issue while going back to normal mode from encryption in development mode on ESP32C6

VivekBorse
Posts: 4
Joined: Thu Nov 09, 2023 4:08 pm

issue while going back to normal mode from encryption in development mode on ESP32C6

Postby VivekBorse » Thu Nov 09, 2023 4:34 pm

  1. Hi,
  2. I followed the procedure to flash encryption given in https://docs.espressif.com/projects/esp-idf/en/latest/esp32c6/security/flash-encryption.html and used the sample example in ESP-IDF to test the flash encryption in development mode.
  3. for 1st run I tried without enabling the encryption setting, application work and showed encryption status to not encrypted flash.
  4. for 2nd run I enable encryption and check NVS enable setting and flashed the application to ESP32C6 board. for this run I check the encryption status changed to encrypted but then board started rebooting due core panic and it showed issue while running following lines in the sample example line 158
  1.     printf("Reading with esp_flash_read:\n");
  2.     ESP_ERROR_CHECK(esp_flash_read(NULL, read_data, partition->address, data_size));
I did not able to capture the error reason but it is related NVS keys, so for this I tried to diable all the setting of encryption and rebuild my application so I can revert back to my not encrypted state. After successful build and flashing on ESP log I am getting continuously.
  1. invalid header: 0xd424bf0d
  2. invalid header: 0xd424bf0d
  3. invalid header: 0xd424bf0d
  4. invalid header: 0xd424bf0d
after this I tried erasing the flash but for that operation I am getting the following error
A fatal error occurred: Active security features detected, erasing flash is disabled as a safety measure. Use --force to override, please use with caution, otherwise it may brick your device!
I tried to erase from esptool but I am getting the same error above mention. due to this I am not able to use the ESP32C6 board for other application evaluations. Please me resolving in this as soon as possible.
I attached my application for reference.
also attaching the espefuse summary below
  1. espefuse.py -p COM13 summary
  2. espefuse.py v4.7.dev2
  3. Connecting....
  4. Detecting chip type... ESP32-C6
  5.  
  6. === Run "summary" command ===
  7. EFUSE_NAME (Block) Description  = [Meaningful Value] [Readable/Writeable] (Hex Value)
  8. ----------------------------------------------------------------------------------------
  9. Calibration fuses:
  10. TEMP_CALIB (BLOCK2)                                Temperature calibration data                       = -12.5 R/W (0b101111101)
  11. OCODE (BLOCK2)                                     ADC OCode                                          = 86 R/W (0x56)
  12. ADC1_INIT_CODE_ATTEN0 (BLOCK2)                     ADC1 init code at atten0                           = -60 R/W (0b1000001111)
  13. ADC1_INIT_CODE_ATTEN1 (BLOCK2)                     ADC1 init code at atten1                           = -72 R/W (0b1000010010)
  14. ADC1_INIT_CODE_ATTEN2 (BLOCK2)                     ADC1 init code at atten2                           = -80 R/W (0b1000010100)
  15. ADC1_INIT_CODE_ATTEN3 (BLOCK2)                     ADC1 init code at atten3                           = -120 R/W (0b1000011110)
  16. ADC1_CAL_VOL_ATTEN0 (BLOCK2)                       ADC1 calibration voltage at atten0                 = -176 R/W (0b1000101100)
  17. ADC1_CAL_VOL_ATTEN1 (BLOCK2)                       ADC1 calibration voltage at atten1                 = 20 R/W (0b0000000101)
  18. ADC1_CAL_VOL_ATTEN2 (BLOCK2)                       ADC1 calibration voltage at atten2                 = -380 R/W (0b1001011111)
  19. ADC1_CAL_VOL_ATTEN3 (BLOCK2)                       ADC1 calibration voltage at atten3                 = -624 R/W (0b1010011100)
  20. ADC1_INIT_CODE_ATTEN0_CH0 (BLOCK2)                 ADC1 init code at atten0 ch0                       = 0 R/W (0x8)
  21. ADC1_INIT_CODE_ATTEN0_CH1 (BLOCK2)                 ADC1 init code at atten0 ch1                       = 0 R/W (0x8)
  22. ADC1_INIT_CODE_ATTEN0_CH2 (BLOCK2)                 ADC1 init code at atten0 ch2                       = 0 R/W (0x8)
  23. ADC1_INIT_CODE_ATTEN0_CH3 (BLOCK2)                 ADC1 init code at atten0 ch3                       = 0 R/W (0x8)
  24. ADC1_INIT_CODE_ATTEN0_CH4 (BLOCK2)                 ADC1 init code at atten0 ch4                       = 0 R/W (0x8)
  25. ADC1_INIT_CODE_ATTEN0_CH5 (BLOCK2)                 ADC1 init code at atten0 ch5                       = 0 R/W (0x8)
  26. ADC1_INIT_CODE_ATTEN0_CH6 (BLOCK2)                 ADC1 init code at atten0 ch6                       = 0 R/W (0x8)
  27.  
