Yes, if you enable flash encryption then the first boot will generate a device specific key and encrypt the flash using this key. So a subsequent update where you flash an unencrypted binary means that the device no longer boots, as it expects to see encrypted flash.
The good news is, you can remove flash encryption. You can do this (enable then disable encryption) 4 times total, after that you cannot enable flash encryption again.
First, run "make menuconfig" and disable flash encryption in Security Options. This is very important
, or the device will just re-encrypt itself again as soon as you disable encryption. Save the configuration then run "make menuconfig" one more time to be sure flash encryption is disabled correctly! Then run "make flash" to build and flash this new bootloader and app to the ESP32. At this point the ESP32 still won't boot.
Second, run the following command. The espefuse.py command is in the components/esptool_py/esptool directory:
Code: Select all
espefuse.py --port PORT burn_efuse FLASH_CRYPT_CNT
Once you reset the ESP32, it should boot unencrypted.
If you want to update the device while keeping flash encryption on, the steps are in the documentation:
http://esp-idf.readthedocs.io/en/latest ... -procedure
(Bear in mind you can only reflash with encryption on 3 times, before other updates are no longer possible.)
Please read the flash encryption documentation thoroughly before enabling this feature again:
http://esp-idf.readthedocs.io/en/latest ... ption.html
We'll also add a warning to the configuration menu, so it's clear this is a potentially device-bricking feature.