secure boot check fail" in ESP32 when using Secure Boot and Flash Encryption

[Raghav Jha]

Hello

I m trying the secure boot with flash encryption in esp-idf v3.3. I followed the step describe in the documents.
And encrypted the bootloader, partition table, OTA, and aws_demos but still, I m getting the "secure boot check fail error".

Let me tell you the steps.
1. make menuconfig,
in menuconfg, I set the partition offset to 0x1000 and enable secure boot and flash encryption, and passed the certificate.
2. make -j4

Code: Select all

python /home/horsemann/Desktop/WorkSpace/SecureBootTest/vendors/espressif/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size detect 0x1a000 /home/horsemann/Desktop/WorkSpace/SecureBootTest/vendors/espressif/boards/esp32/aws_demos/build/ota_data_initial.bin 0x20000 /home/horsemann/Desktop/WorkSpace/SecureBootTest/vendors/espressif/boards/esp32/aws_demos/build/aws_demos.bin 0x10000 /home/horsemann/Desktop/WorkSpace/SecureBootTest/vendors/espressif/boards/esp32/aws_demos/build/partition-table.bin

3.make bootloader

Code: Select all

*******************************************************************************
Bootloader built and secure digest generated. First time flash command is:
python /home/horsemann/Desktop/WorkSpace/SecureBootTest/vendors/espressif/esp-idf/components/esptool_py/esptool/espefuse.py burn_key secure_boot /home/horsemann/Desktop/WorkSpace/SecureBootTest/vendors/espressif/boards/esp32/aws_demos/build/bootloader/secure-bootloader-key-256.bin
python /home/horsemann/Desktop/WorkSpace/SecureBootTest/vendors/espressif/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size detect 0x1000 /home/horsemann/Desktop/WorkSpace/SecureBootTest/vendors/espressif/boards/esp32/aws_demos/build/bootloader/bootloader.bin
*******************************************************************************
To reflash the bootloader after initial flash:
python /home/horsemann/Desktop/WorkSpace/SecureBootTest/vendors/espressif/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 80m --flash_size detect 0x0 /home/horsemann/Desktop/WorkSpace/SecureBootTest/vendors/espressif/boards/esp32/aws_demos/build/bootloader/bootloader-reflash-digest.bin

4. After this I reflash the two message.

5. I signed the partition table and aws_demos bin file

Code: Select all

espsecure.py sign_data --version 1 --keyfile ./my_secure_boot_signing_key.pem --output ./build/partition-table_signed.bin ./build/partition-table-unsigned.bin

spsecure.py sign_data --version 1 --keyfile ./my_secure_boot_signing_key.pem --output ./build/aws_demos_signed.bin ./build/aws_demos-unsigned.bin

6. I encrypted the signed partition and aws-demos, ota and bootloader files.

Code: Select all

espsecure.py encrypt_flash_data --keyfile ./my_flash_encryption_key.bin --address 0x1a000 --output ./build/ota_data_initial_encrypted.bin ./build/ota_data_initial.bin

espsecure.py encrypt_flash_data --keyfile ./my_flash_encryption_key.bin --address 0x10000 --output ./build/partition-table_encrypted.bin ./build/partition-table_signed.bin

espsecure.py encrypt_flash_data --keyfile ./my_flash_encryption_key.bin --address 0x20000 --output ./build/aws_demos_encrypted.bin ./build/aws_demos_signed.bin

espsecure.py encrypt_flash_data --keyfile ./my_flash_encryption_key.bin --address 0x1000 --output ./build/bootloader/bootloader_encrypted.bin ./build/bootloader/bootloader.bin

7. flash these encrypted files

Code: Select all

esptool.py --port /dev/ttyUSB0 --baud 115200 write_flash 0x1000 ./build/bootloader/bootloader_encrypted.bin

esptool.py --port /dev/ttyUSB0 --baud 115200 write_flash 0x10000 ./build/partition-table_encrypted.bin

esptool.py --port /dev/ttyUSB0 --baud 115200 write_flash 0x1a000 ./build/ota_data_initial_encrypted.bin

esptool.py --port /dev/ttyUSB0 --baud 115200 write_flash 0x20000 ./build/aws_demos_encrypted.bin

8. make monitor
Error Log:

Code: Select all

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:1
load:0x3fff0018,len:4
load:0x3fff001c,len:10520
load:0x40078000,len:20216
load:0x40080400,len:6592
secure boot check fail
ets_main.c 371 
ets Jun  8 2016 00:22:57

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:1
load:0x3fff0018,len:4
load:0x3fff001c,len:10520
load:0x40078000,len:20216
load:0x40080400,len:6592
secure boot check fail
ets_main.c 371 
ets Jun  8 2016 00:22:57

I check the partition-table.bin files it is

3104 bytes

and I set the offset to

10000.

Previously my first app partition table was

11000.

So, I increase this to 14000 so the

partition_table.bin file + partition table offset is less than the first app partition offset.

Here is the partition file:



Also, I used the same key which I used in a secure boot.

Still, I m getting the secure boot check fail error.

Some doubt which I want clear.

