使用 esp-idf

时间:2021-06-28 15:44:46

标签: security esp32

我正在 esp32 上实现安全启动和闪存加密

到目前为止。

1.我使用可刷新引导加载程序成功实现了安全启动

a-> idf.py menuconfig

b-> 使用 reflasbale 引导加载程序设置安全启动

c-> 使用 espsecue.py 生成 secure_boot_key 并赋予此名称以在 menuconfig 中保密启动密钥

d-> 引导加载程序配置->引导加载程序日志详细程度(错误)

e-> idf.py build

f-> 使用以下方法将安全启动密钥刻录到 efuse: D:\esp\tools.espressif\python_env\idf4.1_py3.9_env\Scripts\python.exe D:/esp/esp-idf/components/esptool_py/esptool/espefuse.pyburn_key secure_boot D:/ESP32_Projects/blink/build /bootloader/secure-bootloader-key-256.bin

g-> 烧毁安全启动

espefuse -p COM4 burn_efuse ABS_DONE_0

h->第一次刷机命令是: D:\esp\tools.espressif\python_env\idf4.1_py3.9_env\Scripts\python.exe D:/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port (PORT) --baud (BAUD) --before default_reset --after no_reset write_flash --flash_mode dio --flash_freq 40m --flash_size 2MB
-u 0x1000 D:/ESP32_Projects/blink/build/bootloader/bootloader.bin

i->在初始刷新后刷新引导加载程序: D:\esp\tools.espressif\python_env\idf4.1_py3.9_env\Scripts\python.exe D:/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port (PORT) --baud (BAUD) --before default_reset --after no_reset write_flash --flash_mode dio --flash_freq 40m --flash_size 2MB
-u 0x0 D:/ESP32_Projects/blink/build/bootloader/bootloader-reflash-digest.bin

j->idf.py flash monitor 并且通过可重构引导加载程序启用了安全引导

2.现在进行 Flash 加密 -> 通过 flash_encryption 示例是 security esp-idf 并且它有效。

3.现在对于我面临问题的闪存加密的安全启动

我做了什么

-> 先启用 flash 加密

->然后使用与上述相同的方法使用 (a-i)

启用安全启动

->idf.py encrypted-flash monitor

输出如下,请查看并告诉我下一步该怎么做..谢谢

D:\ESP32_Projects\flash_encryption>idf.py encrypted-flash monitor
Adding "encrypted-flash"'s dependency "all" to list of commands with default set of options.
Executing action: all (aliases: build)
Running ninja in directory d:\esp32_projects\flash_encryption\build
Executing "ninja all"...
[1/4] cmd.exe /C "cd /D D:\ESP32_Projects\flash_encryption\build\esp...*******************************************************************" 
Partition table binary generated. Contents:
*******************************************************************************
# Espressif ESP32 Partition Table
# Name, Type, SubType, Offset, Size, Flags
nvs,data,nvs,0x9000,24K,
storage,data,255,0xf000,4K,encrypted
factory,app,factory,0x10000,1M,
*******************************************************************************
[2/4] Performing build step for 'bootloader'
ninja: no work to do.
Executing action: encrypted-flash
Choosing default port b'COM4' (use '-p PORT' option to set a specific serial port)
Running esptool.py in directory d:\esp32_projects\flash_encryption\build
Executing "D:\esp\tools\.espressif\python_env\idf4.1_py3.9_env\Scripts\python.exe D:\esp\esp-idf\components/esptool_py/esptool/esptool.py -p COM4 -b 460800 --before default_reset --after no_reset --chip esp32 write_flash @flash_encrypted_project_args"...
esptool.py -p COM4 -b 460800 --before default_reset --after no_reset --chip esp32 write_flash --encrypt 0x8000 partition_table/partition-table.bin 0x10000 flash_encryption.bin
esptool.py v2.9-dev
Serial port COM4
Connecting........__
Chip is ESP32D0WDQ6 (revision 1)
Features: WiFi, BT, Dual Core, 240MHz, VRef calibration in efuse, Coding Scheme None
Crystal is 40MHz
MAC: 30:ae:a4:fe:62:c8
Uploading stub...
Running stub...
Stub running...
Changing baud rate to 460800
Changed.
Configuring flash size...
Auto-detected Flash size: 4MB

WARNING: - compress and encrypt options are mutually exclusive
Will flash uncompressed
Wrote 16384 bytes at 0x00008000 in 0.4 seconds (349.4 kbit/s)...
Wrote 163840 bytes at 0x00010000 in 3.8 seconds (344.5 kbit/s)...

Leaving...
Staying in bootloader.
Executing action: monitor
Running idf_monitor in directory d:\esp32_projects\flash_encryption
Executing "D:\esp\tools\.espressif\python_env\idf4.1_py3.9_env\Scripts\python.exe D:\esp\esp-idf\tools/idf_monitor.py -p COM4 -b 115200 --toolchain-prefix xtensa-esp32-elf- d:\esp32_projects\flash_encryption\build\flash_encryption.elf --encrypted -m 'D:\esp\tools\.espressif\python_env\idf4.1_py3.9_env\Scripts\python.exe' 'D:\esp\esp-idf\tools\idf.py'"...
--- idf_monitor on COM4 115200 ---
--- Quit: Ctrl+] | Menu: Ctrl+T | Help: Ctrl+T followed by Ctrl+H ---
ets Jun  8 2016 00:22:57

rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
flash read err, 1000
ets_main.c 371 
ets Jun  8 2016 00:22:57

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
flash read err, 1000
ets_main.c 371
ets Jun  8 2016 00:22:57

