Search found 188 matches

by ESP_Mahavir
Wed Feb 14, 2024 9:30 am
Forum: ESP-IDF
Topic: IDF v4.4 ESP32 secure boot and flash encryption step-by-step
Replies: 17
Views: 7541

Re: IDF v4.4 ESP32 secure boot and flash encryption step-by-step

1.- I imagine that this manual will be valid for any recent version of IDF, I am working with version 5.1.2.??? I ask because it is in the master branch and does not appear in the documentation of the version I use. Yes, the host based security workflow document should apply to ESP-IDF 5.1.2 releas...
by ESP_Mahavir
Wed Feb 14, 2024 8:38 am
Forum: ESP-IDF
Topic: Esp32 blocked: Flash encryption eFuse bit was not enabled in bootloader
Replies: 6
Views: 750

Re: Esp32 blocked: Flash encryption eFuse bit was not enabled in bootloader

Neither of the two chips that I have blocked trying to activate flash encryption and secure boot v2 allow me to connect with espefuse.py Sorry to hear that. This also confirms that UART DL mode is disabled on these chips. For future experiments, please keep `CONFIG_SECURE_INSECURE_ALLOW_DL_MODE` en...
by ESP_Mahavir
Tue Feb 13, 2024 9:21 am
Forum: ESP-IDF
Topic: IDF v4.4 ESP32 secure boot and flash encryption step-by-step
Replies: 17
Views: 7541

Re: IDF v4.4 ESP32 secure boot and flash encryption step-by-step

Hello, Sorry for the delayed reply! In the instructions you shared, I was unable to see a command to flash the bootloader image. Please note that for secure boot enabled case, the default `idf.py flash` won't flash the bootloader on the device. If you could share more information about the eFuse sum...
by ESP_Mahavir
Mon Feb 12, 2024 9:29 am
Forum: ESP-IDF
Topic: Esp32 blocked: Flash encryption eFuse bit was not enabled in bootloader
Replies: 6
Views: 750

Re: Esp32 blocked: Flash encryption eFuse bit was not enabled in bootloader

E (273) flash_encrypt: Flash encryption eFuse bit was not enabled in bootloader but CONFIG_SECURE_FLASH_ENC_ENABLED is on This error indicates that the flash encryption is not yet enabled on this device. Maybe the device was power cycled interim the bootloader was enabling the flash encryption work...
by ESP_Mahavir
Mon Dec 18, 2023 5:22 am
Forum: ESP-IDF
Topic: Cannot disable flash encrytion after enabled it on development mode
Replies: 3
Views: 11845

Re: Cannot disable flash encrytion after enabled it on development mode

Please use the command specified in the docs section here https://docs.espressif.com/projects/esp ... encryption. This will correctly program the `FLASH_CRYPT_CNT` value to disable the flash encryption.
by ESP_Mahavir
Sun Dec 10, 2023 6:37 am
Forum: ESP-IDF
Topic: Correct sequence to apply encrypted flash and secure boot v2
Replies: 6
Views: 8506

Re: Correct sequence to apply encrypted flash and secure boot v2

... and what did you set menuconfig "Secure boot private signing key" to? The path to the file containing the private key. Please go through this guide https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/secure-boot-v2.html#how-to-enable-secure-boot-v2 which gives a step-by-step gu...
by ESP_Mahavir
Thu Dec 07, 2023 5:21 am
Forum: ESP-IDF
Topic: Secure Boot - change public key?
Replies: 3
Views: 2136

Re: Secure Boot - change public key?

Just to add that, some of our recent chips like ESP32-C3, ESP32-S3 do support multiple signing keys in secure boot v2 scheme. Key revocation guide for ESP32-C3 can be found here: https://docs.espressif.com/projects/esp-idf/en/latest/esp32c3/security/secure-boot-v2.html#key-revocation Unfortunately, ...
by ESP_Mahavir
Tue Dec 05, 2023 8:50 am
Forum: ESP-IDF
Topic: Correct sequence to apply encrypted flash and secure boot v2
Replies: 6
Views: 8506

Re: Correct sequence to apply encrypted flash and secure boot v2

Please refer to the guide https://docs.espressif.com/projects/esp ... externally, it should help starting from the key generation to enabling secure boot externally.
by ESP_Mahavir
Fri Nov 17, 2023 11:32 am
Forum: ESP-IDF
Topic: [Resolved] Unabled to burn_efuse FLASH_CRYPT_CNT
Replies: 6
Views: 7255

Re: [Resolved] Unabled to burn_efuse FLASH_CRYPT_CNT

Hello, > Can I somehow return the normal bootloader or force the bootloader from IDF to re-encrypt the firmware so that it works? Yes, since you have enabled the flash encryption in development mode, you can disable it. Please see the following documentation section: https://docs.espressif.com/proje...
by ESP_Mahavir
Tue Oct 24, 2023 10:09 am
Forum: ESP-IDF
Topic: Setting up firmware for production
Replies: 3
Views: 3467

Re: Setting up firmware for production

Hello, How should I handle flash encryption? Please refer to following documentation guides: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/security.html https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/host-based-security-workflows.html First one talks abou...