Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

4.5.1: test suite is failing (ESPTOOL-680) #878

Closed
kloczek opened this issue Apr 26, 2023 · 5 comments
Closed

4.5.1: test suite is failing (ESPTOOL-680) #878

kloczek opened this issue Apr 26, 2023 · 5 comments

Comments

@kloczek
Copy link

kloczek commented Apr 26, 2023

Operating System

Linux/x86_64

Esptool Version

4.5.1

Python Version

3.8.16

Full Esptool Command Line that Was Run

N/A

Esptool Output

N/A

What is the Expected Behaviour?

Looks like test suite is failing in few units.

More Information

Here is pytest output:

+ PYTHONPATH=/home/tkloczko/rpmbuild/BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib64/python3.8/site-packages:/home/tkloczko/rpmbuild/BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages
+ /usr/bin/pytest -ra -m 'not network' -m host_test
============================= test session starts ==============================
platform linux -- Python 3.8.16, pytest-7.3.1, pluggy-1.0.0
rootdir: /home/tkloczko/rpmbuild/BUILD/esptool-4.5.1
plugins: rerunfailures-11.0
collected 217 items / 73 deselected / 144 selected

test/test_espefuse.py .......................ssssssssssss......sss.sss.. [ 34%]
ss..ss.....ssssss.ss........ss..                                         [ 56%]
test/test_espsecure.py .......F...F.FF.F.........                        [ 75%]
test/test_esptool.py ......                                              [ 79%]
test/test_image_info.py .......                                          [ 84%]
test/test_imagegen.py ..............                                     [ 93%]
test/test_merge_bin.py ........                                          [ 99%]
test/test_modules.py .                                                   [100%]

=================================== FAILURES ===================================
________________________ TestSigning.test_sign_v2_data _________________________

self = <test_espsecure.TestSigning object at 0x7f85667c9bb0>

    def test_sign_v2_data(self):
        signing_keys = [
            "rsa_secure_boot_signing_key.pem",
            "ecdsa192_secure_boot_signing_key.pem",
            "ecdsa_secure_boot_signing_key.pem",
        ]
        for key in signing_keys:
            with tempfile.NamedTemporaryFile() as output_file:
                args = self.SignArgs(
                    "2",
                    [self._open(key)],
                    output_file.name,
                    False,
                    False,
                    None,
                    None,
                    None,
                    self._open("bootloader_unsigned_v2.bin"),
                )
>               espsecure.sign_data(args)

test/test_espsecure.py:223:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:331: in sign_data
    return sign_secure_boot_v2(args)
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:490: in sign_secure_boot_v2
    signature_block = generate_signature_block_using_private_key(
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:604: in generate_signature_block_using_private_key
    private_key = _load_sbv2_signing_key(keyfile.read())
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:231: in _load_sbv2_signing_key
    sk = serialization.load_pem_private_key(
/usr/lib64/python3.8/site-packages/cryptography/hazmat/primitives/serialization/base.py:24: in load_pem_private_key
    return ossl.load_pem_private_key(
/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:949: in load_pem_private_key
    return self._load_key(
/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:1201: in _load_key
    self._handle_key_loading_error()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <OpenSSLBackend(version: OpenSSL 3.0.5 5 Jul 2022, FIPS: False, Legacy: True)>

    def _handle_key_loading_error(self) -> typing.NoReturn:
        errors = self._consume_errors()

        if not errors:
            raise ValueError(
                "Could not deserialize key data. The data may be in an "
                "incorrect format or it may be encrypted with an unsupported "
                "algorithm."
            )

        elif (
            errors[0]._lib_reason_match(
                self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT
            )
            or errors[0]._lib_reason_match(
                self._lib.ERR_LIB_PKCS12,
                self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
            )
            or (
                self._lib.Cryptography_HAS_PROVIDERS
                and errors[0]._lib_reason_match(
                    self._lib.ERR_LIB_PROV,
                    self._lib.PROV_R_BAD_DECRYPT,
                )
            )
        ):
            raise ValueError("Bad decrypt. Incorrect password?")

        elif any(
            error._lib_reason_match(
                self._lib.ERR_LIB_EVP,
                self._lib.EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM,
            )
            for error in errors
        ):
            raise ValueError("Unsupported public key algorithm.")

        else:
            errors_with_text = binding._errors_with_text(errors)
>           raise ValueError(
                "Could not deserialize key data. The data may be in an "
                "incorrect format, it may be encrypted with an unsupported "
                "algorithm, or it may be an unsupported key type (e.g. EC "
                "curves with explicit parameters).",
                errors_with_text,
            )
E           ValueError: ('Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [_OpenSSLErrorWithText(code=503841036, lib=60, reason=524556, reason_text=b'error:1E08010C:DECODER routines::unsupported'), _OpenSSLErrorWithText(code=134217857, lib=16, reason=129, reason_text=b'error:08000081:elliptic curve routines::unknown group'), _OpenSSLErrorWithText(code=134217847, lib=16, reason=119, reason_text=b'error:08000077:elliptic curve routines::ec group new by name failure'), _OpenSSLErrorWithText(code=134742032, lib=16, reason=524304, reason_text=b'error:08080010:elliptic curve routines::EC lib'), _OpenSSLErrorWithText(code=109052072, lib=13, reason=168, reason_text=b'error:068000A8:asn1 encoding routines::wrong tag'), _OpenSSLErrorWithText(code=109576458, lib=13, reason=524554, reason_text=b'error:0688010A:asn1 encoding routines::nested asn1 error'), _OpenSSLErrorWithText(code=109576458, lib=13, reason=524554, reason_text=b'error:0688010A:asn1 encoding routines::nested asn1 error')])

/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:1257: ValueError
----------------------------- Captured stdout call -----------------------------
1 signing key(s) found.
Signed 32768 bytes of data from /home/tkloczko/rpmbuild/BUILD/esptool-4.5.1/test/secure_images/bootloader_unsigned_v2.bin. Signature sector now has 1 signature blocks.
Signature block 0 is valid (RSA).
Signature block 0 verification successful using the supplied key (RSA).
Signature block 1 invalid. Skipping.
Signature block 2 invalid. Skipping.
1 signing key(s) found.
____________ TestSigning.test_sign_v2_with_pre_calculated_signature ____________

self = <test_espsecure.TestSigning object at 0x7f85667c6bb0>

    def test_sign_v2_with_pre_calculated_signature(self):
        # Sign using pre-calculated signature + Verify
        signing_keys = [
            "rsa_secure_boot_signing_pubkey.pem",
            "ecdsa192_secure_boot_signing_pubkey.pem",
            "ecdsa_secure_boot_signing_pubkey.pem",
        ]
        pre_calculated_signatures = [
            "pre_calculated_bootloader_signature_rsa.bin",
            "pre_calculated_bootloader_signature_ecdsa192.bin",
            "pre_calculated_bootloader_signature_ecdsa256.bin",
        ]
        for pub_key, signature in zip(signing_keys, pre_calculated_signatures):
            with tempfile.NamedTemporaryFile() as output_file:
                args = self.SignArgs(
                    "2",
                    None,
                    output_file.name,
                    False,
                    False,
                    None,
                    [self._open(pub_key)],
                    [self._open(signature)],
                    self._open("bootloader_unsigned_v2.bin"),
                )
>               espsecure.sign_data(args)

