Sig block 0 signed with untrusted key on ESP32

Post Reply
Eric Hsieh
Posts: 2
Joined: Mon Nov 20, 2023 2:40 am

Sig block 0 signed with untrusted key on ESP32

Postby Eric Hsieh » Mon Nov 20, 2023 2:57 am

Hi All,

My device is ESP32-WROVER-E with branch release/v5.1 from GitHub.
I try to enable sign and encrypt like this.
Screenshot 2023-11-20 at 10.45.03.png
Screenshot 2023-11-20 at 10.45.03.png (91.71 KiB) Viewed 2586 times
Screenshot 2023-11-20 at 10.46.44.png
Screenshot 2023-11-20 at 10.46.44.png (32.13 KiB) Viewed 2586 times
I already enable ABS_DONE_1 and write Security boot key, please check attachment.
Screenshot 2023-11-20 at 10.48.29.png
Screenshot 2023-11-20 at 10.48.29.png (354.09 KiB) Viewed 2586 times
This is my partition table.

Code: Select all

Partition table binary generated. Contents:
*******************************************************************************
# ESP-IDF Partition Table
# Name, Type, SubType, Offset, Size, Flags
nvs,data,nvs,0x10000,24K,
phy_init,data,phy,0x16000,4K,
factory,app,factory,0x20000,1M,
I try to use following commands to flash my device.

Code: Select all

# write encrypt bootloader
# esptool.py --chip esp32 --port=/dev/tty.usbserial-141430 --baud=115200 --before=default_reset --after=no_reset write_flash --encrypt --flash_mode dio --flash_freq 40m --flash_size keep 0x1000 build/bootloader/bootloader.bin

# write encrypt partition table
# esptool.py -p /dev/tty.usbserial-141430 -b 460800 --before default_reset --after no_reset --chip esp32 write_flash --encrypt 0xf000 build/partition_table/partition-table.bin

# write encrypt app
# esptool.py -p /dev/tty.usbserial-141430 -b 460800 --before default_reset --after no_reset --chip esp32 write_flash --encrypt --flash_mode dio --flash_size keep --flash_freq 40m 0x20000 build/app-template.bin
When I try to run "hello world" example code, I will have following output.

Code: Select all

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:2, clock div:2
secure boot v2 enabled
Sig block 0 signed with untrusted key
secure boot verification failed
Anyone can help or teach which part is wrong? I would like to try sign and encrypt at ESP32 to see my understanding for whole secure boot. Thanks.
Top
Eric Hsieh
Posts: 2
Joined: Mon Nov 20, 2023 2:40 am

Re: Sig block 0 signed with untrusted key on ESP32

Postby Eric Hsieh » Fri Nov 24, 2023 7:24 am

Anyone can help? Thanks.
Top
Post Reply

Return to “General Discussion”

Who is online

Users browsing this forum: Bing [Bot], Majestic-12 [Bot] and 91 guests