ESP32 Wrover-e Flash encryption

BotondColop
Posts: 19
Joined: Tue May 10, 2022 6:46 am

ESP32 Wrover-e Flash encryption

Postby BotondColop » Tue May 10, 2022 9:01 am

Hi,

I am trying to activate the flash encryption in my project, without any luck.
I need some help.
I am using esp32 Wrover with 16MB flash, and Chip revision 3. I am using Espressif IDF with 4.4.1 and flashing the device with the IDE.

I want encrypt only the Flash content.

I have an partition table with two ota's ota_0 and ota_1 -> I have no factory partition, this is not a requirement to flash encryption or?

I have two additional partition with encrypted flags, I save there some sensitive datas.

I added nvs_key and efuse_em partitions too.

If I use the option Simulate eFuse operation in RAM and Development mode with activated UART ROM Download, I get some log message with the partition will be encrypted and co. If the process ready the bootloader hanging and not start the main program.
See on the picture. Hanging after boot: start: 0x40081768.
This debug message is coming directly after programming first restart the device, after secound restart, I get no output anymore.

There is also some weird thing in the bootloader, i get an error that on ota_1 partition cannot be encrypted, because no magic number. This is true because with the IDE will be OTA_0 written.(OTA_1 stay empty) I tested also to write here the same FW with the download tool from ESP, but the main programm is still not start.

Without flash encryption the program is running without any error.

My questions:

- Is there a setting in the sdk configuration that does not allow encryption? We modified some options, what we needed RAM and Flash speed, and some more options.

- Why does the bootloader not start the main program?

- Is there a program functionality difference between simulate efuse in ram, keep in flash or write it one in efuse?

Thank you in advance.

Best regards,
Botond
Attachments
esp_sec_setup.JPG
esp_sec_setup.JPG (43.03 KiB) Viewed 2895 times
esp_error1.JPG
esp_error1.JPG (76.07 KiB) Viewed 2895 times

ESP_Sprite
Posts: 8926
Joined: Thu Nov 26, 2015 4:08 am

Re: ESP32 Wrover-e Flash encryption

Postby ESP_Sprite » Tue May 10, 2022 9:04 am

Your code is encrypting the flash, but not setting the eFuses as such (as you enabled virtual eFuses), so the ROM tries to execute the code as plaintext but it can't as the actual flash is encrypted.

BotondColop
Posts: 19
Joined: Tue May 10, 2022 6:46 am

Re: ESP32 Wrover-e Flash encryption

Postby BotondColop » Tue May 10, 2022 9:33 am

Thank you, for your reply.

You answered one of my questions, according to them it is not possible to activate flash encryption if we don't program the efus! So both of the options are not usable Simulate or save in the flash.

I tested now without efuse simulation, and i have a different log but still not booting.

Do you have another idea too?
Attachments
esp_error2.JPG
esp_error2.JPG (134.65 KiB) Viewed 2848 times

ESP_Sprite
Posts: 8926
Joined: Thu Nov 26, 2015 4:08 am

Re: ESP32 Wrover-e Flash encryption

Postby ESP_Sprite » Wed May 11, 2022 1:26 am

That looks good to me. What error do you get on booting?

BotondColop
Posts: 19
Joined: Tue May 10, 2022 6:46 am

Re: ESP32 Wrover-e Flash encryption

Postby BotondColop » Wed May 11, 2022 6:59 am

This is everything what i get, after the last message from bootloader nothing happening.

If I do a reset, I get no debug message anymore, and the cpu do nothing. I have now 3 boards, with this problem.

I am using development mode with UART, and I can reflash it, but it still nothing happen after restart. So I can say, this board are dead.

I will get new board today, and I will do one more test. But something is running very bad. :?: :(

BotondColop
Posts: 19
Joined: Tue May 10, 2022 6:46 am

Re: ESP32 Wrover-e Flash encryption

Postby BotondColop » Wed May 11, 2022 10:13 am

I get a new board, and I flash it with Development mode and Uart Rom download enable. I have the same problem, at Resetting with flash encryption enabled...stay everything hanging and no more function. I can reflash it but I have no output anymore and the cpu is not start.