test/test_espsecure.py:409:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:331: in sign_data
    return sign_secure_boot_v2(args)
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:485: in sign_secure_boot_v2
    signature_block = generate_signature_block_using_pre_calculated_signature(
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:546: in generate_signature_block_using_pre_calculated_signature
    public_key = _get_sbv2_pub_key(pk)
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:288: in _get_sbv2_pub_key
    vk = _load_sbv2_pub_key(key_data)
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:258: in _load_sbv2_pub_key
    vk = serialization.load_pem_public_key(keydata, backend=default_backend())
/usr/lib64/python3.8/site-packages/cryptography/hazmat/primitives/serialization/base.py:34: in load_pem_public_key
    return ossl.load_pem_public_key(data)
/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:996: in load_pem_public_key
    self._handle_key_loading_error()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <OpenSSLBackend(version: OpenSSL 3.0.5 5 Jul 2022, FIPS: False, Legacy: True)>

    def _handle_key_loading_error(self) -> typing.NoReturn:
        errors = self._consume_errors()

        if not errors:
            raise ValueError(
                "Could not deserialize key data. The data may be in an "
                "incorrect format or it may be encrypted with an unsupported "
                "algorithm."
            )

        elif (
            errors[0]._lib_reason_match(
                self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT
            )
            or errors[0]._lib_reason_match(
                self._lib.ERR_LIB_PKCS12,
                self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
            )
            or (
                self._lib.Cryptography_HAS_PROVIDERS
                and errors[0]._lib_reason_match(
                    self._lib.ERR_LIB_PROV,
                    self._lib.PROV_R_BAD_DECRYPT,
                )
            )
        ):
            raise ValueError("Bad decrypt. Incorrect password?")

        elif any(
            error._lib_reason_match(
                self._lib.ERR_LIB_EVP,
                self._lib.EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM,
            )
            for error in errors
        ):
            raise ValueError("Unsupported public key algorithm.")

        else:
            errors_with_text = binding._errors_with_text(errors)
>           raise ValueError(
                "Could not deserialize key data. The data may be in an "
                "incorrect format, it may be encrypted with an unsupported "
                "algorithm, or it may be an unsupported key type (e.g. EC "
                "curves with explicit parameters).",
                errors_with_text,
            )
E           ValueError: ('Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [_OpenSSLErrorWithText(code=75497580, lib=9, reason=108, reason_text=b'error:0480006C:PEM routines::no start line')])

/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:1257: ValueError
----------------------------- Captured stdout call -----------------------------
Pre-calculated signatures found
1 signing key(s) found.
Signed 32768 bytes of data from /home/tkloczko/rpmbuild/BUILD/esptool-4.5.1/test/secure_images/bootloader_unsigned_v2.bin. Signature sector now has 1 signature blocks.
Signature block 0 is valid (RSA).
Signature block 0 verification successful using the supplied key (RSA).
Signature block 1 invalid. Skipping.
Signature block 2 invalid. Skipping.
Pre-calculated signatures found
1 signing key(s) found.
________________ TestSigning.test_verify_signature_signing_key _________________

self = <test_espsecure.TestSigning object at 0x7f85667c93d0>

    def test_verify_signature_signing_key(self):
        # correct key v1
        args = self.VerifyArgs(
            "1",
            False,
            None,
            self._open("ecdsa_secure_boot_signing_key.pem"),
            self._open("bootloader_signed.bin"),
        )
        espsecure.verify_signature(args)

        # correct key v2
        args = self.VerifyArgs(
            "2",
            False,
            None,
            self._open("rsa_secure_boot_signing_key.pem"),
            self._open("bootloader_signed_v2.bin"),
        )
        espsecure.verify_signature(args)

        # correct key v2 (ecdsa256)
        args = self.VerifyArgs(
            "2",
            False,
            None,
            self._open("ecdsa_secure_boot_signing_key.pem"),
            self._open("bootloader_signed_v2_ecdsa256.bin"),
        )
        espsecure.verify_signature(args)

        # correct key v2 (ecdsa192)
        args = self.VerifyArgs(
            "2",
            False,
            None,
            self._open("ecdsa192_secure_boot_signing_key.pem"),
            self._open("bootloader_signed_v2_ecdsa192.bin"),
        )
>       espsecure.verify_signature(args)

test/test_espsecure.py:486:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:701: in verify_signature
    return verify_signature_v2(args)
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:787: in verify_signature_v2
    vk = _get_sbv2_pub_key(keyfile)
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:286: in _get_sbv2_pub_key
    return _load_sbv2_signing_key(key_data).public_key()
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:231: in _load_sbv2_signing_key
    sk = serialization.load_pem_private_key(
/usr/lib64/python3.8/site-packages/cryptography/hazmat/primitives/serialization/base.py:24: in load_pem_private_key
    return ossl.load_pem_private_key(
/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:949: in load_pem_private_key
    return self._load_key(
/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:1201: in _load_key
    self._handle_key_loading_error()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <OpenSSLBackend(version: OpenSSL 3.0.5 5 Jul 2022, FIPS: False, Legacy: True)>

    def _handle_key_loading_error(self) -> typing.NoReturn:
        errors = self._consume_errors()

        if not errors:
            raise ValueError(
                "Could not deserialize key data. The data may be in an "
                "incorrect format or it may be encrypted with an unsupported "
                "algorithm."
            )

        elif (
            errors[0]._lib_reason_match(
                self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT
            )
            or errors[0]._lib_reason_match(
                self._lib.ERR_LIB_PKCS12,
                self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
            )
            or (
                self._lib.Cryptography_HAS_PROVIDERS
                and errors[0]._lib_reason_match(
                    self._lib.ERR_LIB_PROV,
                    self._lib.PROV_R_BAD_DECRYPT,
                )
            )
        ):
            raise ValueError("Bad decrypt. Incorrect password?")

        elif any(
            error._lib_reason_match(
                self._lib.ERR_LIB_EVP,
                self._lib.EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM,
            )
            for error in errors
        ):
            raise ValueError("Unsupported public key algorithm.")

        else:
            errors_with_text = binding._errors_with_text(errors)
>           raise ValueError(
                "Could not deserialize key data. The data may be in an "
                "incorrect format, it may be encrypted with an unsupported "
                "algorithm, or it may be an unsupported key type (e.g. EC "
                "curves with explicit parameters).",
                errors_with_text,
            )
E           ValueError: ('Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [_OpenSSLErrorWithText(code=503841036, lib=60, reason=524556, reason_text=b'error:1E08010C:DECODER routines::unsupported'), _OpenSSLErrorWithText(code=134217857, lib=16, reason=129, reason_text=b'error:08000081:elliptic curve routines::unknown group'), _OpenSSLErrorWithText(code=134217847, lib=16, reason=119, reason_text=b'error:08000077:elliptic curve routines::ec group new by name failure'), _OpenSSLErrorWithText(code=134742032, lib=16, reason=524304, reason_text=b'error:08080010:elliptic curve routines::EC lib'), _OpenSSLErrorWithText(code=109052072, lib=13, reason=168, reason_text=b'error:068000A8:asn1 encoding routines::wrong tag'), _OpenSSLErrorWithText(code=109576458, lib=13, reason=524554, reason_text=b'error:0688010A:asn1 encoding routines::nested asn1 error'), _OpenSSLErrorWithText(code=109576458, lib=13, reason=524554, reason_text=b'error:0688010A:asn1 encoding routines::nested asn1 error')])

