometimes mixed up.
- Related to the previous question, what is the difference between the config options CONFIG_SECURE_UART_ROM_DL_MODE and CONFIG_SECURE_DISABLE_ROM_DL_MODE? Is the latter some kind of option of the former?
- The documentation suggest there are 3 different ways to configure CONFIG_SECURE_UART_ROM_DL_MODE (https://docs.espressif.com/projects/esp ... om-dl-mode). Our subquestions:
- We don't want to permanently disable the download mode because that would prevent us from reflashing the ESP32 while being secured. The docs page (SECURE_INSECURE_ALLOW_DL_MODE) says this option allows "full" UART enabled. What exactly is meant with "full" UART download mode and what is the difference with this "Permanently switch to Secure mode (recommended)" option (SECURE_ENABLE_SECURE_ROM_DL_MODE).
- Concerning the SECURE_ENABLE_SECURE_ROM_DL_MODE option: is it still possible to use the traditional tools like esptool.py and efuse.py etc.? Because it is unclear to us what the docs say about this:
while it is also said thatSecure Download mode is not compatible with the esptool.py flasher stub feature, espefuse.py, read/writing memory or registers, encrypted download, or any other features that interact with unsupported Download Mode commands.
If we can not use the traditional tools (as suggested by the first paragraph), which tools do we use to do these "simple" operations?Secure Download mode limits the use of Download Mode functions to simple flash read, write and erase operations, plus a command to return a summary of currently enabled security features.
- How do we enable the "Permanently switch to Secure mode (recommended)" option? We do not manage to do so. What are the requirements to enable it?
Thanks in advance,
gd_code