  28. Config fuses:
  29. WR_DIS (BLOCK0)                                    Disable programming of individual eFuses           = 8388864 R/W (0x00800100)
  30. RD_DIS (BLOCK0)                                    Disable reading from BlOCK4-10                     = 1 R/W (0b0000001)
  31. SWAP_UART_SDIO_EN (BLOCK0)                         Represents whether pad of uart and sdio is swapped = False R/W (0b0)
  32.                                                     or not. 1: swapped. 0: not swapped
  33. DIS_ICACHE (BLOCK0)                                Represents whether icache is disabled or enabled.  = False R/W (0b0)
  34.                                                    1: disabled. 0: enabled
  35. DIS_TWAI (BLOCK0)                                  Represents whether TWAI function is disabled or en = False R/W (0b0)
  36.                                                    abled. 1: disabled. 0: enabled
  37. DIS_DIRECT_BOOT (BLOCK0)                           Represents whether direct boot mode is disabled or = True R/W (0b1)
  38.                                                     enabled. 1: disabled. 0: enabled
  39. UART_PRINT_CONTROL (BLOCK0)                        Set the default UARTboot message output mode       = Enable R/W (0b00)
  40. BLOCK_USR_DATA (BLOCK3)                            User data
  41.    = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
  42. BLOCK_SYS_DATA2 (BLOCK10)                          System data part 2 (reserved)
  43.    = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
  44.  
  45. Flash fuses:
  46. FLASH_TPUW (BLOCK0)                                Represents the flash waiting time after power-up;  = 0 R/W (0x0)
  47.                                                    in unit of ms. When the value less than 15; the wa
  48.                                                    iting time is the programmed value. Otherwise; the
  49.                                                     waiting time is 2 times the programmed value
  50. FORCE_SEND_RESUME (BLOCK0)                         Represents whether ROM code is forced to send a re = False R/W (0b0)
  51.                                                    sume command during SPI boot. 1: forced. 0:not for
  52.                                                    ced
  53. FLASH_CAP (BLOCK1)                                                                                    = 0 R/W (0b000)
  54. FLASH_TEMP (BLOCK1)                                                                                   = 0 R/W (0b00)
  55. FLASH_VENDOR (BLOCK1)                                                                                 = 0 R/W (0b000)
  56.  
  57. Identity fuses:
  58. DISABLE_WAFER_VERSION_MAJOR (BLOCK0)               Disables check of wafer version major              = False R/W (0b0)
  59. DISABLE_BLK_VERSION_MAJOR (BLOCK0)                 Disables check of blk version major                = False R/W (0b0)
  60. WAFER_VERSION_MINOR (BLOCK1)                                                                          = 0 R/W (0x0)
  61. WAFER_VERSION_MAJOR (BLOCK1)                                                                          = 0 R/W (0b00)
  62. PKG_VERSION (BLOCK1)                               Package version                                    = 0 R/W (0b000)
  63. BLK_VERSION_MINOR (BLOCK1)                         BLK_VERSION_MINOR of BLOCK2                        = 1 R/W (0b001)
  64. BLK_VERSION_MAJOR (BLOCK1)                         BLK_VERSION_MAJOR of BLOCK2                        = 0 R/W (0b00)
  65. OPTIONAL_UNIQUE_ID (BLOCK2)                        Optional unique 128-bit ID
  66.    = 8a 8e e1 f0 d0 2c 1e c0 e2 f5 5d 4e cb 97 62 18 R/W
  67.  