/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:1257: ValueError
----------------------------- Captured stdout call -----------------------------
Verifying 21696 bytes of data
Signature is valid
Signature block 0 is valid (RSA).
Signature block 0 verification successful using the supplied key (RSA).
Signature block 1 invalid. Skipping.
Signature block 2 invalid. Skipping.
Signature block 0 is valid (ECDSA).
Signature block 0 verification successful using the supplied key (ECDSA).
_________________ TestSigning.test_verify_signature_public_key _________________

self = <test_espsecure.TestSigning object at 0x7f85666571c0>

    def test_verify_signature_public_key(self):
        # correct key v1
        args = self.VerifyArgs(
            "1",
            False,
            None,
            self._open("ecdsa_secure_boot_signing_pubkey.pem"),
            self._open("bootloader_signed.bin"),
        )
        espsecure.verify_signature(args)

        # correct key v2
        args = self.VerifyArgs(
            "2",
            False,
            None,
            self._open("rsa_secure_boot_signing_pubkey.pem"),
            self._open("bootloader_signed_v2.bin"),
        )
        espsecure.verify_signature(args)

        # correct key v2 (ecdsa256)
        args = self.VerifyArgs(
            "2",
            False,
            None,
            self._open("ecdsa_secure_boot_signing_pubkey.pem"),
            self._open("bootloader_signed_v2_ecdsa256.bin"),
        )
        espsecure.verify_signature(args)

        # correct key v2 (ecdsa192)
        args = self.VerifyArgs(
            "2",
            False,
            None,
            self._open("ecdsa192_secure_boot_signing_pubkey.pem"),
            self._open("bootloader_signed_v2_ecdsa192.bin"),
        )
>       espsecure.verify_signature(args)

test/test_espsecure.py:599:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:701: in verify_signature
    return verify_signature_v2(args)
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:787: in verify_signature_v2
    vk = _get_sbv2_pub_key(keyfile)
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:288: in _get_sbv2_pub_key
    vk = _load_sbv2_pub_key(key_data)
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:258: in _load_sbv2_pub_key
    vk = serialization.load_pem_public_key(keydata, backend=default_backend())
/usr/lib64/python3.8/site-packages/cryptography/hazmat/primitives/serialization/base.py:34: in load_pem_public_key
    return ossl.load_pem_public_key(data)
/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:996: in load_pem_public_key
    self._handle_key_loading_error()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <OpenSSLBackend(version: OpenSSL 3.0.5 5 Jul 2022, FIPS: False, Legacy: True)>

    def _handle_key_loading_error(self) -> typing.NoReturn:
        errors = self._consume_errors()

        if not errors:
            raise ValueError(
                "Could not deserialize key data. The data may be in an "
                "incorrect format or it may be encrypted with an unsupported "
                "algorithm."
            )

        elif (
            errors[0]._lib_reason_match(
                self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT
            )
            or errors[0]._lib_reason_match(
                self._lib.ERR_LIB_PKCS12,
                self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
            )
            or (
                self._lib.Cryptography_HAS_PROVIDERS
                and errors[0]._lib_reason_match(
                    self._lib.ERR_LIB_PROV,
                    self._lib.PROV_R_BAD_DECRYPT,
                )
            )
        ):
            raise ValueError("Bad decrypt. Incorrect password?")

        elif any(
            error._lib_reason_match(
                self._lib.ERR_LIB_EVP,
                self._lib.EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM,
            )
            for error in errors
        ):
            raise ValueError("Unsupported public key algorithm.")

        else:
            errors_with_text = binding._errors_with_text(errors)
>           raise ValueError(
                "Could not deserialize key data. The data may be in an "
                "incorrect format, it may be encrypted with an unsupported "
                "algorithm, or it may be an unsupported key type (e.g. EC "
                "curves with explicit parameters).",
                errors_with_text,
            )
E           ValueError: ('Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [_OpenSSLErrorWithText(code=75497580, lib=9, reason=108, reason_text=b'error:0480006C:PEM routines::no start line')])

/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:1257: ValueError
----------------------------- Captured stdout call -----------------------------
Verifying 21696 bytes of data
Signature is valid
Signature block 0 is valid (RSA).
Signature block 0 verification successful using the supplied key (RSA).
Signature block 1 invalid. Skipping.
Signature block 2 invalid. Skipping.
Signature block 0 is valid (ECDSA).
Signature block 0 verification successful using the supplied key (ECDSA).
_________________ TestSigning.test_generate_and_extract_key_v2 _________________

self = <test_espsecure.TestSigning object at 0x7f8566657460>

    def test_generate_and_extract_key_v2(self):
        with tempfile.TemporaryDirectory() as keydir:
            # keyfile cannot exist before generation -> tempfile.NamedTemporaryFile()
            # cannot be used for keyfile
            keyfile_name = os.path.join(keydir, "key.pem")

            # We need to manually delete the keyfile as we are iterating over
            # different schemes with the same keyfile so instead of using addCleanup,
            # we remove it using os.remove at the end of each pass
            for scheme in ["rsa3072", "ecdsa192", "ecdsa256"]:
                args = self.GenerateKeyArgs("2", scheme, keyfile_name)
                espsecure.generate_signing_key(args)

                with tempfile.NamedTemporaryFile() as pub_keyfile, open(
                    keyfile_name, "rb"
                ) as keyfile:
                    args = self.ExtractKeyArgs("2", keyfile, pub_keyfile)
>                   espsecure.extract_public_key(args)

test/test_espsecure.py:707:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:884: in extract_public_key
    sk = _load_sbv2_signing_key(args.keyfile.read())
../../BUILDROOT/esptool-4.5.1-2.fc35.x86_64/usr/lib/python3.8/site-packages/espsecure/__init__.py:231: in _load_sbv2_signing_key
    sk = serialization.load_pem_private_key(
/usr/lib64/python3.8/site-packages/cryptography/hazmat/primitives/serialization/base.py:24: in load_pem_private_key
    return ossl.load_pem_private_key(
/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:949: in load_pem_private_key
    return self._load_key(
/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:1201: in _load_key
    self._handle_key_loading_error()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <OpenSSLBackend(version: OpenSSL 3.0.5 5 Jul 2022, FIPS: False, Legacy: True)>

    def _handle_key_loading_error(self) -> typing.NoReturn:
        errors = self._consume_errors()

        if not errors:
            raise ValueError(
                "Could not deserialize key data. The data may be in an "
                "incorrect format or it may be encrypted with an unsupported "
                "algorithm."
            )

        elif (
            errors[0]._lib_reason_match(
                self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT
            )
            or errors[0]._lib_reason_match(
                self._lib.ERR_LIB_PKCS12,
                self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
            )
            or (
                self._lib.Cryptography_HAS_PROVIDERS
                and errors[0]._lib_reason_match(
                    self._lib.ERR_LIB_PROV,
                    self._lib.PROV_R_BAD_DECRYPT,
                )
            )
        ):
            raise ValueError("Bad decrypt. Incorrect password?")

