Fatal error ESP32S2 after Secure Boot Experiments

stan-k
Posts: 4
Joined: Mon Aug 14, 2023 8:48 pm

Fatal error ESP32S2 after Secure Boot Experiments

Postby stan-k » Sun Feb 18, 2024 6:18 pm

Is there a solution to restore an ESP32-S2-Saola-1 board that has become unflashable after Secure Boot experiments?

I'm unable to flash anything onto it now:
A fatal error occurred: Failed to connect to ESP32-S2: Wrong boot mode detected (0x0)! The chip needs to be in download mode.

Last main.c:

Code: Select all


#include <stdio.h>
#include "esp_log.h"
#include "esp_efuse.h"
#include "esp_efuse_table.h"
#include "esp_secure_boot.h"

static const char *TAG = "app";

void app_main(void)
{

    REG_WRITE(ESP_EFUSE_SECURE_BOOT_EN, 0);
    REG_WRITE(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD, 0);

    esp_efuse_reset();
    
    esp_efuse_disable_rom_download_mode();

    const uint32_t hw_sec_version = esp_efuse_read_secure_version();
    ESP_LOGW(TAG, "New firmware security version is less than eFuse programmed, %"PRIu32, hw_sec_version);

    ESP_LOGW(TAG, "efuse_ll_get_secure_boot_v2_en() = %d", efuse_ll_get_secure_boot_v2_en());
    ESP_LOGW(TAG, "esp_efuse_read_field_bit(ESP_EFUSE_SECURE_BOOT_EN) = %d", esp_efuse_read_field_bit(ESP_EFUSE_SECURE_BOOT_EN));
    ESP_LOGW(TAG, "esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MODE) = %d", esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MODE));
    ESP_LOGW(TAG, "esp_efuse_read_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD) = %d", esp_efuse_read_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD));

}
Logs:

Code: Select all

idf.py monitor
/Users/user/esp/esp-idf/tools/check_python_dependencies.py:12: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
  import pkg_resources
Executing action: monitor
Running idf_monitor in directory /Users/user/app
Executing "/Users/user/.espressif/python_env/idf5.1_py3.11_env/bin/python /Users/user/esp/esp-idf/tools/idf_monitor.py -p /dev/cu.usbserial-1140 -b 115200 --toolchain-prefix xtensa-esp32s2-elf- --target esp32s2 /Users/user/app/build/app.elf -m '/Users/user/.espressif/python_env/idf5.1_py3.11_env/bin/python' '/Users/user/esp/esp-idf/tools/idf.py'"...
--- idf_monitor on /dev/cu.usbserial-1140 115200 ---
--- Quit: Ctrl+] | Menu: Ctrl+T | Help: Ctrl+T followed by Ctrl+H ---
d PC:0x40000340
0x40000340: _UserExceptionVector in ROM

Download bESP-ROM:esp32s2-rc4-20191025
Build:Oct 25 2019
rst:0x1 (POWERON),boot:0x8 (SPI_FAST_FLASH_BOOT)
SPIWP:0xee
mode:DIO, clock div:1
Valid secure boot key blocks: 0
secure boot verification succeeded
load:0x3ffe6108,len:0x17c4
load:0x4004b000,len:0x4
load:0x4004b004,len:0xab4
load:0x4004f000,len:0x3160
entry 0x4004b1c4
I (45) boot: ESP-IDF v5.1 2nd stage bootloader
I (45) boot: compile time Feb 18 2024 18:52:23
I (45) boot: chip revision: v0.0
I (49) boot.esp32s2: SPI Speed      : 80MHz
I (53) boot.esp32s2: SPI Mode       : DIO
I (58) boot.esp32s2: SPI Flash Size : 2MB
I (63) boot: Enabling RNG early entropy source...
I (68) boot: Partition Table:
I (72) boot: ## Label            Usage          Type ST Offset   Length
I (79) boot:  0 nvs              WiFi data        01 02 0000b000 00006000
I (87) boot:  1 phy_init         RF data          01 01 00011000 00001000
I (94) boot:  2 factory          factory app      00 00 00020000 00100000
I (102) boot: End of partition table
I (106) esp_image: segment 0: paddr=00020020 vaddr=3f000020 size=091b4h ( 37300) map
I (122) esp_image: segment 1: paddr=000291dc vaddr=3ffbf120 size=01970h (  6512) load
I (124) esp_image: segment 2: paddr=0002ab54 vaddr=40024000 size=054c4h ( 21700) load
I (137) esp_image: segment 3: paddr=00030020 vaddr=40080020 size=15110h ( 86288) map
I (157) esp_image: segment 4: paddr=00045138 vaddr=400294c4 size=05c50h ( 23632) load
I (169) boot: Loaded app from partition at offset 0x20000
I (169) boot: Disabling RNG early entropy source...
I (180) cpu_start: Unicore app
I (180) cache: Instruction cache        : size 8KB, 4Ways, cache line size 32Byte
I (181) cache: Data cache               : size 8KB, 4Ways, cache line size 32Byte
I (188) cpu_start: Pro cpu up.
I (212) cpu_start: Pro cpu start user code
I (212) cpu_start: cpu freq: 160000000 Hz
I (212) cpu_start: Application information:
I (215) cpu_start: Project name:     app
I (220) cpu_start: App version:      4193328-dirty
I (226) cpu_start: Compile time:     Feb 18 2024 18:52:13
I (232) cpu_start: ELF file SHA256:  2fda029ff1086329...
Warning: checksum mismatch between flashed and built applications. Checksum of built application is 6741ac1a3e1047791d9edf01fccbe1dbce0d28d715e3a7c87346c61077293a89
I (238) cpu_start: ESP-IDF:          v5.1
I (242) cpu_start: Min chip rev:     v0.0
I (247) cpu_start: Max chip rev:     v1.99 
I (252) cpu_start: Chip rev:         v0.0
I (257) heap_init: Initializing. RAM available for dynamic allocation:
I (264) heap_init: At 3FFC13C0 len 0003AC40 (235 KiB): DRAM
I (270) heap_init: At 3FFFC000 len 00003A10 (14 KiB): DRAM
I (276) heap_init: At 3FF9E000 len 00002000 (8 KiB): RTCRAM
I (283) spi_flash: detected chip: generic
I (287) spi_flash: flash io: dio
W (291) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the size in the binary image header.
I (305) app_start: Starting scheduler on CPU0
I (309) main_task: Started on CPU0
I (309) main_task: Calling app_main()
W (309) app: New firmware security version is less than eFuse programmed, 0
W (319) app: efuse_ll_get_secure_boot_v2_en() = 1
W (329) app: esp_efuse_read_field_bit(ESP_EFUSE_SECURE_BOOT_EN) = 1
W (329) app: esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MODE) = 1
W (339) app: esp_efuse_read_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD) = 1
I (349) main_task: Returned from app_main()

