IDF-4.3.3-ESP32 - Secure boot Start fail, boot write boot key and eufse ABS_DONE_0 fail (IDFGH-7799)

[Freelifeww]

Environment

• Module or chip used: ESP32-WROOM-32E
• IDF version (run git describe --tags to find it):
  ESP-IDF Release v4.3.3
• Build System: [Make|CMake|idf.py]

Problem Description

We enable the safe boot and use the specified key compilation mode. At this time, the device starts up, and the randomly generated key writing efuse and the flag bit of the safe boot boot complete code writing (ABS_DONE_0) cannot be completed. The demo verification results are the same

Expected Behavior

Actual Behavior

Steps to reproduce

1. step1
2. ...

// If possible, attach a picture of your setup/wiring here.

Code to reproduce this issue

/* Flash encryption Example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include <stdio.h>
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "soc/efuse_reg.h"
#include "esp_efuse.h"
#include "esp_system.h"
#include "esp_spi_flash.h"
#include "esp_partition.h"
#include "esp_flash_encrypt.h"
#include "esp_efuse_table.h"
#include "nvs_flash.h"

static void example_print_chip_info(void);
static void example_print_flash_encryption_status(void);
static void example_read_write_flash(void);

static const char* TAG = "example";

#if CONFIG_IDF_TARGET_ESP32
#define TARGET_CRYPT_CNT_EFUSE ESP_EFUSE_FLASH_CRYPT_CNT
#define TARGET_CRYPT_CNT_WIDTH 7
#elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32C3
#define TARGET_CRYPT_CNT_EFUSE ESP_EFUSE_SPI_BOOT_CRYPT_CNT
#define TARGET_CRYPT_CNT_WIDTH 3
#endif

void app_main(void)
{
printf("\nExample to check Flash Encryption status\n");

example_print_chip_info();
example_print_flash_encryption_status();
example_read_write_flash();
/* Initialize the default NVS partition */
esp_err_t ret = nvs_flash_init();
if (ret == ESP_ERR_NVS_NO_FREE_PAGES || ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
    ESP_ERROR_CHECK(nvs_flash_erase());
    ret = nvs_flash_init();
}
ESP_ERROR_CHECK(ret);

}

static void example_print_chip_info(void)
{
/* Print chip information */
esp_chip_info_t chip_info;
esp_chip_info(&chip_info);
printf("This is %s chip with %d CPU core(s), WiFi%s%s, ",
CONFIG_IDF_TARGET,
chip_info.cores,
(chip_info.features & CHIP_FEATURE_BT) ? "/BT" : "",
(chip_info.features & CHIP_FEATURE_BLE) ? "/BLE" : "");

printf("silicon revision %d, ", chip_info.revision);

printf("%dMB %s flash\n", spi_flash_get_chip_size() / (1024 * 1024),
        (chip_info.features & CHIP_FEATURE_EMB_FLASH) ? "embedded" : "external");

}

static void example_print_flash_encryption_status(void)
{
uint32_t flash_crypt_cnt = 0;
esp_efuse_read_field_blob(TARGET_CRYPT_CNT_EFUSE, &flash_crypt_cnt, TARGET_CRYPT_CNT_WIDTH);
printf("FLASH_CRYPT_CNT eFuse value is %d\n", flash_crypt_cnt);

esp_flash_enc_mode_t mode = esp_get_flash_encryption_mode();
if (mode == ESP_FLASH_ENC_MODE_DISABLED) {
    printf("Flash encryption feature is disabled\n");
} else {
    printf("Flash encryption feature is enabled in %s mode\n",
        mode == ESP_FLASH_ENC_MODE_DEVELOPMENT ? "DEVELOPMENT" : "RELEASE");
}

}

static void example_read_write_flash(void)
{
const esp_partition_t* partition = esp_partition_find_first(
ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_ANY, "storage");
assert(partition);

printf("Erasing partition \"%s\" (0x%x bytes)\n", partition->label, partition->size);

ESP_ERROR_CHECK(esp_partition_erase_range(partition, 0, partition->size));

/* Generate the data which will be written */
const size_t data_size = 32;
uint8_t plaintext_data[data_size];
for (uint8_t i = 0; i < data_size; ++i) {
    plaintext_data[i] = i;
}

printf("Writing data with esp_partition_write:\n");
ESP_LOG_BUFFER_HEXDUMP(TAG, plaintext_data, data_size, ESP_LOG_INFO);
ESP_ERROR_CHECK(esp_partition_write(partition, 0, plaintext_data, data_size));

uint8_t read_data[data_size];
printf("Reading with esp_partition_read:\n");
ESP_ERROR_CHECK(esp_partition_read(partition, 0, read_data, data_size));
ESP_LOG_BUFFER_HEXDUMP(TAG, read_data, data_size, ESP_LOG_INFO);

printf("Reading with spi_flash_read:\n");
ESP_ERROR_CHECK(spi_flash_read(partition->address, read_data, data_size));
ESP_LOG_BUFFER_HEXDUMP(TAG, read_data, data_size, ESP_LOG_INFO);

}

Debug Logs

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:1
load:0x3fff00b0,len:14344
load:0x40078000,len:24328
load:0x40080400,len:4940
entry 0x400806f4
I (28) boot: ESP-IDF v4.3.3-dirty 2nd stage bootloader
I (28) boot: compile time 14:49:59
D (28) bootloader_flash: non-XMC chip detected by SFDP Read (00), skip.
D (34) bootloader_flash: mmu set block paddr=0x00000000 (was 0xffffffff)
I (41) boot: chip revision: 3
I (45) boot_comm: chip revision: 3, min. bootloader chip revision: 0
D (52) qio_mode: Probing for QIO mode enable...
D (56) qio_mode: Raw SPI flash chip id 0x5e4016
D (61) qio_mode: Manufacturer ID 0x5e chip ID 0x4016
I (66) qio_mode: Enabling default flash chip QIO
D (71) qio_mode: Initial flash chip status 0x2
D (76) qio_mode: QIO mode already enabled in flash
D (80) qio_mode: Enabling QIO mode...
D (84) boot.esp32: magic e9
D (87) boot.esp32: segments 03
D (90) boot.esp32: spi_mode 02
D (93) boot.esp32: spi_speed 0f
D (97) boot.esp32: spi_size 02
I (100) boot.esp32: SPI Speed : 80MHz
I (104) boot.esp32: SPI Mode : QIO
I (109) boot.esp32: SPI Flash Size : 4MB
D (114) boot: Enabling RTCWDT(9000 ms)
I (117) boot: Enabling RNG early entropy source...
D (123) bootloader_flash: mmu set paddr=00000000 count=1 size=c00 src_addr=f000 src_addr_aligned=0
D (132) boot: mapped partition table 0xf000 at 0x3f40f000
D (137) flash_parts: partition table verified, 10 entries
I (143) boot: Partition Table:
I (147) boot: ## Label Usage Type ST Offset Length
D (154) boot: load partition table entry 0x3f40f000
D (159) boot: type=1 subtype=2
I (162) boot: 0 nvs WiFi data 01 02 00011000 00004000
D (170) boot: load partition table entry 0x3f40f020
D (175) boot: type=1 subtype=0
I (178) boot: 1 otadata OTA data 01 00 00015000 00002000
D (185) boot: load partition table entry 0x3f40f040
D (190) boot: type=1 subtype=1
I (193) boot: 2 phy_init RF data 01 01 00017000 00001000
D (201) boot: load partition table entry 0x3f40f060
D (206) boot: type=0 subtype=10
I (209) boot: 3 ota_0 OTA app 00 10 00020000 001c0000
D (217) boot: load partition table entry 0x3f40f080
D (222) boot: type=0 subtype=11
I (225) boot: 4 ota_1 OTA app 00 11 001e0000 001c0000
D (232) boot: load partition table entry 0x3f40f0a0
D (237) boot: type=1 subtype=aa
I (240) boot: 5 tuya Unknown data 01 aa 003b0000 00028000
D (248) boot: load partition table entry 0x3f40f0c0
D (253) boot: type=1 subtype=ab
I (256) boot: 6 tuya_key Unknown data 01 ab 003d8000 00004000
D (264) boot: load partition table entry 0x3f40f0e0
D (269) boot: type=1 subtype=2
I (272) boot: 7 factory_nvs WiFi data 01 02 003e0000 00004000
D (279) boot: load partition table entry 0x3f40f100
D (284) boot: type=1 subtype=4
I (287) boot: 8 nvs_key NVS keys 01 04 003e4000 00001000
I (295) boot: End of partition table
D (299) boot: OTA data offset 0x15000
D (303) bootloader_flash: mmu set paddr=00010000 count=1 size=2000 src_addr=15000 src_addr_aligned=10000
D (313) boot: otadata[0]: sequence values 0x00000001
D (318) boot: otadata[1]: sequence values 0xffffffff
D (323) boot_comm: Only otadata[0] is valid
D (327) boot: Active otadata[0]
D (330) boot: Mapping seq 0 -> OTA slot 0
D (334) boot: Trying partition index 0 offs 0x20000 size 0x1c0000
D (340) esp_image: reading image header @ 0x20000
D (345) bootloader_flash: mmu set block paddr=0x00020000 (was 0xffffffff)
D (352) esp_image: image header: 0xe9 0x07 0x02 0x02 400813f0
I (358) boot_comm: chip revision: 3, min. application chip revision: 0
I (365) esp_image: segment 0: paddr=00020020 vaddr=3f400020 size=4baf0h (310000) map
D (373) esp_image: free data page_count 0x00000032
D (378) bootloader_flash: mmu set paddr=00020000 count=5 size=4baf0 src_addr=20020 src_addr_aligned=20000
D (473) bootloader_flash: mmu set block paddr=0x00060000 (was 0xffffffff)
I (474) esp_image: segment 1: paddr=0006bb18 vaddr=3ffbdb60 size=04500h ( 17664) load
D (478) esp_image: free data page_count 0x00000032
D (482) bootloader_flash: mmu set paddr=00060000 count=2 size=4500 src_addr=6bb18 src_addr_aligned=60000
D (497) bootloader_flash: mmu set block paddr=0x00070000 (was 0xffffffff)
I (499) esp_image: segment 2: paddr=00070020 vaddr=400d0020 size=115bdch (1137628) map
D (507) esp_image: free data page_count 0x00000032
D (512) bootloader_flash: mmu set paddr=00070000 count=18 size=115bdc src_addr=70020 src_addr_aligned=70000
D (835) bootloader_flash: mmu set block paddr=0x00180000 (was 0xffffffff)
I (836) esp_image: segment 3: paddr=00185c04 vaddr=3ffc2060 size=00988h ( 2440) load
D (840) esp_image: free data page_count 0x00000032
D (844) bootloader_flash: mmu set paddr=00180000 count=1 size=988 src_addr=185c04 src_addr_aligned=180000
D (855) bootloader_flash: mmu set block paddr=0x00180000 (was 0xffffffff)
I (861) esp_image: segment 4: paddr=00186594 vaddr=40080000 size=1cbb8h (117688) load
D (869) esp_image: free data page_count 0x00000032
D (874) bootloader_flash: mmu set paddr=00180000 count=3 size=1cbb8 src_addr=186594 src_addr_aligned=180000
D (922) bootloader_flash: mmu set block paddr=0x001a0000 (was 0xffffffff)
I (922) esp_image: segment 5: paddr=001a3154 vaddr=50000000 size=00010h ( 16) load
D (926) esp_image: free data page_count 0x00000032
D (931) bootloader_flash: mmu set paddr=001a0000 count=1 size=10 src_addr=1a3154 src_addr_aligned=1a0000
D (941) bootloader_flash: mmu set block paddr=0x001a0000 (was 0xffffffff)
I (948) esp_image: segment 6: paddr=001a316c vaddr=00000000 size=0ce14h ( 52756)
D (956) esp_image: free data page_count 0x00000032
D (961) bootloader_flash: mmu set paddr=001a0000 count=1 size=ce14 src_addr=1a316c src_addr_aligned=1a0000
D (985) bootloader_flash: mmu set block paddr=0x001a0000 (was 0xffffffff)
I (985) esp_image: Verifying image signature...
D (986) bootloader_flash: mmu set paddr=001a0000 count=1 size=20 src_addr=1aff90 src_addr_aligned=1a0000