        elif any(
            error._lib_reason_match(
                self._lib.ERR_LIB_EVP,
                self._lib.EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM,
            )
            for error in errors
        ):
            raise ValueError("Unsupported public key algorithm.")

        else:
            errors_with_text = binding._errors_with_text(errors)
>           raise ValueError(
                "Could not deserialize key data. The data may be in an "
                "incorrect format, it may be encrypted with an unsupported "
                "algorithm, or it may be an unsupported key type (e.g. EC "
                "curves with explicit parameters).",
                errors_with_text,
            )
E           ValueError: ('Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [_OpenSSLErrorWithText(code=503841036, lib=60, reason=524556, reason_text=b'error:1E08010C:DECODER routines::unsupported'), _OpenSSLErrorWithText(code=134217857, lib=16, reason=129, reason_text=b'error:08000081:elliptic curve routines::unknown group'), _OpenSSLErrorWithText(code=134217847, lib=16, reason=119, reason_text=b'error:08000077:elliptic curve routines::ec group new by name failure'), _OpenSSLErrorWithText(code=134742032, lib=16, reason=524304, reason_text=b'error:08080010:elliptic curve routines::EC lib'), _OpenSSLErrorWithText(code=109052072, lib=13, reason=168, reason_text=b'error:068000A8:asn1 encoding routines::wrong tag'), _OpenSSLErrorWithText(code=109576458, lib=13, reason=524554, reason_text=b'error:0688010A:asn1 encoding routines::nested asn1 error'), _OpenSSLErrorWithText(code=109576458, lib=13, reason=524554, reason_text=b'error:0688010A:asn1 encoding routines::nested asn1 error')])

/usr/lib64/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py:1257: ValueError
----------------------------- Captured stdout call -----------------------------
RSA 3072 private key in PEM format written to /tmp/tmpo2wk7b63/key.pem
/tmp/tmpo2wk7b63/key.pem public key extracted to /tmp/tmp5fuxt1dm
ECDSA NIST192p private key in PEM format written to /tmp/tmpo2wk7b63/key.pem
=========================== short test summary info ============================
SKIPPED [1] test/test_espefuse.py:507: Not necessary fo all chips
SKIPPED [1] test/test_espefuse.py:510: Not necessary fo all chips
SKIPPED [1] test/test_espefuse.py:519: Not necessary fo all chips
SKIPPED [1] test/test_espefuse.py:528: Not necessary fo all chips
SKIPPED [1] test/test_espefuse.py:533: Not necessary fo all chips
SKIPPED [1] test/test_espefuse.py:542: Not necessary fo all chips
SKIPPED [1] test/test_espefuse.py:550: Not necessary fo all chips
SKIPPED [1] test/test_espefuse.py:553: Not necessary fo all chips
SKIPPED [1] test/test_espefuse.py:562: Not necessary fo all chips
SKIPPED [1] test/test_espefuse.py:570: Not necessary fo all chips
SKIPPED [1] test/test_espefuse.py:579: Not necessary fo all chips
SKIPPED [1] test/test_espefuse.py:588: Not necessary fo all chips
SKIPPED [1] test/test_espefuse.py:798: ESP32-C2-only
SKIPPED [1] test/test_espefuse.py:818: ESP32-C2-only
SKIPPED [1] test/test_espefuse.py:846: Only chips with 6 keys
SKIPPED [1] test/test_espefuse.py:931: 512 bit keys are only supported on ESP32-S2 and S3
SKIPPED [1] test/test_espefuse.py:949: 512 bit keys are only supported on ESP32-S2 and S3
SKIPPED [1] test/test_espefuse.py:989: 512 bit keys are only supported on ESP32-S2 and S3
SKIPPED [1] test/test_espefuse.py:1059: ESP32-C2-only
SKIPPED [1] test/test_espefuse.py:1076: Only chip with 6 keys
SKIPPED [1] test/test_espefuse.py:1187: ESP32-C2-only
SKIPPED [1] test/test_espefuse.py:1210: Only chips with 6 keys
SKIPPED [1] test/test_espefuse.py:1347: ESP32-C2-only, supports 1 key block
SKIPPED [1] test/test_espefuse.py:1359: ESP32-C2-only, supports 1 key block
SKIPPED [1] test/test_espefuse.py:1371: ESP32-C2-only, supports 1 key block
SKIPPED [1] test/test_espefuse.py:1383: ESP32-C2-only, supports 1 key block
SKIPPED [1] test/test_espefuse.py:1411: Supports 6 key blocks
SKIPPED [1] test/test_espefuse.py:1443: Supports 6 key blocks
SKIPPED [1] test/test_espefuse.py:1489: ESP32-C2-only
SKIPPED [1] test/test_espefuse.py:1508: Only chip with 6 keys
SKIPPED [1] test/test_espefuse.py:1729: For this chip, FE and SB keys go into one BLOCK
SKIPPED [1] test/test_espefuse.py:1745: For this chip, FE and SB keys go into one BLOCK
FAILED test/test_espsecure.py::TestSigning::test_sign_v2_data - ValueError: (...
FAILED test/test_espsecure.py::TestSigning::test_sign_v2_with_pre_calculated_signature
FAILED test/test_espsecure.py::TestSigning::test_verify_signature_signing_key
FAILED test/test_espsecure.py::TestSigning::test_verify_signature_public_key
FAILED test/test_espsecure.py::TestSigning::test_generate_and_extract_key_v2
===== 5 failed, 107 passed, 32 skipped, 73 deselected in 124.69s (0:02:04) =====

Other Steps to Reproduce

Here is list of installed modules in build env

Package              Version
-------------------- -------
asn1crypto           1.5.1
bitstring            4.0.2
build                0.10.0
cached-property      1.5.2
cffi                 1.15.1
cryptography         39.0.2
distro               1.8.0
ecdsa                0.18.0
exceptiongroup       1.0.0
gpg                  1.19.0
iniconfig            2.0.0
installer            0.7.0
libcomps             0.1.19
packaging            23.1
pluggy               1.0.0
ply                  3.11
pycparser            2.21
pyelftools           0.28
pyproject_hooks      1.0.0
pyserial             3.5
pytest               7.3.1
pytest-rerunfailures 11.0
python-dateutil      2.8.2
python-pkcs11        0.7.0
reedsolo             1.7.0
setuptools           67.7.2
six                  1.16.0
tomli                2.0.1
wheel                0.40.0
@github-actions github-actions bot changed the title 4/5/1: test suite is failimg 4/5/1: test suite is failimg (ESPTOOL-680) Apr 26, 2023
@radimkarnis
Copy link
Collaborator

Hi @kloczek,
the failures in test_espsecure.py are still the same as we've discussed here. There is something wrong with your installation, probably the version of cryptography or openssl. None of the errors originate from esptool.

