Enable Flash Encryption and Secure Boot v1 Externally

[Nespressif]

Hello everyone, I already know how to enable SB v2 and FE externally quite well. But now I want to take advantage of some chips I have, esp32 rev1.1, for which I want to enable, but externally, that is, using burn, sign, encrypt and flash commands, Secure Boot version 1, and I have some questions about it.

1.- What should I burn in the efuses of block 2? The 32-byte signature key, right?
openssl ecparam -name prime256v1 -genkey -noout -out my_secure_boot_signing_key.pem

espefuse.py --port PORT --chip esp32 burn_key secure_boot_v1 my_secure_boot_signing_key.pem

2.- Then I should select the reflashable bootloader option, fullclean, build, generate a bootloader digest and write it to address 0x0 of the flash?

esptool.py write_flash 0x0 bootloader-digest.bin

3.- Then sign the binaries (bootloader.bin and app.bin), encrypt them and flash them. With the FE and SBv1 activation efuses already burned, it should work.

Thank you.

[lichurbagan]

Hi, did you check this thoroughly? https://docs.espressif.com/projects/esp ... ot-v1.html

[Nespressif]

Hi, did you check this thoroughly? https://docs.espressif.com/projects/esp ... ot-v1.html

Hello, I have read it carefully, which is why I find it difficult to carry out the Secure Boot version 1 activation and flash encryption process using a workflow with external commands, as I do with SBv2+FE. I will follow the steps indicated inhttps://docs.espressif.com/projects/esp ... eflashable and that way I will at least have the option of reflashing it if necessary.
Best regards

[lichurbagan]

I am not sure if you have already checked it https://github.com/PBearson/ESP32_Secure_Boot_Tutorial? This may help you to some extent.

[Nespressif]

I am not sure if you have already checked it https://github.com/PBearson/ESP32_Secure_Boot_Tutorial? This may help you to some extent.

Hi @lichurbagan, this tutorial is great, everything is very well explained and it also links to another one about FE. Now I understand that I have to burn in block 2 and how to do it. I am very grateful to you.

Best regards.