  68. Jtag fuses:
  69. JTAG_SEL_ENABLE (BLOCK0)                           Represents whether the selection between usb_to_jt = False R/W (0b0)
  70.                                                    ag and pad_to_jtag through strapping gpio15 when b
  71.                                                    oth EFUSE_DIS_PAD_JTAG and EFUSE_DIS_USB_JTAG are
  72.                                                    equal to 0 is enabled or disabled. 1: enabled. 0:
  73.                                                    disabled
  74. SOFT_DIS_JTAG (BLOCK0)                             Represents whether JTAG is disabled in soft way. O = 0 R/W (0b000)
  75.                                                    dd number: disabled. Even number: enabled
  76. DIS_PAD_JTAG (BLOCK0)                              Represents whether JTAG is disabled in the hard wa = True R/W (0b1)
  77.                                                    y(permanently). 1: disabled. 0: enabled
  78.  
  79. Mac fuses:
  80. MAC (BLOCK1)                                       MAC address
  81.    = 40:4c:ca:43:be:3c (OK) R/W
  82. MAC_EXT (BLOCK1)                                   Stores the extended bits of MAC address            = ff:fe (OK) R/W
  83. CUSTOM_MAC (BLOCK3)                                Custom MAC
  84.    = 00:00:00:00:00:00 (OK) R/W
  85. MAC_EUI64 (BLOCK1)                                 calc MAC_EUI64 = MAC[0]:MAC[1]:MAC[2]:MAC_EXT[0]:M
  86.    = 40:4c:ca:ff:fe:43:be:3c (OK) R/W
  87.                                                    AC_EXT[1]:MAC[3]:MAC[4]:MAC[5]
  88.  
  89. Security fuses:
  90. DIS_DOWNLOAD_ICACHE (BLOCK0)                       Represents whether icache is disabled or enabled i = True R/W (0b1)
  91.                                                    n Download mode. 1: disabled. 0: enabled
  92. DIS_FORCE_DOWNLOAD (BLOCK0)                        Represents whether the function that forces chip i = False R/W (0b0)
  93.                                                    nto download mode is disabled or enabled. 1: disab
  94.                                                    led. 0: enabled
  95. SPI_DOWNLOAD_MSPI_DIS (BLOCK0)                     Represents whether SPI0 controller during boot_mod = False R/W (0b0)
  96.                                                    e_download is disabled or enabled. 1: disabled. 0:
  97.                                                     enabled
  98. DIS_DOWNLOAD_MANUAL_ENCRYPT (BLOCK0)               Represents whether flash encrypt function is disab = False R/W (0b0)
  99.                                                    led or enabled(except in SPI boot mode). 1: disabl
  100.                                                    ed. 0: enabled
  101. SPI_BOOT_CRYPT_CNT (BLOCK0)                        Enables flash encryption when 1 or 3 bits are set  = Enable R/W (0b001)
  102.                                                    and disables otherwise
  103. SECURE_BOOT_KEY_REVOKE0 (BLOCK0)                   Revoke 1st secure boot key                         = False R/W (0b0)
  104. SECURE_BOOT_KEY_REVOKE1 (BLOCK0)                   Revoke 2nd secure boot key                         = False R/W (0b0)
  105. SECURE_BOOT_KEY_REVOKE2 (BLOCK0)                   Revoke 3rd secure boot key                         = False R/W (0b0)
  106. KEY_PURPOSE_0 (BLOCK0)                             Represents the purpose of Key0                     = XTS_AES_128_KEY R/- (0x4)
  107. KEY_PURPOSE_1 (BLOCK0)                             Represents the purpose of Key1                     = USER R/W (0x0)
  108. KEY_PURPOSE_2 (BLOCK0)                             Represents the purpose of Key2                     = USER R/W (0x0)
  109. KEY_PURPOSE_3 (BLOCK0)                             Represents the purpose of Key3                     = USER R/W (0x0)
  110. KEY_PURPOSE_4 (BLOCK0)                             Represents the purpose of Key4                     = USER R/W (0x0)
  111. KEY_PURPOSE_5 (BLOCK0)                             Represents the purpose of Key5                     = USER R/W (0x0)
  112. SEC_DPA_LEVEL (BLOCK0)                             Represents the spa secure level by configuring the = 0 R/W (0b00)
  113.                                                     clock random divide mode
  114. CRYPT_DPA_ENABLE (BLOCK0)                          Represents whether anti-dpa attack is enabled. 1:e = False R/W (0b0)