Ca you try updating cryptography?

@kloczek kloczek changed the title 4/5/1: test suite is failimg (ESPTOOL-680) 4.5.1: test suite is failimg (ESPTOOL-680) Apr 28, 2023
@kloczek
Copy link
Author

kloczek commented Apr 28, 2023

With updated cryptography 40.0.2 test suite still fail 🤔

@kloczek
Copy link
Author

kloczek commented Apr 28, 2023

Ha just realized one thing.
I have hobbled (like in Fedora) openssl with removed ECC crypto routines (licensing issues) and error message clearly points on that cause

E           ValueError: ('Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [<OpenSSLError(code=503841036, lib=60, reason=524556, reason_text=unsupported)>, <OpenSSLError(code=134217857, lib=16, reason=129, reason_text=unknown group)>, <OpenSSLError(code=134217847, lib=16, reason=119, reason_text=ec group new by name failure)>, <OpenSSLError(code=134742032, lib=16, reason=524304, reason_text=EC lib)>, <OpenSSLError(code=109052072, lib=13, reason=168, reason_text=wrong tag)>, <OpenSSLError(code=109576458, lib=13, reason=524554, reason_text=nested asn1 error)>, <OpenSSLError(code=109576458, lib=13, reason=524554, reason_text=nested asn1 error)>])

Q: what in this case need to be trimmed? esptool or cryptography to not use ECC? 🤔

@dobairoland dobairoland changed the title 4.5.1: test suite is failimg (ESPTOOL-680) 4.5.1: test suite is failing (ESPTOOL-680) May 22, 2023
@radimkarnis
Copy link
Collaborator

@kloczek I suggest you disable the failing tests in your case. We will add an error message to warn the users if they are using an incompatible OpenSSL backend.

@kloczek
Copy link
Author

kloczek commented May 23, 2023

👍

Jason2866 added a commit to Jason2866/esptool that referenced this issue Nov 4, 2023
* docs: espsecure remote signing using a HSM broken link fix

* fix(rfc2217_server): Use new reset sequences

* fix(ESP32-S3): Lower CPU freq to improve flasher stub stability

Closes espressif#832

* fix: Unknown chip (ID or magic number) error

* pyinstaller: fix glibc dependency on gnu/linux

pyinstaller package for linux is built within the ubuntu-latest image in
github workflow. This may cause prbolem with glibc symbol versions on
older distributions, where the new symbol versions are not available.
Fix this by building on the older ubuntu version.

Closes espressif#843

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>

* tests: Create custom `host_test` marker for tests without real chip connected

Closes espressif#838

* fix(ESP32-S3): Temporarily disable increasing CPU freq

Related to espressif#848

Related to espressif#842

* build: add esp_rfc2217_server to published scripts

Closes espressif#846

* Update version to v4.5.1

* Update version to v4.6-dev

* espefuse: Hide sensitive info by default during burning burn_key and burn_key_digest

Adds --show-sensitive-info flag for two commands:
burn_key and burn_key_digest.

* flasher_stub: pass -mabi=ilp32 to the RISC-V compiler

This is a no-op change for the upstream toolchain (compiled stubs are
binary identical), but is required when building with Debian's
riscv64-unknown-elf-gcc compiler.

* flasher_stub: allow passing extra CFLAGS

The flasher_stub Makefile allows for some system-local configuration,
either through local.mk, or through environment variables.

For example, the compiler prefix can be overridden, by defining e.g.
CROSS_ESPRISCV32. However, passing additional flags to the compiler
isn't possible right now. Add EXTRA_CFLAGS and EXTRA_CFLAGS_ESPRISCV32
to allow for that option.

* flasher_stub: collect all targets at the top, DRY

* flasher_stub: make target selection more modular

Rather than a special "make esp32", create WITHOUT_* variables to
selectively disable chip families. Currently, WITHOUT_ESP8266,
WITHOUT_ESP32_XTENSA and WITHOUT_ESP32_RISCV32 are defined, but the code
can be easily adjusted to allow for all kinds of other
sets/combinations.

* flasher_stub: create %.json targets, make all a proper PHONY

* flasher_stub: drop --embed from wrap_stub.py

Since commit 94f29a5 the flasher stub is not embedded in the Python
source, but rather included as simple json files.

As such, wrap_stub.py --embed was converted to basically just vary the
build dir. Rather than keep this indirection and for better clarity,
remove that piece of code and replace it by a simple "cp" in the
Makefile.

While at it, replace the target name from "embed" to "install", as this
more akin to a "make install" step.

* espefuse: Support burning ECDSA_KEY from pem file

- fix some assert check in test_espefuse.py
- add tests to cover the new functionality

* espefuse(c2): Fix BLOCK_KEY0 view for summary cmd when SB + FE keys are burnt

For C2 secure boot + flash enc block, we saw that in summary cmd
"0's" from secure boot digest part (upper 128 bit) were translated
into "?'s" when the block was read protected.
For C2, we should apply this translation for lower 128 bits only.

* fix(ESP32-C6): Fix get_pkg_version and get_{major,minor}_chip_version

* image_info: removed check that reserved bytes in image header are zero

IDF may start using parts of the reserved bytes in the extended header at any time,
which will break chip auto-detect in image_info.

* build: limit max cryptography version to 40

* fix: Set flash parameters even with --flash_size keep

Related to espressif/esp-idf#10788

Related to espressif/esp-idf#10959

* build: add arm and arm64 as build target

Closes espressif#845

* Fix typo in serial protocol docs

Fixes misspelling of `triggered` in serial protocol docs.

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>

* Support more recent reedsolo packages

- https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.6.1 - this seems to be related to licenses only.
- https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.7.0 - this is related to installation.

Closes espressif#872

* build(arm): add pip extra url for github action build

* ci: Fix libffi symlinks for cryptography>=40

* espefuse: Prevent burning XTS_AES and ECDSA keys into BLOCK9 (BLOCK_KEY5)

eFuse module has a hardware bug.
It is related to ESP32-C3, C6, S3, H2 chips:
    - BLOCK9 (BLOCK_KEY5) can not be used by XTS_AES keys.
For H2 chips, the BLOCK9 (BLOCK_KEY5) can not be used by ECDSA keys.
S2 does not have such a hardware bug.

* image_info: Display disabled WP pin as disabled

The image formats know about the special value 0xee used to disable WP.
Display this with image_info.

