Issue when trying flash Application program in Reflashable secure boot in esp-idf version 3.3.2

[Raghav Jha]

Issue when trying Reflashable secure boot in esp-idf version 3.3.2

Hello Guys,
I m trying to do a secure boot in the reflashable mode with the hello_world example program.
I followed these steps.
1. I created pem certificate with this command

Code: Select all

openssl ecparam -name prime256v1 -genkey -noout -out my_secure_boot_signing_key.pem.pem

2. In make menuconfig, i given the name of the pem certificate
as per this pdf pg no 16.https://www.crysys.hu/publications/file ... n20bsc.pdf
3. after this I use command

Code: Select all

make bootloader

Log:
[Codebox]horsemann@Raghav:~/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world$ make bootloader
Toolchain path: /home/horsemann/Desktop/WorkSpace/esp_toolchain/xtensa-esp32-elf/bin/xtensa-esp32-elf-gcc
WARNING: Toolchain version is not supported: crosstool-ng-1.22.0-80-g6c4433a
Expected to see version: crosstool-ng-1.22.0-97-gc752ad5
Please check ESP-IDF setup instructions and update the toolchain, or proceed at your own risk.
Compiler version: 5.2.0
GENCONFIG
App "hello-world" version: v3.3.4-428-gd8082b7f3-dirty
WARNING: Toolchain version is not supported: crosstool-ng-1.22.0-80-g6c4433a
Expected to see version: crosstool-ng-1.22.0-97-gc752ad5
Please check ESP-IDF setup instructions and update the toolchain, or proceed at your own risk.
CC build/bootloader/bootloader_support/src/bootloader_flash.o
CC build/bootloader/bootloader_support/src/flash_qio_mode.o
CC build/bootloader/bootloader_support/src/bootloader_flash_config.o
CC build/bootloader/bootloader_support/src/secure_boot_signatures.o
CC build/bootloader/bootloader_support/src/bootloader_init.o
CC build/bootloader/bootloader_support/src/bootloader_common.o
CC build/bootloader/bootloader_support/src/secure_boot.o
CC build/bootloader/bootloader_support/src/bootloader_clock.o
CC build/bootloader/bootloader_support/src/bootloader_random.o
CC build/bootloader/bootloader_support/src/flash_partitions.o
CC build/bootloader/bootloader_support/src/esp_image_format.o
CC build/bootloader/bootloader_support/src/bootloader_sha.o
CC build/bootloader/bootloader_support/src/flash_encrypt.o
CC build/bootloader/bootloader_support/src/bootloader_utility.o
espsecure.py v2.9-dev
/home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/my_secure_boot_signing_key.pem public key extracted to /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader_support/signature_verification_key.bin
EMBED build/bootloader/bootloader_support/signature_verification_key.bin.bin.o
AR build/bootloader/bootloader_support/libbootloader_support.a
CC build/bootloader/log/log.o
AR build/bootloader/log/liblog.a
CC build/bootloader/spi_flash/spi_flash_rom_patch.o
AR build/bootloader/spi_flash/libspi_flash.a
CC build/bootloader/micro-ecc/micro-ecc/uECC.o
AR build/bootloader/micro-ecc/libmicro-ecc.a
CC build/bootloader/soc/esp32/rtc_pm.o
CC build/bootloader/soc/esp32/rtc_periph.o
CC build/bootloader/soc/esp32/cpu_util.o
CC build/bootloader/soc/esp32/sdmmc_periph.o
CC build/bootloader/soc/esp32/rtc_wdt.o
CC build/bootloader/soc/esp32/soc_memory_layout.o
CC build/bootloader/soc/esp32/sdio_slave_periph.o
CC build/bootloader/soc/esp32/rtc_init.o
CC build/bootloader/soc/esp32/spi_periph.o
CC build/bootloader/soc/esp32/rtc_clk_init.o
CC build/bootloader/soc/esp32/gpio_periph.o
CC build/bootloader/soc/esp32/rtc_sleep.o
CC build/bootloader/soc/esp32/rtc_time.o
CC build/bootloader/soc/esp32/rtc_clk.o
CC build/bootloader/soc/src//memory_layout_utils.o
AR build/bootloader/soc/libsoc.a
CC build/bootloader/main/bootloader_start.o
AR build/bootloader/main/libmain.a
CC build/bootloader/efuse/esp32/esp_efuse_table.o
CC build/bootloader/efuse/src/esp_efuse_api.o
CC build/bootloader/efuse/src/esp_efuse_utility.o
CC build/bootloader/efuse/src/esp_efuse_fields.o
AR build/bootloader/efuse/libefuse.a
LD build/bootloader/bootloader.elf
esptool.py v2.9-dev
Python requirements from /home/horsemann/Desktop/WorkSpace/esp/esp-idf/requirements.txt are satisfied.
espsecure.py v2.9-dev
SHA-256 digest of private key /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/my_secure_boot_signing_key.pem written to /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/secure-bootloader-key-256.bin
DIGEST bootloader-reflash-digest.bin
espsecure.py v2.9-dev
Using 256-bit key
digest+image written to /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader-reflash-digest.bin
*******************************************************************************
Bootloader built and secure digest generated. First time flash command is:
python /home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/esptool_py/esptool/espefuse.py burn_key secure_boot /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/secure-bootloader-key-256.bin
python /home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size detect 0x1000 /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader.bin
*******************************************************************************
To reflash the bootloader after initial flash:
python /home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size detect 0x0 /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader-reflash-digest.bin
*******************************************************************************
* After first boot, only re-flashes of this kind (with same key) will be accepted.
* Not recommended to re-use the same secure boot keyfile on multiple production devices.
[/Codebox]
5. I burn and flash the bootloader as given in this instruction.
6. after that when I try to build and flash the hello_world program. It gave me some error.
Log:
[Codebox]horsemann@Raghav:~/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world$ make flash
Toolchain path: /home/horsemann/Desktop/WorkSpace/esp_toolchain/xtensa-esp32-elf/bin/xtensa-esp32-elf-gcc
WARNING: Toolchain version is not supported: crosstool-ng-1.22.0-80-g6c4433a
Expected to see version: crosstool-ng-1.22.0-97-gc752ad5
Please check ESP-IDF setup instructions and update the toolchain, or proceed at your own risk.
Compiler version: 5.2.0
Python requirements from /home/horsemann/Desktop/WorkSpace/esp/esp-idf/requirements.txt are satisfied.
Building partitions from /home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/partition_table/partitions_singleapp.csv...
usage: espsecure sign_data [-h] --version {1,2} --keyfile KEYFILE [KEYFILE ...] [--output OUTPUT] datafile
espsecure sign_data: error: the following arguments are required: --version/-v
make: *** [/home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/partition_table/Makefile.projbuild:53: /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/partitions_singleapp.bin] Error 2[/Codebox]

I didn't understand what to do now.
Can anyone help me?
Thanks in advance

[Vaibhav]

Hi Raghav,
Did you able to resolve this issue?

I am facing this issue after I updated the ESP-IDF version to v3.3.5.

Thanks,
Vaibhav

[Raghav Jha]

Hello @Vaibhav
Sorry for the late reply.

To remove this issue, go to directory

esp-idf/components/esptool_py/esptool.py

and comment some line in function sign_data(args) where its check the version no. and at line 659 where again it checks the version no.

Hope it will solve your problem.
Check this link also It will help you in the next step. https://github.com/aws/amazon-freertos/issues/3051

Regards,
Raghav