Problems enabling secure boot: csum err
Posted: Fri Aug 30, 2019 10:19 pm
Hi all,
I'm testing out secure boot with flash encryption and it doesn't seem to be working for me. I've tried three different chips and have tried to follow the instructions to the letter and every time I end up with:
I am using release 3.0 (6cb8d169368623a9e20c3f49493e277d332a5dde) and using instructions at https://docs.espressif.com/projects/esp ... -boot.html.
In my sdkconfig I've enabled:
I generated secure_boot_signing_key.pem using the command output from make, then ran make bootloader and ran the flash command. The bootloader flashed successfully. Checking make monitor I get:
Then I run make flash monitor and after it completes successfully I see:
And this repeats forever. Running a fuse summary shows that none of the secure boot or flash encryption fuses have been burned:
And if I then disable flash encryption and secure boot and flash normally everything works fine, proving again that none of the fuses have been blown.
So, what am I missing here?
Thanks,
Jason
I'm testing out secure boot with flash encryption and it doesn't seem to be working for me. I've tried three different chips and have tried to follow the instructions to the letter and every time I end up with:
Code: Select all
rst:0x10 (RTCWDT_RTC_RESET),boot:0x3f (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0018,len:4
load:0x3fff001c,len:9632
ho 0 tail 12 room 4
load:0x40078000,len:22476
csum err:0x74!=0xff
ets_main.c 371
In my sdkconfig I've enabled:
Code: Select all
CONFIG_SECURE_BOOT_ENABLED=y
CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH=y
CONFIG_SECURE_BOOTLOADER_REFLASHABLE=
CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=y
CONFIG_SECURE_BOOT_SIGNING_KEY="secure_boot_signing_key.pem"
CONFIG_SECURE_BOOT_INSECURE=
CONFIG_FLASH_ENCRYPTION_ENABLED=y
CONFIG_FLASH_ENCRYPTION_INSECURE=
Code: Select all
ets Jun 8 2016 00:22:57
rst:0x1 (POWERON_RESET),boot:0x3f (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0018,len:4
load:0x3fff001c,len:9632
ho 0 tail 12 room 4
load:0x40078000,len:22476
entry 0x400792ac
I (28) boot: ESP-IDF v3.0.8-24-gad783f2ff 2nd stage bootloader
I (28) boot: compile time 17:02:30
I (28) boot: Enabling RNG early entropy source...
I (34) boot: SPI Speed : 40MHz
I (38) boot: SPI Mode : DIO
I (42) boot: SPI Flash Size : 4MB
E (46) flash_parts: partition 0 invalid magic number 0x812a
E (52) boot: Failed to verify partition table
E (57) boot: load partition table error!
user code done
Code: Select all
ets Jun 8 2016 00:22:57
rst:0x1 (POWERON_RESET),boot:0x3f (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0018,len:4
load:0x3fff001c,len:9632
ho 0 tail 12 room 4
load:0x40078000,len:22476
csum err:0x74!=0xff
ets_main.c 371
Code: Select all
espefuse.py v2.6
Connecting....
EFUSE_NAME Description = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Security fuses:
FLASH_CRYPT_CNT Flash encryption mode counter = 0 R/W (0x0)
FLASH_CRYPT_CONFIG Flash encryption config (key tweak bits) = 0 R/W (0x0)
CONSOLE_DEBUG_DISABLE Disable ROM BASIC interpreter fallback = 1 R/W (0x1)
ABS_DONE_0 secure boot enabled for bootloader = 0 R/W (0x0)
ABS_DONE_1 secure boot abstract 1 locked = 0 R/W (0x0)
JTAG_DISABLE Disable JTAG = 0 R/W (0x0)
DISABLE_DL_ENCRYPT Disable flash encryption in UART bootloader = 0 R/W (0x0)
DISABLE_DL_DECRYPT Disable flash decryption in UART bootloader = 0 R/W (0x0)
DISABLE_DL_CACHE Disable flash cache in UART bootloader = 0 R/W (0x0)
BLK1 Flash encryption key
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLK2 Secure boot key
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLK3 Variable Block 3
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
So, what am I missing here?
Thanks,
Jason