Nespressif
Posts: 76
Joined: Tue Sep 12, 2017 11:25 am

Re: Fatal error ESP32S2 after Secure Boot Experiments

Postby Nespressif » Mon Feb 19, 2024 1:16 pm

Hi, run the command to get the efuse status report and then post it here.

https://docs.espressif.com/projects/esp ... ml#summary

Greetings

ESP_flying_raijin
Posts: 25
Joined: Tue Aug 13, 2019 2:03 pm

Re: Fatal error ESP32S2 after Secure Boot Experiments

Postby ESP_flying_raijin » Tue Feb 20, 2024 10:43 am

Hi stan-k,

As Nespressif has suggested, are you able to obtain the eFuse summary, can you share it with us?

I am sharing a link to a similar issue faced on esp32 https://github.com/espressif/esptool/issues/741 Can you see if the steps given there help your use-case?

Thanks,
Aditya

stan-k
Posts: 4
Joined: Mon Aug 14, 2023 8:48 pm

Re: Fatal error ESP32S2 after Secure Boot Experiments

Postby stan-k » Wed Feb 21, 2024 11:06 pm

Nespressif wrote:
Mon Feb 19, 2024 1:16 pm
Hi, run the command to get the efuse status report and then post it here.
Hello Nespressif, there is the log:

Code: Select all

espefuse.py --port=$ESPPORT --chip=esp32s2 summary
espefuse.py v4.7.dev1
Connecting......................................

A fatal error occurred: Failed to connect to ESP32-S2: Wrong boot mode detected (0x0)! The chip needs to be in download mode.
For troubleshooting steps visit: https://docs.espressif.com/projects/esptool/en/latest/troubleshooting.html
Please make sure that you have specified the right port with the --port argument
ESP_flying_raijin wrote:
Tue Feb 20, 2024 10:43 am
I am sharing a link to a similar issue faced on esp32 https://github.com/espressif/esptool/issues/741 Can you see if the steps given there help your use-case?
Hi Aditya, thank you for replay.

I wanted to disable secure boot, I didn't have access to efuse via `espefuse.py` so I tried the `esp_efuse_reset();` function in main.c without success. After that I added (accidentally) `esp_efuse_disable_rom_download_mode();` to main.c and the device stopped flashing.

Looks like it is only the software code makes the development board unusable. btw I use esptool.py v4.7.dev1

ESP_flying_raijin
Posts: 25
Joined: Tue Aug 13, 2019 2:03 pm

Re: Fatal error ESP32S2 after Secure Boot Experiments

Postby ESP_flying_raijin » Thu Feb 22, 2024 7:54 am

Hi stan-k

I see.
Since Secure Boot is a security feature on which the root of trust depends completely, hence it is not possible to disable secure boot once it is enabled for the device.
After you have disabled the ROM DL mode then the espefuse script would not work with the chip. So no more eFuse related operations can be performed through external scripts.
Thanks,
Aditya

Nespressif
Posts: 76
Joined: Tue Sep 12, 2017 11:25 am

Re: Fatal error ESP32S2 after Secure Boot Experiments

Postby Nespressif » Thu Feb 22, 2024 10:04 am

stan-k wrote:
Wed Feb 21, 2024 11:06 pm
After that I added (accidentally) `esp_efuse_disable_rom_download_mode();` to main.c and the device stopped flashing.

Looks like it is only the software code makes the development board unusable. btw I use esptool.py v4.7.dev1
Hello, I think that by disabling the uart rom download mode, your SoC has been blocked and you can't connect via cable.

Sorry

Who is online

Users browsing this forum: atx823, Majestic-12 [Bot] and 248 guests