You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
I have searched the issue tracker for a similar issue and not found a similar issue.
General issue report
Question:
How can I enable Secure Boot V2 and be able to flash a signed bootloader AND a signed app binary on an ESP32-S3 (N8R8) chip?
Context:
I am trying to configure Secure Boot V2 on my ESP32-S3 (N8R8) chip. I followed the steps mentioned in the documentation i.e.:
Checking the box for Enable hardware Secure Boot in bootloader in Menuconfig -> App Signing Scheme
Selecting Enable Secure Boot version 2 in Menuconfig -> Select secure boot version
Specifying the path to my signing key (ECDSA private key)
Selecting Permanently switch to Secure mode in Menuconfig -> UART ROM download mode
Building the signed app binary, OTA, and partition table with idf.py build
Building the signed bootloader with idf.py bootloader
Flashing the signed bootloader with idf.py bootloader-flash
Everything works until this point. The problem arises when I try to flash the app binary, partition table and OTA using idf.py flash.
I get the following error logs when I run idf.py flash:
esptool esp32s3 -p /dev/ttyUSB0 -b 460800 --before=default_reset --after=no_reset --no-stub write_flash --flash_mode dio --flash_freq 80m --flash_size keep 0x100000 embed-reader-firmware-2.bin 0x10000 partition_table/partition-table.bin 0x11000 ota_data_initial.bin
esptool.py v4.5.1
Serial port /dev/ttyUSB0
Connecting....
Chip is ESP32-S3 (revision v0.1)
Features: WiFi, BLE
Crystal is 40MHz
MAC: f4:12:fa:df:30:10
Changing baud rate to 460800
Changed.
Enabling default SPI flash mode...
Configuring flash size...
Flash will be erased from 0x00100000 to 0x00280fff...
Flash will be erased from 0x00010000 to 0x00010fff...
Flash will be erased from 0x00011000 to 0x00012fff...
Erasing flash...
A fatal error occurred: Failed to enter Flash download mode (result was 01060000: Operation or feature not supported)
CMake Error at run_serial_tool.cmake:55 (message):
/home/****/.espressif/python_env/idf5.0_py3.10_env/bin/python;;/home/****/esp/esp-idf/components/esptool_py/esptool/esptool.py;--chip;esp32s3
failed
I have also tried manually entering the command with the --force option but I get the same output as above.
Have I missed a step in configuring Secure Boot V2?
The text was updated successfully, but these errors were encountered:
github-actionsbot
changed the title
[Secure Boot V2] Unable to flash signed App binary after flashing signed bootloader.
[Secure Boot V2] Unable to flash signed App binary after flashing signed bootloader. (IDFGH-10705)
Jul 21, 2023
Please try replacing --flash_size keep with the specific flash capacity on your dev board (e.g., --flash_size 4MB) and that should fix this issue. Please see prior discussion on this topic here #10959 (comment)
If there are others with ESP-IDF V 5.0.1 running into the same problem, you must change the --flash_size keep option to the specific value corresponding to the flash size on your chip. I have an N8R8 module so I use --flash_size 8MB.
If you're wondering where to add this option, you need to go to build/ and look for flash_args and bootloader-flash_args. You will find the --flash_size option in both of these files. Modify it to specify your chip's flash size and run the command manually, NOT via idf.py bootloader-flash or idf.py flash. You may need to use the --force option.
Answers checklist.
General issue report
Question:
How can I enable Secure Boot V2 and be able to flash a signed bootloader AND a signed app binary on an ESP32-S3 (N8R8) chip?
Context:
I am trying to configure Secure Boot V2 on my ESP32-S3 (N8R8) chip. I followed the steps mentioned in the documentation i.e.:
Enable hardware Secure Boot in bootloader
inMenuconfig
->App Signing Scheme
Enable Secure Boot version 2
inMenuconfig
->Select secure boot version
Permanently switch to Secure mode
inMenuconfig
->UART ROM download mode
idf.py build
idf.py bootloader
idf.py bootloader-flash
Everything works until this point. The problem arises when I try to flash the app binary, partition table and OTA using
idf.py flash
.I get the following error logs when I run
idf.py flash
:I have also tried manually entering the command with the
--force
option but I get the same output as above.Have I missed a step in configuring Secure Boot V2?
The text was updated successfully, but these errors were encountered: