[Solved] Secure boot signature verification failed

RuslanPopov
Posts: 25
Joined: Mon Nov 21, 2022 3:47 pm

[Solved] Secure boot signature verification failed

Postby RuslanPopov » Tue Feb 21, 2023 10:19 pm

ESP32 REV3 with SecureBoot v2 and FlashEncryption + preencrypted OTA over MQTT + 729600 bytes of application

I have built an application using CICD (docker espressif/idf:v4.4.4) and then manually sign the image with RSA 3072 key and encrypt it with custom RSA key. I can download the result image on my notebook, decrypt it and verify the signature of application. There are no errors.

Also, I can build the application (using the same keys above) on the notebook and burn the image to device's flash. It work fine and passes all checks.

But if I pass this image over OTA I get:

Code: Select all

D (972204) OTA: Written image length 729088
D (972204) esp_image: reading image header @ 0x1c0000
D (972204) esp_image: image header: 0xe9 0x07 0x02 0x02 40081560
I (972204) esp_image: segment 0: paddr=001c0020 vaddr=3f400020 size=25548h (152904) map
D (972214) esp_image: free data page_count 0x0000003d
I (972264) esp_image: segment 1: paddr=001e5570 vaddr=3ffbdb60 size=02e08h ( 11784)
D (972264) esp_image: free data page_count 0x0000003d
I (972274) esp_image: segment 2: paddr=001e8380 vaddr=40080000 size=07c98h ( 31896)
D (972274) esp_image: free data page_count 0x0000003d
I (972294) esp_image: segment 3: paddr=001f0020 vaddr=400d0020 size=75918h (481560) map
D (972294) esp_image: free data page_count 0x0000003d
I (972444) esp_image: segment 4: paddr=00265940 vaddr=40087c98 size=087e0h ( 34784)
D (972444) esp_image: free data page_count 0x0000003d
I (972454) esp_image: segment 5: paddr=0026e128 vaddr=50000000 size=00010h (    16)
D (972454) esp_image: free data page_count 0x0000003d
I (972464) esp_image: segment 6: paddr=0026e140 vaddr=00000000 size=01e90h (  7824)
D (972474) esp_image: free data page_count 0x0000003d
I (972484) esp_image: Verifying image signature...
I (972484) secure_boot_v2: Take trusted digest key(s) from eFuse block(s)
E (972494) esp_image: Secure boot signature verification failed
I (972494) esp_image: Calculating simple hash to check for corruption...
W (972684) esp_image: image valid, signature bad
I have checked the signature block in editor, it looks ok:

