I am trying to enable secure boot and flash encryption together in ESP32-S3 with below macros. In this configuration development mode is enabled for both.
Code: Select all
CONFIG_SECURE_SIGNED_ON_BOOT=y
CONFIG_SECURE_SIGNED_ON_UPDATE=y
CONFIG_SECURE_SIGNED_APPS=y
CONFIG_SECURE_BOOT_V2_RSA_SUPPORTED=y
CONFIG_SECURE_BOOT_V2_PREFERRED=y
CONFIG_SECURE_BOOT_V2_RSA_ENABLED=y
CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=y
CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_V2_ENABLED=y
CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=y
CONFIG_SECURE_BOOT_SIGNING_KEY="secure_boot_signing_key.pem"
CONFIG_SECURE_BOOT_ENABLE_AGGRESSIVE_KEY_REVOKE=n
CONFIG_SECURE_BOOT_INSECURE=y
CONFIG_SECURE_ROM_DL_MODE_ENABLED=y
CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE=y
CONFIG_ESPTOOLPY_NO_STUB=y
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_SECURE_FLASH_ENCRYPTION_AES128=y
CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
CONFIG_SECURE_FLASH_HAS_WRITE_PROTECTION_CACHE=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
CONFIG_SECURE_FLASH_SKIP_WRITE_PROTECTION_CACHE=y
CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP=y
CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y
CONFIG_FLASH_ENCRYPTION_ENABLED=y
CONFIG_FLASH_ENCRYPTION_INSECURE=y
CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_ENCRYPT=y
CONFIG_NVS_ENCRYPTION=n
I have flashed bootloader,partition table and application binaries with esptool.py tool at specific location.
Can someone help to follow exact steps to avoid device breaking up? I am clueless for the new implementation.
Regards,
Chandramauli