Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to reflash nvs-key partition when flash encryption is enabled #151

Open
asierdanjou opened this issue May 7, 2024 · 5 comments
Open

Comments

@asierdanjou
Copy link

Hi,
I'm trying to flash nvs-key partition again when "encrypted flash on boot" option is enabled.
I add two options to parttool.py:
--esptool-write-args encrypt
--partition-table-file partitions.2MB.csv

asier@DESKTOP-F9FS6J3:~/st-device-sdk-c-ref/apps/esp32c3/switch_example/output_bulk/20240417_190809/TEST01/stnv/keys$ python /home/asier/st-device-sdk-c-ref/bsp/esp32c3/components/partition_table/parttool.py --esptool-write-args encrypt --partition-table-offset 0xA000 --partition-table-file partitions.2MB.csv write_partition --partition-name="nvs_key" --input keys-04-18_09-59.bin

Running /home/asier/.espressif/python_env/idf5.2_py3.10_env/bin/python /home/asier/esp/esp-idf/components/esptool_py/esptool/esptool.py erase_region 90112 4096...
esptool.py v4.7.0
Found 1 serial ports
Serial port /dev/ttyUSB0
Connecting....
Detecting chip type... ESP32-C3
Chip is ESP32-C3 (QFN32) (revision v0.4)
Features: WiFi, BLE, Embedded Flash 4MB (XMC)
Crystal is 40MHz
MAC: 48:27:e2:ad:91:cc
Uploading stub...
Running stub...
Stub running...

A fatal error occurred: Active security features detected, erasing flash is disabled as a safety measure. Use --force to override, please use with caution, otherwise it may brick your device!
An exception: ** Command '['/home/asier/.espressif/python_env/idf5.2_py3.10_env/bin/python', '/home/asier/esp/esp-idf/components/esptool_py/esptool/esptool.py', 'erase_region', '90112', '4096']' returned non-zero exit status 2. ** occurred in _call_esptool.
Traceback (most recent call last):
  File "/home/asier/st-device-sdk-c-ref/bsp/esp32c3/components/partition_table/parttool.py", line 365, in <module>
    main()
  File "/home/asier/st-device-sdk-c-ref/bsp/esp32c3/components/partition_table/parttool.py", line 358, in main
    op(**common_args)
  File "/home/asier/st-device-sdk-c-ref/bsp/esp32c3/components/partition_table/parttool.py", line 187, in _write_partition
    target.write_partition(partition_id, input)
  File "/home/asier/st-device-sdk-c-ref/bsp/esp32c3/components/partition_table/parttool.py", line 173, in write_partition
    self.erase_partition(partition_id)
  File "/home/asier/st-device-sdk-c-ref/bsp/esp32c3/components/partition_table/parttool.py", line 166, in erase_partition
    self._call_esptool(['erase_region', str(partition.offset),  str(partition.size)] + self.esptool_erase_args)
  File "/home/asier/st-device-sdk-c-ref/bsp/esp32c3/components/partition_table/parttool.py", line 141, in _call_esptool
    raise e
  File "/home/asier/st-device-sdk-c-ref/bsp/esp32c3/components/partition_table/parttool.py", line 138, in _call_esptool
    subprocess.check_call(esptool_args, stdout=out, stderr=subprocess.STDOUT)
  File "/usr/lib/python3.10/subprocess.py", line 369, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/home/asier/.espressif/python_env/idf5.2_py3.10_env/bin/python', '/home/asier/esp/esp-idf/components/esptool_py/esptool/esptool.py', 'erase_region', '90112', '4096']' returned non-zero exit status 2.

How should I do it?
Thanks,
Asier

@junyoun-kim
Copy link
Collaborator

How about using --force option as instruction said.

A fatal error occurred: Active security features detected, erasing flash is disabled as a safety measure. Use --force to override, please use with caution, otherwise it may brick your device!

@asierdanjou
Copy link
Author

Hi,
I can't find any documentation for the --force argument for parttool.py, nor for esptool.py.
Is there any example of its use ?

Anyway I tried the following:

asier@DESKTOP-F9FS6J3:~/st-device-sdk-c-ref/apps/esp32c3/switch_example_plaintext_ota_sinJSON_enc/output_bulk/20240417_190809/TEST01/stnv/keys$ python /home/asier/st-device-sdk-c-ref/bsp/esp32c3/components/esptool_py/esptool/esptool.py erase_region 0x16000 0x1000
esptool.py v3.1-dev
Found 1 serial ports
Serial port /dev/ttyUSB0
Connecting....
Detecting chip type... ESP32-C3
Chip is unknown ESP32-C3 (revision 4)
Features: Wi-Fi
Crystal is 40MHz
MAC: 48:27:e2:ad:91:cc
Uploading stub...
Running stub...
Stub running...
Erasing region (may be slow depending on size)...
Erase completed successfully in 0.1 seconds.
Hard resetting via RTS pin...

asier@DESKTOP-F9FS6J3:~/st-device-sdk-c-ref/apps/esp32c3/switch_example_plaintext_ota_sinJSON_enc/output_bulk/20240417_190809/TEST01/stnv/keys$ python /home/asier/st-device-sdk-c-ref/bsp/esp32c3/components/esptool_py/esptool/esptool.py write_flash 0x16000 keys-04-18_09-59.bin --encrypt
esptool.py v3.1-dev
Found 1 serial ports
Serial port /dev/ttyUSB0
Connecting....
Detecting chip type... ESP32-C3
Chip is unknown ESP32-C3 (revision 4)
Features: Wi-Fi
Crystal is 40MHz
MAC: 48:27:e2:ad:91:cc
Uploading stub...
Running stub...
Stub running...
Configuring flash size...
Flash will be erased from 0x00016000 to 0x00016fff...

WARNING: - compress and encrypt options are mutually exclusive
Will flash keys-04-18_09-59.bin uncompressed
Wrote 16384 bytes at 0x00016000 in 1.5 seconds (86.2 kbit/s)...

Leaving...
Hard resetting via RTS pin...

But after doing that it doesn't work either.

Asier.

@asierdanjou
Copy link
Author

Hi,
Any help with that?
Thank you,
Asier.

@jonggab-park
Copy link
Collaborator

Sorry, it's too late.
We start to preparing the guide for nvs encryption.
If we complete the guide, we will update.

@Hwang-JeongHo
Copy link
Collaborator

We have added a guide on how to encrypt nvs in esp32.
I hope this guide will help you with your issue.

https://github.com/SmartThingsCommunity/st-device-sdk-c-ref/blob/develop/doc/nvs_encryption_esp32.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants