flash fails if secure boot is enabled

marclee
Posts: 51
Joined: Fri Apr 09, 2021 1:09 pm

flash fails if secure boot is enabled

Postby marclee » Fri Aug 19, 2022 4:56 pm

Hello!

Equipment: ESP32-S2-WROVER with SDK esp-idf.v5.0-dev-4770-gd622bcfd46
The Problem: flashing above flash offset of 2 MB fails if secure boot is enabled

Executing "idf.py flash" results in the following error message once the area > 2 MB is going to be flashed:

"A fatal error occurred: Failed to enter Flash download mode (result was 01060000)"

I tried to execute the subcommands manually:
  1. python ~/esp/esp-idf/components/esptool_py/esptool/esptool.py \
  2.   --chip esp32s2 \
  3.   -p /dev/ttyUSB1 -b 460800 \
  4.   --before=default_reset \
  5.   --after=no_reset \
  6.   --no-stub write_flash \
  7.   --flash_mode dio \
  8.   --flash_freq 80m \
  9.   --flash_size keep \
  10.   0xc000 build/partition_table/partition-table.bin \
  11.   0x13000 build/ota_data_initial.bin \
  12.   0x20000 build/air2color_pro.bin \
  13.   0x2a0000 build/storage.bin

And I have figured out that replacing "--flash_size keep" with "--flash_size 4MB" solves the problem.

Why does it not work using "idf.py flash"?

Flashsize is defined in sdkconfig:
  1. CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
  2. CONFIG_ESPTOOLPY_FLASHSIZE="4MB"

marclee
Posts: 51
Joined: Fri Apr 09, 2021 1:09 pm

Re: flash fails if secure boot is enabled

Postby marclee » Fri Aug 19, 2022 7:52 pm

And I have figured out that replacing "--flash_size keep" with "--flash_size 4MB" solves the problem.

I was wrong. It doesn't solve the problem. Flashing works, but the flashed image seems to be corrupt.

ESP_Mahavir
Posts: 188
Joined: Wed Jan 24, 2018 6:51 am

Re: flash fails if secure boot is enabled

Postby ESP_Mahavir » Tue Aug 23, 2022 6:38 am

Hello,

Did you try to rebuild bootloader with new flash configuration and use that image? Alternatively, I would recommend that you try flashing command as it is generated during build process, it should provide correct flash related arguments which matches with the build configuration.

Please see relevant discussion from https://github.com/espressif/esp-idf/is ... 1074687590, it may help in this context.

marclee
Posts: 51
Joined: Fri Apr 09, 2021 1:09 pm

Re: flash fails if secure boot is enabled

Postby marclee » Tue Aug 23, 2022 6:08 pm

Hi Mahavir, thank you for your reply.

Did you try to rebuild bootloader with new flash configuration and use that image?

I used the command "idf.py bootloader bootloader-flash" to flash the secure bootloader first.

Alternatively, I would recommend that you try flashing command as it is generated during build process, it should provide correct flash related arguments which matches with the build configuration.

That's what I did and it does not work. It uses "--flash_size keep", which does not correspond to the correct flash size. It assumes 2 MB instead of 4 MB.

"idf.py flash" is the command that I expect to do it right. But it doesn't. Which command can I use to flash the new images correctly?

ESP_Mahavir
Posts: 188
Joined: Wed Jan 24, 2018 6:51 am

Re: flash fails if secure boot is enabled

Postby ESP_Mahavir » Mon Aug 29, 2022 12:38 pm

Bootloader flash command is highlighted during build process itself. Please see output when flash size is set to 4MB in `sdkconfig` as below:

Code: Select all

[95/98] Linking C executable bootloader.elf==============================================================================
Bootloader built. Secure boot enabled, so bootloader not flashed automatically.
Secure boot enabled, so bootloader not flashed automatically.
	/h/.espressif/python_env/idf5.1_py3.10_env/bin/python  /h/work/vanilla/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port=(PORT) --baud=(BAUD) --before=default_reset --after=no_reset write_flash --flash_mode dio --flash_freq 40m --flash_size keep 0x1000 /h/work/vanilla/esp-idf/examples/get-started/hello_world/build/bootloader/bootloader.bin
==============================================================================
Please see "Step 7" in the documentation https://docs.espressif.com/projects/esp ... re-boot-v2 where this is highlighted.

marclee
Posts: 51
Joined: Fri Apr 09, 2021 1:09 pm

Re: flash fails if secure boot is enabled

Postby marclee » Thu Sep 01, 2022 9:36 pm

I followed step 7 and used command "esptool.py write_flash"

This ist the prompt I get:

Code: Select all

Executing action: bootloader
Running ninja in directory /home/project/build
Executing "ninja bootloader"...
[1/1] cd /home/project/build/bootloader/bootloader.binBootloader binary size 0xa000 bytes. 0x1000 bytes (9%) free.

Bootloader build complete.
If I use the recommended command "esptool.py write_flash" I get:

Code: Select all

usage: esptool write_flash [-h] [--erase-all]
                           [--flash_freq {keep,80m,60m,48m,40m,30m,26m,24m,20m,16m,15m,12m}]
                           [--flash_mode {keep,qio,qout,dio,dout}]
                           [--flash_size {detect,keep,256KB,512KB,1MB,2MB,2MB-c1,4MB,4MB-c1,8MB,16MB,32MB,64MB,128MB}]
                           [--spi-connection SPI_CONNECTION] [--no-progress] [--verify]
                           [--encrypt]
                           [--encrypt-files <address> <filename> [<address> <filename> ...]]
                           [--ignore-flash-encryption-efuse-setting] [--force]
                           [--compress | --no-compress]
                           <address> <filename> [<address> <filename> ...]
esptool write_flash: error: the following arguments are required: <address> <filename>
So I used "idf.py bootloader bootloader-flash". This command seems to flash the bootloader correctly. Secure boot is activated and only signed firmware is accepted. But, as I told before, executing "idf.py flash" does only flash the area with offset lower than 2 MB because the parameter "--flash_size keep" does not work.

Who is online

Users browsing this forum: Majestic-12 [Bot] and 123 guests