flash加密问题咨询【已解决】

xinhaojie
Posts: 57
Joined: Wed Feb 23, 2022 10:56 am

flash加密问题咨询【已解决】

Postby xinhaojie » Tue Jun 07, 2022 11:36 am

环境:win11 vscode IDF4.4.1 使用ESP32S2官方那个开发板

我在官方例程中使用flash_encryption 例程测试时,不打开flash加密选项烧录运行都没有问题(打开了efuse虚拟功能)。在打开flash加密功能后,编译通过后在烧录时就提示key未编程。但是我在看官方文档时并没有提示需要编程密钥。官方文档中说明是esp32会在启动的时候自动生成密钥并加密分区。我是用的是ESP32S2.烧写输入日志如下。

esptool.py v3.3-dev
Serial port COM18
Connecting....
Chip is ESP32-S2
Features: WiFi, No Embedded Flash, No Embedded PSRAM, ADC and temperature sensor calibration in BLK2 of efuse V2
Crystal is 40MHz
MAC: 84:f7:03:c6:88:82
Uploading stub...
Running stub...
Stub running...
Changing baud rate to 460800
Changed.
Configuring flash size...
Auto-detected Flash size: 4MB
Flash encryption key is not programmed

A fatal error occurred: Can't perform encrypted flash write, consult Flash Encryption documentation for more information
终端进程“D:\software\Espressif\python_env\idf4.4_py3.8_env\Scripts\python.exe 'D:\software\Espressif\frameworks\esp-idf-v4.4.1\components\esptool_py\esptool\esptool.py', '-p', 'COM18', '-b', '460800', '--before', 'default_reset', '--after', 'no_reset', '--chip', 'esp32s2', 'write_flash', '--flash_mode', 'dio', '--flash_freq', '80m', '--flash_size', 'detect', '0x9000', 'partition_table/partition-table.bin', '--encrypt-files', '0x20000', 'flash_encryption.bin', '0x1000', 'bootloader/bootloader.bin'”已终止,退出代码: 2。
Last edited by xinhaojie on Wed Aug 31, 2022 2:21 am, edited 2 times in total.

xinhaojie
Posts: 57
Joined: Wed Feb 23, 2022 10:56 am

Re: flash加密问题咨询

Postby xinhaojie » Wed Jun 08, 2022 2:31 am

有遇到相同问题的么,给回复一下呗。

xinhaojie
Posts: 57
Joined: Wed Feb 23, 2022 10:56 am

Re: flash加密问题咨询

Postby xinhaojie » Thu Jun 09, 2022 3:40 am

有人吗?

xinhaojie
Posts: 57
Joined: Wed Feb 23, 2022 10:56 am

Re: flash加密问题咨询

Postby xinhaojie » Thu Jun 09, 2022 10:30 am

我又重新开了个新测试项目。直接打开了加密,什么也没改,还是现象一样,要求编程加密key。。。。。大佬们有人给看下吗。。。。

xinhaojie
Posts: 57
Joined: Wed Feb 23, 2022 10:56 am

Re: flash加密问题咨询

Postby xinhaojie » Fri Jun 10, 2022 12:49 am

??? 是我问的哪里有问题么,官方有给解决下的不。。。

xinhaojie
Posts: 57
Joined: Wed Feb 23, 2022 10:56 am

Re: flash加密问题咨询

Postby xinhaojie » Fri Jun 10, 2022 3:01 am

QQ截图20220610110015.png
QQ截图20220610110015.png (259.82 KiB) Viewed 5494 times
求官方技术给看看,实在是找不到解决办法了。。。

xinhaojie
Posts: 57
Joined: Wed Feb 23, 2022 10:56 am

Re: flash加密问题咨询

Postby xinhaojie » Mon Jun 13, 2022 6:08 am

有人给看看吗

ESP_WangYX
Posts: 97
Joined: Mon Jun 28, 2021 12:48 pm

Re: flash加密问题咨询

Postby ESP_WangYX » Mon Jun 13, 2022 6:13 am

请使用 `espefuse.py summary`命令查看设备的 efuse,确认 flash 加密相关的 efuse 位已经正确烧写:https://docs.espressif.com/projects/esp ... ant-efuses
贴图请附上使用的烧录命令。

xinhaojie
Posts: 57
Joined: Wed Feb 23, 2022 10:56 am

Re: flash加密问题咨询

Postby xinhaojie » Mon Jun 13, 2022 8:12 am

espefuse.py -p COM17 summary
Connecting....
Detecting chip type... Unsupported detection protocol, switching and trying again...
Detecting chip type... ESP32-S2
espefuse.py v3.3-dev