Code: Select all

V (16322509) OTA: e7 02 00 00 94 7e ff eb 11 bf ae e0 0b 88 9f 3c
V (16322509) OTA: 44 71 5d 71 29 c1 5d 90 a4 40 9a 44 c8 ff 19 4a
V (16322519) OTA: 5a d4 7c 14 bf 92 10 a4 c6 aa 83 5a 6d 88 0d 1c
V (16322519) OTA: 11 f0 8b 02 b0 de 5d 8a 6e 00 10 74 de b4 98 98
V (16322529) OTA: d1 4c f4 25 33 18 be 62 01 48 dd eb 10 2c 4a f5
V (16322539) OTA: 56 9c 29 0c 9c e2 9c d4 22 ee a6 be 5e 88 ab 2f
V (16322539) OTA: be 46 5c bb 2e 21 3d 52 1c 73 6a dc 52 7a 45 6b
V (16322549) OTA: ea c6 6e 74 3d 44 1b 47 de e3 9d fd fa d9 e5 45
V (16322559) OTA: 67 eb 1d 0f a8 29 59 9f bd 36 ee 10 fd 8c 61 77
V (16322559) OTA: 9e a8 da b2 91 89 df 0f b2 3e aa ab c6 52 f8 27
V (16322569) OTA: d6 66 08 a3 ad 81 a6 a0 64 65 5b 77 e5 81 44 78
V (16322569) OTA: 7c 4f 9b be ee 47 07 af a8 ed b0 f4 bf 72 f1 69
V (16322579) OTA: 0a 38 cf d3 04 e1 48 01 d4 b4 d7 6f db 28 09 95
V (16322589) OTA: 81 2b 82 90 90 b5 18 d6 ec 61 1a fb 25 b8 d7 15
V (16322589) OTA: 20 79 ce f5 17 26 1f 24 ed 99 54 fb 41 93 38 1c
V (16322599) OTA: 35 a4 83 4f f1 44 1e c8 88 72 90 a9 e4 26 d4 b9
V (16322609) OTA: cc c3 6c 69 7e ae fd 71 a3 c2 aa 25 56 fd 77 31
V (16322609) OTA: b7 de f4 77 42 91 72 ba 71 0b 91 05 d8 ee 03 23
V (16322619) OTA: 32 af ee fc 65 9f 50 04 34 39 70 d5 be d3 06 43
V (16322619) OTA: 3a 26 57 33 3a b2 88 2c b4 39 ef 5c e3 6d 08 34
V (16322629) OTA: 8a 2d c3 5b 81 27 38 b0 71 92 a3 78 59 27 87 03
V (16322639) OTA: ca b6 5c a2 55 d2 da b5 65 73 ff 4a e2 98 a1 28
V (16322639) OTA: 1e 76 95 4b 48 31 e3 8c 0c 43 c0 0d 01 3a b7 31
V (16322649) OTA: f6 71 7f fa 69 05 66 15 cf 18 fd 80 2c 66 86 80
V (16322659) OTA: bb 87 62 e2 6c 73 04 de f4 6b 8e 07 49 be 8f 10
V (16322659) OTA: 75 74 76 ae 98 2d b5 9d 3e da 66 2f 87 fd a2 64
V (16322669) OTA: b4 48 3f b1 01 00 01 00 36 78 d8 e4 29 7b bc a7
V (16322669) OTA: 09 7e 67 ae 3b 52 39 90 f0 8a 20 0e bf d3 80 95
V (16322679) OTA: 63 9f df d2 27 0b 36 bb 44 f6 49 22 8d 94 78 73
V (16322689) OTA: 04 ab cd 9d f5 e7 34 aa e9 4d 21 2d c8 8c 5d 46
V (16322689) OTA: b4 e4 6a 32 a7 49 fc 7c 52 aa 87 30 43 19 06 27
V (16322699) OTA: 3f e4 9a 1d 38 26 88 69 da ce c8 86 e0 e4 ee 7b
V (16323209) OTA: b0 3e d9 29 d4 f5 8f 51 1a 89 f9 fb b9 41 37 db
V (16323209) OTA: df 0e 13 6c 7c 12 f8 4a a5 50 a5 24 3c 96 43 85
V (16323219) OTA: 3e 62 10 b0 4d 2e 77 61 d2 7d 60 37 0d 1f 21 d3
V (16323229) OTA: e5 cb e1 f2 03 ea a8 e6 6e 1a b7 3c 89 15 fa 43
V (16323229) OTA: d9 49 c3 e8 65 b5 6f dd 92 6a 84 c8 db 55 1b b9
V (16323239) OTA: ce 32 c3 92 e1 44 ad 58 46 1c d5 37 7b 17 65 fe
V (16323249) OTA: 17 33 5e 67 80 b3 98 92 b1 31 d3 c3 dc 49 14 45
V (16323249) OTA: 24 9e c8 ba 24 a1 4e ea 1a 82 fc 65 87 0d c7 61
V (16323259) OTA: c2 44 e7 eb 47 87 12 4c 5d c3 2e dc d4 87 33 d0
V (16323259) OTA: e8 92 ad 1c e9 50 e0 ac 04 ed 32 64 d0 2f b0 43
V (16323269) OTA: e4 68 72 d1 f6 e2 2c c6 16 02 70 1c b3 02 94 d1
V (16323279) OTA: a0 f7 6f 82 51 0d bb e7 bd 17 10 e4 ce c4 45 6d
V (16323279) OTA: 46 15 91 43 67 c6 12 15 4b 94 8f 12 2e 95 3e 59
V (16323289) OTA: 6f b3 ce 2b 71 a4 71 13 9c 1d 94 97 47 ca 54 3a
V (16323299) OTA: 53 fe 00 92 6a 38 fd 1b 20 d3 ef 15 54 86 e2 81
V (16323299) OTA: ed 04 c2 1b 9b fb b7 0a 21 ad 94 f3 ac 9d ed 6d
V (16323309) OTA: 0c 15 56 4a 44 16 bc 64 da d3 34 ad bb ac 73 d6
V (16323309) OTA: b1 da b7 eb 06 17 e5 d8 42 e9 1b 4b 51 34 cd e6
V (16323319) OTA: ff 10 2c 2a dd af b9 01 c1 22 fc 58 ea 13 55 1c
V (16323329) OTA: f5 f3 d5 91 15 bb a2 88 cb fa 0a b4 71 b3 33 1f
V (16323329) OTA: 6b fc 3a dc ba cd 31 a8 5a 47 dc 1d ea 5f 8a ae
V (16323339) OTA: 2a d1 57 27 c9 f0 17 e4 a6 d7 c8 ef 88 e3 1a 98
V (16323349) OTA: b5 0c 51 20 f4 01 b5 b6 ff e7 64 ae c8 64 0a 97
V (16323349) OTA: 0c a3 8f 6d 01 28 a9 32 01 69 2f e8 51 13 eb 18
V (16323359) OTA: 41 43 1b 17 9d 00 55 37 9f 94 7e 6a 01 8c e5 e5
V (16323359) OTA: 2b 5b eb f3 f3 ad 83 88 08 6f e1 95 b8 9a 53 95
V (16323369) OTA: c6 3e 4b aa 42 4a 15 b5 b8 ac 5f 4f be 6a 23 3f
V (16323379) OTA: 8b 5f fb 60 86 12 ed 4b b3 97 b3 3b 31 ac b2 16
V (16323379) OTA: 10 75 27 95 59 c1 ad 0e 41 c1 a0 41 b6 b7 a9 b6
V (16323389) OTA: f8 da 20 50 7d a4 fa e2 d1 2c 97 f6 bf 9a 68 a5
V (16323399) OTA: 5c 8d 69 38 25 25 dc 1b f3 10 23 0a b6 8a df db
V (16323399) OTA: 71 18 14 e9 0c 8f f2 80 0d f4 b9 a5 89 7a 5c 47
V (16323409) OTA: fd 1f ad ef f7 5d bf 7d 37 72 ec 6d 3a ee 0d de
V (16323409) OTA: 34 38 b9 98 f8 dc 3c 33 fb 84 dc 39 f9 77 22 1c
V (16323419) OTA: 11 67 54 73 6e d4 df 54 4a 3e c7 cf fc f0 f3 50
V (16323429) OTA: 18 bc 58 97 6e c8 d8 8b 1b d2 df 5d 54 30 18 d8
V (16323429) OTA: ff 89 bb d6 d9 92 ae 64 94 2b 44 64 cf 05 7b ce
V (16323439) OTA: 84 7b 04 2e e5 6e 39 ea 0b fb c5 c5 1e 34 00 12
V (16323449) OTA: 97 16 63 9d 73 b7 06 09 44 04 b2 e4 76 a3 22 b9
V (16323449) OTA: b0 6e b1 85 92 2d c9 6c 18 9a f9 51 88 76 25 9f
V (16323459) OTA: 97 36 bb 1e de ef 2f e7 95 df f9 4f f0 9c f7 5d
V (16323459) OTA: d1 c4 34 47 4f 85 4c 46 ed e9 9b cc 62 0e ab 02
V (16323469) OTA: c3 79 1e 9c 3b 20 4c 50 5e 1d 64 4c 4b 9e 87 65
V (16323479) OTA: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I have all keys and can directly burn the image and it works well. But I don't understand how to check the signature issues. Can somebody help me with this issue? Or does it possible to disable signature checks temporarily?

