I have the latest combination of ESP-IDF (ESP-IDF Pre-release v3.2-beta3), MYSYS and arduino libraries -all setup working very well on Windows OS. All installed on 1st of march, 2019. I also use latest version of esptool 2.6.
I have made an ESP32 to run a fully operational app-ota example with secure boot + flash encryption. I have tried both "One-time Flash" and "Reflashable" secure boot variants. Both successfully.
Steps I've taken:
1. created .PEM file:
Code: Select all
espsecure.py generate_signing_key secure_boot_signing_key.pem
Code: Select all
espsecure.py digest_private_key --keyfile secure_boot_signing_key.pem --keylen 256 my_flash_encryption_key.bin
sdkconfig:
Code: Select all
# Security features
CONFIG_SECURE_SIGNED_ON_BOOT=y
CONFIG_SECURE_SIGNED_ON_UPDATE=y
CONFIG_SECURE_SIGNED_APPS=y
CONFIG_SECURE_BOOT_ENABLED=y
CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH=y
CONFIG_SECURE_BOOTLOADER_REFLASHABLE=
CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=y
CONFIG_SECURE_BOOT_SIGNING_KEY="secure_boot_signing_key.pem"
CONFIG_SECURE_BOOT_INSECURE=
CONFIG_FLASH_ENCRYPTION_ENABLED=y
CONFIG_FLASH_ENCRYPTION_INSECURE=
Code: Select all
nvs, data, nvs, 0x9000, 0x5000,
otadata, data, ota, 0xe000, 0x2000,
app0, app, ota_0, 0x10000, 0x140000,
app1, app, ota_1, 0x150000,0x140000,
eeprom, data, 0x99, 0x290000,0x1000,
storage, data, spiffs, 0x291000,0xA0000,
5.
Code: Select all
esptool.py --chip esp32 --port COM15 --baud 921600 --before default_reset --after no_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size detect 0x1000 bootloader.bin
7.
Code: Select all
esptool.py --chip esp32 --port COM15 --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size detect 0xe000 ota_data_initial.bin 0x10000 app-ota-template.bin 0x8000 partitions.bin
This works all great.
Some more Arduino similarities: I use Arduino IDE for programming and to make .BIN files. I use the same partition table. The normal command for flashing Arduino without any security would look like:
Code: Select all
esptool.exe --chip esp32 --port COM13 --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size detect 0xe000 partitions/boot_app0.bin 0x1000 tools/sdk/bin/bootloader_dio_80m.bin 0x10000 ArdBLA.ino.bin 0x8000 ArdBLA.ino.partitions.bin
The problem I have is, if I use my ArdBLA.ino.bin file at the step 7 for flashing at 0x10000 the program does not work.
No luck with both untouched(=unencrypted) and pre-encyrpted with command:
Code: Select all
espsecure.py encrypt_flash_data --keyfile my_flash_encryption_key.bin --address 0x10000 -o ArdBLA_encoded.bin ArdBLA.ino.bin
No luck.
Rok Rodic alias GreenEyedExplorer
https://www.youtube.com/channel/UCIOIhh ... LB0azJmd8w
http://www.rodic.si
Some references I've used along the way:
https://docs.espressif.com/projects/esp ... t-started/
https://github.com/espressif/arduino-es ... mponent.md
https://docs.espressif.com/projects/esp ... -boot.html
https://docs.espressif.com/projects/esp ... ption.html
https://docs.espressif.com/projects/esp ... ables.html
https://github.com/espressif/esptool/wi ... read-error
http://bbs.esp32.com/viewtopic.php?t=6457
https://www.esp32.com/viewtopic.php?t=4994
https://github.com/espressif/arduino-esp32/issues/1387