Equipment: ESP32-S2-WROVER with SDK esp-idf.v5.0-dev-4770-gd622bcfd46
https://docs.espressif.com/projects/esp ... s/dfu.html
"USB DFU" worked fine until "secure boot" got enabled.
With "secure boot" enabled, ESP32-S2 can't be recognized as DFU device any more. I couldn't read anything about this behaviour in any documentation. Is there a way to get "USB DFU" work together with "secure boot"?
USB DFU and secure boot
-
- Posts: 9051
- Joined: Thu Nov 26, 2015 4:08 am
Re: USB DFU and secure boot
No, and this is deliberate. Secure boot is a feature that (together with flash encryption) is used to stop people from reading out the unencrypted flash. DFU can generally be used to read the flash, and if not, the stack is so large that we cannot guarantee there isn't a security exploit hidden in there somewhere. Additionally, it's in ROM, so if there was, we would have no way to fix this. As such, we disable DFU (and other USB) update methods when secureboot is enabled.
You are right, however, in that this behaviour is not easy to find in the docs. I'll create a ticket to make this clearer.
You are right, however, in that this behaviour is not easy to find in the docs. I'll create a ticket to make this clearer.
Re: USB DFU and secure boot
Thank you for clarifying.
Who is online
Users browsing this forum: biakss and 245 guests