ESP-AT with encryption : missing partition

victorien
Posts: 3
Joined: Wed Dec 15, 2021 4:57 pm

ESP-AT with encryption : missing partition

Postby victorien » Tue May 10, 2022 9:49 am

Hello guys :!:

I come to you because I am struggling to provide the correct partition information for ESP-AT firmware build with ESP32S2-MINI.

I enabled encryption for this project, provided a key to the eFuse, compiled and flash. Seems to work good until I try to connect to the server using certificate.

Flash & encryption logs :

Code: Select all

 idf.py encrypted-flash monitor
Executing action: encrypted-flash
Choosing default port b'/dev/ttyUSB0' (use '-p PORT' option to set a specific serial port)
Running ninja in directory /home/victorien/Local_libs/esp/esp-at/build
Executing "ninja encrypted-flash"...
[1/5] Performing build step for 'bootloader'
ninja: no work to do.
[2/3] Running utility command for customized_bin
generating server_cert.bin: /home/victorien/.espressif/python_env/idf4.2_py3.8_env/bin/python /home/victorien/Local_libs/esp/esp-at/tools/AtPKI.py generate_bin -b /home/victorien/Local_libs/esp/esp-at/build/customized_partitions/server_cert.bin  cert /home/victorien/Local_libs/esp/esp-at/components/customized_partitions/raw_data/server_cert/server_cert.crt
generating server_key.bin: /home/victorien/.espressif/python_env/idf4.2_py3.8_env/bin/python /home/victorien/Local_libs/esp/esp-at/tools/AtPKI.py generate_bin -b /home/victorien/Local_libs/esp/esp-at/build/customized_partitions/server_key.bin  cert /home/victorien/Local_libs/esp/esp-at/components/customized_partitions/raw_data/server_key/server.key
generating server_ca.bin: /home/victorien/.espressif/python_env/idf4.2_py3.8_env/bin/python /home/victorien/Local_libs/esp/esp-at/tools/AtPKI.py generate_bin -b /home/victorien/Local_libs/esp/esp-at/build/customized_partitions/server_ca.bin  cert /home/victorien/Local_libs/esp/esp-at/components/customized_partitions/raw_data/server_ca/server_ca.crt
generating client_cert.bin: /home/victorien/.espressif/python_env/idf4.2_py3.8_env/bin/python /home/victorien/Local_libs/esp/esp-at/tools/AtPKI.py generate_bin -b /home/victorien/Local_libs/esp/esp-at/build/customized_partitions/client_cert.bin  cert /home/victorien/Local_libs/esp/esp-at/components/customized_partitions/raw_data/client_cert/8cdd9a50f649ecb88502409d08016366c07307a9cdeff657adbebb6310f2-certificate.pem.crt
generating client_key.bin: /home/victorien/.espressif/python_env/idf4.2_py3.8_env/bin/python /home/victorien/Local_libs/esp/esp-at/tools/AtPKI.py generate_bin -b /home/victorien/Local_libs/esp/esp-at/build/customized_partitions/client_key.bin  cert /home/victorien/Local_libs/esp/esp-at/components/customized_partitions/raw_data/client_key/8cdd9a50f649ecb8850245e50b9d080163637a9cdeff657adbebb6310f2-private.pem.key
generating client_ca.bin: /home/victorien/.espressif/python_env/idf4.2_py3.8_env/bin/python /home/victorien/Local_libs/esp/esp-at/tools/AtPKI.py generate_bin -b /home/victorien/Local_libs/esp/esp-at/build/customized_partitions/client_ca.bin  cert /home/victorien/Local_libs/esp/esp-at/components/customized_partitions/raw_data/client_ca/AmazonRootCA1.pem
generating mqtt_cert.bin: /home/victorien/.espressif/python_env/idf4.2_py3.8_env/bin/python /home/victorien/Local_libs/esp/esp-at/tools/AtPKI.py generate_bin -b /home/victorien/Local_libs/esp/esp-at/build/customized_partitions/mqtt_cert.bin  cert /home/victorien/Local_libs/esp/esp-at/components/customized_partitions/raw_data/mqtt_cert/mqtt_client.crt
generating mqtt_key.bin: /home/victorien/.espressif/python_env/idf4.2_py3.8_env/bin/python /home/victorien/Local_libs/esp/esp-at/tools/AtPKI.py generate_bin -b /home/victorien/Local_libs/esp/esp-at/build/customized_partitions/mqtt_key.bin  cert /home/victorien/Local_libs/esp/esp-at/components/customized_partitions/raw_data/mqtt_key/mqtt_client.key
generating mqtt_ca.bin: /home/victorien/.espressif/python_env/idf4.2_py3.8_env/bin/python /home/victorien/Local_libs/esp/esp-at/tools/AtPKI.py generate_bin -b /home/victorien/Local_libs/esp/esp-at/build/customized_partitions/mqtt_ca.bin  cert /home/victorien/Local_libs/esp/esp-at/components/customized_partitions/raw_data/mqtt_ca/mqtt_ca.crt
generate parameter bin: platform PLATFORM_ESP32S2, module name MINI
generating factory_param.bin: /home/victorien/.espressif/python_env/idf4.2_py3.8_env/bin/python /home/victorien/Local_libs/esp/esp-at/tools/factory_param_generate.py --platform PLATFORM_ESP32S2 --module MINI --bin_name /home/victorien/Local_libs/esp/esp-at/build/customized_partitions/factory_param.bin --define_file /home/victorien/Local_libs/esp/esp-at/components/customized_partitions/raw_data/factory_param/factory_param_type.csv --module_file /home/victorien/Local_libs/esp/esp-at/components/customized_partitions/raw_data/factory_param/factory_param_data.csv --log_file /home/victorien/Local_libs/esp/esp-at/build/factory/factory_parameter.log
[2/3] cd /home/victorien/Local_libs/esp/esp-idf/components/esptool_py && /usr/bin/cmake -D IDF_PATH="/ho...libs/esp/esp-at/build" -P /home/victorien/Local_libs/esp/esp-idf/components/esptool_py/run_esptool.cmake
esptool.py esp32s2 -p /dev/ttyUSB0 -b 460800 --before=default_reset --after=no_reset write_flash --flash_mode dio --flash_freq 80m --flash_size 4MB --encrypt 0xe000 partition_table/partition-table.bin 0x16000 ota_data_initial.bin 0x12000 phy_init_data.bin 0x1000 bootloader/bootloader.bin 0x100000 esp-at.bin 0x20000 at_customize.bin 0x32000 customized_partitions/server_cert.bin 0x36000 customized_partitions/server_key.bin 0x3A000 customized_partitions/server_ca.bin 0x3E000 customized_partitions/client_cert.bin 0x42000 customized_partitions/client_key.bin 0x46000 customized_partitions/client_ca.bin 0x5A000 customized_partitions/mqtt_cert.bin 0x5E000 customized_partitions/mqtt_key.bin 0x62000 customized_partitions/mqtt_ca.bin 0x4A000 customized_partitions/factory_param.bin
esptool.py v3.1-dev
Serial port /dev/ttyUSB0
Connecting........_
Chip is ESP32-S2FH32
Features: WiFi, Embedded 4MB Flash, 105C temp rating, ADC and temperature sensor calibration in BLK2 of efuse
Crystal is 40MHz
MAC: 84:f7:03:d0:ea:da
Uploading stub...
Running stub...
Stub running...
Changing baud rate to 460800
Changed.
Configuring flash size...
Flash will be erased from 0x0000e000 to 0x0000efff...
Flash will be erased from 0x00016000 to 0x00019fff...
Flash will be erased from 0x00012000 to 0x00012fff...
Flash will be erased from 0x00001000 to 0x00007fff...
Flash will be erased from 0x00100000 to 0x001f9fff...
Flash will be erased from 0x00020000 to 0x00020fff...
Flash will be erased from 0x00032000 to 0x00032fff...
Flash will be erased from 0x00036000 to 0x00036fff...
Flash will be erased from 0x0003a000 to 0x0003afff...
Flash will be erased from 0x0003e000 to 0x0003efff...
Flash will be erased from 0x00042000 to 0x00042fff...
Flash will be erased from 0x00046000 to 0x00046fff...
Flash will be erased from 0x0005a000 to 0x0005afff...
Flash will be erased from 0x0005e000 to 0x0005efff...
Flash will be erased from 0x00062000 to 0x00062fff...
Flash will be erased from 0x0004a000 to 0x0004afff...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash partition_table/partition-table.bin uncompressed
Writing at 0x0000e000... (100 %)
Wrote 16384 bytes at 0x0000e000 in 0.4 seconds (303.3 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash ota_data_initial.bin uncompressed
Writing at 0x00016000... (100 %)
Wrote 16384 bytes at 0x00016000 in 0.6 seconds (215.6 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash phy_init_data.bin uncompressed
Writing at 0x00012000... (100 %)
Wrote 16384 bytes at 0x00012000 in 0.4 seconds (303.3 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash bootloader/bootloader.bin uncompressed
Writing at 0x00001000... (50 %)
Writing at 0x00005000... (100 %)
Wrote 32768 bytes at 0x00001000 in 0.9 seconds (297.8 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash esp-at.bin uncompressed
