I'm trying to enable secure boot V2 and flash encryption for our project. When flashing the target as described in the secure boot documentation (https://docs.espressif.com/projects/esp ... ot-v2.html) it works.
For production however, we'd like to use the Flash Download Tool v3.8.5. I've setup the tool the same way as without secure boot (bootloader.bin, my_app.bin, ota_data_initial.bin, partition-table.bin), but after flashing, I always get the following output after the first boot:
Code: Select all
I (413) esp_image: Verifying image signature...
I (415) secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set
I (424) secure_boot_v2: Verifying with RSA-PSS...
I (431) secure_boot_v2: Signature verified successfully!
I (446) boot: Loaded app from partition at offset 0x20000
I (446) secure_boot_v2: enabling secure boot v2...
I (447) efuse: Batch mode of writing fields is enabled
I (453) esp_image: segment 0: paddr=00001020 vaddr=3ffe6260 size=0351ch ( 13596)
I (464) esp_image: segment 1: paddr=00004544 vaddr=4004c000 size=00d10h ( 3344)
I (470) esp_image: segment 2: paddr=0000525c vaddr=40050000 size=049f8h ( 18936)
I (482) esp_image: Verifying image signature...
I (483) secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set
I (492) secure_boot_v2: Verifying with RSA-PSS...
Sig block 0 invalid: Image digest does not match
E (501) secure_boot_v2: Secure Boot V2 verification failed.
E (507) esp_image: Secure boot signature verification failed
I (514) esp_image: Calculating simple hash to check for corruption...
E (527) esp_image: Image hash failed - image is corrupt
W (527) esp_image: image corrupted on flash
E (531) secure_boot_v2: bootloader image appears invalid! error 8194
I (538) efuse: Batch mode of writing fields is cancelled
E (544) boot: Secure Boot v2 failed (8194)
E (549) boot: Factory app partition is not bootable
E (555) esp_image: image at 0x160000 has invalid magic byte