ESP32 WROOM 32E new devices Secure Boot Locked.

Salman Khan
Posts: 4
Joined: Tue Aug 13, 2024 11:58 am

ESP32 WROOM 32E new devices Secure Boot Locked.

Postby Salman Khan » Tue Aug 13, 2024 12:29 pm

I have received new ESP32-WROOM-32E modules from my Vendor in China. I found while programming the same code i was using on NODEMCUs, that these chips were locked and the code was unable to flash due to secure boot enabled. I tried on different environments, Arduino IDE, espressif IDE and ESP-IDF CMD. All give same error: " Secure Boot detected, writing to flash regions < 0x8000 is disabled to protect the bootloader".
I tried by --force, the program flashed but doesn't run the program. I Reset the device to factory bootloader but no luck.
I have compared the eFuses of the ESP32-WROOM32 in the dev kit Versus the new ESP32-WROOM-32E chip. The new chip has secure boot Efuse already burned, means that the bootloader and partition tables are permanent and not changeable plus the encryption key seems to be already burned. I am attaching the screenshots of both.
As per vendor, these are original chips.
Need assistance. thanks
Attachments
Image_20240813170908.png
NEW ESP32 chips with Secure Boot Enabled.
Image_20240813170908.png (41.26 KiB) Viewed 1811 times
Image_20240813170919.png
Development Kits ESP32. Programmable
Image_20240813170919.png (47.03 KiB) Viewed 1811 times

ESP_Sprite
Posts: 9708
Joined: Thu Nov 26, 2015 4:08 am

Re: ESP32 WROOM 32E new devices Secure Boot Locked.

Postby ESP_Sprite » Wed Aug 14, 2024 5:26 am

Not sure what happened there. Any chance you can post a close-up image of the module shield, with the text and qr code on there readable? I know we sell some variations of modules that are already tied into some cloud ecosystem (e.g. Amazon) and as such are locked down from the factory, but to my knowledge the ESP32-Wroom-32E is not amongst those.

Salman Khan
Posts: 4
Joined: Tue Aug 13, 2024 11:58 am

Re: ESP32 WROOM 32E new devices Secure Boot Locked.

Postby Salman Khan » Thu Aug 15, 2024 9:31 am

I have attached pictures of two devices. If there is any problems with scanning, I will share the scanned codes.
Attachments
WROOM 32E Module 2.jpg
Module 2
WROOM 32E Module 2.jpg (145.62 KiB) Viewed 1624 times
WROOM 32E Module 1.jpg
Module 1
WROOM 32E Module 1.jpg (110.15 KiB) Viewed 1624 times

ESP_Sprite
Posts: 9708
Joined: Thu Nov 26, 2015 4:08 am

Re: ESP32 WROOM 32E new devices Secure Boot Locked.

Postby ESP_Sprite » Fri Aug 16, 2024 7:14 am

Thanks! Those modules are customized, like I expected: they were flashed with firmware provided by a customer (and supposedly locked as well) and then sent to the customer to build into products. There's no way to push your own firmware to them, unfortunately. (Fwiw, production date of these modules is a fair while ago, somewhere in late 2021, so I think these were either leftover modules from the manufacturing process that were thrown away and then fished out of the garbage, or scavenged from broken devices.)

Salman Khan
Posts: 4
Joined: Tue Aug 13, 2024 11:58 am

Re: ESP32 WROOM 32E new devices Secure Boot Locked.

Postby Salman Khan » Fri Aug 16, 2024 5:45 pm

It is concerning if ESPs can be obtained from factory faulty-leftovers, as this raises questions about Espressif's manufacturing standards. :shock:

The Vendor sent me their stocked Original ESP32 Package from espressif and doesn't understand or want to understand the issue, Says they have sold to others and have got no complains like this. Attached Images. Can you verify the lot?
Attachments
Image_20240816145230.jpg
Image_20240816145230.jpg (196.52 KiB) Viewed 1435 times
Image_20240816145226.jpg
Image_20240816145226.jpg (202.42 KiB) Viewed 1435 times
Image_20240816145215.jpg
Image_20240816145215.jpg (231.9 KiB) Viewed 1435 times

ESP_Sprite
Posts: 9708
Joined: Thu Nov 26, 2015 4:08 am

Re: ESP32 WROOM 32E new devices Secure Boot Locked.

Postby ESP_Sprite » Sat Aug 17, 2024 5:57 am

Salman Khan wrote:
Fri Aug 16, 2024 5:45 pm
It is concerning if ESPs can be obtained from factory faulty-leftovers, as this raises questions about Espressif's manufacturing standards. :shock:
These are not faulty, nor is this an issue with Espressifs manufacturing standards. What happened is that a customer ordered custom-programmed ESP32-Wroom modules, and we dutifully sent them to the customer. From there on, the customer is responsible for what they do with the module: some customers (e.g. ones that provide cloud functionality) sell them on the open market and provide an API on how to configure the otherwise locked firmware. Some customers use the modules in their own products, and they're not intended to re-appear on the open market. Whatever the case is, it seems that these modules made it on the open market from one of our customers (or their customers, or factories, or whatever), not directly from Espressif.

I get that it's frustrating that you have been sold locked modules, and if there is anything I can do to convince the seller that these are not usable, feel free to poke me in private (email: jeroen at espressif dot com)

I'll ask my colleague to verify if these reels are all from the same batch; I'll probably hear back from them next week. I can at least see the modules seem to be: their MACs start with E8C1D7 and that is not an Espressif OID. Espressif MACs start with one of these OIDs. The sticker on the reel has a sealing date that also matches the manufacturing date of the two modules I looked up to within a couple of days; more indication that the whole reel is like that.

Could be that your vendor has received a bunch of normal ESP reels with some of these mixed in; wouldn't be the first time that shady people mix 'broken' or otherwise unusable components into a batch in order to make some extra profit.

Salman Khan
Posts: 4
Joined: Tue Aug 13, 2024 11:58 am

Re: ESP32 WROOM 32E new devices Secure Boot Locked.

Postby Salman Khan » Sat Aug 17, 2024 7:39 am

Thank you for clearing out the issue. From the previous comment it seemed that people had access to scraps from espressif. It think that you are right on people mixing up the ESPs to get more profit or it could be that my vendor was deceived by another one.

I have checked the Link and all ESPs belong to Philips. and they would definitely prevent people to program and do their code on to their own smart devices.
Attachments
MAC ID Philips.png
MAC ID Philips.png (85.59 KiB) Viewed 1402 times

ESP_Sprite
Posts: 9708
Joined: Thu Nov 26, 2015 4:08 am

Re: ESP32 WROOM 32E new devices Secure Boot Locked.

Postby ESP_Sprite » Sun Aug 18, 2024 6:18 am

Salman Khan wrote:
Sat Aug 17, 2024 7:39 am
Thank you for clearing out the issue. From the previous comment it seemed that people had access to scraps from espressif.
Ah, re-reading that, I can see the issue. I meant manufacturing of the customers widgets, but obviously you can also interpret it as manufacturing of the modules. Sorry for the confusion there.

Who is online

Users browsing this forum: Google [Bot] and 47 guests