This is the log output after first flashing:

Code: Select all

Waiting for the device to reconnect....
I (526) flash_encrypt: Done encrypting
D (526) esp_image: reading image header @ 0x40000
D (526) bootloader_flash: mmu set block paddr=0x00040000 (was 0x00000000)
D (526) esp_image: image header: 0xe9 0x07 0x02 0x04 40081768
V (526) esp_image: loading segment header 0 at offset 0x40018
V (526) esp_image: segment data length 0x2c70c data starts 0x40020
V (526) esp_image: segment 0 map_segment 1 segment_data_offs 0x40020 load_addr 0x3f400020
I (527) esp_image: segment 0: paddr=00040020 vaddr=3f400020 size=2c70ch (182028) map
D (527) esp_image: free data page_count 0x00000032
D (527) bootloader_flash: mmu set paddr=00040000 count=3 size=2c70c src_addr=40020 src_addr_aligned=40000
V (583) esp_image: loading segment header 1 at offset 0x6c72c
D (583) bootloader_flash: mmu set block paddr=0x00060000 (was 0xffffffff)
V (583) esp_image: segment data length 0x38e4 data starts 0x6c734
V (583) esp_image: segment 1 map_segment 0 segment_data_offs 0x6c734 load_addr 0x3ffb0000
I (583) esp_image: segment 1: paddr=0006c734 vaddr=3ffb0000 size=038e4h ( 14564) 
D (584) esp_image: free data page_count 0x00000032
D (584) bootloader_flash: mmu set paddr=00060000 count=2 size=38e4 src_addr=6c734 src_addr_aligned=60000
V (589) esp_image: loading segment header 2 at offset 0x70018
D (589) bootloader_flash: mmu set block paddr=0x00070000 (was 0xffffffff)
V (589) esp_image: segment data length 0x945d8 data starts 0x70020
V (589) esp_image: segment 2 map_segment 1 segment_data_offs 0x70020 load_addr 0x400d0020
0x400d0020: _stext at ??:?

I (589) esp_image: segment 2: paddr=00070020 vaddr=400d0020 size=945d8h (607704) map
D (590) esp_image: free data page_count 0x00000032
D (590) bootloader_flash: mmu set paddr=00070000 count=10 size=945d8 src_addr=70020 src_addr_aligned=70000
V (774) esp_image: loading segment header 3 at offset 0x1045f8
D (774) bootloader_flash: mmu set block paddr=0x00100000 (was 0xffffffff)
V (774) esp_image: segment data length 0x458 data starts 0x104600
V (774) esp_image: segment 3 map_segment 0 segment_data_offs 0x104600 load_addr 0x3ffb38e4
I (775) esp_image: segment 3: paddr=00104600 vaddr=3ffb38e4 size=00458h (  1112) 
D (775) esp_image: free data page_count 0x00000032
D (775) bootloader_flash: mmu set paddr=00100000 count=1 size=458 src_addr=104600 src_addr_aligned=100000
V (776) esp_image: loading segment header 4 at offset 0x104a58
D (776) bootloader_flash: mmu set block paddr=0x00100000 (was 0xffffffff)
V (776) esp_image: segment data length 0x1a47c data starts 0x104a60
V (776) esp_image: segment 4 map_segment 0 segment_data_offs 0x104a60 load_addr 0x40080000
0x40080000: _WindowOverflow4 at C:/Espressif/frameworks/esp-idf-v4.4.1/components/freertos/port/xtensa/xtensa_vectors.S:1736