Also, the following happens:
  • OTA slot 0 is current, OTA writes on slot 1 and failed with bad signature
  • I manually burn the image on slot 0 and trying to start, bootloader shows the following error and BOOTS from slot 1 without any errors!!!

Code: Select all

I (440) secure_boot_v2: Verifying with RSA-PSS...
Sig block 0 signed with untrusted key
E (448) secure_boot_v2: Secure Boot V2 verification failed.
E (454) esp_image: Secure boot signature verification failed
I (461) esp_image: Calculating simple hash to check for corruption...
W (674) esp_image: image valid, signature bad
E (674) boot: OTA app partition slot 0 is not bootable
I (674) esp_image: segment 0: paddr=001c0020 vaddr=3f400020 size=27710h (161552) map
I (742) esp_image: segment 1: paddr=001e7738 vaddr=3ffbdb60 size=049f4h ( 18932) load
I (750) esp_image: segment 2: paddr=001ec134 vaddr=40080000 size=03ee4h ( 16100) load
I (757) esp_image: segment 3: paddr=001f0020 vaddr=400d0020 size=9b694h (636564) map
I (996) esp_image: segment 4: paddr=0028b6bc vaddr=40083ee4 size=14358h ( 82776) load
I (1031) esp_image: segment 5: paddr=0029fa1c vaddr=00000000 size=005b4h (  1460)
I (1032) esp_image: Verifying image signature...
I (1033) secure_boot_v2: Verifying with RSA-PSS...
I (1043) secure_boot_v2: Signature verified successfully!
I (1057) boot: Loaded app from partition at offset 0x1c0000
I (1057) secure_boot_v2: enabling secure boot v2...
I (1059) secure_boot_v2: secure boot v2 is already enabled, continuing..
I (1066) boot: Checking flash encryption...
I (1071) flash_encrypt: flash encryption is enabled (3 plaintext flashes left)

