Device trashed after encryption?

phillipdimond
Posts: 8
Joined: Thu Oct 22, 2020 9:08 am

Device trashed after encryption?

Postby phillipdimond » Thu Oct 22, 2020 9:14 am

Genuine ESP32 Devkit-C (D0WD V3 chip), ESP IDF V4.1, no 3rd party tools, under Windows 10.

I tried turning on the flash encryption (developer mode) in the menu. Build was OK, flash was OK, all ran fine.

After turning encryption off, rebuilding and flashing again, the device now just repeats the following. I've tried turning encryption on again, changing the partition table, flash erase, just does this now forever. Before I assume this device is dead and try the encryption again, any ideas would be appreciated.

Executing "C:\Users\Phillip\.espressif\python_env\idf4.1_py3.9_env\Scripts\python.exe C:\Users\Phillip\espidf\tools/idf_monitor.py -p COM3 -b 115200 --toolchain-prefix xtensa-esp32-elf- c:\users\phillip\espidf\wificontroller\build\WiFiController.elf -m 'C:\Users\Phillip\.espressif\python_env\idf4.1_py3.9_env\Scripts\python.exe' 'C:\Users\Phillip\espidf\tools\idf.py' '-p' 'COM3'"...
--- idf_monitor on COM3 115200 ---
--- Quit: Ctrl+] | Menu: Ctrl+T | Help: Ctrl+T followed by Ctrl+H ---
ets Jul 29 2019 12:21:46

rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
invalid header: 0x8dd34878
invalid header: 0x8dd34878
invalid header: 0x8dd34878
invalid header: 0x8dd34878
invalid header: 0x8dd34878
invalid header: 0x8dd34878
invalid header: 0x8dd34878
ets Jul 29 2019 12:21:46

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
invalid header: 0x8dd34878
invalid header: 0x8dd34878
invalid header: 0x8dd34878
invalid header: 0x8dd34878
invalid header: 0x8dd34878
invalid header: 0x8dd34878
invalid header: 0x8dd34878
ets Jul 29 2019 12:21:46

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)

phillipdimond
Posts: 8
Joined: Thu Oct 22, 2020 9:08 am

Re: Device trashed after encryption?

Postby phillipdimond » Fri Oct 23, 2020 1:13 am

Fuses:

EFUSE_NAME Description = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Identity fuses:
MAC Factory MAC Address
= 24:0a:c4:e8:2b:18 (CRC 0xbf OK) R/W
CHIP_VER_REV1 Silicon Revision 1 = 1 R/W (0x1)
CHIP_VER_REV2 Silicon Revision 2 = 1 R/W (0x1)
CHIP_VERSION Reserved for future chip versions = 2 R/W (0x2)
CHIP_PACKAGE Chip package identifier = 1 R/W (0x1)

Config fuses:
XPD_SDIO_FORCE Ignore MTDI pin (GPIO12) for VDD_SDIO on reset = 0 R/W (0x0)
XPD_SDIO_REG If XPD_SDIO_FORCE, enable VDD_SDIO reg on reset = 0 R/W (0x0)
XPD_SDIO_TIEH If XPD_SDIO_FORCE & XPD_SDIO_REG, 1=3.3V 0=1.8V = 0 R/W (0x0)
CLK8M_FREQ 8MHz clock freq override = 49 R/W (0x31)
SPI_PAD_CONFIG_CLK Override SD_CLK pad (GPIO6/SPICLK) = 0 R/W (0x0)
SPI_PAD_CONFIG_Q Override SD_DATA_0 pad (GPIO7/SPIQ) = 0 R/W (0x0)
SPI_PAD_CONFIG_D Override SD_DATA_1 pad (GPIO8/SPID) = 0 R/W (0x0)
SPI_PAD_CONFIG_HD Override SD_DATA_2 pad (GPIO9/SPIHD) = 0 R/W (0x0)
SPI_PAD_CONFIG_CS0 Override SD_CMD pad (GPIO11/SPICS0) = 0 R/W (0x0)
DISABLE_SDIO_HOST Disable SDIO host = 0 R/W (0x0)