=== Run "summary" command ===
EFUSE_NAME (Block) Description = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Calibration fuses:
TEMP_SENSOR_CAL (BLOCK2) Temperature calibration = -0.4 R/W (0b100000100)
ADC1_MODE0_D2 (BLOCK2) ADC1 calibration 1 = 76 R/W (0x13)
ADC1_MODE1_D2 (BLOCK2) ADC1 calibration 2 = 84 R/W (0x15)
ADC1_MODE2_D2 (BLOCK2) ADC1 calibration 3 = 92 R/W (0x17)
ADC1_MODE3_D2 (BLOCK2) ADC1 calibration 4 = 116 R/W (0x1d)
ADC2_MODE0_D2 (BLOCK2) ADC2 calibration 5 = 40 R/W (0x0a)
ADC2_MODE1_D2 (BLOCK2) ADC2 calibration 6 = 48 R/W (0x0c)
ADC2_MODE2_D2 (BLOCK2) ADC2 calibration 7 = 56 R/W (0x0e)
ADC2_MODE3_D2 (BLOCK2) ADC2 calibration 8 = 80 R/W (0x14)
ADC1_MODE0_D1 (BLOCK2) ADC1 calibration 9 = 20 R/W (0b000101)
ADC1_MODE1_D1 (BLOCK2) ADC1 calibration 10 = 20 R/W (0b000101)
ADC1_MODE2_D1 (BLOCK2) ADC1 calibration 11 = 16 R/W (0b000100)
ADC1_MODE3_D1 (BLOCK2) ADC1 calibration 12 = 8 R/W (0b000010)
ADC2_MODE0_D1 (BLOCK2) ADC2 calibration 13 = 24 R/W (0b000110)
ADC2_MODE1_D1 (BLOCK2) ADC2 calibration 14 = 16 R/W (0b000100)
ADC2_MODE2_D1 (BLOCK2) ADC2 calibration 15 = 12 R/W (0b000011)
ADC2_MODE3_D1 (BLOCK2) ADC2 calibration 16 = 8 R/W (0b000010)

Config fuses:
DIS_RTC_RAM_BOOT (BLOCK0) Disables boot from RTC RAM = False R/W (0b0)
DIS_ICACHE (BLOCK0) Disables ICache = False R/W (0b0)
DIS_DCACHE (BLOCK0) Disables DCache = False R/W (0b0)
DIS_DOWNLOAD_ICACHE (BLOCK0) Disables Icache when SoC is in Download mode = False R/W (0b0)
DIS_DOWNLOAD_DCACHE (BLOCK0) Disables Dcache when SoC is in Download mode = False R/W (0b0)
DIS_FORCE_DOWNLOAD (BLOCK0) Disables forcing chip into Download mode = False R/W (0b0)
DIS_CAN (BLOCK0) Disables the TWAI Controller hardware = False R/W (0b0)
DIS_BOOT_REMAP (BLOCK0) Disables capability to Remap RAM to ROM address sp = False R/W (0b0)
ace
FLASH_TPUW (BLOCK0) Configures flash startup delay after SoC power-up, = 0 R/W (0x0)
unit is (ms/2). When the value is 15, delay is 7.
5 ms
DIS_LEGACY_SPI_BOOT (BLOCK0) Disables Legacy SPI boot mode = False R/W (0b0)
UART_PRINT_CHANNEL (BLOCK0) Selects the default UART for printing boot msg = UART0 R/W (0b0)
DIS_USB_DOWNLOAD_MODE (BLOCK0) Disables use of USB in UART download boot mode = False R/W (0b0)
UART_PRINT_CONTROL (BLOCK0) Sets the default UART boot message output mode = Enabled R/W (0b00)
FLASH_TYPE (BLOCK0) Selects SPI flash type = 4 data lines R/W (0b0)
FORCE_SEND_RESUME (BLOCK0) Forces ROM code to send an SPI flash resume comman = False R/W (0b0)
d during SPI boot
BLOCK_USR_DATA (BLOCK3) User data
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Efuse fuses:
WR_DIS (BLOCK0) Disables programming of individual eFuses = 0 R/W (0x00000000)
RD_DIS (BLOCK0) Disables software reading from BLOCK4-10 = 0 R/W (0b0000000)