Writing at 0x00100000... (1 %)
Writing at 0x00104000... (3 %)
Writing at 0x00108000... (4 %)
Writing at 0x0010c000... (6 %)
Writing at 0x00110000... (7 %)
Writing at 0x00114000... (9 %)
Writing at 0x00118000... (11 %)
Writing at 0x0011c000... (12 %)
Writing at 0x00120000... (14 %)
Writing at 0x00124000... (15 %)
Writing at 0x00128000... (17 %)
Writing at 0x0012c000... (19 %)
Writing at 0x00130000... (20 %)
Writing at 0x00134000... (22 %)
Writing at 0x00138000... (23 %)
Writing at 0x0013c000... (25 %)
Writing at 0x00140000... (26 %)
Writing at 0x00144000... (28 %)
Writing at 0x00148000... (30 %)
Writing at 0x0014c000... (31 %)
Writing at 0x00150000... (33 %)
Writing at 0x00154000... (34 %)
Writing at 0x00158000... (36 %)
Writing at 0x0015c000... (38 %)
Writing at 0x00160000... (39 %)
Writing at 0x00164000... (41 %)
Writing at 0x00168000... (42 %)
Writing at 0x0016c000... (44 %)
Writing at 0x00170000... (46 %)
Writing at 0x00174000... (47 %)
Writing at 0x00178000... (49 %)
Writing at 0x0017c000... (50 %)
Writing at 0x00180000... (52 %)
Writing at 0x00184000... (53 %)
Writing at 0x00188000... (55 %)
Writing at 0x0018c000... (57 %)
Writing at 0x00190000... (58 %)
Writing at 0x00194000... (60 %)
Writing at 0x00198000... (61 %)
Writing at 0x0019c000... (63 %)
Writing at 0x001a0000... (65 %)
Writing at 0x001a4000... (66 %)
Writing at 0x001a8000... (68 %)
Writing at 0x001ac000... (69 %)
Writing at 0x001b0000... (71 %)
Writing at 0x001b4000... (73 %)
Writing at 0x001b8000... (74 %)
Writing at 0x001bc000... (76 %)
Writing at 0x001c0000... (77 %)
Writing at 0x001c4000... (79 %)
Writing at 0x001c8000... (80 %)
Writing at 0x001cc000... (82 %)
Writing at 0x001d0000... (84 %)
Writing at 0x001d4000... (85 %)
Writing at 0x001d8000... (87 %)
Writing at 0x001dc000... (88 %)
Writing at 0x001e0000... (90 %)
Writing at 0x001e4000... (92 %)
Writing at 0x001e8000... (93 %)
Writing at 0x001ec000... (95 %)
Writing at 0x001f0000... (96 %)
Writing at 0x001f4000... (98 %)
Writing at 0x001f8000... (100 %)
Wrote 1032192 bytes at 0x00100000 in 24.0 seconds (344.3 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash at_customize.bin uncompressed
Writing at 0x00020000... (100 %)
Wrote 16384 bytes at 0x00020000 in 0.4 seconds (303.3 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash customized_partitions/server_cert.bin uncompressed
Writing at 0x00032000... (100 %)
Wrote 16384 bytes at 0x00032000 in 0.4 seconds (314.9 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash customized_partitions/server_key.bin uncompressed
Writing at 0x00036000... (100 %)
Wrote 16384 bytes at 0x00036000 in 0.4 seconds (315.3 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash customized_partitions/server_ca.bin uncompressed
Writing at 0x0003a000... (100 %)
Wrote 16384 bytes at 0x0003a000 in 0.4 seconds (315.2 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash customized_partitions/client_cert.bin uncompressed
Writing at 0x0003e000... (100 %)
Wrote 16384 bytes at 0x0003e000 in 0.4 seconds (315.1 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash customized_partitions/client_key.bin uncompressed
Writing at 0x00042000... (100 %)
Wrote 16384 bytes at 0x00042000 in 0.4 seconds (315.2 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash customized_partitions/client_ca.bin uncompressed
Writing at 0x00046000... (100 %)
Wrote 16384 bytes at 0x00046000 in 0.4 seconds (303.4 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash customized_partitions/mqtt_cert.bin uncompressed
Writing at 0x0005a000... (100 %)
Wrote 16384 bytes at 0x0005a000 in 0.4 seconds (303.5 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash customized_partitions/mqtt_key.bin uncompressed
Writing at 0x0005e000... (100 %)
Wrote 16384 bytes at 0x0005e000 in 0.4 seconds (303.4 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash customized_partitions/mqtt_ca.bin uncompressed
Writing at 0x00062000... (100 %)
Wrote 16384 bytes at 0x00062000 in 0.4 seconds (315.0 kbit/s)...

WARNING: - compress and encrypt options are mutually exclusive 
Will flash customized_partitions/factory_param.bin uncompressed
Writing at 0x0004a000... (100 %)
Wrote 16384 bytes at 0x0004a000 in 0.4 seconds (303.3 kbit/s)...

Leaving...
Staying in bootloader.
Executing action: monitor
Running idf_monitor in directory /home/victorien/Local_libs/esp/esp-at
Executing "/home/victorien/.espressif/python_env/idf4.2_py3.8_env/bin/python /home/victorien/Local_libs/esp/esp-idf/tools/idf_monitor.py -p /dev/ttyUSB0 -b 115200 --toolchain-prefix xtensa-esp32s2-elf- /home/victorien/Local_libs/esp/esp-at/build/esp-at.elf --encrypted -m '/home/victorien/.espressif/python_env/idf4.2_py3.8_env/bin/python' '/home/victorien/Local_libs/esp/esp-idf/tools/idf.py'"...
/home/victorien/Local_libs/esp/esp-idf/tools/idf_monitor.py:474: DeprecationWarning: distutils Version classes are deprecated. Use packaging.version instead.
  if StrictVersion(serial.VERSION) < StrictVersion('3.3.0'):


And here are the logs when I boot

Code: Select all

ESESP-ROM:esp32s2-rc4-20191025
Build:Oct 25 2019
rst:0x1 (POWERON),boot:0x8 (SPI_FAST_FLASH_BOOT)
SPIWP:0xee
mode:DIO, clock div:1
load:0x3ffe6268,len:0x25e4
load:0x4004c000,len:0x17e8
load:0x40050000,len:0x2fd4
entry 0x4004c328
I (29) boot: ESP-IDF v4.2.2-76-gefa6eca8b8 2nd stage bootloader
I (30) boot: compile time 11:27:26
I (30) boot: chip revision: 0
I (34) qio_mode: Enabling default flash chip QIO
I (39) boot.esp32s2: SPI Speed      : 80MHz
I (43) boot.esp32s2: SPI Mode       : QIO
I (48) boot.esp32s2: SPI Flash Size : 4MB
I (53) boot: Enabling RNG early entropy source...
I (58) boot: Partition Table:
I (62) boot: ## Label            Usage          Type ST Offset   Length
I (69) boot:  0 phy_init         RF data          01 01 00012000 00004000
I (77) boot:  1 otadata       �ESP-ROM:esp32s2-rc4-20191025
Build:Oct 25 2019
rst:0x1 (POWERON),boot:0x8 (SPI_FAST_FLASH_BOOT)
SPIWP:0xee
mode:DIO, clock div:1
load:0x3ffe6268,len:0x25e4
load:0x4004c000,len:0x17e8
load:0x40050000,len:0x2fd4
entry 0x4004c328
I (29) boot: ESP-IDF v4.2.2-76-gefa6eca8b8 2nd stage bootloader
I (30) boot: compile time 11:27:26
I (30) boot: chip revision: 0
I (34) qio_mode: Enabling default flash chip QIO
I (39) boot.esp32s2: SPI Speed      : 80MHz
I (43) boot.esp32s2: SPI Mode       : QIO
I (48) boot.esp32s2: SPI Flash Size : 4MB
I (53) boot: Enabling RNG early entropy source...
I (58) boot: Partition Table:
I (62) boot: ## Label            Usage          Type ST Offset   Length
I (69) boot:  0 phy_init         RF data          01 01 00012000 00004000
