Table of Contents
Advertisement
Chapter 4. Software framework
4.7.20 How can I delete keys of secure boot?
• Keys of secure boot should be deleted in the firmware new_app.bin.
that new_app.bin is employed with two signatures.
vice.
At last, when the original signatures are verified, you can delete the original keys through
esp_ota_revoke_secure_boot_public_key() in new_app.bin.
use the OTA rollback scheme, please call esp_ota_revoke_secure_boot_public_key() after
esp_ota_mark_app_valid_cancel_rollback() returns ESP_OK. For more details, please refer
to
Key
Revocation.
4.7.21 After I enabled secure boot or flash encryption (development mode), I cannot flash
the new firmware, and an error occured as Failed to enter Flash down-
load mode. How can I solve this issue?
• Generally, the above log indicates that your flash command is incorrect. Please use script idf.py to execute
idf.py bootloader and idf.py app to compile bootloader.bin and app.bin. Then execute
the flash command through idf.py according to the tips after compiling. If you still cannot flash your
firmware, please use espefuse.py -p PORT summary to check the eFuse of the current device and
check whether the flash download mode is enabled or not.
4.7.22 After I input the command espefuse.py read_protect_efuse BLOCK3
command in the terminal configured with ESP-IDF to enable the read-protection
for Efuse BLOCK3, why is the data of the Efuse BLOCK3 all 0x00 when I input
esp_efuse_read_block() to read the Efuse BLOCK3?
• After the Efuse BLOCK3 is read protected, it cannot be read anymore.
4.7.23 How can I enable secure boot or flash encryption by pre-burning eFuse?
By default, you can enable secure boot or flash encryption by burning firmware with secure boot or flash
encryption enabled. In addition, you can also enable secure boot or flash encryption by pre-burning eFuse
in the following two methods: - With flash_download_tool, eFuse will be pre-burned automatically if
secure boot or flash encryption is enabled. - You can generate the key and burn corresponding eFuse
blocks with
espsecure.py
4.7.24 After enabling Secure Boot, why can't I flash the new bootloader.bin using the
idf.py build command?
After enabling Secure Boot, please use the idf.py bootloader command to compile the new boot-
loader.bin. Then, flash the new bootloader.bin using the command idf.py -p (PORT) bootloader-flash.
4.7.25 After enabling Secure Boot or flash encryption, how can I view the security-related
information in the device?
Please use the command esptool.py –no-stub get_security_info to view the security information of the
device.
Espressif Systems
and espefuse.py.
108
Submit Document Feedback
First, please assure
Then, flash new_app.bin to the de-
Please note that if you
Release master
Advertisement
Table of Contents
Need help?
Do you have a question about the ESP and is the answer not in the manual?