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
flash read err, 1000
ets_main.c 371
ets Jun  8 2016 00:22:57

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
flash read err, 1000
ets_main.c 371
ets Jun  8 2016 00:22:57

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
flash read err, 1000
ets_main.c 371
ets Jun  8 2016 00:22:57

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
flash read err, 1000
ets_main.c 371
ets Jun  8 2016 00:22:57

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
flash read err, 1000
ets_main.c 371 
ets Jun  8 2016 00:22:57

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
flash read err, 1000
ets_main.c 371

Done

D:\ESP32_Projects\flash_encryption>espefuse -p COM4 summary      
Connecting........_
Detecting chip type... ESP32
espefuse.py v3.1
EFUSE_NAME (Block)                       Description  = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Calibration fuses:
BLK3_PART_RESERVE (BLOCK0):              BLOCK3 partially served for ADC calibration data   = False R/W (0b0)
ADC_VREF (BLOCK0):                       Voltage reference calibration                      = 1128 R/W (0b00100)

Config fuses:
XPD_SDIO_FORCE (BLOCK0):                 Ignore MTDI pin (GPIO12) for VDD_SDIO on reset     = False R/W (0b0)
XPD_SDIO_REG (BLOCK0):                   If XPD_SDIO_FORCE, enable VDD_SDIO reg on reset    = False R/W (0b0)
XPD_SDIO_TIEH (BLOCK0):                  If XPD_SDIO_FORCE & XPD_SDIO_REG                   = 1.8V R/W (0b0)
CLK8M_FREQ (BLOCK0):                     8MHz clock freq override                           = 55 R/W (0x37)
SPI_PAD_CONFIG_CLK (BLOCK0):             Override SD_CLK pad (GPIO6/SPICLK)                 = 0 R/W (0b00000)
SPI_PAD_CONFIG_Q (BLOCK0):               Override SD_DATA_0 pad (GPIO7/SPIQ)                = 0 R/W (0b00000)
SPI_PAD_CONFIG_D (BLOCK0):               Override SD_DATA_1 pad (GPIO8/SPID)                = 0 R/W (0b00000)
SPI_PAD_CONFIG_HD (BLOCK0):              Override SD_DATA_2 pad (GPIO9/SPIHD)               = 0 R/W (0b00000)
SPI_PAD_CONFIG_CS0 (BLOCK0):             Override SD_CMD pad (GPIO11/SPICS0)                = 0 R/W (0b00000)
DISABLE_SDIO_HOST (BLOCK0):              Disable SDIO host                                  = False R/W (0b0)

Efuse fuses:
WR_DIS (BLOCK0):                         Efuse write disable mask                           = 384 R/W (0x0180)
RD_DIS (BLOCK0):                         Efuse read disable mask                            = 3 R/W (0x3)
CODING_SCHEME (BLOCK0):                  Efuse variable block length scheme
   = NONE (BLK1-3 len=256 bits) R/W (0b00)
KEY_STATUS (BLOCK0):                     Usage of efuse block 3 (reserved)                  = False R/W (0b0)

Identity fuses:
MAC (BLOCK0):                            Factory MAC Address
   = 30:ae:a4:fe:62:c8 (CRC 0x61 OK) R/W
MAC_CRC (BLOCK0):                        CRC8 for factory MAC address                       = 97 R/W (0x61)
CHIP_VER_REV1 (BLOCK0):                  Silicon Revision 1                                 = True R/W (0b1)
CHIP_VER_REV2 (BLOCK0):                  Silicon Revision 2                                 = False R/W (0b0)
CHIP_VERSION (BLOCK0):                   Reserved for future chip versions                  = 2 R/W (0b10)
CHIP_PACKAGE (BLOCK0):                   Chip package identifier                            = 0 R/W (0b000)
MAC_VERSION (BLOCK3):                    Version of the MAC field                           = 0 R/W (0x00)

Security fuses:
FLASH_CRYPT_CNT (BLOCK0):                Flash encryption mode counter                      = 1 R/W (0b0000001)
UART_DOWNLOAD_DIS (BLOCK0):              Disable UART download mode (ESP32 rev3 only)       = False R/W (0b0)
FLASH_CRYPT_CONFIG (BLOCK0):             Flash encryption config (key tweak bits)           = 15 R/W (0xf)
CONSOLE_DEBUG_DISABLE (BLOCK0):          Disable ROM BASIC interpreter fallback             = True R/W (0b1)
ABS_DONE_0 (BLOCK0):                     Secure boot V1 is enabled for bootloader image     = True R/W (0b1)
ABS_DONE_1 (BLOCK0):                     Secure boot V2 is enabled for bootloader image     = False R/W (0b0)
JTAG_DISABLE (BLOCK0):                   Disable JTAG                                       = True R/W (0b1)
DISABLE_DL_ENCRYPT (BLOCK0):             Disable flash encryption in UART bootloader        = False R/W (0b0)
DISABLE_DL_DECRYPT (BLOCK0):             Disable flash decryption in UART bootloader        = True R/W (0b1)
DISABLE_DL_CACHE (BLOCK0):               Disable flash cache in UART bootloader             = True R/W (0b1)
BLOCK1 (BLOCK1):                         Flash encryption key
   = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLOCK2 (BLOCK2):                         Secure boot key
   = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/-
BLOCK3 (BLOCK3):                         Variable Block 3
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W

Flash voltage (VDD_SDIO) determined by GPIO12 on reset (High for 1.8V, Low/NC for 3.3V).

0 个答案:

没有答案
相关问题
最新问题