D (996) boot: Calculated secure boot hash: d840e6728f7e02844fd0f266dab5fa384a5f0fa03a85155cf185010e74bdd590
D (1005) bootloader_flash: mmu set paddr=001a0000 count=1 size=44 src_addr=1affb0 src_addr_aligned=1a0000
D (1015) secure_boot: Verifying secure boot signature
D (1352) secure_boot: Verification result 1
I (1366) boot: Loaded app from partition at offset 0x20000
D (1367) esp_image: reading image header @ 0x1000
D (1367) bootloader_flash: mmu set block paddr=0x00000000 (was 0xffffffff)
D (1373) esp_image: image header: 0xe9 0x03 0x02 0x02 400806f4
I (1379) boot_comm: chip revision: 3, min. application chip revision: 0
I (1386) esp_image: segment 0: paddr=00001020 vaddr=3fff00b0 size=03808h ( 14344)
D (1395) esp_image: free data page_count 0x00000032
D (1400) bootloader_flash: mmu set paddr=00000000 count=1 size=3808 src_addr=1020 src_addr_aligned=0
D (1411) bootloader_flash: mmu set block paddr=0x00000000 (was 0xffffffff)
I (1416) esp_image: segment 1: paddr=00004830 vaddr=40078000 size=05f08h ( 24328)
D (1424) esp_image: free data page_count 0x00000032
D (1429) bootloader_flash: mmu set paddr=00000000 count=1 size=5f08 src_addr=4830 src_addr_aligned=0
D (1441) bootloader_flash: mmu set block paddr=0x00000000 (was 0xffffffff)
I (1445) esp_image: segment 2: paddr=0000a740 vaddr=40080400 size=0134ch ( 4940)
D (1453) esp_image: free data page_count 0x00000032
D (1458) bootloader_flash: mmu set paddr=00000000 count=1 size=134c src_addr=a740 src_addr_aligned=0
D (1468) bootloader_flash: mmu set block paddr=0x00000000 (was 0xffffffff)
I (1474) secure_boot_v1: Generating new secure boot key...
D (1481) efuse: coding scheme 0
D (1484) efuse: coding scheme 0
D (1487) efuse: coding scheme 0
D (1490) efuse: coding scheme 0
D (1493) efuse: coding scheme 0
I (1497) secure_boot_v1: Generating secure boot digest...
D (1565) bootloader_flash: mmu set paddr=00000000 count=1 size=ab00 src_addr=1000 src_addr_aligned=0
D (1570) secure_boot_v1: write iv+digest to flash
I (1571) secure_boot_v1: Digest generation complete.
I (1574) boot: Checking secure boot...
I (1578) secure_boot_v1: Read & write protecting new key...
I (1584) secure_boot_v1: blowing secure boot efuse...
D (1590) secure_boot_v1: before updating, EFUSE_BLK0_RDATA6 4
I (1596) secure_boot_v1: Disable JTAG...
I (1600) secure_boot_v1: Disable ROM BASIC interpreter fallback...
D (1607) efuse: coding scheme 0
D (1610) efuse: coding scheme 0
D (1614) efuse: coding scheme 0
D (1617) efuse: coding scheme 0
D (1620) secure_boot_v1: after updating, EFUSE_BLK0_RDATA6 4
E (1626) secure_boot_v1: secure boot not enabled for bootloader image, EFUSE_RD_ABS_DONE_0 is probably write protected!
E (1637) boot: FAILED TO ENABLE SECURE BOOT (259).
abort() was called at PC 0x40079883

[mahavirj]

@Freelifeww Could you please check fix from #9290 (comment)? This fix is already merged in internal codebase, it shall be available on GH with next v4.3 branch sync.

[Freelifeww]

@mahavirj Thanks, I‘m check it.

[Freelifeww]

@Freelifeww Could you please check fix from #9290 (comment)? This fix is already merged in internal codebase, it shall be available on GH with next v4.3 branch sync.

Thank you. The test was successful

[mahavirj]

@Freelifeww Thanks for confirming. I will close this issue and allow fix to be tracked through #9290