E.g.:

ESP32-C3 extended image header
==============================
WP pin: 0xee (disabled)

* image_info: Print chip ID's name if known

Example:

Flash pins drive settings: clk_drv: 0x0, q_drv: 0x0, d_drv: 0x0, cs0_drv: 0x0, hd_drv: 0x0, wp_drv: 0x0
Chip ID: 5 (ESP32-C3)
Minimal chip revision: v0.0, (legacy min_rev = 0)
Maximal chip revision: v655.35

An unknown ID will be printed as:

Chip ID: 42 (Unknown ID)

* tests: Make the testsuite Windows compatible

* espefuse: Adds external esp instance

Closes espressif#873

* espefuse: Improve efuse error viewing

* espefuse: Explicit setting of efuse time settings

EFUSE_PWR_ON_NUM in C3 has default value = 0x2880, now = 0x3000

* docs(Boot log): Add all esp targets to cover boot troubleshooting

Closes espressif#732

* fix: USB-JTAG-Serial PID detection error

* esptool: Move bootdesc on the top of the ram segment

* espefuse: Move some vars under init method to speedup tool after adding yaml support

* espefuse: Adds yaml efuse description files for all chip

- esptool: Updates eFuses wafer major&minor versions
- esptool(esp32c6): Adds package versions
- espefuse(esp32c6): Replace PKG_VERSION BLK_VERSION_MINOR BLK_VERSION_MAJOR
- espefuse(esp32c6): Adds adc calib efuses
- espefuse: Adds yaml files for Build with PyInstaller

* efuse(H2): Adds RF Calibration Information

* espsecure: Improve error message for incorrect PEM format

Closes espressif#881

* bugfix(usb_jtag_serial): Autofeed super watchdog (SWD) to avoid resets during flashing

* esptool: Read 64-bit MAC address on C6 and H2

* bugfix: Adjust wrapper scripts to not import themselves

* bugfix(espsecure): Print a clear error message if incompatible OpenSSL backend is used

Closes espressif#878

* fix: inconsistent usage of dirs separator

* feat(esptool): add option to dump whole flash based on detected size

Closes espressif#461

* Update version to v4.6

* Update version to v4.7-dev

* fix(ESP32-S3): Correct RTC WDT registers to fix resets during flashing

* Update version to v4.6.1

* Update version to v4.7-dev

* docs: add explanation for flash_id example to avoid confusion

* docs(boot-log): fix list formatting

* docs: add c2, c6 and h2 as build targets

* fix(compressed upload): Accept short data blocks with only Adler-32 bytes

* fix(CH9102F): Suggest to install new serial drivers if writing to RAM fails

* esptool & espefuse: Fix byte order in MAC (for C6 and H2)

MAC: 60:55:f9:ff:fe:f7:2c:a2 (EUI64, used for IEEE802154)
BASE MAC: 60:55:f9:f7:2c:a2 (used for BT)
MAC_EXT: ff:fe

* Update version to v4.6.2

* Update version to v4.7

* change: Add conventional precommit linter

* ci(pre-commit): Update version of `conventional-precommit-linter`

* feat(get_security_info): Improved the output format and added more
details

* fix(esp32-c2): Enable flashing in secure download mode

Closes espressif#895

* ci: Add DangerJS checks to GL and GH

* feat(esptool): Add PICO package for ESP32S3 and flash/psram efuses

* feat(esptool): Add tests for get_chip_features

* feat(esptool): Add new packages for ESP32C3 and flash efuses

* fix(expand file args): Correctly print the expanded command

* feat(espsecure): Allow prompting for HSM PIN in read_hsm_config

If hsm_config does not contain "credentials" the user will be
prompted for the HSM PIN.

This avoids the need to have HSM PINs typed in config files
which is not a good security practice.

ADJUNCT: Updated documentation to reflect new usage

Closes espressif#900

* fix(dangerGH): Update token permissions - allow Danger to add comments to PR

* fix(elf2image): fix text/rodata mapping overlap issue on uni-idrom bus chips

* fix: assert in esp32 exclusive workaround

* docs: Add other resources page

* fix(autodetection): Remove the ESP32-S2 ROM class from get_security_info autodetection

* change(pre-commit): Bump version conventional-precommit-linter to 1.2.1

* feat(esptool): added target to esp32p4

* feat(espefuse): Add support for esp32p4 chip

* fix: Fix redirection of STDOUT

Closes espressif#904

* fix(danger-github): Fir Danger GitHub token permission

* ci(danger-github): Fix github-action-bot permissions for posting Danger output

* ci: Shared danger to local stage (remove possible double CI pipelines)

* ci: add 'flake8-import-order' as a dependecy to flake8

* fix(bin_image): Check only ELF sections when searching for .flash.appdesc

Closes espressif#917

* feat(efuse): ESP32P4 adds ecdsa_key support

* feat(efuse): Update key purpose table and tests

* feat(esp32-s3): Support >16MB quad flash chips

Adds support for the W25Q256 and GD25Q256 flash chips.

Closes espressif#883

* ci(dev_release): Upload dev releases to PyPI with GH Actions

* ci: fix pipeline for building docs

* feat(merge_bin): add support for uf2 format

* feat(esp32c3): Support ECO6 and ECO7 magic numbers

* ci(gitlab_ci): Change only/except syntax to rules

* fix(flasher_stub): fix usb-serial-jtag enabled non-related intr source

* fix(loader): Could not open serial port message adjusted

* ci(gitlab): Fix deploying docs to production

* ci(github): Fix pyinstaller builds on ubuntu

* docs(basic-commands): added note for PowerShell users for merge_bin command

Closes espressif#923

* feat: Add support for Python 3.12

* feat(loader): Added hints for some serial port issues when rising port error

Closes espressif/esp-idf#12366

* feat: add support for get_security_info on esp32c3 ECO7

* docs(troubleshooting): Explain issues when flashing with USB-Serial/JTAG or USB-OTG

Closes espressif#924

* feat(espefuse): Update the way to complete the operation

* docs(boot_mode_selection): Correct secondary strapping pin boot mode levels

Closes espressif#928

* feat(espefuse): Adds efuse ADC calibration data for ESP32H2

* feat(rfc2217_server): Add hard reset sequence

* feat(elf2image): add ram-only-header argument

The ram-only-header configuration makes only
the RAM segments visible to the ROM bootloader placing
them at the beginning of the file and altering the
segment count from the image header with the quantity
of these segments, and also writing only their
checksum. This segment placement also may not result
as optimal as the standard way regarding the padding
gap use among the flash segments that could result
in a less fragmented binary.

The image built must then handle the basic hardware
initialization and the flash mapping for code execution
after ROM bootloader boot it.

Signed-off-by: Marek Matej <marek.matej@espressif.com>
Signed-off-by: Almir Okato <almir.okato@espressif.com>

* feat(esp32p4): Stub flasher support

* refactor(stub_flasher): Cleanup, make adding new targets easier

* feat: add support for intel hex format

---------

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
Signed-off-by: Marek Matej <marek.matej@espressif.com>
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Co-authored-by: harshal.patil <harshal.patil@espressif.com>
Co-authored-by: radim.karnis <radim.karnis@espressif.com>
Co-authored-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Co-authored-by: Peter Dragun <peter.dragun@espressif.com>
Co-authored-by: KonstantinKondrashov <konstantin@espressif.com>
Co-authored-by: Faidon Liambotis <paravoid@debian.org>
Co-authored-by: XiNGRZ <hi@xingrz.me>
Co-authored-by: Marius Vikhammer <marius.vikhammer@espressif.com>
Co-authored-by: hasheddan <georgedanielmangum@gmail.com>
Co-authored-by: Roland Dobai <roland@espressif.com>
Co-authored-by: Trent Piepho <tpiepho@gmail.com>
Co-authored-by: Dean Gardiner <me@dgardiner.net>
Co-authored-by: Massimiliano Montagni <massimiliano@solutiontech.tech>
Co-authored-by: Tomas Sebestik <tomas.sebestik@espressif.com>
Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
Co-authored-by: Richard Retanubun <richard.retanubun@mmbnetworks.com>
Co-authored-by: wuzhenghui <wuzhenghui@espressif.com>
Co-authored-by: Armando <douyiwen@espressif.com>
Co-authored-by: Jakub Kocka <jakub.kocka@espressif.com>
Co-authored-by: 20162026 <36726858+20162026@users.noreply.github.com>
Co-authored-by: Almir Okato <almir.okato@espressif.com>
Jason2866 added a commit to Jason2866/esptool that referenced this issue Nov 7, 2023
* docs: espsecure remote signing using a HSM broken link fix

