Issue when trying flash Application program in Reflashable secure boot in esp-idf version 3.3.2
Posted: Thu Mar 04, 2021 8:18 am
Issue when trying Reflashable secure boot in esp-idf version 3.3.2
Hello Guys,
I m trying to do a secure boot in the reflashable mode with the hello_world example program.
I followed these steps.
1. I created pem certificate with this command
2. In make menuconfig, i given the name of the pem certificate
as per this pdf pg no 16.https://www.crysys.hu/publications/file ... n20bsc.pdf
3. after this I use command
Log:
[Codebox]horsemann@Raghav:~/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world$ make bootloader
Toolchain path: /home/horsemann/Desktop/WorkSpace/esp_toolchain/xtensa-esp32-elf/bin/xtensa-esp32-elf-gcc
WARNING: Toolchain version is not supported: crosstool-ng-1.22.0-80-g6c4433a
Expected to see version: crosstool-ng-1.22.0-97-gc752ad5
Please check ESP-IDF setup instructions and update the toolchain, or proceed at your own risk.
Compiler version: 5.2.0
GENCONFIG
App "hello-world" version: v3.3.4-428-gd8082b7f3-dirty
WARNING: Toolchain version is not supported: crosstool-ng-1.22.0-80-g6c4433a
Expected to see version: crosstool-ng-1.22.0-97-gc752ad5
Please check ESP-IDF setup instructions and update the toolchain, or proceed at your own risk.
CC build/bootloader/bootloader_support/src/bootloader_flash.o
CC build/bootloader/bootloader_support/src/flash_qio_mode.o
CC build/bootloader/bootloader_support/src/bootloader_flash_config.o
CC build/bootloader/bootloader_support/src/secure_boot_signatures.o
CC build/bootloader/bootloader_support/src/bootloader_init.o
CC build/bootloader/bootloader_support/src/bootloader_common.o
CC build/bootloader/bootloader_support/src/secure_boot.o
CC build/bootloader/bootloader_support/src/bootloader_clock.o
CC build/bootloader/bootloader_support/src/bootloader_random.o
CC build/bootloader/bootloader_support/src/flash_partitions.o
CC build/bootloader/bootloader_support/src/esp_image_format.o
CC build/bootloader/bootloader_support/src/bootloader_sha.o
CC build/bootloader/bootloader_support/src/flash_encrypt.o
CC build/bootloader/bootloader_support/src/bootloader_utility.o
espsecure.py v2.9-dev
/home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/my_secure_boot_signing_key.pem public key extracted to /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader_support/signature_verification_key.bin
EMBED build/bootloader/bootloader_support/signature_verification_key.bin.bin.o
AR build/bootloader/bootloader_support/libbootloader_support.a
CC build/bootloader/log/log.o
AR build/bootloader/log/liblog.a
CC build/bootloader/spi_flash/spi_flash_rom_patch.o
AR build/bootloader/spi_flash/libspi_flash.a
CC build/bootloader/micro-ecc/micro-ecc/uECC.o
AR build/bootloader/micro-ecc/libmicro-ecc.a
CC build/bootloader/soc/esp32/rtc_pm.o
CC build/bootloader/soc/esp32/rtc_periph.o
CC build/bootloader/soc/esp32/cpu_util.o
CC build/bootloader/soc/esp32/sdmmc_periph.o
CC build/bootloader/soc/esp32/rtc_wdt.o
CC build/bootloader/soc/esp32/soc_memory_layout.o
CC build/bootloader/soc/esp32/sdio_slave_periph.o
CC build/bootloader/soc/esp32/rtc_init.o
CC build/bootloader/soc/esp32/spi_periph.o
CC build/bootloader/soc/esp32/rtc_clk_init.o
CC build/bootloader/soc/esp32/gpio_periph.o
CC build/bootloader/soc/esp32/rtc_sleep.o
CC build/bootloader/soc/esp32/rtc_time.o
CC build/bootloader/soc/esp32/rtc_clk.o
CC build/bootloader/soc/src//memory_layout_utils.o
AR build/bootloader/soc/libsoc.a
CC build/bootloader/main/bootloader_start.o
AR build/bootloader/main/libmain.a
CC build/bootloader/efuse/esp32/esp_efuse_table.o
CC build/bootloader/efuse/src/esp_efuse_api.o
CC build/bootloader/efuse/src/esp_efuse_utility.o
CC build/bootloader/efuse/src/esp_efuse_fields.o
AR build/bootloader/efuse/libefuse.a
LD build/bootloader/bootloader.elf
esptool.py v2.9-dev
Python requirements from /home/horsemann/Desktop/WorkSpace/esp/esp-idf/requirements.txt are satisfied.
espsecure.py v2.9-dev
SHA-256 digest of private key /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/my_secure_boot_signing_key.pem written to /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/secure-bootloader-key-256.bin
DIGEST bootloader-reflash-digest.bin
espsecure.py v2.9-dev
Using 256-bit key
digest+image written to /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader-reflash-digest.bin
*******************************************************************************
Bootloader built and secure digest generated. First time flash command is:
python /home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/esptool_py/esptool/espefuse.py burn_key secure_boot /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/secure-bootloader-key-256.bin
python /home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size detect 0x1000 /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader.bin
*******************************************************************************
To reflash the bootloader after initial flash:
python /home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size detect 0x0 /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader-reflash-digest.bin
*******************************************************************************
* After first boot, only re-flashes of this kind (with same key) will be accepted.
* Not recommended to re-use the same secure boot keyfile on multiple production devices.
[/Codebox]
5. I burn and flash the bootloader as given in this instruction.
6. after that when I try to build and flash the hello_world program. It gave me some error.
Log:
[Codebox]horsemann@Raghav:~/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world$ make flash
Toolchain path: /home/horsemann/Desktop/WorkSpace/esp_toolchain/xtensa-esp32-elf/bin/xtensa-esp32-elf-gcc
WARNING: Toolchain version is not supported: crosstool-ng-1.22.0-80-g6c4433a
Expected to see version: crosstool-ng-1.22.0-97-gc752ad5
Please check ESP-IDF setup instructions and update the toolchain, or proceed at your own risk.
Compiler version: 5.2.0
Python requirements from /home/horsemann/Desktop/WorkSpace/esp/esp-idf/requirements.txt are satisfied.
Building partitions from /home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/partition_table/partitions_singleapp.csv...
usage: espsecure sign_data [-h] --version {1,2} --keyfile KEYFILE [KEYFILE ...] [--output OUTPUT] datafile
espsecure sign_data: error: the following arguments are required: --version/-v
make: *** [/home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/partition_table/Makefile.projbuild:53: /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/partitions_singleapp.bin] Error 2[/Codebox]
I didn't understand what to do now.
Can anyone help me?
Thanks in advance
Hello Guys,
I m trying to do a secure boot in the reflashable mode with the hello_world example program.
I followed these steps.
1. I created pem certificate with this command
Code: Select all
openssl ecparam -name prime256v1 -genkey -noout -out my_secure_boot_signing_key.pem.pem
as per this pdf pg no 16.https://www.crysys.hu/publications/file ... n20bsc.pdf
3. after this I use command
Code: Select all
make bootloader
[Codebox]horsemann@Raghav:~/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world$ make bootloader
Toolchain path: /home/horsemann/Desktop/WorkSpace/esp_toolchain/xtensa-esp32-elf/bin/xtensa-esp32-elf-gcc
WARNING: Toolchain version is not supported: crosstool-ng-1.22.0-80-g6c4433a
Expected to see version: crosstool-ng-1.22.0-97-gc752ad5
Please check ESP-IDF setup instructions and update the toolchain, or proceed at your own risk.
Compiler version: 5.2.0
GENCONFIG
App "hello-world" version: v3.3.4-428-gd8082b7f3-dirty
WARNING: Toolchain version is not supported: crosstool-ng-1.22.0-80-g6c4433a
Expected to see version: crosstool-ng-1.22.0-97-gc752ad5
Please check ESP-IDF setup instructions and update the toolchain, or proceed at your own risk.
