(Solved) Encryption. Reflash app

User avatar
brp80000
Posts: 138
Joined: Thu Oct 04, 2018 7:13 pm

(Solved) Encryption. Reflash app

Postby brp80000 » Sun Jan 13, 2019 1:31 pm

I'm trying to set up flash data encryption with pregeneration key.
1. key generation
espsecure.py generate_flash_encryption_key my_flash_encryption_key.bin
2. Burning key and its protection from read-write
espefuse.py --port COM72 burn_key flash_encryption my_flash_encryption_key.bin
3. Compile and flash data with the option (Enable flash encryption on boot) installed
4. Burn the flash encryption fuse
espefuse.py --port COM72 burn_efuse FLASH_CRYPT_CNT
After that, the app works fine.
Then I try to update the app via UART
5. Compile and flash data with option (enable flash encryption on boot) disabled
6. Encoding APP firmware keyed
espsecure.py encrypt_flash_data --keyfile my_flash_encryption_key.bin --address 0x10000 -o build/app-encrypted.bin build/app.bin
7. Flash it
esptool.py --port COM72 --baud 921600 write_flash 0x10000 build/app-encrypted.bin
My app no longer works
  • rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
    configsip: 0, SPIWP:0xee
    clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
    mode:DIO, clock div:2
    load:0x3fff0018,len:4
    load:0x3fff001c,len:1136
    ho 0 tail 12 room 4
    load:0x40078000,len:11592
    ho 0 tail 12 room 4
    load:0x40080000,len:5368
    entry 0x400802a4
    user code done
My EFUSE dump
  • # $IDF_PATH/components/esptool_py/esptool/espefuse.py --port com72 summary
    espefuse.py v2.6-beta1
    Connecting........_____.
    EFUSE_NAME Description = [Meaningful Value] [Readable/Writeable] (Hex Value)
    ----------------------------------------------------------------------------------------
    Security fuses:
    FLASH_CRYPT_CNT Flash encryption mode counter = 31 R/W (0x1f)
    FLASH_CRYPT_CONFIG Flash encryption config (key tweak bits) = 0 R/W (0x0)
    CONSOLE_DEBUG_DISABLE Disable ROM BASIC interpreter fallback = 1 R/W (0x1)
    ABS_DONE_0 secure boot enabled for bootloader = 0 R/W (0x0)
    ABS_DONE_1 secure boot abstract 1 locked = 0 R/W (0x0)
    JTAG_DISABLE Disable JTAG = 0 R/W (0x0)
    DISABLE_DL_ENCRYPT Disable flash encryption in UART bootloader = 0 R/W (0x0)
    DISABLE_DL_DECRYPT Disable flash decryption in UART bootloader = 1 R/W (0x1)
    DISABLE_DL_CACHE Disable flash cache in UART bootloader = 0 R/W (0x0)
    BLK1 Flash encryption key
    = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
    BLK2 Secure boot key
    = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
    BLK3 Variable Block 3
    = 78 ef 91 70 be c0 ad 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

    Efuse fuses:
    WR_DIS Efuse write disable mask = 128 R/W (0x80)
    RD_DIS Efuse read disablemask = 1 R/W (0x1)
    CODING_SCHEME Efuse variable block length scheme = 0 R/W (0x0)
    KEY_STATUS Usage of efuse block 3 (reserved) = 0 R/W (0x0)

    Config fuses:
    XPD_SDIO_FORCE Ignore MTDI pin (GPIO12) for VDD_SDIO on reset = 1 R/W (0x1)
    XPD_SDIO_REG If XPD_SDIO_FORCE, enable VDD_SDIO reg on reset = 1 R/W (0x1)
    XPD_SDIO_TIEH If XPD_SDIO_FORCE & XPD_SDIO_REG, 1=3.3V 0=1.8V = 1 R/W (0x1)
    SPI_PAD_CONFIG_CLK Override SD_CLK pad (GPIO6/SPICLK) = 0 R/W (0x0)
    SPI_PAD_CONFIG_Q Override SD_DATA_0 pad (GPIO7/SPIQ) = 0 R/W (0x0)
    SPI_PAD_CONFIG_D Override SD_DATA_1 pad (GPIO8/SPID) = 0 R/W (0x0)
    SPI_PAD_CONFIG_HD Override SD_DATA_2 pad (GPIO9/SPIHD) = 0 R/W (0x0)
    SPI_PAD_CONFIG_CS0 Override SD_CMD pad (GPIO11/SPICS0) = 0 R/W (0x0)
    DISABLE_SDIO_HOST Disable SDIO host = 0 R/W (0x0)

    Identity fuses:
    MAC MAC Address
    = 24:0a:c4:97:43:84 (CRC 91 OK) R/W
    CHIP_VER_REV1 Silicon Revision 1 = 1 R/W (0x1)
    CHIP_VERSION Reserved for future chip versions = 2 R/W (0x2)
    CHIP_PACKAGE Chip package identifier = 0 R/W (0x0)

    Calibration fuses:
    BLK3_PART_RESERVE BLOCK3 partially served for ADC calibration data = 0 R/W (0x0)
    ADC_VREF Voltage reference calibration = 1135 R/W (0x5)

    Flash voltage (VDD_SDIO) set to 3.3V by efuse.
Why can't I reflash the app that went wrong?
Last edited by brp80000 on Thu Jan 17, 2019 10:40 pm, edited 1 time in total.

User avatar
brp80000
Posts: 138
Joined: Thu Oct 04, 2018 7:13 pm

Re: Encryption. Reflash app

Postby brp80000 » Wed Jan 16, 2019 12:11 pm

I can say that flashing through the UART with a pre-generated encryption key does not work. I've tried it many times. I flash encrypted and unencrypted with offset 0 and with the necessary offset 0x10000 also I tried to set FLASH_CRYPT_CONFIG to zero and other values, then encrypt and flash encrypted firmware via UART. I have never been able to succeed in reprogramming encrypted flash with encoding enabled. I messed up 4 chips completely but there are 2 more pieces. Who has ideas for experiments?
Where can I get paid technical support if no one here can help?

User avatar
brp80000
Posts: 138
Joined: Thu Oct 04, 2018 7:13 pm

Re: Encryption. Reflash app

Postby brp80000 » Thu Jan 17, 2019 10:40 pm

Thank you all for your help. It seems that the documentation is made specifically for you to screw up a few chips to increase sales)))

Who is online

Users browsing this forum: Baidu [Spider] and 103 guests