I (776) esp_image: segment 4: paddr=00104a60 vaddr=40080000 size=1a47ch (107644) 
D (777) esp_image: free data page_count 0x00000032
D (777) bootloader_flash: mmu set paddr=00100000 count=2 size=1a47c src_addr=104a60 src_addr_aligned=100000
V (810) esp_image: loading segment header 5 at offset 0x11eedc
D (810) bootloader_flash: mmu set block paddr=0x00110000 (was 0xffffffff)
V (810) esp_image: segment data length 0x64 data starts 0x11eee4
V (810) esp_image: segment 5 map_segment 0 segment_data_offs 0x11eee4 load_addr 0x400c0000
I (811) esp_image: segment 5: paddr=0011eee4 vaddr=400c0000 size=00064h (   100) 
D (811) esp_image: free data page_count 0x00000032
D (811) bootloader_flash: mmu set paddr=00110000 count=1 size=64 src_addr=11eee4 src_addr_aligned=110000
V (812) esp_image: loading segment header 6 at offset 0x11ef48
D (812) bootloader_flash: mmu set block paddr=0x00110000 (was 0xffffffff)
V (812) esp_image: segment data length 0x10 data starts 0x11ef50
V (812) esp_image: segment 6 map_segment 0 segment_data_offs 0x11ef50 load_addr 0x50000000
I (813) esp_image: segment 6: paddr=0011ef50 vaddr=50000000 size=00010h (    16) 
D (813) esp_image: free data page_count 0x00000032
D (813) bootloader_flash: mmu set paddr=00110000 count=1 size=10 src_addr=11ef50 src_addr_aligned=110000
V (813) esp_image: image start 0x00040000 end of last section 0x0011ef60
D (814) bootloader_flash: mmu set block paddr=0x00110000 (was 0xffffffff)
D (814) boot: Calculated hash: a969ce4b2e734c0a93feb2e2a95b12e270a8021fcf3f20bc9660241b6268fd61
I (814) flash_encrypt: Encrypting partition 10 at offset 0x40000 (length 0x180000)...
I (2435) flash_encrypt: Done encrypting
D (2435) esp_image: reading image header @ 0x1c0000
D (2435) bootloader_flash: mmu set block paddr=0x001c0000 (was 0x00110000)
D (2436) esp_image: image header: 0xff 0xff 0xff 0x0f ffffffff
E (2436) esp_image: image at 0x1c0000 has invalid magic byte (nothing flashed here?)
D (2436) flash_encrypt: All flash regions checked for encryption pass
D (2436) flash_encrypt: CRYPT_CNT 0 -> 1
D (2436) efuse: In EFUSE_BLK0__DATA0_REG is used 7 bits starting with 20 bit
I (2448) flash_encrypt: Flash encryption completed
I (2448) boot: Resetting with flash encryption enabled...
Do you have any idea?

Thank you your help in advance.

ESP_Mahavir
Posts: 188
Joined: Wed Jan 24, 2018 6:51 am

Re: ESP32 Wrover-e Flash encryption

Postby ESP_Mahavir » Mon May 16, 2022 6:29 am

Hello,

Can you please share output of following command:

Code: Select all

espefuse.py --chip esp32 --port /dev/ttyUSB1 summary
Also please share complete console log which shows failure in bootup after flash encryption is enabled.

Additionally, could you please confirm partition table offset that you are using, please check https://docs.espressif.com/projects/esp ... oader-size once for this?

Thanks.

BotondColop
Posts: 19
Joined: Tue May 10, 2022 6:46 am

Re: ESP32 Wrover-e Flash encryption

Postby BotondColop » Tue May 17, 2022 1:24 pm

Hello,

Thank you to your reply.

I wanted to program a new panel to write all the things what you ask.
It is working from yesterday the security flashing without any big issue. I don't know what was on the last week but I damaged more than 10 Esp module. :? :o ;) :roll: I use the same configuration as before. Only change shorty the branch.
Now it is working and if I read back the flash I get an unreadable content. This is very good. I hope get no issue again. I don't like inexplicable things. :shock:

Thank you both for your help.

I wish you a nice day.

If I get an issue again, I will get back to you.

Best regards

Who is online

Users browsing this forum: No registered users and 135 guests