Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can not enable secure boot after enabling flash encryption (IDFGH-14288) #15080

Closed
3 tasks done
finch71 opened this issue Dec 23, 2024 · 1 comment
Closed
3 tasks done

can not enable secure boot after enabling flash encryption (IDFGH-14288) #15080

finch71 opened this issue Dec 23, 2024 · 1 comment
Assignees
@AdityaHPatwardhan
Labels
Resolution: Done Issue is done internally Status: Done Issue is done internally Type: Bug bugs in IDF

Comments

@finch71
Copy link

finch71 commented Dec 23, 2024
edited
Loading

Answers checklist.

  • I have read the documentation ESP-IDF Programming Guide and the issue is not addressed there.
  • I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
  • I have searched the issue tracker for a similar issue and not found a similar issue.

IDF version.

5.4

Operating System used.

Windows

How did you build your project?

Command line with Make

If you are using Windows, please specify command line type.

None

What is the expected behavior?

enable secure boot after enabling flash encryption

What is the actual behavior?

idf.py encrypted-flash monitor
shows

Signature Check Failed
Sig block 0 signature verification failed
E (244) secure_boot_v2: Secure Boot V2 verification failed.
E (250) esp_image: Secure boot signature verification failed
I (257) esp_image: Calculating simple hash to check for corruption...
W (323) esp_image: image valid, signature bad
E (323) boot: Factory app partition is not bootable
E (323) boot: No bootable app partitions in the partition table

Steps to reproduce.

  1. enable flash encryption (development mode) and idf.py flash
  2. confirm the boot success
  3. enable secure boot and idf.py encrypted-bootloader-flash idf.py encrypted-flash

Build or installation Logs.

No response

More Information.

No response
@finch71 finch71 added the Type: Bug bugs in IDF label Dec 23, 2024
@github-actions github-actions bot changed the title can not enable secure boot after enabling flash encryption can not enable secure boot after enabling flash encryption (IDFGH-14288) Dec 23, 2024
@espressif-bot espressif-bot added the Status: Opened Issue is new label Dec 23, 2024
@AdityaHPatwardhan
Copy link
Collaborator

Hi @finch71, it seems that the secure boot verification check has failed in your case.
Can you please make sure that the bootloader.bin and application.bin are correctly signed.

You can do that with the following command

espsecure.py signature_info_v2 bootloader-signed.bin

Make sure that this image is signed with the correct key (whose public key digest is stored in the eFuse of your device)

@AdityaHPatwardhan AdityaHPatwardhan self-assigned this Dec 23, 2024
@finch71 finch71 closed this as completed Dec 23, 2024
@espressif-bot espressif-bot added Status: Done Issue is done internally Resolution: Done Issue is done internally and removed Status: Opened Issue is new labels Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdityaHPatwardhan AdityaHPatwardhan

Labels
Resolution: Done Issue is done internally Status: Done Issue is done internally Type: Bug bugs in IDF
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AdityaHPatwardhan @espressif-bot @finch71