Enable Secure boot on software

User Guide:

  • Secure Boot V1
  • Secure Boot V2
  • espsecure.py

Please follow these steps:

1、Query the chip version

esptool.py chip_id

在这里插入图片描述

  • The V1.0 version chip only supports Secure boot V1

  • The V3.0 or later version chip support Secure boot V2


2、You need to get the secure boot private key. As follows:

  • The Secure Boot V1 key requires use the ECDSA 256(SHA-256) bit private keys.

在这里插入图片描述

  • Running the following command to obtain the Secure Boot V1 ECDSA 256 bit(SHA-256) private key.
espsecure.py generate_signing_key secure_boot_signing_key.pem --version 1 --scheme ecdsa256

在这里插入图片描述


  • If you are use the ECO3 or ECO4 SoC , we recommend to use the Secure Boot V2 . The Secure boot V2 key requires use the rsa3072 private keys.
  • To use Secure boot v2, need to set the chip version to ECO3 or ECO4 , as follows:

Component config → Hardware Settings → Chip revision → Minimum Supported ESP32 Revision
在这里插入图片描述

  • Running the following command to obtain the secure boot V2 key.
espsecure.py generate_signing_key secure_boot_signing_key.pem --version 2 --scheme rsa3072

在这里插入图片描述


3、You need to increase the partition table address Settings.

Since enable secure boot will increases the size of the bootloader.bin firmware, so the offset of the default partition table needs to be adjusted, which is 0x8000, can be adjusted to 0xc000. You can modify the settings for partition table in menuconfig. As follows:

在这里插入图片描述


4、You need to enable secure boot config on software

  • Please set the correct private key file(secure_boot_signing_key.pem

在这里插入图片描述


5、To get the bootloadr.bin and download the bootloadr.bin

  • Running the follows command to get the bootloadr.bin
idf.py bootloader
  • Running the follows command to download the bootloadr.bin
idf.py -p COM6 bootloader-flash

在这里插入图片描述

  • You can also use the follows command to download the bootloadr.bin
esptool.py --chip esp32 --before=default_reset --after=no_reset write_flash --flash_mode dio --flash_freq 40m --flash_size keep 0x1000 E:/esp/esp-idf-v5.1/examples/get-started/blink/build/bootloader/bootloader.bin

在这里插入图片描述


6、 To compile the firmware

  • Then , Running the following command to compile the firmware and get the partition-table.bin and app.bin. As follows:
idf.py build 
  • If you are using the secure boot V1 , After compiled, you will get the signed firmware and a summary of the public key generated based on the secure boot signature private key.
    • The partition-table.bin and app.bin will be signed, the bootloader.bin firmware will not be signed. As follows:
      在这里插入图片描述
    • A summary of the public key generated based on the secure boot signature private key
      在这里插入图片描述

  • If you are using the secure boot V2 ,After compiled, you will get the signed firmware

    • The app.bin and bootloade.bin will be signed, the partition table firmware will not be signed.

在这里插入图片描述

  • When use the secure boot private key(secure_boot_signing_key.pem) to sign the plaintext firmware, the public key and the summary of the public key will are generated. The public key and the summary of the public key will storage to the signature block. The signature block is written at the end of the firmware.

7、To download the signed partition-table.bin and signed app.bin and monitor the running log.

  • Running the following command to download the signed partition-table.bin and signed app.bin and monitor the running log.
idf.py flash monitor

在这里插入图片描述

After the firmware is downloaded, the secure boot will be enabled when the first boot. You can confirm the secure boot process by viewing the running log . As follows:
在这里插入图片描述


You can running the “espefuse.py -p COM4 summary” command to query eFuse information, and you can seen secure boot is enabled.