• Does every time we need to make a bootloader?
  Does every time we need to reflash the bootloader?

[WiFive]

Encrypt bootloader-reflash-digest.bin and flash it to 0x0

[Raghav Jha]

Hello
I encrypt the bootloader-reflash-digest.bin and flash it 0x0 but still, the same error is coming.

[ESP_Angus]

Hi Raghav,

Sorry to hear you're having problems making this work correctly.

The "secure boot check fail" message means that the digest in flash doesn't match the bootloader binary as read out from flash. So the problem is unlikely to be related to partition table offset, unless you flashed the partition table after you flashed the bootloader (in which case it might have overwritten the tail end of the bootloader binary).

The fact you can see sensible address ranges "load:0x40080400,len:6592", etc. suggests that the bootloader in flash is encrypted correctly.

If you burn the encrypted bootloader-digest.bin (which has both bootloader and digest together) at offset 0x0, and don't flash anything after this (to rule out overwriting part of the bootloader), then do you see the exact same output as posted above? (i.e. Multiple "load:" lines with similar addresses and lengths, and then the "secure boot check fail" message)?

[Raghav Jha]

Thanks, @ ESP_Angus for your reply.
I tried to flash bootloader-digest.bin at 0x00 and it worked.
I have some doubt which I want to clear for flash encryption and flash boot.
1. Now I encrypted the bootloader-digest.bin and flashed at 0x00 and it worked. So, is we need to flash only bootloader-digest.bin, not bootloader.bin file?
2. Does every time we need to make a bootloader?
3. Does every time we need to reflash the bootloader?
4. when last time I flash the bootloader-digest.bin and it worked that time I did not signed the partition table unsigned file and aws_demos unsigned file. But it worked. So, do we need to signed that partition table and aws_demos files? What does this signed mean?

[ESP_Angus]

Hi Raghav,

Glad you got everything working.

Thanks, @ ESP_Angus for your reply.
I tried to flash bootloader-digest.bin at 0x00 and it worked.
I have some doubt which I want to clear for flash encryption and flash boot.
1. Now I encrypted the bootloader-digest.bin and flashed at 0x00 and it worked. So, is we need to flash only bootloader-digest.bin, not bootloader.bin file?

That's right, the digest file includes the bootloader contents appended to it. I think flashing both should also work (it will erase and then re-write the bootloader contents. However this is unnecessary and if some command line arguments are used to change the bootloader header (like override the flash size) then this will break the digest as the binary has changed (leading to "secure boot check fail").

2. Does every time we need to make a bootloader?
3. Does every time we need to reflash the bootloader?

You shouldn't need to reflash the bootloader at all unless you changed something in the Security or bootloader configuration that requires a new bootloader. You can flash only the app, instead.

4. when last time I flash the bootloader-digest.bin and it worked that time I did not signed the partition table unsigned file and aws_demos unsigned file. But it worked. So, do we need to signed that partition table and aws_demos files? What does this signed mean?

The partition table doesn't need to be signed. This was the case for some older ESP-IDF versions (so we still sign it for compatibility with older bootloaders), but it doesn't need to be signed now.

The app .bin file needs to be signed and a bootloader built with Secure Boot support enabled should check the signature before it boots the app. The signature is used to verify the authenticity of the app.

[Raghav Jha]

Thanks for the explanation.

I was trying to update the firmware using OTA in the secure boot and flash encryption. But it getting some error.

Log:

Code: Select all

[Codebox=text file=Untitled.txt]1192 23313 [OTA Agent Task] [prvIngestDataBlock] Received final expected block of file.
1193 23313 [OTA Agent Task] [prvStopRequestTimer] Stopping request timer.
1194 23383 [iot_thread] State: WaitingForFileBlock Received: 256 Queued: 0 Processed: 0 Dropped: 0
Current Epoch Time: [ 1622486891 ]
Epoch Start Time: [ 1622486668 ]
Value of config bootloader num pin factory reset 0
1195 23416 [OTA Agent Task] [prvIngestDataBlock] File receive complete and signature is valid.
1196 23416 [OTA Agent Task] [prvStopRequestTimer] Stopping request timer.
1197 23416 [OTA Agent Task] [prvUpdateJobStatus_Mqtt] Msg: {"status":"IN_PROGRESS","statusDetails":{"self_test":"ready","updatedBy":"0x1020024"}}
1198 23416 [OTA Agent Task] [INFO ][MQTT][234160] (MQTT connection 0x3ffb5f30) MQTT PUBLISH operation queued.
1199 23416 [OTA Agent Task] [INFO ][MQTT][234160] (MQTT connection 0x3ffb5f30, PUBLISH operation 0x3ffd8028) Waiting for operation completion.
E (234600) esp_image: image at 0x180000 has invalid magic byte
E (234600) boot_comm: mismatch chip ID, expected 0, found 32025
E (234600) boot_comm: can't run on lower chip revision, expected 1, found 37
W (234610) esp_image: image at 0x180000 has invalid SPI mode 103
W (234620) esp_image: image at 0x180000 has invalid SPI size 6
E (234630) ota_pal: aws_esp_ota_end failed![/Codebox]