[Tool Release] FLASH_DOWNLOAD_TOOL

[Dzhest]

I have some questions about using FLASH_DOWNLOAD_TOOL in production.
Start conditions:
1. We have a pre-signed and pre-encrypted binary for the bootloader, partition table, and factory app.
2. We are using 192-bit keys for flash encryption and secure boot.
3. We need to burn to eFuse some additional parameters, that are not listed at security.conf file and this part of manual
- burn_efuse FLASH_CRYPT_CONFIG 0xF
- burn_efuse CODING_SCHEME 1
- burn_efuse FLASH_CRYPT_CNT
- write_protect_efuse FLASH_CRYPT_CNT
- burn_efuse CONSOLE_DEBUG_DISABLE
- burn_efuse ABS_DONE_0
4. Also, we need to log all console out from espefuse.py and esptool.py to separate files for every controller (_MAC_ADDRESS_-flash.log and _MAC_ADDRESS_-efuse.log for example).

Now we are using this bash script to flash FW end burn eFuse. There is no handling for esptool and espefuse exit codes yet, and its work fine, but only for single programmer setup.

Code: Select all

#!/bin/bash

# SET PATH TO ESP TOOLS AND PROGRAMMER
ESP_TOOL_PATH=/home/user/esptool
FLASH_CONN_PARAM=" --chip esp32 --port /dev/ttyUSB1 --baud 2000000"
EFUSE_CONN_PARAM="/espefuse.py -b 115200 -p /dev/ttyUSB1 --do-not-confirm"

# DON'T TOUCH IT!
RESET_PARAM=" --before default_reset --after hard_reset "
FLASH_PARAM=" -z --flash_mode dio --flash_freq 40m --flash_size detect"
PAYLOAD=" 0x0 fw/enc/bootloader-digest_192_enc_192.bin 0x8000 fw/enc/partitions_16MB_sign_enc_192.bin 0x10000 fw/enc/firmware_sign_enc_192.bin"

function burn_efuse {
	MAC_DOTED=$($ESP_TOOL_PATH/esptool.py$FLASH_CONN_PARAM flash_id | grep MAC | cut -c 6-)
	MAC="${MAC_DOTED//:}"
	echo "$MAC" $(date "+%F %T.%3N %z") >> LOGS/efuse.log
	exec >  >(tee -ia LOGS/"$MAC"_efuse.log)
	exec 2> >(tee -ia LOGS/"$MAC"_efuse.log >&2)
	echo "========================"
	echo "burn_efuse script START"
	echo "TARGET: "$MAC
	echo "========================"
	date "+%F %T.%3N %z"
	$ESP_TOOL_PATH$EFUSE_CONN_PARAM burn_efuse FLASH_CRYPT_CONFIG 0xF
	echo "Exit Code: $?"
	echo "========================"
	date "+%F %T.%3N %z"
	$ESP_TOOL_PATH$EFUSE_CONN_PARAM burn_efuse CODING_SCHEME 1
	echo "Exit Code: $?"
	echo "========================"
	date "+%F %T.%3N %z"
	$ESP_TOOL_PATH$EFUSE_CONN_PARAM burn_key flash_encryption crypt/flash_encryption_key_192.bin
	echo "Exit Code: $?"
	echo "========================"
	date "+%F %T.%3N %z"
	$ESP_TOOL_PATH$EFUSE_CONN_PARAM burn_key secure_boot crypt/secure_boot_digest_private_key_192.bin
	echo "Exit Code: $?"
	echo "========================"
	date "+%F %T.%3N %z"
	$ESP_TOOL_PATH$EFUSE_CONN_PARAM burn_efuse FLASH_CRYPT_CNT
	echo "Exit Code: $?"
	echo "========================"
	date "+%F %T.%3N %z"
	$ESP_TOOL_PATH$EFUSE_CONN_PARAM write_protect_efuse FLASH_CRYPT_CNT
	echo "Exit Code: $?"
	echo "========================"
	date "+%F %T.%3N %z"
	$ESP_TOOL_PATH$EFUSE_CONN_PARAM burn_efuse DISABLE_DL_ENCRYPT
	echo "Exit Code: $?"
	echo "========================"
	date "+%F %T.%3N %z"
	$ESP_TOOL_PATH$EFUSE_CONN_PARAM burn_efuse DISABLE_DL_DECRYPT
	echo "Exit Code: $?"
	echo "========================"
	date "+%F %T.%3N %z"
	$ESP_TOOL_PATH$EFUSE_CONN_PARAM burn_efuse DISABLE_DL_CACHE
	echo "Exit Code: $?"
	echo "========================"
	date "+%F %T.%3N %z"
	$ESP_TOOL_PATH$EFUSE_CONN_PARAM burn_efuse JTAG_DISABLE
	echo "Exit Code: $?"
	echo "========================"
	date "+%F %T.%3N %z"
	$ESP_TOOL_PATH$EFUSE_CONN_PARAM burn_efuse CONSOLE_DEBUG_DISABLE
	echo "Exit Code: $?"
	echo "========================"
	date "+%F %T.%3N %z"
	$ESP_TOOL_PATH$EFUSE_CONN_PARAM burn_efuse ABS_DONE_0
	echo "Exit Code: $?"
	echo "========================"
	echo "burn_efuse script END"
	date "+%F %T.%3N %z"
	echo "========================"
	echo -e '\n'
	echo "########################"
	echo -e '\n'
	exec >/dev/tty
	exec 2>/dev/tty
	$ESP_TOOL_PATH/esptool.py$FLASH_CONN_PARAM run
	echo -e '\n'
	echo "########################"
	echo -e '\n'
	return 0
}