* fix(rfc2217_server): Use new reset sequences

* fix(ESP32-S3): Lower CPU freq to improve flasher stub stability

Closes espressif#832

* fix: Unknown chip (ID or magic number) error

* pyinstaller: fix glibc dependency on gnu/linux

pyinstaller package for linux is built within the ubuntu-latest image in
github workflow. This may cause prbolem with glibc symbol versions on
older distributions, where the new symbol versions are not available.
Fix this by building on the older ubuntu version.

Closes espressif#843

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>

* tests: Create custom `host_test` marker for tests without real chip connected

Closes espressif#838

* fix(ESP32-S3): Temporarily disable increasing CPU freq

Related to espressif#848

Related to espressif#842

* build: add esp_rfc2217_server to published scripts

Closes espressif#846

* Update version to v4.5.1

* Update version to v4.6-dev

* espefuse: Hide sensitive info by default during burning burn_key and burn_key_digest

Adds --show-sensitive-info flag for two commands:
burn_key and burn_key_digest.

* flasher_stub: pass -mabi=ilp32 to the RISC-V compiler

This is a no-op change for the upstream toolchain (compiled stubs are
binary identical), but is required when building with Debian's
riscv64-unknown-elf-gcc compiler.

* flasher_stub: allow passing extra CFLAGS

The flasher_stub Makefile allows for some system-local configuration,
either through local.mk, or through environment variables.

For example, the compiler prefix can be overridden, by defining e.g.
CROSS_ESPRISCV32. However, passing additional flags to the compiler
isn't possible right now. Add EXTRA_CFLAGS and EXTRA_CFLAGS_ESPRISCV32
to allow for that option.

* flasher_stub: collect all targets at the top, DRY

* flasher_stub: make target selection more modular

Rather than a special "make esp32", create WITHOUT_* variables to
selectively disable chip families. Currently, WITHOUT_ESP8266,
WITHOUT_ESP32_XTENSA and WITHOUT_ESP32_RISCV32 are defined, but the code
can be easily adjusted to allow for all kinds of other
sets/combinations.

* flasher_stub: create %.json targets, make all a proper PHONY

* flasher_stub: drop --embed from wrap_stub.py

Since commit 94f29a5 the flasher stub is not embedded in the Python
source, but rather included as simple json files.

As such, wrap_stub.py --embed was converted to basically just vary the
build dir. Rather than keep this indirection and for better clarity,
remove that piece of code and replace it by a simple "cp" in the
Makefile.

While at it, replace the target name from "embed" to "install", as this
more akin to a "make install" step.

* espefuse: Support burning ECDSA_KEY from pem file

- fix some assert check in test_espefuse.py
- add tests to cover the new functionality

* espefuse(c2): Fix BLOCK_KEY0 view for summary cmd when SB + FE keys are burnt

For C2 secure boot + flash enc block, we saw that in summary cmd
"0's" from secure boot digest part (upper 128 bit) were translated
into "?'s" when the block was read protected.
For C2, we should apply this translation for lower 128 bits only.

* fix(ESP32-C6): Fix get_pkg_version and get_{major,minor}_chip_version

* image_info: removed check that reserved bytes in image header are zero

IDF may start using parts of the reserved bytes in the extended header at any time,
which will break chip auto-detect in image_info.

* build: limit max cryptography version to 40

* fix: Set flash parameters even with --flash_size keep

Related to espressif/esp-idf#10788

Related to espressif/esp-idf#10959

* build: add arm and arm64 as build target

Closes espressif#845

* Fix typo in serial protocol docs

Fixes misspelling of `triggered` in serial protocol docs.

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>

* Support more recent reedsolo packages

- https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.6.1 - this seems to be related to licenses only.
- https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.7.0 - this is related to installation.

Closes espressif#872

* build(arm): add pip extra url for github action build

* ci: Fix libffi symlinks for cryptography>=40

* espefuse: Prevent burning XTS_AES and ECDSA keys into BLOCK9 (BLOCK_KEY5)

eFuse module has a hardware bug.
It is related to ESP32-C3, C6, S3, H2 chips:
    - BLOCK9 (BLOCK_KEY5) can not be used by XTS_AES keys.
For H2 chips, the BLOCK9 (BLOCK_KEY5) can not be used by ECDSA keys.
S2 does not have such a hardware bug.

* image_info: Display disabled WP pin as disabled

The image formats know about the special value 0xee used to disable WP.
Display this with image_info.

E.g.:

ESP32-C3 extended image header
==============================
WP pin: 0xee (disabled)

* image_info: Print chip ID's name if known

Example:

Flash pins drive settings: clk_drv: 0x0, q_drv: 0x0, d_drv: 0x0, cs0_drv: 0x0, hd_drv: 0x0, wp_drv: 0x0
Chip ID: 5 (ESP32-C3)
Minimal chip revision: v0.0, (legacy min_rev = 0)
Maximal chip revision: v655.35

An unknown ID will be printed as:

Chip ID: 42 (Unknown ID)

* tests: Make the testsuite Windows compatible

* espefuse: Adds external esp instance

Closes espressif#873

* espefuse: Improve efuse error viewing

* espefuse: Explicit setting of efuse time settings

EFUSE_PWR_ON_NUM in C3 has default value = 0x2880, now = 0x3000

* docs(Boot log): Add all esp targets to cover boot troubleshooting

Closes espressif#732

* fix: USB-JTAG-Serial PID detection error

* esptool: Move bootdesc on the top of the ram segment

* espefuse: Move some vars under init method to speedup tool after adding yaml support

* espefuse: Adds yaml efuse description files for all chip

- esptool: Updates eFuses wafer major&minor versions
- esptool(esp32c6): Adds package versions
- espefuse(esp32c6): Replace PKG_VERSION BLK_VERSION_MINOR BLK_VERSION_MAJOR
- espefuse(esp32c6): Adds adc calib efuses
- espefuse: Adds yaml files for Build with PyInstaller

* efuse(H2): Adds RF Calibration Information

* espsecure: Improve error message for incorrect PEM format

Closes espressif#881

* bugfix(usb_jtag_serial): Autofeed super watchdog (SWD) to avoid resets during flashing