dmitrij999
Posts: 71
Joined: Sat Mar 02, 2019 8:06 pm

Re: Secure boot signature verification failed

Postby dmitrij999 » Tue Feb 21, 2023 10:29 pm

Which tool you use to verify the image on host?
espsecure.py could help you to verify the image
See here

You might need to reproduce the process using the host encryption key+private signing key

ESP_Mahavir
Posts: 190
Joined: Wed Jan 24, 2018 6:51 am

Re: Secure boot signature verification failed

Postby ESP_Mahavir » Wed Feb 22, 2023 3:01 am

Hello,

- Can you please share the instructions you used to sign and encrypt the firmware binary?
- Can you please share the EFuse summary on the device? `espefuse.py --chip esp32 summary`

RuslanPopov
Posts: 25
Joined: Mon Nov 21, 2022 3:47 pm

Re: Secure boot signature verification failed

Postby RuslanPopov » Wed Feb 22, 2023 7:09 am

dmitrij999 wrote:
Tue Feb 21, 2023 10:29 pm
Which tool you use to verify the image on host?
espsecure.py could help you to verify the image
See here

You might need to reproduce the process using the host encryption key+private signing key
As I wrote above I use the standard tool for signature verification:

Code: Select all

      - espsecure.py sign_data
          ../application.v`cat promote_version_app.txt`.bin
          --version `cat promote_version_sb.txt`
          --keyfile promote_signing_key.pem
      - espsecure.py verify_signature
          ../application.v`cat promote_version_app.txt`.bin
          --version `cat promote_version_sb.txt`
          --keyfile promote_signing_key.pem
      - pipenv run python ../idf-extra-components/esp_encrypted_img/tools/esp_enc_img_gen.py
          encrypt
          ../application.v`cat promote_version_app.txt`.bin
          promote_application_key.pem
          ../`cat promote_device_id.txt`.v`cat promote_version_app.txt`.rsa.bin
There are no problem with signature verification on the host.

dmitrij999
Posts: 71
Joined: Sat Mar 02, 2019 8:06 pm

Re: Secure boot signature verification failed

Postby dmitrij999 » Wed Feb 22, 2023 7:14 am

If you plan to use SecureBoot v2, you need to tell espsecure.py that you use SecureBoot v2 explicitly

Code: Select all

python espsecure.py verify_signature --version 2 ...
As well, it might help you in case of signing images
Last edited by dmitrij999 on Wed Feb 22, 2023 7:17 am, edited 1 time in total.

RuslanPopov
Posts: 25
Joined: Mon Nov 21, 2022 3:47 pm

Re: Secure boot signature verification failed

Postby RuslanPopov » Wed Feb 22, 2023 7:17 am

ESP_Mahavir wrote:
Wed Feb 22, 2023 3:01 am
Hello,

- Can you please share the instructions you used to sign and encrypt the firmware binary?
- Can you please share the EFuse summary on the device? `espefuse.py --chip esp32 summary`
Sure!

Signature and its verification (works well on CICD and host):

Code: Select all

espsecure.py sign_data --version 2 --keyfile promote_signing_key.pem -- ../application.v0.5.28.bin

espsecure.py v4.5
1 signing key(s) found.
Signed 724992 bytes of data from ../application.v0.5.28.bin. Signature sector now has 1 signature blocks.

espsecure.py verify_signature --version 2 --keyfile promote_signing_key.pem -- ../application.v0.5.28.bin

espsecure.py v4.5
Signature block 0 is valid (RSA).
Signature block 0 verification successful using the supplied key (RSA).
Signature block 1 invalid. Skipping.
Signature block 2 invalid. Skipping.