Identity fuses:
BLOCK0_VERSION (BLOCK0) BLOCK0 efuse version = 0 R/W (0b00)
SECURE_VERSION (BLOCK0) Secure version (used by ESP-IDF anti-rollback feat = 0 R/W (0x0000)
ure)
MAC (BLOCK1) Factory MAC Address
= 34:b4:72:6a:10:26 (OK) R/W
WAFER_VERSION (BLOCK1) WAFER version = A R/W (0b000)
FLASH_VERSION (BLOCK1) Flash version = No Embedded Flash R/W (0x0)
BLOCK1_VERSION (BLOCK1) BLOCK1 efuse version = 0 R/W (0b000)
PSRAM_VERSION (BLOCK1) PSRAM version = No Embedded PSRAM R/W (0x0)
PKG_VERSION (BLOCK1) Package version = ESP32-S2 R/W (0x0)
OPTIONAL_UNIQUE_ID (BLOCK2) Optional unique 128-bit ID
= d4 17 28 0c dd 53 ea 55 81 c4 13 22 61 07 10 0b R/W
BLOCK2_VERSION (BLOCK2) Version of BLOCK2
= With ADC calibration V1 R/W (0b001)
CUSTOM_MAC (BLOCK3) Custom MAC Address
= 00:00:00:00:00:00 (OK) R/W

Security fuses:
SOFT_DIS_JTAG (BLOCK0) Software disables JTAG. When software disabled, JT = False R/W (0b0)
AG can be activated temporarily by HMAC peripheral
HARD_DIS_JTAG (BLOCK0) Hardware disables JTAG permanently = False R/W (0b0)
DIS_DOWNLOAD_MANUAL_ENCRYPT (BLOCK0) Disables flash encryption when in download boot mo = False R/W (0b0)
des
SPI_BOOT_CRYPT_CNT (BLOCK0) Enables encryption and decryption, when an SPI boo = Disable R/W (0b000)
t mode is set. Enabled when 1 or 3 bits are set,di
sabled otherwise
SECURE_BOOT_KEY_REVOKE0 (BLOCK0) If set, revokes use of secure boot key digest 0 = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE1 (BLOCK0) If set, revokes use of secure boot key digest 1 = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE2 (BLOCK0) If set, revokes use of secure boot key digest 2 = False R/W (0b0)
KEY_PURPOSE_0 (BLOCK0) KEY0 purpose = USER R/W (0x0)
KEY_PURPOSE_1 (BLOCK0) KEY1 purpose = USER R/W (0x0)
KEY_PURPOSE_2 (BLOCK0) KEY2 purpose = USER R/W (0x0)
KEY_PURPOSE_3 (BLOCK0) KEY3 purpose = USER R/W (0x0)
KEY_PURPOSE_4 (BLOCK0) KEY4 purpose = USER R/W (0x0)
KEY_PURPOSE_5 (BLOCK0) KEY5 purpose = USER R/W (0x0)
SECURE_BOOT_EN (BLOCK0) Enables secure boot = False R/W (0b0)
SECURE_BOOT_AGGRESSIVE_REVOKE (BLOCK0) Enables aggressive secure boot key revocation mode = False R/W (0b0)
DIS_DOWNLOAD_MODE (BLOCK0) Disables all Download boot modes = False R/W (0b0)
ENABLE_SECURITY_DOWNLOAD (BLOCK0) Enables secure UART download mode (read/write flas = False R/W (0b0)
h only)
BLOCK_KEY0 (BLOCK4)
Purpose: USER
Encryption key0 or user data
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY1 (BLOCK5)
Purpose: USER
Encryption key1 or user data
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY2 (BLOCK6)
Purpose: USER
Encryption key2 or user data
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK_KEY3 (BLOCK7)
Purpose: USER
Encryption key3 or user data
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
DIS_USB (BLOCK0) Disables the USB OTG hardware = False R/W (0b0)
USB_EXCHG_PINS (BLOCK0) Exchanges USB D+ and D- pins = False R/W (0b0)
EXT_PHY_ENABLE (BLOCK0) Enables external USB PHY = False R/W (0b0)
USB_FORCE_NOPERSIST (BLOCK0) Forces to set USB BVALID to 1 = False R/W (0b0)

