Secure Boot V2, flash encryption and merged binary for production ESP32-S3 (IDFGH-11700)

[MacWyznawca]

Answers checklist.

• I have read the documentation ESP-IDF Programming Guide and the issue is not addressed there.
• I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
• I have searched the issue tracker for a similar issue and not found a similar issue.

General issue report

What steps should be taken to generate a merged binary file for production with Secure Boot V2 and flash encryption enabled?

Boot loader signed with 3 keys, flash memory encrypted with the key generated in the device.

I upload the signed BootLoader and then the other files without any problem. The problem is with the merged file.

I also have no problem uploading the linked binary file to the encrypted module in development mode.
Also, there was no problem with the linked file and flash encryption enabled, but without SecureBoot v2.

For the merge, I use the command: esptool.py --chip esp32s3 merge_bin --flash_mode dio --flash_size keep --flash_freq 80m 0x0 bootloader-s.bin 0x9000 base/partition_table/partition-table.bin 0x5d000 base/ota_data_initial.bin 0x60000 base/Base.bin -o Base_TotalEncrypted.bin

The module falls into a loop:

[mahavirj]

@MacWyznawca

• Bootloader verification looks good here. Can you please confirm if you disabled the logs in bootloader, please share your sdkconfig once?
• How do you flash the merged binary, can you please share all commands that you are using here?
• Please share the device efuse summary

[MacWyznawca]

Hi @mahavirj

1. Yes, Bootloader has logs disabled
2. I use esptool.py --port /dev/cu.usbserial-11101 write_flash 0x0 Base_TotalEncrypted.bin
3. :

=== Run "summary" command ===
EFUSE_NAME (Block) Description  = [Meaningful Value] [Readable/Writeable] (Hex Value)
----------------------------------------------------------------------------------------
Calibration fuses:
K_RTC_LDO (BLOCK1)                                 BLOCK1 K_RTC_LDO                                   = 24 R/W (0b0000110)
K_DIG_LDO (BLOCK1)                                 BLOCK1 K_DIG_LDO                                   = 8 R/W (0b0000010)
V_RTC_DBIAS20 (BLOCK1)                             BLOCK1 voltage of rtc dbias20                      = 40 R/W (0x0a)
V_DIG_DBIAS20 (BLOCK1)                             BLOCK1 voltage of digital dbias20                  = 24 R/W (0x06)
DIG_DBIAS_HVT (BLOCK1)                             BLOCK1 digital dbias when hvt                      = -24 R/W (0b10110)
ADC2_CAL_VOL_ATTEN3 (BLOCK1)                       ADC2 calibration voltage at atten3                 = 120 R/W (0b011110)
TEMP_CALIB (BLOCK2)                                Temperature calibration data                       = -6.800000000000001 R/W (0b101000100)
OCODE (BLOCK2)                                     ADC OCode                                          = 94 R/W (0x5e)
ADC1_INIT_CODE_ATTEN0 (BLOCK2)                     ADC1 init code at atten0                           = -52 R/W (0x8d)
ADC1_INIT_CODE_ATTEN1 (BLOCK2)                     ADC1 init code at atten1                           = 124 R/W (0b011111)
ADC1_INIT_CODE_ATTEN2 (BLOCK2)                     ADC1 init code at atten2                           = 88 R/W (0b010110)
ADC1_INIT_CODE_ATTEN3 (BLOCK2)                     ADC1 init code at atten3                           = 104 R/W (0b011010)
ADC2_INIT_CODE_ATTEN0 (BLOCK2)                     ADC2 init code at atten0                           = -180 R/W (0xad)
ADC2_INIT_CODE_ATTEN1 (BLOCK2)                     ADC2 init code at atten1                           = -4 R/W (0b100001)
ADC2_INIT_CODE_ATTEN2 (BLOCK2)                     ADC2 init code at atten2                           = 68 R/W (0b010001)
ADC2_INIT_CODE_ATTEN3 (BLOCK2)                     ADC2 init code at atten3                           = 88 R/W (0b010110)
ADC1_CAL_VOL_ATTEN0 (BLOCK2)                       ADC1 calibration voltage at atten0                 = 424 R/W (0x6a)
ADC1_CAL_VOL_ATTEN1 (BLOCK2)                       ADC1 calibration voltage at atten1                 = 484 R/W (0x79)
ADC1_CAL_VOL_ATTEN2 (BLOCK2)                       ADC1 calibration voltage at atten2                 = 392 R/W (0x62)
ADC1_CAL_VOL_ATTEN3 (BLOCK2)                       ADC1 calibration voltage at atten3                 = 460 R/W (0x73)
ADC2_CAL_VOL_ATTEN0 (BLOCK2)                       ADC2 calibration voltage at atten0                 = 492 R/W (0x7b)
ADC2_CAL_VOL_ATTEN1 (BLOCK2)                       ADC2 calibration voltage at atten1                 = 252 R/W (0b0111111)
ADC2_CAL_VOL_ATTEN2 (BLOCK2)                       ADC2 calibration voltage at atten2                 = 232 R/W (0b0111010)

