Nespressif

Sure, I will update here once I modify the documentation.

Please note that you can also try out the instructions on qemu emulation of respective target for e.g., qemu emulated esp32c3 or esp32s3.

This example https://github.com/espressif/esp-idf/tree/master/examples/security/security ...

@bram128,

I see,
there is no need to compile the firmware twice. It only needs to be compiled once.
The issue that you face is because, we combined the two workflows Secure Boot and Flash Encryption together to avoid duplicate instructions. I will update it once again to keep the separate section ...

Hi @bram128 @Nespressif

Can you please let me know at what location did you face the issue? and what part is not working for your case ?

Thanks,
Aditya

Hi Especially_Embedded,


I did use the enable-flash-encryption-externally instruction, does this essentially set all bits required for "release" mode?

Yes, the instructions are provided for the release mode. The step related to burning security related eFuses in https://docs.espressif.com ...

Hi Especially_Embedded,
Thanks for the issue, sorry for the delayed reply.

In the steps that you have mentioned below

. BURN a known encryption key to BLOCK1 from file via espefuse.py burn_key so that it is not auto-generated on boot
2. Enable encryption in development mode via menuconfig, then ...

Hi stan-k

I see.
Since Secure Boot is a security feature on which the root of trust depends completely, hence it is not possible to disable secure boot once it is enabled for the device.
After you have disabled the ROM DL mode then the espefuse script would not work with the chip. So no more eFuse ...

Hi stan-k,

As Nespressif has suggested, are you able to obtain the eFuse summary, can you share it with us?

I am sharing a link to a similar issue faced on esp32 https://github.com/espressif/esptool/issues/741 Can you see if the steps given there help your use-case?

Thanks,
Aditya

Hi ChrisAlfred and Nespressif,
Please allow me to clear your doubts.
Here is my explanation for the questions raised above.

Question 1

(1) In step "5. Encrypt and flash the binaries." there is the command line:
CODE: SELECT ALL
espsecure.py encrypt_flash_data --keyfile my_flash_encryption_key ...

Hi oedzee,

It looks like this issue is related to the Serial Port.
The script esp_cryptoauth_utility internally uses esptool.
Below are some requirements for serial connection with esptool related to Serial Port.
https://docs.espressif.com/projects/esptool/en/latest/esp32/esptool/basic-options.html ...

Hi MauroDiam,

I'm not using the reflashing option (see here) of the Flash encryption Development mode, bacause the efuse FLASH_CRYPT_CNT has just 7 bits so the board could be reflashed just 4 times, is it correct?

Please note that the 7 bits are not related to the flashing.
Those 7 bits indicate ...