Invalid header in pre-generated flash encryption

woochang
Posts: 3
Joined: Wed Oct 18, 2023 8:44 am

Invalid header in pre-generated flash encryption

Postby woochang » Fri Oct 20, 2023 2:57 am

Hello, Everyone

My development environment is esp-idf 4.3 & ESP32
The pre-generated encryption binary file was downloaded to UART.
This is the error content.
rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
invalid header: 0x82612d7c

what did i do wrong ?

The procedure I did is as follows.
1) python espsecure.py generate_flash_encryption_key my_flash_encryption_key.bin
2) python espefuse.py --port /dev/ttyUSB0 burn_key flash_encryption my_flash_encryption_key.bin

3) create encrypted files
*******************************************************************************
# ESP-IDF Partition Table
# Name, Type, SubType, Offset, Size, Flags
stnv,data,nvs,0x11000,16K,
nvs,data,nvs,0x15000,16K,
otadata,data,ota,0x19000,8K,
phy_init,data,phy,0x1b000,4K,
nvs_key,data,nvs_keys,0x1c000,4K,encrypted
ota_0,app,ota_0,0x20000,1M,
ota_1,app,ota_1,0x120000,1M,
*******************************************************************************
python ../espsecure.py encrypt_flash_data -k my_flash_encryption_key.bin -o bootloader-en.bin -a 0x1000 bootloader.bin
python ../espsecure.py encrypt_flash_data -k my_flash_encryption_key.bin -o partition-table-en.bin -a 0x10000 partition-table.bin
python ../espsecure.py encrypt_flash_data -k my_flash_encryption_key.bin -o ota_data_initial-en.bin -a 0x19000 ota_data_initial.bin
python ../espsecure.py encrypt_flash_data -k my_flash_encryption_key.bin -o light_example-en.bin -a 0x20000 light_example.bin

4) download via uart
python ../esptool.py --chip esp32 -p /dev/ttyUSB0 -b 460800 --before default_reset --after hard_reset write_flash 0x1000 bootloader-en.bin 0x10000 partition-table-en.bin 0x19000 ota_data_initial-en.bin 0x20000 light_example-en.bin

5) python ../espefuse.py burn_efuse FLASH_CRYPT_CNT

Note 1) espefuse summary
ecurity fuses:
FLASH_CRYPT_CNT (BLOCK0): Flash encryption mode counter = 1 R/W (0b0000001)
UART_DOWNLOAD_DIS (BLOCK0): Disable UART download mode (ESP32 rev3 only) = False R/W (0b0)
FLASH_CRYPT_CONFIG (BLOCK0): Flash encryption config (key tweak bits) = 0 R/W (0x0)
CONSOLE_DEBUG_DISABLE (BLOCK0): Disable ROM BASIC interpreter fallback = True R/W (0b1)
ABS_DONE_0 (BLOCK0): Secure boot V1 is enabled for bootloader image = False R/W (0b0)
ABS_DONE_1 (BLOCK0): Secure boot V2 is enabled for bootloader image = False R/W (0b0)
JTAG_DISABLE (BLOCK0): Disable JTAG = False R/W (0b0)
DISABLE_DL_ENCRYPT (BLOCK0): Disable flash encryption in UART bootloader = False R/W (0b0)
DISABLE_DL_DECRYPT (BLOCK0): Disable flash decryption in UART bootloader = False R/W (0b0)
DISABLE_DL_CACHE (BLOCK0): Disable flash cache in UART bootloader = False R/W (0b0)
BLOCK1 (BLOCK1): Flash encryption key
= ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLOCK2 (BLOCK2): Secure boot key
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK3 (BLOCK3): Variable Block 3
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Note 2) sdkconfig
# Security features
#
# CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT is not set
# CONFIG_SECURE_BOOT is not set
# CONFIG_SECURE_FLASH_ENC_ENABLED is not set
# end of Security features

Best Regards,

Who is online

Users browsing this forum: Google [Bot] and 83 guests