CC build/bootloader/bootloader_support/src/bootloader_flash.o
CC build/bootloader/bootloader_support/src/flash_qio_mode.o
CC build/bootloader/bootloader_support/src/bootloader_flash_config.o
CC build/bootloader/bootloader_support/src/secure_boot_signatures.o
CC build/bootloader/bootloader_support/src/bootloader_init.o
CC build/bootloader/bootloader_support/src/bootloader_common.o
CC build/bootloader/bootloader_support/src/secure_boot.o
CC build/bootloader/bootloader_support/src/bootloader_clock.o
CC build/bootloader/bootloader_support/src/bootloader_random.o
CC build/bootloader/bootloader_support/src/flash_partitions.o
CC build/bootloader/bootloader_support/src/esp_image_format.o
CC build/bootloader/bootloader_support/src/bootloader_sha.o
CC build/bootloader/bootloader_support/src/flash_encrypt.o
CC build/bootloader/bootloader_support/src/bootloader_utility.o
espsecure.py v2.9-dev
/home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/my_secure_boot_signing_key.pem public key extracted to /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader_support/signature_verification_key.bin
EMBED build/bootloader/bootloader_support/signature_verification_key.bin.bin.o
AR build/bootloader/bootloader_support/libbootloader_support.a
CC build/bootloader/log/log.o
AR build/bootloader/log/liblog.a
CC build/bootloader/spi_flash/spi_flash_rom_patch.o
AR build/bootloader/spi_flash/libspi_flash.a
CC build/bootloader/micro-ecc/micro-ecc/uECC.o
AR build/bootloader/micro-ecc/libmicro-ecc.a
CC build/bootloader/soc/esp32/rtc_pm.o
CC build/bootloader/soc/esp32/rtc_periph.o
CC build/bootloader/soc/esp32/cpu_util.o
CC build/bootloader/soc/esp32/sdmmc_periph.o
CC build/bootloader/soc/esp32/rtc_wdt.o
CC build/bootloader/soc/esp32/soc_memory_layout.o
CC build/bootloader/soc/esp32/sdio_slave_periph.o
CC build/bootloader/soc/esp32/rtc_init.o
CC build/bootloader/soc/esp32/spi_periph.o
CC build/bootloader/soc/esp32/rtc_clk_init.o
CC build/bootloader/soc/esp32/gpio_periph.o
CC build/bootloader/soc/esp32/rtc_sleep.o
CC build/bootloader/soc/esp32/rtc_time.o
CC build/bootloader/soc/esp32/rtc_clk.o
CC build/bootloader/soc/src//memory_layout_utils.o
AR build/bootloader/soc/libsoc.a
CC build/bootloader/main/bootloader_start.o
AR build/bootloader/main/libmain.a
CC build/bootloader/efuse/esp32/esp_efuse_table.o
CC build/bootloader/efuse/src/esp_efuse_api.o
CC build/bootloader/efuse/src/esp_efuse_utility.o
CC build/bootloader/efuse/src/esp_efuse_fields.o
AR build/bootloader/efuse/libefuse.a
LD build/bootloader/bootloader.elf
esptool.py v2.9-dev
Python requirements from /home/horsemann/Desktop/WorkSpace/esp/esp-idf/requirements.txt are satisfied.
espsecure.py v2.9-dev
SHA-256 digest of private key /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/my_secure_boot_signing_key.pem written to /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/secure-bootloader-key-256.bin
DIGEST bootloader-reflash-digest.bin
espsecure.py v2.9-dev
Using 256-bit key
digest+image written to /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader-reflash-digest.bin
*******************************************************************************
Bootloader built and secure digest generated. First time flash command is:
python /home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/esptool_py/esptool/espefuse.py burn_key secure_boot /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/secure-bootloader-key-256.bin
python /home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size detect 0x1000 /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader.bin
*******************************************************************************
To reflash the bootloader after initial flash:
python /home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size detect 0x0 /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader-reflash-digest.bin
*******************************************************************************
* After first boot, only re-flashes of this kind (with same key) will be accepted.
* Not recommended to re-use the same secure boot keyfile on multiple production devices.
[/Codebox]
5. I burn and flash the bootloader as given in this instruction.
6. after that when I try to build and flash the hello_world program. It gave me some error.
Log:
[Codebox]horsemann@Raghav:~/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world$ make flash
Toolchain path: /home/horsemann/Desktop/WorkSpace/esp_toolchain/xtensa-esp32-elf/bin/xtensa-esp32-elf-gcc
WARNING: Toolchain version is not supported: crosstool-ng-1.22.0-80-g6c4433a
Expected to see version: crosstool-ng-1.22.0-97-gc752ad5
Please check ESP-IDF setup instructions and update the toolchain, or proceed at your own risk.
Compiler version: 5.2.0
Python requirements from /home/horsemann/Desktop/WorkSpace/esp/esp-idf/requirements.txt are satisfied.
Building partitions from /home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/partition_table/partitions_singleapp.csv...
usage: espsecure sign_data [-h] --version {1,2} --keyfile KEYFILE [KEYFILE ...] [--output OUTPUT] datafile
espsecure sign_data: error: the following arguments are required: --version/-v
make: *** [/home/horsemann/Desktop/WorkSpace/esp/esp-idf/components/partition_table/Makefile.projbuild:53: /home/horsemann/Desktop/WorkSpace/esp/esp-idf/examples/get-started/hello_world/build/partitions_singleapp.bin] Error 2[/Codebox]
I didn't understand what to do now.
Can anyone help me?
Thanks in advance