Secure Boot and Flash Encryption with Release Mode did not work

[chadpham75]

Hi guys,
I am desperately need help on this topic since I tried so many different way and wast many module for testing this since the efuse got programmed for testing this.

I follow step 1 to 9 from section "How to enable Secure Boot" from this link https://docs.espressif.com/projects/esp ... -boot.html.

I am successfully done the test with Developing mode, but I need to do in the one-time flash for secure boot and release mode for flash encryption. My menuconfig for version ESP-IDF V4.1-dev

V4.1-dev-sb-fe.PNG (7.01 KiB) Viewed 5646 times

However,
After the power cycle, I am expecting the bootloader and flash encryption will start to activate but I keep getting

--- idf_monitor on COM18 115200 ---
--- Quit: Ctrl+] | Menu: Ctrl+T | Help: Ctrl+T followed by Ctrl+H ---
ets Jun 8 2016 00:22:57

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0030,len:4
load:0x3fff0034,len:1644
load:0x40078000,len:18776
load:0x40080400,len:3764
0x40080400: _init at ??:?

entry 0x40080630
Fatal exception (0): IllegalInstruction
epc1=0x40006843, epc2=0x00000000, epc3=0x00000000, excvaddr=0x00000000, depc=0x00000000
ets Jun 8 2016 00:22:57

And when I check the efuse summary, the blk1 and blk2 didn't have any data as well as the associate bits didn't get set

Security fuses:
FLASH_CRYPT_CNT Flash encryption mode counter = 0 R/W (0x0)
FLASH_CRYPT_CONFIG Flash encryption config (key tweak bits) = 0 R/W (0x0)
CONSOLE_DEBUG_DISABLE Disable ROM BASIC interpreter fallback = 1 R/W (0x1)
ABS_DONE_0 secure boot enabled for bootloader = 0 R/W (0x0)
ABS_DONE_1 secure boot abstract 1 locked = 0 R/W (0x0)
JTAG_DISABLE Disable JTAG = 0 R/W (0x0)
DISABLE_DL_ENCRYPT Disable flash encryption in UART bootloader = 0 R/W (0x0)
DISABLE_DL_DECRYPT Disable flash decryption in UART bootloader = 0 R/W (0x0)
DISABLE_DL_CACHE Disable flash cache in UART bootloader = 0 R/W (0x0)
BLK1 Flash encryption key
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLK2 Secure boot key
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLK3 Variable Block 3
= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Please give me some pointers or suggestions that there is something that I might doing wrong.

[ESP_Angus]

It looks like the bootloader is somehow invalid, it's crashing before anything else happens. No security-related efuses have been burned, so the chip itself is still good.

What bootloader log level do you have set in menuconfig? https://docs.espressif.com/projects/esp ... -log-level

If you build the project with Flash Encryption and Secure Boot disabled in config, and flash it the exact same way as you flashed this project, do you get the same boot log?

[chadpham75]

I set my bootloader log level at No output (BOOTLOADER_LOG_LEVEL_NONE).
If I turn off both secure boot and flash encryption features off, once loaded, my app will be boot up correctly.
For this particular case my my module is still good so I am able to reuse it.
These are my successfully tested cases:
1. Secure boot only with re-flashable boot loader under Developing Mode, v4.0-beta2
2. Flash encryption only with Developing Mode, v4.0-beta2
3. Combo Secure Boot and Flash encryption under Developing Mode, v4.0 beta2
Once I ready to go with Release mode I found out I have to use v4.1-dev, it is build successfully, but I won't be able to program/load the secure boot and flash encryption.

It clearly state in item#4 and item#5

On first boot, the software bootloader follows the following process to enable secure boot:
Hardware secure boot support generates a device secure bootloader key (generated via hardware RNG, then stored read/write protected in efuse), and a secure digest. The digest is derived from the key, an IV, and the bootloader image contents.
The secure digest is flashed at offset 0x0 in the flash.
Depending on Secure Boot Configuration, efuses are burned to disable JTAG and the ROM BASIC interpreter (it is strongly recommended these options are turned on.)
Bootloader permanently enables secure boot by burning the ABS_DONE_0 efuse. The software bootloader then becomes protected (the chip will only boot a bootloader image if the digest matches.)
On subsequent boots the ROM bootloader sees that the secure boot efuse is burned, reads the saved digest at 0x0 and uses hardware secure boot support to compare it with a newly calculated digest. If the digest does not match then booting will not continue. The digest and comparison are performed entirely by hardware, and the calculated digest is not readable by software. For technical details see Secure Boot Hardware Support.

from this https://docs.espressif.com/projects/esp ... -boot.html
That if I need to use the chip hardware I will not need to program the efuse myself. It is clearly not done so since the efuse is still zeros in those efuse.
Am I missing something here. Please suggest.

[ESP_Angus]

OK, thanks for clarifying.

You are correct that you don't need to burn any efuses yourself, it should be done by the bootloader. What I mean is that the bootloader is crashing before it burns any of the efuses.

It wasn't clear whether it was crashing before it did anything at all. Because the log level is set to None it's not possible to see what steps had been followed at the time it crashed.

Can you please tell us exactly what version of ESP-IDF you have? You can get this from running "git describe --tags --dirty" in IDF_PATH directory. It will be something like "v4.1-dev-1572-g30372f5a4f".

Angus

[chadpham75]

Hi Angus,
I am using v4.1-dev-1757-g826b9f638-dirty. Is there any suggestion for what I should try next?
Thank you for your helps.

[chadpham75]

Guys,
Forget about v4.1-dev, I end up to use v4.0-rc. No helps what so ever posted here.