Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Having trouble read protecting fuses (ESPTOOL-167) #584

Closed
HalexRomagno opened this issue Dec 11, 2020 · 2 comments
Closed

Having trouble read protecting fuses (ESPTOOL-167) #584

HalexRomagno opened this issue Dec 11, 2020 · 2 comments

Comments

@HalexRomagno
Copy link

HalexRomagno commented Dec 11, 2020
edited
Loading

Hi,

I'm trying to use the new batch mode to write fuses as well as read/write protect them.
Here is what I'm doing and the result:

Command:
py -3 -m espefuse --port COM3 --before default_reset --do-not-confirm burn_efuse ABS_DONE_0 1 FLASH_CRYPT_CONFIG 0xF FLASH_CRYPT_CNT 1 CONSOLE_DEBUG_DISABLE 1 DISABLE_DL_ENCRYPT 1 DISABLE_DL_DECRYPT 1 DISABLE_DL_CACHE 1 JTAG_DISABLE 1 WR_DIS 1412 RD_DIS 11

Response:

Connecting.....
Detecting chip type... ESP32
espefuse.py v3.0
The efuses to burn:
  from BLOCK0
     - ABS_DONE_0
     - FLASH_CRYPT_CONFIG
     - FLASH_CRYPT_CNT
     - CONSOLE_DEBUG_DISABLE
     - DISABLE_DL_ENCRYPT
     - DISABLE_DL_DECRYPT
     - DISABLE_DL_CACHE
     - JTAG_DISABLE
     - WR_DIS
     - RD_DIS

Burning efuses:

    - 'ABS_DONE_0' (Secure boot V1 is enabled for bootloader image) 0b0 -> 0b1

    - 'FLASH_CRYPT_CONFIG' (Flash encryption config (key tweak bits)) 0x0 -> 0xf

    - 'FLASH_CRYPT_CNT' (Flash encryption mode counter) 0b0000000 -> 0b0000001

    - 'CONSOLE_DEBUG_DISABLE' (Disable ROM BASIC interpreter fallback) 0b1 -> 0b1
	The same value for CONSOLE_DEBUG_DISABLE is already burned. Do not change the efuse.

    - 'DISABLE_DL_ENCRYPT' (Disable flash encryption in UART bootloader) 0b0 -> 0b1

    - 'DISABLE_DL_DECRYPT' (Disable flash decryption in UART bootloader) 0b0 -> 0b1

    - 'DISABLE_DL_CACHE' (Disable flash cache in UART bootloader) 0b0 -> 0b1

    - 'JTAG_DISABLE' (Disable JTAG) 0b0 -> 0b1

    - 'WR_DIS' (Efuse write disable mask) 0x0180 -> 0x0584

    - 'RD_DIS' (Efuse read disable mask) 0x3 -> 0xb

Check all blocks for burn...
idx, BLOCK_NAME,          Conclusion
[00] BLOCK0               is not empty
	(written ): 0x0000000400000000000011340000a0000069c44f3360f85d00030180
	(to write): 0x000003d0f000000000000000000000000000000000000000001b0584
	(coding scheme = NONE)
. 
This is an irreversible operation!

A fatal error occurred: Burn BLOCK0 ([]) was not successful

What seems to be the problem is read protecting fuses. If I remove "RD_DIS 11" from the command above, it works successfully.
But then, if I run "burn_efuse RD_DIS 11" or even "read_protect_efuse FLASH_CRYPT_CONFIG", I get the same error as previously when everything is bundled together:

Connecting....
Detecting chip type... ESP32
espefuse.py v3.0
Permanently read-disabling efuses CODING_SCHEME, KEY_STATUS, FLASH_CRYPT_CONFIG, BLK3_PART_RESERVE

Check all blocks for burn...
idx, BLOCK_NAME,          Conclusion
[00] BLOCK0               is not empty
	(written ): 0x000003d4f0000000000002350000a0000036c44f3360f84500130584
	(to write): 0x00000000000000000000000000000000000000000000000000080000
	(coding scheme = NONE)
. 
This is an irreversible operation!

A fatal error occurred: Burn BLOCK0 ([]) was not successful

Weirdly, if I then run "espefuse summary", RD_DIS is indicating the value 11 which means BLOCK0 was indeed modified and read protecting the fuse actually worked.

Connecting.....
Detecting chip type... ESP32
espefuse.py v3.0
EFUSE_NAME (Block)                       Description  = [Meaningful Value] [Read
able/Writeable] (Hex Value)
--------------------------------------------------------------------------------
--------
Calibration fuses:
BLK3_PART_RESERVE (BLOCK0):              BLOCK3 partially served for ADC calibra
tion data   = False -/- (0b0)
ADC_VREF (BLOCK0):                       Voltage reference calibration
            = 1093 R/W (0b10001)

Config fuses:
XPD_SDIO_FORCE (BLOCK0):                 Ignore MTDI pin (GPIO12) for VDD_SDIO o
n reset     = False R/W (0b0)
XPD_SDIO_REG (BLOCK0):                   If XPD_SDIO_FORCE, enable VDD_SDIO reg
on reset    = False R/W (0b0)
XPD_SDIO_TIEH (BLOCK0):                  If XPD_SDIO_FORCE & XPD_SDIO_REG
            = 1.8V R/W (0b0)
CLK8M_FREQ (BLOCK0):                     8MHz clock freq override
            = 52 R/W (0x34)
SPI_PAD_CONFIG_CLK (BLOCK0):             Override SD_CLK pad (GPIO6/SPICLK)
            = 0 R/W (0b00000)
SPI_PAD_CONFIG_Q (BLOCK0):               Override SD_DATA_0 pad (GPIO7/SPIQ)
            = 0 R/W (0b00000)
SPI_PAD_CONFIG_D (BLOCK0):               Override SD_DATA_1 pad (GPIO8/SPID)
            = 0 R/W (0b00000)
SPI_PAD_CONFIG_HD (BLOCK0):              Override SD_DATA_2 pad (GPIO9/SPIHD)
            = 0 R/W (0b00000)
SPI_PAD_CONFIG_CS0 (BLOCK0):             Override SD_CMD pad (GPIO11/SPICS0)
            = 0 R/W (0b00000)
DISABLE_SDIO_HOST (BLOCK0):              Disable SDIO host
            = False R/W (0b0)

Efuse fuses:
WR_DIS (BLOCK0):                         Efuse write disable mask
            = 1412 R/W (0x0584)
RD_DIS (BLOCK0):                         Efuse read disable mask
            = 11 R/W (0xb)
CODING_SCHEME (BLOCK0):                  Efuse variable block length scheme

   = NONE (BLK1-3 len=256 bits) -/- (0b00)
KEY_STATUS (BLOCK0):                     Usage of efuse block 3 (reserved)
            = False -/- (0b0)

Identity fuses:
MAC (BLOCK0):                            Factory MAC Address

   = c4:4f:33:60:f8:5d (CRC 0x69 OK) R/W
MAC_CRC (BLOCK0):                        CRC8 for factory MAC address
            = 105 R/W (0x69)
CHIP_VER_REV1 (BLOCK0):                  Silicon Revision 1
            = True R/W (0b1)
CHIP_VER_REV2 (BLOCK0):                  Silicon Revision 2
            = False R/W (0b0)
CHIP_VERSION (BLOCK0):                   Reserved for future chip versions
            = 2 R/W (0b10)
CHIP_PACKAGE (BLOCK0):                   Chip package identifier
            = 0 R/W (0b000)
MAC_VERSION (BLOCK3):                    Version of the MAC field
            = 0 R/W (0x00)

Security fuses:
FLASH_CRYPT_CNT (BLOCK0):                Flash encryption mode counter
            = 1 R/- (0b0000001)
UART_DOWNLOAD_DIS (BLOCK0):              Disable UART download mode (ESP32 rev3
only)       = False R/- (0b0)
FLASH_CRYPT_CONFIG (BLOCK0):             Flash encryption config (key tweak bits
)           = ? -/- (0x0)
CONSOLE_DEBUG_DISABLE (BLOCK0):          Disable ROM BASIC interpreter fallback
            = True R/W (0b1)
ABS_DONE_0 (BLOCK0):                     Secure boot V1 is enabled for bootloade
r image     = True R/W (0b1)
ABS_DONE_1 (BLOCK0):                     Secure boot V2 is enabled for bootloade
r image     = False R/W (0b0)
JTAG_DISABLE (BLOCK0):                   Disable JTAG
            = True R/W (0b1)
DISABLE_DL_ENCRYPT (BLOCK0):             Disable flash encryption in UART bootlo
ader        = True R/W (0b1)
DISABLE_DL_DECRYPT (BLOCK0):             Disable flash decryption in UART bootlo
ader        = True R/W (0b1)
DISABLE_DL_CACHE (BLOCK0):               Disable flash cache in UART bootloader
            = True R/W (0b1)
BLOCK1 (BLOCK1):                         Flash encryption key

   = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
?? ?? ?? ?? ?? ?? ?? -/-
BLOCK2 (BLOCK2):                         Secure boot key

   = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
?? ?? ?? ?? ?? ?? ?? -/-
BLOCK3 (BLOCK3):                         Variable Block 3

   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 R/W

Flash voltage (VDD_SDIO) determined by GPIO12 on reset (High for 1.8V, Low/NC fo
r 3.3V).

If I run "burn_efuse RD_DIS 11" or "read_protect_efuse FLASH_CRYPT_CONFIG" again, the operation will succeed because it says no change is needed.
Am I doing something wrong, perhaps in the order I do things, or is there some kind of bug in esptool 3.0?

Operating system

Windows 7 SP1 64-bit

Python version

3.8.6

What Chip

ESP32-WROOM32

What development board or other hardware is the chip attached to

FT231XS-R

Is anything else attached to the development board, except for the serial flasher connections?

No

Are you running esptool.py from an IDE such as Arduino or Eclipse?

Windows CLI
@github-actions github-actions bot changed the title Having trouble read protecting fuses Having trouble read protecting fuses (ESPTOOL-167) Dec 11, 2020
@radimkarnis
Copy link
Collaborator

Hello @HalexRomagno,
thanks for reporting this behavior. I don't see anything wrong in your procedure, the FLASH_CRYPT_CONFIG should indeed be read protected by setting 'RD_DIS' 0x3 -> 0xb.
We will look into this issue.

Radim

@radimkarnis
Copy link
Collaborator

Hello @HalexRomagno,

there was nothing wrong with your procedure.
The error message happens because you try to burn FLASH_CRYPT_CONFIG and read-disable it at the same time. Both of these actions happen correctly, but when espefuse.py reads the efuse block back to check if the burn was successful, FLASH_CRYPT_CONFIG is already read-protected and reported back as 0x0 (while espefuse expects to see 0xf).

Thank you for reporting this, we will fix this. In the meantime, I advise you not to write and read-disable the same efuse in one command.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HalexRomagno @radimkarnis