-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
It's too hard to flash using Pre-Generated Host Keys when a ESP32 is in Encrypted Firmware Release Mode (ESPTOOL-566) #809
Comments
Hi @chipweinberger. We are open for suggestions but all these "idf.py ... should do" type of suggestions cannot be implemented on the esptool side. And since you've opened an issue on the ESP-IDF side as well, makes no sense to keep it open. I'm sorry. The official recommendation since I can remember was to follow https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/flash-encryption.html step-by-step and not go around and run commands intuitively. I think it makes sense to keep open and consider the suggestion on the ESP-IDF side.
There is already a command for that. The status can be read out by |
Which command?
|
Ah, apparently you must always specify Is there a reason we don't default to Perhaps we should default to
|
If you have Secure DL mode enabled then executing arbitrary code is not possible through UART DL mode on the target. Hence, one must pass |
This should happen automatically, the
|
Thanks for confirming @radimkarnis |
Yes, I think in this instance because I did not specify |
@chipweinberger what's weird is that in your case it didn't detect the Secure Download Mode at all, otherwise you would see |
Related Issues
related issue: espressif/vscode-esp-idf-extension#853
related issue: espressif/esp-idf#10340
Edit: Sorry for all the issues. This issue might not require
esptool.py
changes, I think. Each issue has unique information in it, however.Edit2: Actually, I think
esptool.py
needs to expose asecure_download_status
command, in order to determine if a chip is in Secure Download Mode.Problem
After you turn on
Firmware Encryption (Release)
, it becomes very annoying to useesp_tool.py
andidf.py
.There must be a simpler way!
Re-Flashing a device in Firmware Encryption (Development) Mode or Normal Mode:
idf.py flash
Re-Flashing a device in Firmware Encryption (Release) Mode:
Describe the solution you'd like
idf.py flash
! It should just do the right thing!The partition-table is already in
./build
.We also know
ifd.py
can detect when a device is in `Secure Download Mode. Which it tells us:When
Secure Download Mode
is detected,idf.py
should throw up an error forcing us the specify if we want to flash raw or flash encrypted. Error msg:When Secure Download Mode is detected, you must manually specify if you want to flash encrypted or flash raw.
Flags:--apply-encryption-key /path/to/key.bin
or--flash-raw
to automate further, we could have a KConfig for specifying the location of the keyfile, similar to custom partition tables. A
keyfile_path.txt
will then be written into the build folder.idf.py flash
would then consult this file, when it detects it needs to apply encryption. This would makeidf.py flash
work seamlessly despite the mode of the device.Describe alternatives you've considered
Writing my own scripts to automate this...
The text was updated successfully, but these errors were encountered: