Planning to use secure boot-loader

ketan vadodariya
Posts: 21
Joined: Wed Jul 27, 2022 9:53 am

Planning to use secure boot-loader

Postby ketan vadodariya » Mon Dec 26, 2022 9:53 am

Hi,
I am using ESP32 chipset with custom board design. Currently we're in production stage where we are going to design more ESP32 device. We have to secure our board from unwanted framework upgradation, because in custom board, UART is outside of the enclose with ground pin. so board is accessible to program through the UART. I think currently the esp-32 flashing take any esp32 base generated .bin file from UART.

I am not doing anything with custom boot-loader because I just use one of the example from esp-idf and start my top level application code. so bootloader and all other stuff would be same as esp-idf.

So how do I protect the board from unwanted framework. ?

schafon
Posts: 5
Joined: Mon Dec 12, 2022 7:48 pm

Re: Planning to use secure boot-loader

Postby schafon » Thu Dec 29, 2022 7:03 pm

https://docs.espressif.com/projects/esp ... ot-v2.html

You can enable this and sign your firmware.
This will prevent unauthorized firmware to be flashed.
You will still be able to do OTA updates but it will need to be singed firmware too.

Also don't forget:
Enable all Secure Boot options in the Secure Boot Configuration. These include flash encryption, disabling of JTAG, disabling BASIC ROM interpreter, and disabling the UART bootloader encrypted flash access

ketan vadodariya
Posts: 21
Joined: Wed Jul 27, 2022 9:53 am

Re: Planning to use secure boot-loader

Postby ketan vadodariya » Tue Jan 03, 2023 11:23 am

Hi,

I had been go through the document and secure boot guidelines and start the device the secure-boot to esp32 development kit.

Here is my step for building the secure boot-loader

step1 . copy hello_word example from idf example.
step2. enable the Secure boot option from menu config and select reflashable.
step3. create key for bootloader using `openssl ecparam -name prime256v1 -genkey -noout -out secure_boot_signing_key.pem`
step4. copy .pem key into the workspace.. (outside the build) and run the idf.py bootloader
step5. run the "first time flash command" and then run the idf.py flash
step6. example started.

but still i am able to load the another application using UART. once I load the another blink example using idf.py flash, device start failed with following method.

Code: Select all

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)<\r><\n>
configsip: 0, SPIWP:0xee<\r><\n>
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00<\r><\n>
mode:DIO, clock div:2<\r><\n>
load:0x3fff0030,len:6612<\r><\n>
load:0x40078000,len:14788<\r><\n>
load:0x40080400,len:3792<\r><\n>
secure boot check fail<\r><\n>
ets_main.c 371
Once I reflash using "first time flash command", device start with hello_word example.

Here Is my question.
1. If secure bootloader is enable still we can flash another framework or .bin file using idf.py flash ?
2. while flashing the framework or .bin file from the build directory, device verify anything any incoming framework on the bootloader side ?

ESP_Mahavir
Posts: 188
Joined: Wed Jan 24, 2018 6:51 am

Re: Planning to use secure boot-loader

Postby ESP_Mahavir » Thu Jan 05, 2023 8:39 am

1. If secure bootloader is enable still we can flash another framework or .bin file using idf.py flash ?
Yes, it is possible to reflash the application after signing the image. Please refer to the section https://docs.espressif.com/projects/esp ... -of-images
2. while flashing the framework or .bin file from the build directory, device verify anything any incoming framework on the bootloader side ?
No, there is no verification of the image during flashing stage.

ketan vadodariya
Posts: 21
Joined: Wed Jul 27, 2022 9:53 am

Re: Planning to use secure boot-loader

Postby ketan vadodariya » Thu Jan 05, 2023 12:50 pm

Hi,

I did something related with encrypted flash option and reload the bootloader again, now board is showing me only this.

Code: Select all

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)<\r><\n>
configsip: 0, SPIWP:0xee<\r><\n>
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00<\r><\n>
mode:DIO, clock div:2<\r><\n>
load:0x3fff0030,len:6612<\r><\n>
load:0x40078000,len:14788<\r><\n>
load:0x40080400,len:3792<\r><\n>
secure boot check fail<\r><\n>
ets_main.c 371
How can I prevent my board from physical upgradation. ?

canik01@yahoo.com
Posts: 6
Joined: Fri Feb 03, 2023 11:50 am

Re: Planning to use secure boot-loader

Postby canik01@yahoo.com » Sat Feb 04, 2023 9:18 am

We made our own ESP32-S3 board. When we first plug a USB TYPE C from Windows PC, It boots continiously. We used esptool.exe to load many bootloader.bin or similar file, but nothing changed. We stil have bootloop.

The message in serial port is:

ESP-ROM:esp32s3-20210327
Build:Mar 27 2021
rst:0x7 (TG0WDT_SYS_RST),boot:0x8 (SPI_FAST_FLASH_BOOT)
Saved PC:0x40043ac8
SPIWP:0xee
mode:DIO, clock div:1
load:0x3fcd0108,len:0x1634
load:0x403b6000,len:0xe74
load:0x403ba000,len:0x31c8
Checksum failure. Calculated 0x9f stored 0xde
ets_main.c 329
------(loops)------

Any help is appreciated..

Who is online

Users browsing this forum: No registered users and 126 guests