pipenv run python ../idf-extra-components/esp_encrypted_img/tools/esp_enc_img_gen.py encrypt ../application.v0.5.28.bin promote_application_key.pem ../6a74a53c-18ff-4b5a-8be4-aa661a0123c9.v0.5.28.rsa.bin

Encrypting image ...
Done
eFuse summary here:

Code: Select all

espefuse.py summary --baud=115200 --port=/dev/ttyACM0 --chip esp32
Connecting.............................
espefuse.py v4.1

=== Run "summary" command ===
EFUSE_NAME (Block) Description  = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Calibration fuses:
BLK3_PART_RESERVE (BLOCK0):                        BLOCK3 partially served for ADC calibration data   = False R/W (0b0)
ADC_VREF (BLOCK0):                                 Voltage reference calibration                      = 1079 R/- (0b10011)

Config fuses:
XPD_SDIO_FORCE (BLOCK0):                           Ignore MTDI pin (GPIO12) for VDD_SDIO on reset     = False R/W (0b0)
XPD_SDIO_REG (BLOCK0):                             If XPD_SDIO_FORCE, enable VDD_SDIO reg on reset    = False R/W (0b0)
XPD_SDIO_TIEH (BLOCK0):                            If XPD_SDIO_FORCE & XPD_SDIO_REG                   = 1.8V R/W (0b0)
CLK8M_FREQ (BLOCK0):                               8MHz clock freq override                           = 55 R/W (0x37)
SPI_PAD_CONFIG_CLK (BLOCK0):                       Override SD_CLK pad (GPIO6/SPICLK)                 = 0 R/W (0b00000)
SPI_PAD_CONFIG_Q (BLOCK0):                         Override SD_DATA_0 pad (GPIO7/SPIQ)                = 0 R/W (0b00000)
SPI_PAD_CONFIG_D (BLOCK0):                         Override SD_DATA_1 pad (GPIO8/SPID)                = 0 R/W (0b00000)
SPI_PAD_CONFIG_HD (BLOCK0):                        Override SD_DATA_2 pad (GPIO9/SPIHD)               = 0 R/W (0b00000)
SPI_PAD_CONFIG_CS0 (BLOCK0):                       Override SD_CMD pad (GPIO11/SPICS0)                = 0 R/W (0b00000)
DISABLE_SDIO_HOST (BLOCK0):                        Disable SDIO host                                  = False R/W (0b0)

Efuse fuses:
WR_DIS (BLOCK0):                                   Efuse write disable mask                           = 385 R/W (0x0181)
RD_DIS (BLOCK0):                                   Efuse read disable mask                            = 1 R/- (0x1)
CODING_SCHEME (BLOCK0):                            Efuse variable block length scheme
   = NONE (BLK1-3 len=256 bits) R/W (0b00)
KEY_STATUS (BLOCK0):                               Usage of efuse block 3 (reserved)                  = False R/W (0b0)

Identity fuses:
MAC (BLOCK0):                                      Factory MAC Address
   = 34:94:54:bf:80:b8 (CRC 0x73 OK) R/W
MAC_CRC (BLOCK0):                                  CRC8 for factory MAC address                       = 115 R/W (0x73)
CHIP_VER_REV1 (BLOCK0):                            Silicon Revision 1                                 = True R/W (0b1)
CHIP_VER_REV2 (BLOCK0):                            Silicon Revision 2                                 = True R/W (0b1)
CHIP_VERSION (BLOCK0):                             Reserved for future chip versions                  = 2 R/W (0b10)
CHIP_PACKAGE (BLOCK0):                             Chip package identifier                            = 1 R/W (0b001)
CHIP_PACKAGE_4BIT (BLOCK0):                        Chip package identifier #4bit                      = False R/W (0b0)
MAC_VERSION (BLOCK3):                              Version of the MAC field                           = 0 R/W (0x00)

Security fuses:
FLASH_CRYPT_CNT (BLOCK0):                          Flash encryption mode counter                      = 1 R/W (0b0000001)
UART_DOWNLOAD_DIS (BLOCK0):                        Disable UART download mode (ESP32 rev3 only)       = False R/W (0b0)
FLASH_CRYPT_CONFIG (BLOCK0):                       Flash encryption config (key tweak bits)           = 15 R/W (0xf)
CONSOLE_DEBUG_DISABLE (BLOCK0):                    Disable ROM BASIC interpreter fallback             = True R/W (0b1)
ABS_DONE_0 (BLOCK0):                               Secure boot V1 is enabled for bootloader image     = False R/W (0b0)
ABS_DONE_1 (BLOCK0):                               Secure boot V2 is enabled for bootloader image     = True R/W (0b1)
JTAG_DISABLE (BLOCK0):                             Disable JTAG                                       = True R/W (0b1)
DISABLE_DL_ENCRYPT (BLOCK0):                       Disable flash encryption in UART bootloader        = False R/W (0b0)
DISABLE_DL_DECRYPT (BLOCK0):                       Disable flash decryption in UART bootloader        = True R/W (0b1)
DISABLE_DL_CACHE (BLOCK0):                         Disable flash cache in UART bootloader             = True R/W (0b1)
BLOCK1 (BLOCK1):                                   Flash encryption key
   = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLOCK2 (BLOCK2):                                   Secure boot key
   = 5b 62 18 a7 d5 b1 60 b4 5f e0 bd d8 fa ee f5 c8 43 54 11 b0 79 2a c1 05 3c 84 2c 9a 19 a4 ce e8 R/-
BLOCK3 (BLOCK3):                                   Variable Block 3
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Flash voltage (VDD_SDIO) determined by GPIO12 on reset

RuslanPopov
Posts: 25
Joined: Mon Nov 21, 2022 3:47 pm

Re: Secure boot signature verification failed

Postby RuslanPopov » Wed Feb 22, 2023 7:18 am

dmitrij999 wrote:
Wed Feb 22, 2023 7:14 am
If you plan to use SecureBoot v2, you need to tell espsecure.py that you use SecureBoot v2 explicitly

Code: Select all

python espsecure.py verify_signature --version 2 ...
As well, it might help you in case of signing images
I use second version of SecureBoot explicitly.

RuslanPopov
Posts: 25
Joined: Mon Nov 21, 2022 3:47 pm

Re: Secure boot signature verification failed

Postby RuslanPopov » Wed Feb 22, 2023 7:20 am

dmitrij999 wrote:
Tue Feb 21, 2023 10:29 pm
Which tool you use to verify the image on host?
espsecure.py could help you to verify the image
See here

You might need to reproduce the process using the host encryption key+private signing key
Decrypting on the host:

Code: Select all

pipenv run python ../esp32/tmp/idf-extra-components/esp_encrypted_img/tools/esp_enc_img_gen.py decrypt ../esp32/6a74a53c-18ff-4b5a-8be4-aa661a0123c9.v0.5.28.rsa.bin ../esp32/keys/6a74a53c-18ff-4b5a-8be4-aa661a0123c9/rsa_3072.pem ../esp32/6a74a53c-18ff-4b5a-8be4-aa661a0123c9.v0.5.28.bin
Loading .env environment variables...
Decrypting image ...
Magic verified successfully
Done

RuslanPopov
Posts: 25
Joined: Mon Nov 21, 2022 3:47 pm

Re: Secure boot signature verification failed

Postby RuslanPopov » Wed Feb 22, 2023 12:27 pm

Hmm, I did a hack:
  • Build the application on the notebook with applying signature during build process.
  • Run OTA with breakpoint on obtaining application.
  • Upload the builded and signed (by notebook) application to OTA server.
  • Begin the OTA process
And the final was:

Code: Select all

D (892411) OTA: Written image length 921600 (921088+512), downloaded 922112

D (892411) esp_image: reading image header @ 0x1c0000
D (892411) esp_image: image header: 0xe9 0x06 0x02 0x02 40081410
V (892421) esp_image: loading segment header 0 at offset 0x1c0018
V (892421) esp_image: segment data length 0x276a8 data starts 0x1c0020
V (892431) esp_image: segment 0 map_segment 1 segment_data_offs 0x1c0020 load_addr 0x3f400020
I (892441) esp_image: segment 0: paddr=001c0020 vaddr=3f400020 size=276a8h (161448) map
D (892451) esp_image: free data page_count 0x0000003d
V (892501) esp_image: loading segment header 1 at offset 0x1e76c8
V (892501) esp_image: segment data length 0x49f4 data starts 0x1e76d0
V (892501) esp_image: segment 1 map_segment 0 segment_data_offs 0x1e76d0 load_addr 0x3ffbdb60
I (892511) esp_image: segment 1: paddr=001e76d0 vaddr=3ffbdb60 size=049f4h ( 18932)
D (892521) esp_image: free data page_count 0x0000003d
V (892531) esp_image: loading segment header 2 at offset 0x1ec0c4
V (892531) esp_image: segment data length 0x3f4c data starts 0x1ec0cc
V (892541) esp_image: segment 2 map_segment 0 segment_data_offs 0x1ec0cc load_addr 0x40080000
I (892551) esp_image: segment 2: paddr=001ec0cc vaddr=40080000 size=03f4ch ( 16204)
D (892561) esp_image: free data page_count 0x0000003d
V (892571) esp_image: loading segment header 3 at offset 0x1f0018
V (892571) esp_image: segment data length 0x9b66c data starts 0x1f0020
V (892571) esp_image: segment 3 map_segment 1 segment_data_offs 0x1f0020 load_addr 0x400d0020
I (892581) esp_image: segment 3: paddr=001f0020 vaddr=400d0020 size=9b66ch (636524) map
D (892591) esp_image: free data page_count 0x0000003d
V (892781) esp_image: loading segment header 4 at offset 0x28b68c
V (892791) esp_image: segment data length 0x142f0 data starts 0x28b694
V (892791) esp_image: segment 4 map_segment 0 segment_data_offs 0x28b694 load_addr 0x40083f4c
I (892801) esp_image: segment 4: paddr=0028b694 vaddr=40083f4c size=142f0h ( 82672)
D (892801) esp_image: free data page_count 0x0000003d
V (892831) esp_image: loading segment header 5 at offset 0x29f984
V (892841) esp_image: segment data length 0x644 data starts 0x29f98c
V (892841) esp_image: segment 5 map_segment 0 segment_data_offs 0x29f98c load_addr 0x0
I (892841) esp_image: segment 5: paddr=0029f98c vaddr=00000000 size=00644h (  1604)
D (892851) esp_image: free data page_count 0x0000003d
V (892861) esp_image: image start 0x001c0000 end of last section 0x0029ffd0
I (892871) esp_image: Verifying image signature...
I (892871) secure_boot_v2: Take trusted digest key(s) from eFuse block(s)
I (892881) secure_boot_v2: #0 app key digest == #0 trusted key digest
I (892881) secure_boot_v2: Verifying with RSA-PSS...
I (892941) secure_boot_v2: Signature verified successfully!

D (892941) esp_image: reading image header @ 0x1c0000
D (892941) esp_image: image header: 0xe9 0x06 0x02 0x02 40081410
V (892951) esp_image: loading segment header 0 at offset 0x1c0018
V (892951) esp_image: segment data length 0x276a8 data starts 0x1c0020
V (892961) esp_image: segment 0 map_segment 1 segment_data_offs 0x1c0020 load_addr 0x3f400020
I (892971) esp_image: segment 0: paddr=001c0020 vaddr=3f400020 size=276a8h (161448) map
D (892981) esp_image: free data page_count 0x0000003d
V (893031) esp_image: loading segment header 1 at offset 0x1e76c8
V (893031) esp_image: segment data length 0x49f4 data starts 0x1e76d0
V (893041) esp_image: segment 1 map_segment 0 segment_data_offs 0x1e76d0 load_addr 0x3ffbdb60
I (893041) esp_image: segment 1: paddr=001e76d0 vaddr=3ffbdb60 size=049f4h ( 18932)
D (893051) esp_image: free data page_count 0x0000003d
V (893061) esp_image: loading segment header 2 at offset 0x1ec0c4
V (893061) esp_image: segment data length 0x3f4c data starts 0x1ec0cc
V (893071) esp_image: segment 2 map_segment 0 segment_data_offs 0x1ec0cc load_addr 0x40080000
I (893081) esp_image: segment 2: paddr=001ec0cc vaddr=40080000 size=03f4ch ( 16204)
D (893091) esp_image: free data page_count 0x0000003d
V (893101) esp_image: loading segment header 3 at offset 0x1f0018
V (893101) esp_image: segment data length 0x9b66c data starts 0x1f0020
V (893101) esp_image: segment 3 map_segment 1 segment_data_offs 0x1f0020 load_addr 0x400d0020
I (893111) esp_image: segment 3: paddr=001f0020 vaddr=400d0020 size=9b66ch (636524) map
D (893121) esp_image: free data page_count 0x0000003d
V (893321) esp_image: loading segment header 4 at offset 0x28b68c
V (893321) esp_image: segment data length 0x142f0 data starts 0x28b694
V (893321) esp_image: segment 4 map_segment 0 segment_data_offs 0x28b694 load_addr 0x40083f4c
I (893331) esp_image: segment 4: paddr=0028b694 vaddr=40083f4c size=142f0h ( 82672)
D (893341) esp_image: free data page_count 0x0000003d
V (893371) esp_image: loading segment header 5 at offset 0x29f984
V (893371) esp_image: segment data length 0x644 data starts 0x29f98c
V (893371) esp_image: segment 5 map_segment 0 segment_data_offs 0x29f98c load_addr 0x0
I (893381) esp_image: segment 5: paddr=0029f98c vaddr=00000000 size=00644h (  1604)
D (893391) esp_image: free data page_count 0x0000003d
V (893401) esp_image: image start 0x001c0000 end of last section 0x0029ffd0
I (893401) esp_image: Verifying image signature...
I (893411) secure_boot_v2: Take trusted digest key(s) from eFuse block(s)
I (893421) secure_boot_v2: #0 app key digest == #0 trusted key digest
I (893421) secure_boot_v2: Verifying with RSA-PSS...
I (893471) secure_boot_v2: Signature verified successfully!

D (893481) boot_comm: Both OTA copies are valid
D (893521) MQTT_CLIENT: mqtt_enqueue id: 35934, type=3 successful
D (893521) OUTBOX: ENQUEUE msgid=35934, msg_type=3, len=154, size=154
I (893521) MQTT: OTA upgrade successful. Rebooting ...
So... the problem is in my CICD pipeline but I have showed it in the main post..


On notebook I have esptool.py v3.3.2 but on CICD espsecure.py v4.5. Maybe this is the reason...

Run on the notebook:

Code: Select all

~/.espressif/python_env/idf4.4_py3.9_env/bin/python ~/.espressif/esp-idf-v4.4.4/components/esptool_py/esptool/espsecure.py

espsecure.py v3.3.2
But on the CICD:

Code: Select all

docker run -it --rm python:3.10-slim bash
root@b8b231fa8dfb:/# pip install -U --quiet pip pipenv esptool
root@b8b231fa8dfb:/# espsecure.py
espsecure.py v4.5
It seems I should do:

Code: Select all

docker run -it --rm espressif/idf:v4.4.4
Detecting the Python interpreter
Checking "python" ...
Python 3.8.10
"python" has been detected
Adding ESP-IDF tools to PATH...
Using Python interpreter in /opt/esp/python_env/idf4.4_py3.8_env/bin/python
Checking if Python packages are up to date...
Python requirements from /opt/esp/idf/requirements.txt are satisfied.
Added the following directories to PATH:
  /opt/esp/idf/components/esptool_py/esptool
  /opt/esp/idf/components/espcoredump
  /opt/esp/idf/components/partition_table
  /opt/esp/idf/components/app_update
  /opt/esp/tools/xtensa-esp-elf-gdb/11.2_20220823/xtensa-esp-elf-gdb/bin
  /opt/esp/tools/riscv32-esp-elf-gdb/11.2_20220823/riscv32-esp-elf-gdb/bin
  /opt/esp/tools/xtensa-esp32-elf/esp-2021r2-patch5-8.4.0/xtensa-esp32-elf/bin
  /opt/esp/tools/xtensa-esp32s2-elf/esp-2021r2-patch5-8.4.0/xtensa-esp32s2-elf/bin
  /opt/esp/tools/xtensa-esp32s3-elf/esp-2021r2-patch5-8.4.0/xtensa-esp32s3-elf/bin
  /opt/esp/tools/riscv32-esp-elf/esp-2021r2-patch5-8.4.0/riscv32-esp-elf/bin
  /opt/esp/tools/esp32ulp-elf/2.35_20220830/esp32ulp-elf/bin
  /opt/esp/tools/cmake/3.23.1/bin
  /opt/esp/tools/openocd-esp32/v0.11.0-esp32-20221026/openocd-esp32/bin
  /opt/esp/python_env/idf4.4_py3.8_env/bin
  /opt/esp/idf/tools
Done! You can now compile ESP-IDF projects.
Go to the project directory and run:

  idf.py build

root@50d506ae067c:/# espsecure.py
espsecure.py v3.3.2

RuslanPopov
Posts: 25
Joined: Mon Nov 21, 2022 3:47 pm

Re: Secure boot signature verification failed

Postby RuslanPopov » Wed Feb 22, 2023 6:06 pm

Ah. I've found a solution. There is a bug in sign_data implementation...

Who is online

Users browsing this forum: MicroController and 220 guests