Page 1 of 1
ESP32 WROOM 32E new devices Secure Boot Locked.
Posted: Tue Aug 13, 2024 12:29 pm
by Salman Khan
I have received new ESP32-WROOM-32E modules from my Vendor in China. I found while programming the same code i was using on NODEMCUs, that these chips were locked and the code was unable to flash due to secure boot enabled. I tried on different environments, Arduino IDE, espressif IDE and ESP-IDF CMD. All give same error: " Secure Boot detected, writing to flash regions < 0x8000 is disabled to protect the bootloader".
I tried by --force, the program flashed but doesn't run the program. I Reset the device to factory bootloader but no luck.
I have compared the eFuses of the ESP32-WROOM32 in the dev kit Versus the new ESP32-WROOM-32E chip. The new chip has secure boot Efuse already burned, means that the bootloader and partition tables are permanent and not changeable plus the encryption key seems to be already burned. I am attaching the screenshots of both.
As per vendor, these are original chips.
Need assistance. thanks
Re: ESP32 WROOM 32E new devices Secure Boot Locked.
Posted: Wed Aug 14, 2024 5:26 am
by ESP_Sprite
Not sure what happened there. Any chance you can post a close-up image of the module shield, with the text and qr code on there readable? I know we sell some variations of modules that are already tied into some cloud ecosystem (e.g. Amazon) and as such are locked down from the factory, but to my knowledge the ESP32-Wroom-32E is not amongst those.
Re: ESP32 WROOM 32E new devices Secure Boot Locked.
Posted: Thu Aug 15, 2024 9:31 am
by Salman Khan
I have attached pictures of two devices. If there is any problems with scanning, I will share the scanned codes.
Re: ESP32 WROOM 32E new devices Secure Boot Locked.
Posted: Fri Aug 16, 2024 7:14 am
by ESP_Sprite
Thanks! Those modules are customized, like I expected: they were flashed with firmware provided by a customer (and supposedly locked as well) and then sent to the customer to build into products. There's no way to push your own firmware to them, unfortunately. (Fwiw, production date of these modules is a fair while ago, somewhere in late 2021, so I think these were either leftover modules from the manufacturing process that were thrown away and then fished out of the garbage, or scavenged from broken devices.)
Re: ESP32 WROOM 32E new devices Secure Boot Locked.
Posted: Fri Aug 16, 2024 5:45 pm
by Salman Khan
It is concerning if ESPs can be obtained from factory faulty-leftovers, as this raises questions about Espressif's manufacturing standards.
The Vendor sent me their stocked Original ESP32 Package from espressif and doesn't understand or want to understand the issue, Says they have sold to others and have got no complains like this. Attached Images. Can you verify the lot?
Re: ESP32 WROOM 32E new devices Secure Boot Locked.
Posted: Sat Aug 17, 2024 5:57 am
by ESP_Sprite
Salman Khan wrote: ↑Fri Aug 16, 2024 5:45 pm
It is concerning if ESPs can be obtained from factory faulty-leftovers, as this raises questions about Espressif's manufacturing standards.
These are not faulty, nor is this an issue with Espressifs manufacturing standards. What happened is that a customer ordered custom-programmed ESP32-Wroom modules, and we dutifully sent them to the customer. From there on, the customer is responsible for what they do with the module: some customers (e.g. ones that provide cloud functionality) sell them on the open market and provide an API on how to configure the otherwise locked firmware. Some customers use the modules in their own products, and they're not intended to re-appear on the open market. Whatever the case is, it seems that these modules made it on the open market from one of our customers (or their customers, or factories, or whatever), not directly from Espressif.
I get that it's frustrating that you have been sold locked modules, and if there is anything I can do to convince the seller that these are not usable, feel free to poke me in private (email: jeroen at espressif dot com)
I'll ask my colleague to verify if these reels are all from the same batch; I'll probably hear back from them next week. I can at least see the modules seem to be: their MACs start with E8C1D7 and that is not an Espressif OID. Espressif MACs start with one of
these OIDs. The sticker on the reel has a sealing date that also matches the manufacturing date of the two modules I looked up to within a couple of days; more indication that the whole reel is like that.
Could be that your vendor has received a bunch of normal ESP reels with some of these mixed in; wouldn't be the first time that shady people mix 'broken' or otherwise unusable components into a batch in order to make some extra profit.
Re: ESP32 WROOM 32E new devices Secure Boot Locked.
Posted: Sat Aug 17, 2024 7:39 am
by Salman Khan
Thank you for clearing out the issue. From the previous comment it seemed that people had access to scraps from espressif. It think that you are right on people mixing up the ESPs to get more profit or it could be that my vendor was deceived by another one.
I have checked the Link and all ESPs belong to Philips. and they would definitely prevent people to program and do their code on to their own smart devices.
Re: ESP32 WROOM 32E new devices Secure Boot Locked.
Posted: Sun Aug 18, 2024 6:18 am
by ESP_Sprite
Salman Khan wrote: ↑Sat Aug 17, 2024 7:39 am
Thank you for clearing out the issue. From the previous comment it seemed that people had access to scraps from espressif.
Ah, re-reading that, I can see the issue. I meant manufacturing of the customers widgets, but obviously you can also interpret it as manufacturing of the modules. Sorry for the confusion there.