I (77) boot:  1 otadata          OTA data         01 00 00016000 00004000
I (84) boot:  2 nvs              WiFi data        01 02 00020000 0000e000
I (92) boot:  3 at_customize     unknown          40 00 0002e000 00004000
I (99) boot:  4 ota_0            OTA app          00 10 00100000 00180000
I (107) boot:  5 ota_1            OTA app          00 11 00280000 00180000
I (114) boot: End of partition table
I (118) boot: No factory image, trying OTA 0
I (123) esp_image: segment 0: paddr=0x00100020 vaddr=0x3f000020 size=0x2c0a8 (180392) map
I (168) esp_image: segment 1: paddr=0x0012c0d0 vaddr=0x3ffca080 size=0x02bfc ( 11260) load
I (171) esp_image: segment 2: paddr=0x0012ecd4 vaddr=0x40024000 size=0x01344 (  4932) load
0x40024000: _WindowOverflow4 at /home/victorien/Local_libs/esp/esp-idf/components/freertos/xtensa/xtensa_vectors.S:1730

I (176) esp_image: segment 3: paddr=0x00130020 vaddr=0x40080020 size=0xb4498 (738456) map
0x40080020: _stext at ??:?

I (329) esp_image: segment 4: paddr=0x001e44c0 vaddr=0x40025344 size=0x14d38 ( 85304) load
0x40025344: heap_caps_malloc at /home/victorien/Local_libs/esp/esp-idf/components/heap/heap_caps.c:146

I (352) esp_image: segment 5: paddr=0x001f9200 vaddr=0x40070000 size=0x0001c (    28) load
I (363) boot: Loaded app from partition at offset 0x100000
I (407) boot: Set actual ota_seq=1 in otadata[0]
I (408) boot: Checking flash encryption...
I (408) flash_encrypt: flash encrypt���������Y+��$�LH��aintext flashes left)
I (414) boot: Disabling RNG early entropy source...
[b]factory_parameter partition missed[/b]
2.1.0
As you can see, there is this weird
factory_parameter partition missed
that I don't understand.
Then, the firmware starts and AT command works fine until I try to configure the TLS connection to the server

Here I got the following logs each time I send an AT command using the certificates

Code: Select all

client_ca partition missed
client_cert partition missed
client_key partition missed

Do you have any idea of what can happen ?
Thank you in advance for your help :)

ESP_Sun
Posts: 288
Joined: Thu Dec 30, 2021 9:52 am

Re: ESP-AT with encryption : missing partition

Postby ESP_Sun » Fri May 20, 2022 6:25 am

Code: Select all

boot:  3 at_customize     unknown          40 00 0002e000 00004000
The offset in the at_customize.csv file should correspond to the address of at_customize in the partition table (partitions_at.csv).
You can refer to this document <how to customize partitions>( https://docs.espressif.com/projects/esp ... s.html#how -to-customize-partitions)

Who is online

Users browsing this forum: No registered users and 10 guests