Config fuses:
WR_DIS (BLOCK0)                                    Disable programming of individual eFuses           = 125832961 R/W (0x07800f01)
RD_DIS (BLOCK0)                                    Disable reading from BlOCK4-10                     = 8 R/- (0b0001000)
DIS_ICACHE (BLOCK0)                                Set this bit to disable Icache                     = False R/W (0b0)
DIS_DCACHE (BLOCK0)                                Set this bit to disable Dcache                     = False R/W (0b0)
DIS_TWAI (BLOCK0)                                  Set this bit to disable CAN function               = False R/W (0b0)
DIS_APP_CPU (BLOCK0)                               Disable app cpu                                    = False R/W (0b0)
DIS_DIRECT_BOOT (BLOCK0)                           Disable direct boot mode                           = True R/W (0b1)
UART_PRINT_CONTROL (BLOCK0)                        Set the default UART boot message output mode      = Enable R/W (0b00)
PIN_POWER_SELECTION (BLOCK0)                       Set default power supply for GPIO33-GPIO37; set wh = VDD_SPI R/W (0b1)
                                                   en SPI flash is initialized                       
PSRAM_CAP (BLOCK1)                                 PSRAM capacity                                     = 8M R/W (0b01)
PSRAM_TEMP (BLOCK1)                                PSRAM temperature                                  = 85C R/W (0b10)
PSRAM_VENDOR (BLOCK1)                              PSRAM vendor                                       = AP_3v3 R/W (0b01)
BLOCK_USR_DATA (BLOCK3)                            User data                                         
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W 
BLOCK_SYS_DATA2 (BLOCK10)                          System data part 2 (reserved)                     
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W 

Flash fuses:
FLASH_TPUW (BLOCK0)                                Configures flash waiting time after power-up; in u = 0 R/W (0x0)
                                                   nit of ms. If the value is less than 15; the waiti
                                                   ng time is the configurable value.  Otherwise; the
                                                    waiting time is twice the configurable value     
FLASH_ECC_MODE (BLOCK0)                            Flash ECC mode in ROM                              = 16to18 byte R/W (0b0)
FLASH_TYPE (BLOCK0)                                SPI flash type                                     = 4 data lines R/W (0b0)
FLASH_PAGE_SIZE (BLOCK0)                           Set Flash page size                                = 0 R/W (0b00)
FLASH_ECC_EN (BLOCK0)                              Set 1 to enable ECC for flash boot                 = False R/W (0b0)
FORCE_SEND_RESUME (BLOCK0)                         Set this bit to force ROM code to send a resume co = False R/W (0b0)
                                                   mmand during SPI boot                             
FLASH_CAP (BLOCK1)                                 Flash capacity                                     = None R/W (0b000)
FLASH_TEMP (BLOCK1)                                Flash temperature                                  = None R/W (0b00)
FLASH_VENDOR (BLOCK1)                              Flash vendor                                       = None R/W (0b000)

Identity fuses:
DISABLE_WAFER_VERSION_MAJOR (BLOCK0)               Disables check of wafer version major              = False R/W (0b0)
DISABLE_BLK_VERSION_MAJOR (BLOCK0)                 Disables check of blk version major                = False R/W (0b0)
WAFER_VERSION_MINOR_LO (BLOCK1)                    WAFER_VERSION_MINOR least significant bits         = 1 R/W (0b001)
PKG_VERSION (BLOCK1)                               Package version                                    = 0 R/W (0b000)
BLK_VERSION_MINOR (BLOCK1)                         BLK_VERSION_MINOR                                  = 2 R/W (0b010)
WAFER_VERSION_MINOR_HI (BLOCK1)                    WAFER_VERSION_MINOR most significant bit           = False R/W (0b0)
WAFER_VERSION_MAJOR (BLOCK1)                       WAFER_VERSION_MAJOR                                = 0 R/W (0b00)
OPTIONAL_UNIQUE_ID (BLOCK2)                        Optional unique 128-bit ID                        
   = 6a ba dc d0 b8 f6 9b 82 bd 4b 0a 3a 4c 63 24 c0 R/W 
BLK_VERSION_MAJOR (BLOCK2)                         BLK_VERSION_MAJOR of BLOCK2                        = ADC calib V1 R/W (0b01)
WAFER_VERSION_MINOR (BLOCK0)                       calc WAFER VERSION MINOR = WAFER_VERSION_MINOR_HI  = 1 R/W (0x1)
                                                   << 3 + WAFER_VERSION_MINOR_LO (read only)         

Jtag fuses:
SOFT_DIS_JTAG (BLOCK0)                             Set these bits to disable JTAG in the soft way (od = 7 R/W (0b111)
                                                   d number 1 means disable ). JTAG can be enabled in
                                                    HMAC module                                      
DIS_PAD_JTAG (BLOCK0)                              Set this bit to disable JTAG in the hard way. JTAG = True R/W (0b1)
                                                    is disabled permanently                          
STRAP_JTAG_SEL (BLOCK0)                            Set this bit to enable selection between usb_to_jt = False R/W (0b0)
                                                   ag and pad_to_jtag through strapping gpio10 when b
                                                   oth reg_dis_usb_jtag and reg_dis_pad_jtag are equa
                                                   l to 0                                            

Mac fuses:
MAC (BLOCK1)                                       MAC address                                       
   = 34:85:18:7b:bd:a0 (OK) R/W 
CUSTOM_MAC (BLOCK3)                                Custom MAC                                        
   = 00:00:00:00:00:00 (OK) R/W 

Security fuses:
DIS_DOWNLOAD_ICACHE (BLOCK0)                       Set this bit to disable Icache in download mode (b = True R/W (0b1)
                                                   oot_mode[3:0] is 0; 1; 2; 3; 6; 7)                
DIS_DOWNLOAD_DCACHE (BLOCK0)                       Set this bit to disable Dcache in download mode (  = True R/W (0b1)
                                                   boot_mode[3:0] is 0; 1; 2; 3; 6; 7)               
DIS_FORCE_DOWNLOAD (BLOCK0)                        Set this bit to disable the function that forces c = False R/W (0b0)
                                                   hip into download mode                            
DIS_DOWNLOAD_MANUAL_ENCRYPT (BLOCK0)               Set this bit to disable flash encryption when in d = False R/W (0b0)
                                                   ownload boot modes                                
SPI_BOOT_CRYPT_CNT (BLOCK0)                        Enables flash encryption when 1 or 3 bits are set  = Disable R/W (0b000)
                                                   and disabled otherwise                            
SECURE_BOOT_KEY_REVOKE0 (BLOCK0)                   Revoke 1st secure boot key                         = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE1 (BLOCK0)                   Revoke 2nd secure boot key                         = False R/W (0b0)
SECURE_BOOT_KEY_REVOKE2 (BLOCK0)                   Revoke 3rd secure boot key                         = False R/W (0b0)
KEY_PURPOSE_0 (BLOCK0)                             Purpose of Key0                                    = SECURE_BOOT_DIGEST0 R/- (0x9)
KEY_PURPOSE_1 (BLOCK0)                             Purpose of Key1                                    = SECURE_BOOT_DIGEST1 R/- (0xa)
KEY_PURPOSE_2 (BLOCK0)                             Purpose of Key2                                    = SECURE_BOOT_DIGEST2 R/- (0xb)
KEY_PURPOSE_3 (BLOCK0)                             Purpose of Key3                                    = XTS_AES_128_KEY R/- (0x4)
KEY_PURPOSE_4 (BLOCK0)                             Purpose of Key4                                    = USER R/W (0x0)
KEY_PURPOSE_5 (BLOCK0)                             Purpose of Key5                                    = USER R/W (0x0)
SECURE_BOOT_EN (BLOCK0)                            Set this bit to enable secure boot                 = True R/W (0b1)
SECURE_BOOT_AGGRESSIVE_REVOKE (BLOCK0)             Set this bit to enable revoking aggressive secure  = False R/W (0b0)
                                                   boot                                              
DIS_DOWNLOAD_MODE (BLOCK0)                         Set this bit to disable download mode (boot_mode[3 = False R/W (0b0)
                                                   :0] = 0; 1; 2; 3; 6; 7)                           
ENABLE_SECURITY_DOWNLOAD (BLOCK0)                  Set this bit to enable secure UART download mode   = False R/W (0b0)
SECURE_VERSION (BLOCK0)                            Secure version (used by ESP-IDF anti-rollback feat = 0 R/W (0x0000)
                                                   ure)                                              
BLOCK_KEY0 (BLOCK4)
  Purpose: SECURE_BOOT_DIGEST0
  Key0 or user data                                 
   = xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx R/- 
BLOCK_KEY1 (BLOCK5)
  Purpose: SECURE_BOOT_DIGEST1
  Key1 or user data                                 
   = xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx R/- 
BLOCK_KEY2 (BLOCK6)
  Purpose: SECURE_BOOT_DIGEST2
  Key2 or user data                                 
   = xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx R/- 
BLOCK_KEY3 (BLOCK7)
  Purpose: XTS_AES_128_KEY
    Key3 or user data                                 
   = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -/- 
BLOCK_KEY4 (BLOCK8)
  Purpose: USER
               Key4 or user data                                 
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W 
BLOCK_KEY5 (BLOCK9)
  Purpose: USER
               Key5 or user data                                 
   = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R/W 

Spi Pad fuses:
SPI_PAD_CONFIG_CLK (BLOCK1)                        SPI_PAD_configure CLK                              = 0 R/W (0b000000)
SPI_PAD_CONFIG_Q (BLOCK1)                          SPI_PAD_configure Q(D1)                            = 0 R/W (0b000000)
SPI_PAD_CONFIG_D (BLOCK1)                          SPI_PAD_configure D(D0)                            = 0 R/W (0b000000)
SPI_PAD_CONFIG_CS (BLOCK1)                         SPI_PAD_configure CS                               = 0 R/W (0b000000)
SPI_PAD_CONFIG_HD (BLOCK1)                         SPI_PAD_configure HD(D3)                           = 0 R/W (0b000000)
SPI_PAD_CONFIG_WP (BLOCK1)                         SPI_PAD_configure WP(D2)                           = 0 R/W (0b000000)
SPI_PAD_CONFIG_DQS (BLOCK1)                        SPI_PAD_configure DQS                              = 0 R/W (0b000000)
SPI_PAD_CONFIG_D4 (BLOCK1)                         SPI_PAD_configure D4                               = 0 R/W (0b000000)
SPI_PAD_CONFIG_D5 (BLOCK1)                         SPI_PAD_configure D5                               = 0 R/W (0b000000)
SPI_PAD_CONFIG_D6 (BLOCK1)                         SPI_PAD_configure D6                               = 0 R/W (0b000000)
SPI_PAD_CONFIG_D7 (BLOCK1)                         SPI_PAD_configure D7                               = 0 R/W (0b000000)