* esptool: Read 64-bit MAC address on C6 and H2

* bugfix: Adjust wrapper scripts to not import themselves

* bugfix(espsecure): Print a clear error message if incompatible OpenSSL backend is used

Closes espressif#878

* fix: inconsistent usage of dirs separator

* feat(esptool): add option to dump whole flash based on detected size

Closes espressif#461

* Update version to v4.6

* Update version to v4.7-dev

* fix(ESP32-S3): Correct RTC WDT registers to fix resets during flashing

* Update version to v4.6.1

* Update version to v4.7-dev

* docs: add explanation for flash_id example to avoid confusion

* docs(boot-log): fix list formatting

* docs: add c2, c6 and h2 as build targets

* fix(compressed upload): Accept short data blocks with only Adler-32 bytes

* fix(CH9102F): Suggest to install new serial drivers if writing to RAM fails

* esptool & espefuse: Fix byte order in MAC (for C6 and H2)

MAC: 60:55:f9:ff:fe:f7:2c:a2 (EUI64, used for IEEE802154)
BASE MAC: 60:55:f9:f7:2c:a2 (used for BT)
MAC_EXT: ff:fe

* Update version to v4.6.2

* Update version to v4.7

* change: Add conventional precommit linter

* ci(pre-commit): Update version of `conventional-precommit-linter`

* feat(get_security_info): Improved the output format and added more
details

* fix(esp32-c2): Enable flashing in secure download mode

Closes espressif#895

* ci: Add DangerJS checks to GL and GH

* feat(esptool): Add PICO package for ESP32S3 and flash/psram efuses

* feat(esptool): Add tests for get_chip_features

* feat(esptool): Add new packages for ESP32C3 and flash efuses

* fix(expand file args): Correctly print the expanded command

* feat(espsecure): Allow prompting for HSM PIN in read_hsm_config

If hsm_config does not contain "credentials" the user will be
prompted for the HSM PIN.

This avoids the need to have HSM PINs typed in config files
which is not a good security practice.

ADJUNCT: Updated documentation to reflect new usage

Closes espressif#900

* fix(dangerGH): Update token permissions - allow Danger to add comments to PR

* fix(elf2image): fix text/rodata mapping overlap issue on uni-idrom bus chips

* fix: assert in esp32 exclusive workaround

* docs: Add other resources page

* fix(autodetection): Remove the ESP32-S2 ROM class from get_security_info autodetection

* change(pre-commit): Bump version conventional-precommit-linter to 1.2.1

* feat(esptool): added target to esp32p4

* feat(espefuse): Add support for esp32p4 chip

* fix: Fix redirection of STDOUT

Closes espressif#904

* fix(danger-github): Fir Danger GitHub token permission

* ci(danger-github): Fix github-action-bot permissions for posting Danger output

* ci: Shared danger to local stage (remove possible double CI pipelines)

* ci: add 'flake8-import-order' as a dependecy to flake8

* fix(bin_image): Check only ELF sections when searching for .flash.appdesc

Closes espressif#917

* feat(efuse): ESP32P4 adds ecdsa_key support

* feat(efuse): Update key purpose table and tests

* feat(esp32-s3): Support >16MB quad flash chips

Adds support for the W25Q256 and GD25Q256 flash chips.

Closes espressif#883

* ci(dev_release): Upload dev releases to PyPI with GH Actions

* ci: fix pipeline for building docs

* feat(merge_bin): add support for uf2 format

* feat(esp32c3): Support ECO6 and ECO7 magic numbers

* ci(gitlab_ci): Change only/except syntax to rules

* fix(flasher_stub): fix usb-serial-jtag enabled non-related intr source

* fix(loader): Could not open serial port message adjusted

* ci(gitlab): Fix deploying docs to production

* ci(github): Fix pyinstaller builds on ubuntu

* docs(basic-commands): added note for PowerShell users for merge_bin command

Closes espressif#923

* feat: Add support for Python 3.12

* feat(loader): Added hints for some serial port issues when rising port error

Closes espressif/esp-idf#12366

* feat: add support for get_security_info on esp32c3 ECO7

* docs(troubleshooting): Explain issues when flashing with USB-Serial/JTAG or USB-OTG

Closes espressif#924

* feat(espefuse): Update the way to complete the operation

* docs(boot_mode_selection): Correct secondary strapping pin boot mode levels

Closes espressif#928

* feat(espefuse): Adds efuse ADC calibration data for ESP32H2

* feat(rfc2217_server): Add hard reset sequence

* feat(elf2image): add ram-only-header argument

The ram-only-header configuration makes only
the RAM segments visible to the ROM bootloader placing
them at the beginning of the file and altering the
segment count from the image header with the quantity
of these segments, and also writing only their
checksum. This segment placement also may not result
as optimal as the standard way regarding the padding
gap use among the flash segments that could result
in a less fragmented binary.

The image built must then handle the basic hardware
initialization and the flash mapping for code execution
after ROM bootloader boot it.

Signed-off-by: Marek Matej <marek.matej@espressif.com>
Signed-off-by: Almir Okato <almir.okato@espressif.com>

* feat(esp32p4): Stub flasher support

* refactor(stub_flasher): Cleanup, make adding new targets easier

* feat: add support for intel hex format

* feat(xip_psram): support xip psram feature on esp32p4

Expanded IROM / DROM range to include psram space as well

* Delete docs directory

* Delete .gitlab-ci.yml

* Delete .pre-commit-config.yaml

* Delete MANIFEST.in

* Update build_esptool.yml

* Delete .github/workflows/test_esptool.yml

---------

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
Signed-off-by: Marek Matej <marek.matej@espressif.com>
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Co-authored-by: harshal.patil <harshal.patil@espressif.com>
Co-authored-by: radim.karnis <radim.karnis@espressif.com>
Co-authored-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Co-authored-by: Peter Dragun <peter.dragun@espressif.com>
Co-authored-by: KonstantinKondrashov <konstantin@espressif.com>
Co-authored-by: Faidon Liambotis <paravoid@debian.org>
Co-authored-by: XiNGRZ <hi@xingrz.me>
Co-authored-by: Marius Vikhammer <marius.vikhammer@espressif.com>
Co-authored-by: hasheddan <georgedanielmangum@gmail.com>
Co-authored-by: Roland Dobai <roland@espressif.com>
Co-authored-by: Trent Piepho <tpiepho@gmail.com>
Co-authored-by: Dean Gardiner <me@dgardiner.net>
Co-authored-by: Massimiliano Montagni <massimiliano@solutiontech.tech>
Co-authored-by: Tomas Sebestik <tomas.sebestik@espressif.com>
Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
Co-authored-by: Richard Retanubun <richard.retanubun@mmbnetworks.com>
Co-authored-by: wuzhenghui <wuzhenghui@espressif.com>
Co-authored-by: Armando <douyiwen@espressif.com>
Co-authored-by: Jakub Kocka <jakub.kocka@espressif.com>
Co-authored-by: 20162026 <36726858+20162026@users.noreply.github.com>
Co-authored-by: Almir Okato <almir.okato@espressif.com>
peterdragun pushed a commit to peterdragun/esptool that referenced this issue Jul 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants