Read flash in secure download mode

gd_code
Posts: 9
Joined: Tue Sep 07, 2021 2:56 pm

Read flash in secure download mode

Postby gd_code » Tue Jun 11, 2024 7:12 am

Hi,

We have enabled Secure Download mode on our ESP32-S3. After, we tried to read our flash with the following parttool (esptool) command, but as you can see, this failed:

Code: Select all

$ parttool.py --port /dev/ttyACM0 --partition-table-offset 0x10000 --esptool-args="after=no_reset" --esptool-args="no-stub" read_partition --partition-name factory --output factory.bin
Running /home/elias/.espressif/python_env/idf5.0_py3.10_env/bin/python /home/elias/esp/esp-idf/components/esptool_py/esptool/esptool.py --no-stub --port /dev/ttyACM0 read_flash 65536 3072 /tmp/tmpb3i46_kk...
esptool.py v4.5.1
Serial port /dev/ttyACM0
Connecting...
Detecting chip type... ESP32-S3
Chip is ESP32-S3 in Secure Download Mode
Enabling default SPI flash mode...
Traceback (most recent call last):
 File "/usr/lib/python3.10/runpy.py", line 196, in _run_module_as_main
   return _run_code(code, main_globals, None,
 File "/usr/lib/python3.10/runpy.py", line 86, in _run_code
   exec(code, run_globals)
 File "/home/elias/.espressif/python_env/idf5.0_py3.10_env/lib/python3.10/site-packages/esptool/__main__.py", line 9, in <module>
   esptool._main()
 File "/home/elias/.espressif/python_env/idf5.0_py3.10_env/lib/python3.10/site-packages/esptool/__init__.py", line 1032, in _main
   main()
 File "/home/elias/.espressif/python_env/idf5.0_py3.10_env/lib/python3.10/site-packages/esptool/__init__.py", line 832, in main
   operation_func(esp, args)
 File "/home/elias/.espressif/python_env/idf5.0_py3.10_env/lib/python3.10/site-packages/esptool/cmds.py", line 1069, in read_flash
   data = esp.read_flash(args.address, args.size, flash_progress)
 File "/home/elias/.espressif/python_env/idf5.0_py3.10_env/lib/python3.10/site-packages/esptool/loader.py", line 1114, in read_flash
   return self.read_flash_slow(offset, length, progress_fn)  # ROM-only routine
 File "/home/elias/.espressif/python_env/idf5.0_py3.10_env/lib/python3.10/site-packages/esptool/targets/esp32.py", line 330, in read_flash_slow
   r = self.check_command(
 File "/home/elias/.espressif/python_env/idf5.0_py3.10_env/lib/python3.10/site-packages/esptool/loader.py", line 435, in check_command
   val, data = self.command(op, data, chk, timeout=timeout)
 File "/home/elias/.espressif/python_env/idf5.0_py3.10_env/lib/python3.10/site-packages/esptool/loader.py", line 418, in command
   raise UnsupportedCommandError(self, op)
esptool.util.UnsupportedCommandError: This command (0xe) is not supported in Secure Download Mode
An exception: ** Command '['/home/elias/.espressif/python_env/idf5.0_py3.10_env/bin/python', '/home/elias/esp/esp-idf/components/esptool_py/esptool/esptool.py', '--no-stub', '--port', '/dev/ttyACM0', 'read_flash', '65536', '3072', '/tmp
/tmpb3i46_kk']' returned non-zero exit status 1. ** occurred in _call_esptool.
Traceback (most recent call last):
 File "/home/elias/esp/esp-idf/components/partition_table/parttool.py", line 358, in <module>
   main()
 File "/home/elias/esp/esp-idf/components/partition_table/parttool.py", line 327, in main
   target = ParttoolTarget(**target_args)
 File "/home/elias/esp/esp-idf/components/partition_table/parttool.py", line 103, in __init__
   self._call_esptool(['read_flash', str(partition_table_offset), str(gen.MAX_PARTITION_LENGTH), temp_file.name])
 File "/home/elias/esp/esp-idf/components/partition_table/parttool.py", line 130, in _call_esptool
   raise e
 File "/home/elias/esp/esp-idf/components/partition_table/parttool.py", line 127, in _call_esptool
   subprocess.check_call(esptool_args, stdout=out, stderr=subprocess.STDOUT)
 File "/usr/lib/python3.10/subprocess.py", line 369, in check_call
   raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/home/elias/.espressif/python_env/idf5.0_py3.10_env/bin/python', '/home/elias/esp/esp-idf/components/esptool_py/esptool/esptool.py', '--no-stub', '--port', '/dev/ttyACM0', 'read_flash', '65536',
'3072', '/tmp/tmpb3i46_kk']' returned non-zero exit status 1.
We observe that the output explicitly says:
esptool.util.UnsupportedCommandError: This command (0xe) is not supported in Secure Download Mode
and indeed, reading fails.

But if we read the technical documentation (https://www.espressif.com/sites/default ... ection.8.2), it explicitly states:
EFUSE_ENABLE_SECURITY_DOWNLOAD
If this eFuse is 1, Joint Download Boot mode only allows reading, writing, and erasing plaintext flash and
does not support any SRAM or register operations
So why doesn't this read work? Is this expected behavior?

dbahrdt
Posts: 4
Joined: Wed Mar 03, 2021 1:35 pm

Re: Read flash in secure download mode

Postby dbahrdt » Thu Jun 13, 2024 2:20 pm

This is expected behavior and likely a documentation bug.
I've stumbled upon this too.
The esp-idf documentation states the following:

https://docs.espressif.com/projects/esp ... nload-mode:
It also limits the available commands in Download mode to update SPI config, e.g., changing baud rate, basic flash write, and the command to return a summary of currently enabled security features (get_security_info).
Also see this bug in esptool: https://github.com/espressif/esptool/issues/810

ESP_Sprite
Posts: 9764
Joined: Thu Nov 26, 2015 4:08 am

Re: Read flash in secure download mode

Postby ESP_Sprite » Fri Jun 14, 2024 12:05 am

I'll poke our documentation team; that indeed likely is a documentation mistake.

Who is online

Users browsing this forum: No registered users and 134 guests