function flash_fw {
	MAC_DOTED=$($ESP_TOOL_PATH/esptool.py$FLASH_CONN_PARAM flash_id | grep MAC | cut -c 6-)
	MAC="${MAC_DOTED//:}"
	echo "$MAC" $(date "+%F %T.%3N %z") >> LOGS/flash.log
	exec >  >(tee -ia LOGS/"$MAC"_flash.log)
	exec 2> >(tee -ia LOGS/"$MAC"_flash.log >&2)
	echo "========================"
	echo "flash_fw script START"
	echo "TARGET: "$MAC
	date "+%F %T.%3N %z"
	echo "========================"
	echo "ERASE FLASH START"
	date "+%F %T.%3N %z"
	echo "========================"
	$ESP_TOOL_PATH/esptool.py$FLASH_CONN_PARAM erase_flash
	echo "========================"
	echo "ERASE FLASH END, Exit Code: $?"
	date "+%F %T.%3N %z"
	echo "========================"
	echo "WRITE FLASH START"
	date "+%F %T.%3N %z"
	echo "========================"
	$ESP_TOOL_PATH/esptool.py$FLASH_CONN_PARAM$RESET_PARAM write_flash$FLASH_PARAM$PAYLOAD
	echo "========================"
	echo "WRITE FLASH END, Exit Code: $?"
	date "+%F %T.%3N %z"
	echo "========================"
	echo "flash_pix script END"
	date "+%F %T.%3N %z"
	echo "========================"
	echo -e '\n'
	echo "########################"
	echo -e '\n'
	exec >/dev/tty
	exec 2>/dev/tty
	return 0
}

echo "====================================="
echo "Choose action comfirmation type:"
echo "1) execute immediately"
echo "2) press <ENTER> to comfirm"
echo "====================================="
echo -e "Please type code and press <ENTER> \c"
read conf_type
echo "Action comfirmation type: "$conf_type

while : 
do
	echo "=== WHAT I CAN DO FOR YOU, MASTER? ==="
	echo "1) flash fw"
	echo "2) burn eFuse"
	echo "3) flash fw & burn eFuse"
	echo "4) EXIT"
	echo "====================================="
	if [[ $conf_type == 1 ]]; then
		echo -e "Please type code \c"
		read -n 1 c
		echo ''
	else
		echo -e "Please type code and press <ENTER> \c"
		read c
	fi
	echo "executing code: "$c
	case $c in
		1) flash_fw;;
		2) burn_efuse;;
		3) burn_efuse; flash_fw;;
		4) exit
	esac
done

According to this workflow scheme
it looks like FLASH_DOWNLOAD_TOOL requires not-signed and not-encrypted bin images will re-sign and re-encrypt them every time. And it is not clear, does it can burn additional efuses and work with 192-bit keys.

So, the questions are:
1. Can FLASH_DOWNLOAD_TOOL be configured for our conditions?
2. If not - can you provide the source code of FLASH_DOWNLOAD_TOOL for customization.
3. Additional question - we are using the ESP-prog programmer, from Linux PC we can flash at 2M baud, but from WIN10 PC only 1.152.000 baud can be chosen. Is it possible to set up higher baud rate on WIN10 PC?

[rudi ;-)]

Released 2019.6.17
Win Flash Download Tool ( ESP8266 & ESP32 )
V3.6.6_0 online

flash_download_tools_v3.6.6_0.zip

(13.54 MiB) Downloaded 1740 times

best wishes
rudi

[johnkel]

Hi,
I have a similar issue as @Dzhest had. I pre-encrypted all binaries and the flash encryption key and related fuse have been burnt.
The ESP download tool dose not allow download the binaries. the tool checks the flash encryption and secure boot fuse.
If these fuse are burnt, it is not possible to download.
I can download using esptool.py but one device at a time.
Is there any option to skip the efuse ckeck? or can you make one to skip the efuse check?

[Jaman82]

Where can I download the source code for the download tool?

[Ritesh]

Where can I download the source code for the download tool?

Hello,

I think there won't be any source code for this flash download tool because it is just for flashing binary into ESP32 Chip or modules.

So, Would you please let me know that why you need source code for ESP32 Flash Download Tool? Because I believe you can source code for other tool or script like esptool.py and other flashing scripts.

[martins]

Not sure about Jaman, but I've come across two scenarios when the source code could be usefull:

1) Making minor adjustments to fit customized production better (less likely)
2) Using it as a guide to create custom production tool, possibly also multi-platform (more likely)