[Solved] Secure boot V2 fails

stefano664
Posts: 9
Joined: Tue Feb 02, 2021 8:06 am

[Solved] Secure boot V2 fails

Postby stefano664 » Fri Oct 20, 2023 9:00 am

Good morning,
I encountered a problem during activation of Secure Boot V2 on ESP32-C6.

Here the steps that I followed:
  • From menuconfig I selected Enable hardware Secure Boot in bootloader without Sign binaries during build (because I need to sign with an external HSM;
  • Put key digest in the device with espefuse --port COM10 --chip esp32c6 burn_key_digest BLOCK4 key.pem SECURE_BOOT_DIGEST0;
  • The same with other two keys on BLOCK5 (SECURE_BOOT_DIGEST1) and BLOCK6 (SECURE_BOOT_DIGEST2);
  • Generated executables;
  • Signed binary and application with espsecure sign_data --version 2 --pub-key pubkey.pem --signature signature.der --output file_signed.bin file.bin, the command returns that the signature is valid;
  • Flash bootloader and application on the device.
Fuses on the device are like this:

Code: Select all

Security fuses:
DIS_DOWNLOAD_ICACHE (BLOCK0)                       Represents whether icache is disabled or enabled i = False R/W (0b0)
                                                   n Download mode. 1: disabled. 0: enabled
DIS_FORCE_DOWNLOAD (BLOCK0)                        Represents whether the function that forces chip i = False R/W (0b0)
                                                   nto download mode is disabled or enabled. 1: disab
                                                   led. 0: enabled
SPI_DOWNLOAD_MSPI_DIS (BLOCK0)                     Represents whether SPI0 controller during boot_mod = False R/W (0b0)
                                                   e_download is disabled or enabled. 1: disabled. 0:
                                                    enabled
DIS_DOWNLOAD_MANUAL_ENCRYPT (BLOCK0)               Represents whether flash encrypt function is disab = False R/W (0b0)
                                                   led or enabled(except in SPI boot mode). 1: disabl
                                                   ed. 0: enabled
SPI_BOOT_CRYPT_CNT (BLOCK0)                        Enables flash encryption when 1 or 3 bits are set  = Disable R/W (0b000)
                                                   and disables otherwise
SECURE_BOOT_KEY_REVOKE0 (BLOCK0)                   Revoke 1st secure boot key                         = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE1 (BLOCK0)                   Revoke 2nd secure boot key                         = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE2 (BLOCK0)                   Revoke 3rd secure boot key                         = False R/W (0b0)
KEY_PURPOSE_0 (BLOCK0)                             Represents the purpose of Key0                     = SECURE_BOOT_DIGEST0 R/- (0x9)
KEY_PURPOSE_1 (BLOCK0)                             Represents the purpose of Key1                     = SECURE_BOOT_DIGEST1 R/- (0xa)
KEY_PURPOSE_2 (BLOCK0)                             Represents the purpose of Key2                     = SECURE_BOOT_DIGEST2 R/- (0xb)
KEY_PURPOSE_3 (BLOCK0)                             Represents the purpose of Key3                     = USER R/W (0x0)
KEY_PURPOSE_4 (BLOCK0)                             Represents the purpose of Key4                     = USER R/W (0x0)
KEY_PURPOSE_5 (BLOCK0)                             Represents the purpose of Key5                     = USER R/W (0x0)
SEC_DPA_LEVEL (BLOCK0)                             Represents the spa secure level by configuring the = 0 R/W (0b00)
                                                    clock random divide mode
CRYPT_DPA_ENABLE (BLOCK0)                          Represents whether anti-dpa attack is enabled. 1:e = False R/W (0b0)
                                                   nabled. 0: disabled
SECURE_BOOT_EN (BLOCK0)                            Represents whether secure boot is enabled or disab = False R/W (0b0)
                                                   led. 1: enabled. 0: disabled
SECURE_BOOT_AGGRESSIVE_REVOKE (BLOCK0)             Represents whether revoking aggressive secure boot = False R/W (0b0)
                                                    is enabled or disabled. 1: enabled. 0: disabled
DIS_DOWNLOAD_MODE (BLOCK0)                         Represents whether Download mode is disabled or en = False R/W (0b0)
                                                   abled. 1: disabled. 0: enabled
ENABLE_SECURITY_DOWNLOAD (BLOCK0)                  Represents whether security download is enabled or = False R/W (0b0)
                                                    disabled. 1: enabled. 0: disabled
SECURE_VERSION (BLOCK0)                            Represents the version used by ESP-IDF anti-rollba = 0 R/W (0x0000)
                                                   ck feature
SECURE_BOOT_DISABLE_FAST_WAKE (BLOCK0)             Represents whether FAST VERIFY ON WAKE is disabled = False R/W (0b0)
                                                    or enabled when Secure Boot is enabled. 1: disabl
                                                   ed. 0: enabled
BLOCK_KEY0 (BLOCK4)
  Purpose: SECURE_BOOT_DIGEST0
  Key0 or user data
   = 1d 42 f3 ca 47 54 74 09 e5 49 69 8f 14 6b 41 b0 15 fc 97 70 ca 8f 49 a3 bb b0 2d c8 c7 19 33 1a R/-
BLOCK_KEY1 (BLOCK5)
  Purpose: SECURE_BOOT_DIGEST1
  Key1 or user data
   = 22 d4 07 6a 63 2b f8 6d 9a 2a 3c b4 68 9e 15 68 c3 f8 52 e5 58 4a 6f 3a 2a fe 41 d6 b4 ab 24 bd R/-
BLOCK_KEY2 (BLOCK6)
  Purpose: SECURE_BOOT_DIGEST2
  Key2 or user data
   = 9a 5b 61 6f d5 7e 60 57 4d d3 40 78 9c e6 f5 a4 29 fd 1e 45 db 53 68 a0 c4 3b 29 47 dd ee b3 78 R/-
BLOCK_KEY3 (BLOCK7)
  Purpose: USER
               Key3 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY4 (BLOCK8)
  Purpose: USER
               Key4 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY5 (BLOCK9)
  Purpose: USER
               Key5 or user data
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
The output of the device is:

Code: Select all

001		SPIWP:0xee
002		mode:DIO, clock div:2
003		load:0x4086c410,len:0xcf4
004		load:0x4086e610,len:0x51f0
005		load:0x40875890,len:0x3298
006		entry 0x4086c410
007		I (24) boot: ESP-IDF v5.1.1-dirty 2nd stage bootloader
008		I (25) boot: chip revision: v0.0
009		I (25) boot.esp32c6: SPI Speed      : 80MHz
010		I (27) boot.esp32c6: SPI Mode       : DIO
011		I (32) boot.esp32c6: SPI Flash Size : 4MB
012		I (37) boot: Enabling RNG early entropy source...
013		I (42) boot: Partition Table:
014		I (46) boot: ## Label            Usage          Type ST Offset   Length
015		I (53) boot:  0 nvs              WiFi data        01 02 00011000 00006000
016		I (60) boot:  1 phy_init         RF data          01 01 00017000 00001000
017		I (68) boot:  2 factory          factory app      00 00 00020000 00100000
018		I (75) boot: End of partition table
019		I (80) esp_image: segment 0: paddr=00020020 vaddr=42010020 size=08398h ( 33688) map
020		I (95) esp_image: segment 1: paddr=000283c0 vaddr=40800000 size=07c58h ( 31832) load
021		I (103) esp_image: segment 2: paddr=00030020 vaddr=42000020 size=0ebc8h ( 60360) map
022		I (117) esp_image: segment 3: paddr=0003ebf0 vaddr=40807c58 size=018e4h (  6372) load
023		I (119) esp_image: segment 4: paddr=000404dc vaddr=40809540 size=0117ch (  4476) load
024		I (124) esp_image: segment 5: paddr=00041660 vaddr=00000000 size=0e970h ( 59760)
025		I (143) esp_image: Verifying image signature...
026		I (144) secure_boot_v2: Verifying with RSA-PSS...
027		I (170) secure_boot_v2: Signature verified successfully!
028		I (173) boot: Loaded app from partition at offset 0x20000
029		I (173) secure_boot_v2: enabling secure boot v2...
030		I (177) efuse: Batch mode of writing fields is enabled
031		I (182) esp_image: segment 0: paddr=00000020 vaddr=4086c410 size=00cf4h (  3316)
032		I (191) esp_image: segment 1: paddr=00000d1c vaddr=4086e610 size=051f0h ( 20976)
033		I (203) esp_image: segment 2: paddr=00005f14 vaddr=40875890 size=03298h ( 12952)
034		I (209) esp_image: Verifying image signature...
035		I (213) secure_boot_v2: Verifying with RSA-PSS...
036		I (244) secure_boot_v2: Signature verified successfully!
037		I (244) secure_boot_v2: Secure boot digests already present
038		W (246) secure_boot_v2: Using pre-loaded public key digest in eFuse
039		Signature Check Failed
040		E (276) secure_boot_v2: Secure boot key (0) verification failed.
041		E (277) secure_boot_v2: Application signature block is invalid.
042		I (280) efuse: Batch mode of writing fields is cancelled
043		E (286) boot: Secure Boot v2 failed (-1)
044		E (291) boot: Factory app partition is not bootable
045		E (296) boot: No bootable app partitions in the partition table
046		ESP-ROM:esp32c6-20220919
047		Build:Sep 19 2022
048		rst:0x3 (LP_SW_HPSYS),boot:0x1c (SPI_FAST_FLASH_BOOT)
049		Saved PC:0x4001974a
050		0x4001974a: software_reset in ROM
On line 019 starts the verification of application binary and on line 027 reports that it's ok.

On line 031 starts the verification of bootloader binary and on line 036 reports that it's ok.

But on line 038 starts another verification that fails on line 040. What is verifying? Why fails?

Thanks a lot,
Stefano

stefano664
Posts: 9
Joined: Tue Feb 02, 2021 8:06 am

Re: Secure boot V2 fails

Postby stefano664 » Fri Oct 20, 2023 10:19 am

Solved.
I selected the wrong cryptographic key format.

Who is online

Users browsing this forum: Bing [Bot] and 311 guests