Vdd_Spi Config fuses:
VDD_SPI_FORCE (BLOCK0) Force using VDD_SPI_XPD and VDD_SPI_TIEH to config = False R/W (0b0)
ure VDD_SPI LDO
VDD_SPI_XPD (BLOCK0) The VDD_SPI regulator is powered on = False R/W (0b0)
VDD_SPI_TIEH (BLOCK0) The VDD_SPI power supply voltage at reset = Connect to 1.8V LDO R/W (0b0)
PIN_POWER_SELECTION (BLOCK0) Sets default power supply for GPIO33..37, set when = VDD3P3_CPU R/W (0b0)
SPI flash is initialized

Wdt Config fuses:
WDT_DELAY_SEL (BLOCK0) Selects RTC WDT timeout threshold at startup = 0 R/W (0b00)

Flash voltage (VDD_SPI) determined by GPIO45 on reset (GPIO45=High: VDD_SPI pin is powered from internal 1.8V LDO
GPIO45=Low or NC: VDD_SPI pin is powered directly from VDD3P3_RTC_IO via resistor Rspi. Typically this voltage is 3.3 V).


烧写指令:D:/software/Espressif/python_env/idf4.4_py3.8_env/Scripts/python.exe D:\software\Espressif\frameworks\esp-idf-v4.4.1\components\esptool_py\esptool\esptool.py -p COM17 -b 460800 --before default_reset --after hard_reset --chip esp32s2 write_flash --flash_mode dio --flash_freq 80m --flash_size detect 0x20000 flash_encryption.bin 0x1000 bootloader/bootloader.bin 0x9000 partition_table/partition-table.bin
PS:我是用的是windows 下VSCODE 中ESP_IDF带的烧写工具直接烧写的

我的主要疑惑点:文档中国有如下提示,并且在efuse备注哪里有(上表中列出的所有 eFuse 位都提供读/写访问控制。
这些位的默认值是 0。)的提示。我的理解是只要打开闪存加密,并且efuse的出厂状态就可以正常测试闪存加密历程对不?
(开发模式
在开发过程中,可使用 ESP32-S3 内部生成的密钥或外部主机生成的密钥进行 flash 加密。
使用 ESP32-S3 生成的密钥
开发模式允许用户使用固件下载模式下载多个明文镜像。
测试 flash 加密过程需完成以下步骤:
确保您的 ESP32-S3 设备有 相关 eFuses 中所示的 flash 加密 eFuse 的默认设置。
请参考如何检查 ESP32-S3 flash 加密状态。)

ESP_WangYX
Posts: 97
Joined: Mon Jun 28, 2021 12:48 pm

Re: flash加密问题咨询

Postby ESP_WangYX » Mon Jun 13, 2022 12:20 pm

从该设备的 efuse 来看,目前尚未使能 flash 加密。请通过 idf.py menuconfig -> security 选择启用 flash 加密,然后使用 idf.py flash monitor 烧录固件,若正常启用 flash 加密,可以在 log 中看到 flash encryption enabled 的类似提示。通过 menuconfig 进行使能 flash 加密后,再次通过 espefuse.py summary 查看设备 efuse,可以看到相关的 efuse 已经自动烧写,代表已经成功使能 flash 加密。
关于 flash 加密 develop 模式和 release 模式的说明参考:https://docs.espressif.com/projects/esp ... figuration

Who is online

Users browsing this forum: Google [Bot] and 52 guests