"OTA data partition invalid, will try all partitions" error when flashing pre-encrypted applications

[bewatermyfriendxd]

Hello,

Im currently working on a project where I am flashing the device with pre-encrypted data.

I burned the key to the efuse.
Also I burned the efuses FLASH_CRYPT_CONFIG with 0xF and FLASH_CRYPT_CNT to avoid double encryption.

This is my boot-log:

Code: Select all

I (58) boot: Partition Table:
I (61) boot: ## Label            Usage          Type ST Offset   Length
I (69) boot:  0 nvs              WiFi data        01 02 00011000 00020000
I (76) boot:  1 nvs_calib        WiFi data        01 02 00031000 00002000
I (83) boot:  2 phy_init         RF data          01 01 00033000 00001000
I (91) boot:  3 ota_data         OTA data         01 00 00034000 00002000
I (98) boot:  4 ota_data1        OTA data         01 00 00036000 00002000
I (106) boot:  5 fwebui0          Unknown data     01 82 00040000 00060000
I (113) boot:  6 fwebui1          Unknown data     01 82 000a0000 00060000
I (121) boot:  7 fimage0          OTA app          00 10 00100000 00150000
I (129) boot:  8 fimage1          OTA app          00 11 00250000 00150000
I (136) boot:  9 aimage0          OTA app          00 12 00400000 00300000
I (144) boot: 10 awebui0          Unknown data     01 82 00700000 00060000
I (151) boot: 11 aimage1          OTA app          00 13 00760000 00300000
I (159) boot: 12 awebui1          Unknown data     01 82 00a60000 00060000
I (166) boot: 13 adata            Unknown data     01 82 00ac0000 00540000

Further log is:

I (174) boot: End of partition table
I (178) boot: Check AppImage before booting
E (183) boot: ota data partition invalid and no factory, will try all partitions
I (191) boot: ---------Selected AppImage: 2
...
I (1180) esp_image: Verifying image signature... 400000 affb0
I (1596) boot: Loaded app from partition at offset 0x400000
I (1596) boot: Checking secure boot...

I already built the project with encryption disabled and flashed plain text data.
In this case I got no error, while still having the same partitions and apps.

From checking out the source code, the error is generated during this function: bootloader_utility_get_selected_boot_partition

How is validation performed and why am I getting this error ?
The app is still booting afterwards.

I'll appreciate any help. Thanks for the support.

[ESP_Angus]

The OTA data partition needs to be encrypted as well, or it looks like random bytes to the bootloader (decryption result of whatever is there now, probably all 0xFFs if newly erased). The behaviour will be the same as if the OTA data partition was empty (all 0xFFs), ie default partition will be booted. After the first time an OTA update writes to the OTA data partition, it will contain valid (encrypted) data.

So your options are:

1. Do nothing, ignore the error and it will go away after the first OTA update.
or
2. Pre-encrypt an OTA data partition and flash it (either a valid one, or encrypt 8192 bytes of 0xFF and write this)

BTW, your partition table seems to have two OTA data partitions. Only one is needed, the other one will probably be ignored.

[bewatermyfriendxd]

Thanks for helping me Angus. I also encountered some advices from you regarding encryption / secure boot topic in some other threads and they were a great help. Very helpful forum.