Security fuses:
FLASH_CRYPT_CNT Flash encryption mode counter = 1 R/W (0x1)
UART_DOWNLOAD_DIS Disable UART download mode (ESP32 rev3 only) = 0 R/W (0x0)
FLASH_CRYPT_CONFIG Flash encryption config (key tweak bits) = 15 R/W (0xf)
CONSOLE_DEBUG_DISABLE Disable ROM BASIC interpreter fallback = 1 R/W (0x1)
ABS_DONE_0 secure boot enabled for bootloader = 0 R/W (0x0)
ABS_DONE_1 secure boot abstract 1 locked = 0 R/W (0x0)
JTAG_DISABLE Disable JTAG = 1 R/W (0x1)
DISABLE_DL_ENCRYPT Disable flash encryption in UART bootloader = 0 R/W (0x0)
DISABLE_DL_DECRYPT Disable flash decryption in UART bootloader = 1 R/W (0x1)
DISABLE_DL_CACHE Disable flash cache in UART bootloader = 1 R/W (0x1)
BLK1 Flash encryption key
= ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLK2 Secure boot key
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLK3 Variable Block 3
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Efuse fuses:
WR_DIS Efuse write disable mask = 128 R/W (0x80)
RD_DIS Efuse read disablemask = 1 R/W (0x1)
CODING_SCHEME Efuse variable block length scheme = 0 R/W (0x0)
KEY_STATUS Usage of efuse block 3 (reserved) = 0 R/W (0x0)

Calibration fuses:
BLK3_PART_RESERVE BLOCK3 partially served for ADC calibration data = 0 R/W (0x0)
ADC_VREF Voltage reference calibration = 1114 R/W (0x2)

Flash voltage (VDD_SDIO) determined by GPIO12 on reset (High for 1.8V, Low/NC for 3.3V).

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: Device trashed after encryption?

Postby WiFive » Fri Oct 23, 2020 4:10 am

Either increment the FLASH_CRYPT_CNT efuse to disable encryption or use the encrypt option when flashing

phillipdimond
Posts: 8
Joined: Thu Oct 22, 2020 9:08 am

Re: Device trashed after encryption?

Postby phillipdimond » Fri Oct 23, 2020 4:22 am

Per my first post, I've tried turning encryption back on and re-flashing, without any change.

I went back through the history of changes, and I think what might have happened is that I set the NVS partition to "encrypted" in the partition table along with the code partition (it made sense to encrypt the data store as well) . I hadn't noticed until I did some searching today that the nvs partition doesn't support partition encryption. I'm working to implement the encrypted nvs api right now.

If that's the cause, any ideas on how to recover? I mean, the device itself is still working as I can flash and I can read fuses, erase flash, etc. It just doesn't run post-flashing.

I'll try your suggestion on the fuse, though I'm not sure how incrementing it from 1 to 2 is going to help? If you can explain I'd appreciate it.

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Device trashed after encryption?

Postby ESP_Angus » Mon Oct 26, 2020 6:01 am

phillipdimond wrote:
Fri Oct 23, 2020 4:22 am
After turning encryption off, rebuilding and flashing again, the device now just repeats the following. I've tried turning encryption on again, changing the partition table, flash erase, just does this now forever. Before I assume this device is dead and try the encryption again, any ideas would be appreciated.
Once encryption is enabled in the hardware (by burning FLASH_CRYPT_CNT), it says enabled. If you build a firmware with encryption disabled in the config and then flash it, the encryption engine is still trying to decrypt it - and the plaintext bootloader binary decrypts to garbage bytes, hence the "invalid header" log lines.
phillipdimond wrote:
Fri Oct 23, 2020 4:22 am
I'll try your suggestion on the fuse, though I'm not sure how incrementing it from 1 to 2 is going to help? If you can explain I'd appreciate it.
Incrementing FLASH_CRYPT_CNT (from 1 to 3, ie 1 bit set to 2 bits set) will disable flash encryption, until another bit of FLASH_CRYPT_CNT is set (ie odd number of bits set). However this only works a limited number of times, so recommend not doing it now.
phillipdimond wrote:
Fri Oct 23, 2020 4:22 am
If that's the cause, any ideas on how to recover? I mean, the device itself is still working as I can flash and I can read fuses, erase flash, etc. It just doesn't run post-flashing.
Try re-enabling Flash Encryption Development mode in the project config and run "idf.py encrypted-flash". This will use the Development mode feature of being able to reflash the already-encrypted ESP32.

Who is online

Users browsing this forum: Bing [Bot] and 105 guests