ESP32 Forum

Hello everyone, I already know how to enable SB v2 and FE externally quite well. But now I want to take advantage of some chips I have, esp32 rev1.1, for which I want to enable, but externally, that is, using burn, sign, encrypt and flash commands, Secure Boot version 1, and I have some questions about it.

1.- What should I burn in the efuses of block 2? The 32-byte signature key, right?
openssl ecparam -name prime256v1 -genkey -noout -out my_secure_boot_signing_key.pem

espefuse.py --port PORT --chip esp32 burn_key secure_boot_v1 my_secure_boot_signing_key.pem

2.- Then I should select the reflashable bootloader option, fullclean, build, generate a bootloader digest and write it to address 0x0 of the flash?

esptool.py write_flash 0x0 bootloader-digest.bin

3.- Then sign the binaries (bootloader.bin and app.bin), encrypt them and flash them. With the FE and SBv1 activation efuses already burned, it should work.

Thank you.

Hi, did you check this thoroughly? https://docs.espressif.com/projects/esp ... ot-v1.html

Hi, did you check this thoroughly? https://docs.espressif.com/projects/esp ... ot-v1.html

Hello, I have read it carefully, which is why I find it difficult to carry out the Secure Boot version 1 activation and flash encryption process using a workflow with external commands, as I do with SBv2+FE. I will follow the steps indicated inhttps://docs.espressif.com/projects/esp ... eflashable and that way I will at least have the option of reflashing it if necessary.
Best regards

I am not sure if you have already checked it https://github.com/PBearson/ESP32_Secure_Boot_Tutorial? This may help you to some extent.

I am not sure if you have already checked it https://github.com/PBearson/ESP32_Secure_Boot_Tutorial? This may help you to some extent.

Hi @lichurbagan, this tutorial is great, everything is very well explained and it also links to another one about FE. Now I understand that I have to burn in block 2 and how to do it. I am very grateful to you.

Best regards.