  115.                                                    nabled. 0: disabled
  116. SECURE_BOOT_EN (BLOCK0)                            Represents whether secure boot is enabled or disab = False R/W (0b0)
  117.                                                    led. 1: enabled. 0: disabled
  118. SECURE_BOOT_AGGRESSIVE_REVOKE (BLOCK0)             Represents whether revoking aggressive secure boot = False R/W (0b0)
  119.                                                     is enabled or disabled. 1: enabled. 0: disabled
  120. DIS_DOWNLOAD_MODE (BLOCK0)                         Represents whether Download mode is disabled or en = False R/W (0b0)
  121.                                                    abled. 1: disabled. 0: enabled
  122. ENABLE_SECURITY_DOWNLOAD (BLOCK0)                  Represents whether security download is enabled or = False R/W (0b0)
  123.                                                     disabled. 1: enabled. 0: disabled
  124. SECURE_VERSION (BLOCK0)                            Represents the version used by ESP-IDF anti-rollba = 0 R/W (0x0000)
  125.                                                    ck feature
  126. SECURE_BOOT_DISABLE_FAST_WAKE (BLOCK0)             Represents whether FAST VERIFY ON WAKE is disabled = False R/W (0b0)
  127.                                                     or enabled when Secure Boot is enabled. 1: disabl
  128.                                                    ed. 0: enabled
  129. BLOCK_KEY0 (BLOCK4)
  130.   Purpose: XTS_AES_128_KEY
  131.     Key0 or user data
  132.    = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
  133. BLOCK_KEY1 (BLOCK5)
  134.   Purpose: USER
  135.                Key1 or user data
  136.    = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
  137. BLOCK_KEY2 (BLOCK6)
  138.   Purpose: USER
  139.                Key2 or user data
  140.    = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
  141. BLOCK_KEY3 (BLOCK7)
  142.   Purpose: USER
  143.                Key3 or user data
  144.    = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
  145. BLOCK_KEY4 (BLOCK8)
  146.   Purpose: USER
  147.                Key4 or user data
  148.    = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
  149. BLOCK_KEY5 (BLOCK9)
  150.   Purpose: USER
  151.                Key5 or user data
  152.    = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
  153.  
  154. Usb fuses:
  155. DIS_USB_JTAG (BLOCK0)                              Represents whether the function of usb switch to j = True R/W (0b1)
  156.                                                    tag is disabled or enabled. 1: disabled. 0: enable
  157.                                                    d
  158. DIS_USB_SERIAL_JTAG (BLOCK0)                       Represents whether USB-Serial-JTAG is disabled or  = False R/W (0b0)
  159.                                                    enabled. 1: disabled. 0: enabled
  160. USB_EXCHG_PINS (BLOCK0)                            Represents whether the D+ and D- pins is exchanged = False R/W (0b0)
  161.                                                    . 1: exchanged. 0: not exchanged
  162. DIS_USB_SERIAL_JTAG_ROM_PRINT (BLOCK0)             Represents whether print from USB-Serial-JTAG is d = False R/W (0b0)
  163.                                                    isabled or enabled. 1: disabled. 0: enabled
  164. DIS_USB_SERIAL_JTAG_DOWNLOAD_MODE (BLOCK0)         Represents whether the USB-Serial-JTAG download fu = False R/W (0b0)
  165.                                                    nction is disabled or enabled. 1: disabled. 0: ena
  166.                                                    bled
  167.  
  168. Vdd fuses:
  169. VDD_SPI_AS_GPIO (BLOCK0)                           Represents whether vdd spi pin is functioned as gp = False R/W (0b0)
  170.                                                    io. 1: functioned. 0: not functioned
  171.  
  172. Wdt fuses:
  173. WDT_DELAY_SEL (BLOCK0)                             Represents whether RTC watchdog timeout threshold  = 0 R/W (0b00)
  174.                                                    is selected at startup. 1: selected. 0: not select
  175.                                                    ed

Who is online

Users browsing this forum: Google [Bot] and 66 guests