espefuse.py summary
espefuse.py v4.7.dev1A fatal error occurred: Could not open /dev/ttyUSB0, the port doesn't exist
Please make sure that you have specified the right port with the --port argumentE:\esp\esp-idf-v5.1\examples\get-started\blink>espefuse.py -p COM4 summary
espefuse.py v4.7.dev1
Connecting......
Detecting chip type... Unsupported detection protocol, switching and trying again...
Connecting....
Detecting chip type... ESP32=== Run "summary" command ===
EFUSE_NAME (Block) Description  = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Calibration fuses:
ADC_VREF (BLOCK0)                                  True ADC reference voltage                         = 1114 R/W (0b00010)Config fuses:
WR_DIS (BLOCK0)                                    Efuse write disable mask                           = 256 R/W (0x0100)
RD_DIS (BLOCK0)                                    Disable reading from BlOCK1-3                      = 2 R/W (0x2)
DISABLE_APP_CPU (BLOCK0)                           Disables APP CPU                                   = False R/W (0b0)
DISABLE_BT (BLOCK0)                                Disables Bluetooth                                 = False R/W (0b0)
DIS_CACHE (BLOCK0)                                 Disables cache                                     = False R/W (0b0)
CHIP_CPU_FREQ_LOW (BLOCK0)                         If set alongside EFUSE_RD_CHIP_CPU_FREQ_RATED; the = False R/W (0b0)ESP32's max CPU frequency is rated for 160MHz. 240MHz otherwise
CHIP_CPU_FREQ_RATED (BLOCK0)                       If set; the ESP32's maximum CPU frequency has been = True R/W (0b1)rated
BLK3_PART_RESERVE (BLOCK0)                         BLOCK3 partially served for ADC calibration data   = False R/W (0b0)
CLK8M_FREQ (BLOCK0)                                8MHz clock freq override                           = 50 R/W (0x32)
VOL_LEVEL_HP_INV (BLOCK0)                          This field stores the voltage level for CPU to run = 0 R/W (0b00)at 240 MHz; or for flash/PSRAM to run at 80 MHz.0x0: level 7; 0x1: level 6; 0x2: level 5; 0x3: level 4. (RO)
CODING_SCHEME (BLOCK0)                             Efuse variable block length scheme= NONE (BLK1-3 len=256 bits) R/W (0b00)
CONSOLE_DEBUG_DISABLE (BLOCK0)                     Disable ROM BASIC interpreter fallback             = True R/W (0b1)
DISABLE_SDIO_HOST (BLOCK0)                                                                            = False R/W (0b0)
DISABLE_DL_CACHE (BLOCK0)                          Disable flash cache in UART bootloader             = False R/W (0b0)Flash fuses:
FLASH_CRYPT_CNT (BLOCK0)                           Flash encryption is enabled if this field has an o = 0 R/W (0b0000000)dd number of bits set
FLASH_CRYPT_CONFIG (BLOCK0)                        Flash encryption config (key tweak bits)           = 0 R/W (0x0)Identity fuses:
CHIP_PACKAGE_4BIT (BLOCK0)                         Chip package identifier #4bit                      = False R/W (0b0)
CHIP_PACKAGE (BLOCK0)                              Chip package identifier                            = 1 R/W (0b001)
CHIP_VER_REV1 (BLOCK0)                             bit is set to 1 for rev1 silicon                   = True R/W (0b1)
CHIP_VER_REV2 (BLOCK0)                                                                                = False R/W (0b0)
WAFER_VERSION_MINOR (BLOCK0)                                                                          = 0 R/W (0b00)
WAFER_VERSION_MAJOR (BLOCK0)                       calc WAFER VERSION MAJOR from CHIP_VER_REV1 and CH = 1 R/W (0b001)IP_VER_REV2 and apb_ctl_date (read only)
PKG_VERSION (BLOCK0)                               calc Chip package = CHIP_PACKAGE_4BIT << 3 + CHIP_ = 1 R/W (0x1)PACKAGE (read only)Jtag fuses:
JTAG_DISABLE (BLOCK0)                              Disable JTAG                                       = True R/W (0b1)Mac fuses:
MAC (BLOCK0)                                       MAC address= fc:f5:c4:4c:07:cc (CRC 0xc1 OK) R/W
MAC_CRC (BLOCK0)                                   CRC8 for MAC address                               = 193 R/W (0xc1)
MAC_VERSION (BLOCK3)                               Version of the MAC field                           = 0 R/W (0x00)Security fuses:
UART_DOWNLOAD_DIS (BLOCK0)                         Disable UART download mode. Valid for ESP32 V3 and = False R/W (0b0)newer; only
ABS_DONE_0 (BLOCK0)                                Secure boot V1 is enabled for bootloader image     = True R/W (0b1)
ABS_DONE_1 (BLOCK0)                                Secure boot V2 is enabled for bootloader image     = False R/W (0b0)
DISABLE_DL_ENCRYPT (BLOCK0)                        Disable flash encryption in UART bootloader        = False R/W (0b0)
DISABLE_DL_DECRYPT (BLOCK0)                        Disable flash decryption in UART bootloader        = False R/W (0b0)
KEY_STATUS (BLOCK0)                                Usage of efuse block 3 (reserved)                  = False R/W (0b0)
SECURE_VERSION (BLOCK3)                            Secure version for anti-rollback                   = 0 R/W (0x00000000)
BLOCK1 (BLOCK1)                                    Flash encryption key= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W
BLOCK2 (BLOCK2)                                    Security boot key= ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLOCK3 (BLOCK3)                                    Variable Block 3= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/WSpi Pad fuses:
SPI_PAD_CONFIG_HD (BLOCK0)                         read for SPI_pad_config_hd                         = 0 R/W (0b00000)
SPI_PAD_CONFIG_CLK (BLOCK0)                        Override SD_CLK pad (GPIO6/SPICLK)                 = 0 R/W (0b00000)
SPI_PAD_CONFIG_Q (BLOCK0)                          Override SD_DATA_0 pad (GPIO7/SPIQ)                = 0 R/W (0b00000)
SPI_PAD_CONFIG_D (BLOCK0)                          Override SD_DATA_1 pad (GPIO8/SPID)                = 0 R/W (0b00000)
SPI_PAD_CONFIG_CS0 (BLOCK0)                        Override SD_CMD pad (GPIO11/SPICS0)                = 0 R/W (0b00000)Vdd fuses:
XPD_SDIO_REG (BLOCK0)                              read for XPD_SDIO_REG                              = False R/W (0b0)
XPD_SDIO_TIEH (BLOCK0)                             If XPD_SDIO_FORCE & XPD_SDIO_REG                   = 1.8V R/W (0b0)
XPD_SDIO_FORCE (BLOCK0)                            Ignore MTDI pin (GPIO12) for VDD_SDIO on reset     = False R/W (0b0)Flash voltage (VDD_SDIO) determined by GPIO12 on reset (High for 1.8V, Low/NC for 3.3V)

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/53618.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

成集云 | 畅捷通T+cloud连接器自动同步财务费用单至畅捷通 | 解决方案

源系统成集云目标系统 方案介绍 财务管理作为企业管理中重要的组成部分&#xff0c;在企业的发展和成长中扮演着重要角色&#xff0c;成集云以钉钉费用单OA审批与畅捷通TCloud系统为例&#xff0c;与钉钉连接器深度融合&#xff0c;通过数据处理和字段匹配实现了费用…

【C51 GPIO的原理和内部结构】

51单片机项目基础篇 中篇&#xff1a;介绍GPIO1、认识GPIO2、GPIO 结构框图与工作原理2.1、P0端口结构框图与工作原理2.1.1、剖析组成 P0 口的每个单元的作用2.1.2、 P0 口做为 I/O 口及地址/数据总线使用时的具体工作过程 2.2、P1 端口结构框图与工作原理2.3、P2 端口结构框图…

73 # 发布自己的 http-server 到 npm

1、添加 .npmignore 文件&#xff0c;忽略不需要的文件 public2、去官网https://www.npmjs.com/检查自己的包名是否被占用 3、切换到官方源&#xff0c;然后检查确认 nrm use npm nrm ls4、登录 npm 账号 npm login5、发布 npm publish6、查看发布情况&#xff0c;发布成功…

波奇学C++:stl的list模拟实现

list是双向带头链表。所以迭代器end()相当于哨兵卫的头。 list不支持和[]重载&#xff0c;原因在于list空间不是连续的&#xff0c;和[]的代价比较大。 访问第n个节点&#xff0c;只能用for循环&#xff0c;来实现 list<int> l; l.push_back(0); l.push_back(1); l.pu…

Matlab图像处理-加法运算

加法运算 图像加法运算的一个应用是将一幅图像的内容叠加到另一幅图像上&#xff0c;生成叠加图像效果&#xff0c;或给图像中每个像素叠加常数改变图像的亮度。 在MATLAB图像处理工具箱中提供的函数imadd()可实现两幅图像的相加或者一幅图像和常量的相加。 程序代码 I1 i…

k8s之工作负载、Deployment、DaemonSet、StatefulSet、Job、CronJob及GC

文章目录 1、工作负载1.1、定义1.2、分类 2、Deployment2.1、定义2.2、Deployment创建2.3、Deployment 更新机制2.3.1、比例缩放&#xff08;Proportional Scaling&#xff09;2.3.2、HPA&#xff08;动态扩缩容&#xff09;2.3.2.1、需要先安装metrics-server2.3.2.2、配置hpa…

剪枝基础与实战(2): L1和L2正则化及BatchNormalization讲解

1. CIFAR10 数据集 CIFAR10 是深度学习入门最先接触到的数据集之一,主要用于图像分类任务中,该数据集总共有10个类别。 图片数量:6w 张图片宽高:32x32图片类别:10Trainset: 5w 张,5 个训练块Testset: 1w 张,1 个测试块Pytorch 集成了很多常见数据集的API, 可以通过py…

P1065 [NOIP2006 提高组] 作业调度方案

[NOIP2006 提高组] 作业调度方案 题目描述 我们现在要利用 m m m 台机器加工 n n n 个工件&#xff0c;每个工件都有 m m m 道工序&#xff0c;每道工序都在不同的指定的机器上完成。每个工件的每道工序都有指定的加工时间。 每个工件的每个工序称为一个操作&#xff0c;…

函数式编程-Stream流学习第一节

1 为什么学习 1.现在很多公司在编程中大量使用函数式编程-Stream流格式代码&#xff0c;所以为了能够看懂公司的代码 2.大量数据下处理集合效率高--因为有并行流 3.代码可读性高 4.消灭嵌套地狱 2 函数式编程思想 2.1 概念 面向对象编程是关注于用对象完成什么事情。而函数式…

联想小新Pro 16笔记本键盘失灵处理方法

问题描述&#xff1a; 联想小新Pro 16新笔记本开机准备激活&#xff0c;到连接网络的时候就开始触控板、键盘失灵&#xff0c;但是有意思的是键盘的背光灯是可以调节关闭的&#xff1b;外接鼠标是正常可以移动的&#xff0c;但是只要拔掉外接鼠标再插回去的时候就不能用了&…

VUE笔记(十)Echarts

一、Echarts简介 1、什么是echarts ECharts是一款基个基于 JavaScript 的开源可视化图表库 官网地址&#xff1a;Apache ECharts 国内镜像&#xff1a;ISQQW.COM x ECharts 文档&#xff08;国内同步镜像&#xff09; - 配置项 示例&#xff1a;echarts图表集 2、第一个E…

mysql 查询的字段值太长显示不全 group_concat

当前这个字段非常的长&#xff0c;在数据库看的时候也只是显示一部分内容&#xff0c;这是由于group_concat的group_concat_max_len参数的值太小造成的&#xff0c;默认值如下&#xff1a; show VARIABLES like group_concat_max_len 我们需要将这个值调大一点就可以解决上面这…

无涯教程-PHP - 简介

PHP 7是最期待的&#xff0c;它是PHP编程语言的主要功能版本。 PHP 7于2015年12月3日发布。本教程将以简单直观的方式教您PHP 7的新功能及其用法。 无涯教程假设您已经了解旧版本的PHP&#xff0c;现在就可以开始学习PHP 7的新功能。 使用下面的示例- <html><head&…

基于开源IM即时通讯框架MobileIMSDK:RainbowChat-iOS端v7.0版已发布

关于MobileIMSDK MobileIMSDK 是一套专门为移动端开发的开源IM即时通讯框架&#xff0c;超轻量级、高度提炼&#xff0c;一套API优雅支持 UDP 、TCP 、WebSocket 三种协议&#xff0c;支持 iOS、Android、H5、标准Java、小程序、Uniapp&#xff0c;服务端基于Netty编写。 工程…

【C++】C/C++内存管理-new、delete

文章目录 一、C/C内存分布二、C/C中动态内存管理方式2.1 C语言中动态内存管理方式2.2 C内存管理方式 三、operator new和operator delete函数3.1 operator new和operator delete函数3.2 operator new与operator delete的类专属重载&#xff08;了解&#xff09; 四、new和delet…

[git]gitpush提示remote: Permission to xxx.git denied to xxx

错误原因&#xff1a;git客户端你先前登录过其他用户导致&#xff0c;你用另一个账号push的时候用的先前用户 解决方法&#xff1a;删除先前用户用你想push用户重新登录 解决步骤&#xff1a; 打开控制面板-->查看方式选择大图标-->然后打开凭据管理器 找到github相关…

亚洲辛辣菜肴搭档什么葡萄酒最好?

我们都有那种甜美、活泼、超级容易相处的朋友&#xff0c;他们是你想在一起度过美好时光的人。在葡萄酒的世界里&#xff0c;莫斯卡托就是这样的朋友。莫斯卡托是一个甜味品种&#xff0c;在过去的几年里葡萄酒在世界范围内越来越受欢迎。由于酒精含量低&#xff0c;轻微起泡&a…

Proteus软件安装包分享(附安装教程)

目录 一、软件简介 二、软件下载 一、软件简介 Proteus软件是一款电路设计和仿真的综合性软件&#xff0c;由Labcenter公司开发。它提供了一个交互式的图形界面&#xff0c;用户可以在其中构建电路、仿真结果并实时观察仿真结果。 1、Proteus的历史和演变 Proteus软件最初于…

安全帽穿戴检测人脸闸机联动

安全帽穿戴检测人脸闸机联动系统实通过yolov8网络深度学习算法模型&#xff0c;安全帽穿戴检测人脸闸机联动系统现对进入工地施工区域人员是否穿戴安全帽进行精准监测和身份识别&#xff0c;只有在满足这两个条件的情况下&#xff0c;闸机才会打开&#xff0c;允许其进入工地施…

如何进行微服务的集成测试

集成测试的概念 说到集成测试&#xff0c;相信每个测试工程师并不陌生&#xff0c;它不是一个崭新的概念&#xff0c;通过维基百科定义可以知道它在传统软件测试中的含义。 Integration testing (sometimes called integration and testing, abbreviated I&T) is the pha…