Usb fuses:
DIS_USB_OTG (BLOCK0)                               Set this bit to disable USB function               = False R/W (0b0)
USB_EXCHG_PINS (BLOCK0)                            Set this bit to exchange USB D+ and D- pins        = False R/W (0b0)
USB_EXT_PHY_ENABLE (BLOCK0)                        Set this bit to enable external PHY                = False R/W (0b0)
DIS_USB_JTAG (BLOCK0)                              Set this bit to disable function of usb switch to  = True R/W (0b1)
                                                   jtag in module of usb device                      
DIS_USB_SERIAL_JTAG (BLOCK0)                       Set this bit to disable usb device                 = False R/W (0b0)
USB_PHY_SEL (BLOCK0)                               This bit is used to switch internal PHY and extern
   = internal PHY is assigned to USB Device while external PHY is assigned to USB OTG R/W (0b0)
                                                   al PHY for USB OTG and USB Device                 
DIS_USB_SERIAL_JTAG_ROM_PRINT (BLOCK0)             USB printing                                       = Enable R/W (0b0)
DIS_USB_SERIAL_JTAG_DOWNLOAD_MODE (BLOCK0)         Set this bit to disable UART download mode through = False R/W (0b0)
                                                    USB                                              
DIS_USB_OTG_DOWNLOAD_MODE (BLOCK0)                 Set this bit to disable download through USB-OTG   = False R/W (0b0)

Vdd fuses:
VDD_SPI_XPD (BLOCK0)                               SPI regulator power up signal                      = True R/W (0b1)
VDD_SPI_TIEH (BLOCK0)                              If VDD_SPI_FORCE is 1; determines VDD_SPI voltage 
   = VDD_SPI connects to VDD3P3_RTC_IO R/W (0b1)
VDD_SPI_FORCE (BLOCK0)                             Set this bit and force to use the configuration of = True R/W (0b1)
                                                    eFuse to configure VDD_SPI                       

Wdt fuses:
WDT_DELAY_SEL (BLOCK0)                             RTC watchdog timeout threshold; in unit of slow cl = 40000 R/W (0b00)

[MacWyznawca]

And Security features settings @mahavirj

[mahavirj]

@MacWyznawca

SPI_BOOT_CRYPT_CNT (BLOCK0) Enables flash encryption when 1 or 3 bits are set = Disable R/W (0b000)
and disabled otherwise

It appears that flash encryption is not yet enabled on this device, SPI_BOOT_CRYPT_CNT is still 0. However, the flash encryption key block is programmed.

May I ask how you programmed the flash encryption key, was it programmed externally using espefuse.py tool?

Additionally, please enable debug logs in the bootloader and see if there is any problem while enabling the flash encryption workflow.

[MacWyznawca]

@mahavirj
This is strange, because I did not program the device encryption key externally. It was supposed to be generated inside the device (as in the menuconfig settings).
With the inclusion of the logs I have a problem, because initially in the documentation stated that 0x9000 space is enough, and it turns out that it ran out.

[mahavirj]

@MacWyznawca

Okay. Most likely the device could not complete the entire workflow to enable the flash encryption feature, or it was aborted interim of its execution (e.g., by a reset) somehow.

For the bootloader size issue, please change the partition table offset as highlighted in this doc guide here.

Also, its better to fallback to flash encryption development mode for this device. Just in case, if anything goes wrong we have 1 chance to disable the flash encryption. Please see this guide for development mode here.

[MacWyznawca]

@mahavirj Thank you,
I found places to expand the bootloader space. I will switch to developer mode as advised (although I need to do final testing on production anyway).
By the way, I have a question, because I couldn't find specific information in the documentation. At what point and at what stage are signatures added? It seems to me that they are added to the bootloader when signing it (I add all 3). Please confirm or hint 😉

[MacWyznawca]

@mahavirj It seems that something is wrong with the partition map.

Partition map:

# Name,   Type, SubType, Offset,  Size, Flags
sec_cert,       0x3F,   ,           0xf000,     0x3000, , # Never mark this as an encrypted partition
luon_0,         data,   66,         0x12000,    300k,       encrypted
otadata,        data,   ota,        ,           8k,
phy_init,       data,   phy,        ,           4k,
ota_0,          app,    ota_0,      0x60000,    3328k,
ota_1,          app,    ota_1,      ,           3328k,
nvs_keys,       data,   nvs_keys,   0x6e1000,   4K,     encrypted
nvs_keys_f,     data,   nvs_keys,   0x6e2000,   4K,     encrypted
factory_nvs,    data,   nvs,        0x6e3000,   16K,
nvs,            data,   nvs,        0x6e7000,   0x119000,

Logs:

SP-ROM:esp32s3-20210327
Build:Mar 27 2021
rst:0x1 (POWERON),boot:0x8 (SPI_FAST_FLASH_BOOT)
SPIWP:0xee
mode:DIO, clock div:1
Valid secure boot key blocks: 0 1 2
secure boot verification succeeded
load:0x3fce3980,len:0x3990
load:0x403c9700,len:0x4
load:0x403c9704,len:0xc00
load:0x403cc700,len:0x535c
entry 0x403c9908
I (69) boot: ESP-IDF v5.1.2-dirty 2nd stage bootloader
I (69) boot: compile time Dec 18 2023 11:49:02
I (69) boot: Multicore bootloader
I (73) boot: chip revision: v0.1
I (77) boot.esp32s3: Boot SPI Speed : 80MHz
I (82) boot.esp32s3: SPI Mode       : DIO
I (86) boot.esp32s3: SPI Flash Size : 8MB
I (91) boot: Enabling RNG early entropy source...
E (96) flash_parts: partition 0 invalid magic number 0x9d24
E (103) boot: Failed to verify partition table
E (108) boot: load partition table error!

[mahavirj]

@MacWyznawca

Since you have enabled SECURE_BOOT_BUILD_SIGNED_BINARIES configuration, the binaries would be signed by the build system as the last stage of the build process. However, please note that the build system only supports supplying path to a single private key and hence for appending more signature blocks (using more than 1 signing key), the signature must be appended manually as highlighted here.

E (96) flash_parts: partition 0 invalid magic number 0x9d24

• Please check if the bootloader is rebuilt and flashed after updating the partition table offset, otherwise it may be referring to the partition table at older offset
• Please read the contents of the flash starting from the partition table offset and match them with the build system generated partition table binary

[MacWyznawca]

I sign the bootloader additionally with the command add signature.

I check partition data with command esptool.py --no-stub -b 230400 -p /dev/cu.usbserial-11101 read_flash 0xc000 0xC00 ~/Desktop/part.bin And I see that they do not correspond to the data uploaded to the same address, partition.

Let me remind you of the command I use to merge files:
esptool.py --chip esp32s3 merge_bin --flash_mode dio --flash_freq 80m --flash_size keep 0x0 ../../../LuON/LuONbase/bootloader-S.bin 0x60000 ../../../LuON/LuONbase/LuON_Base.bin 0xc000 ../../../LuON/LuONbase/partition_table/partition-table.bin 0x5d000 ../../../LuON/LuONbase/ota_data_initial.bin -o LuON_Base_v4.bin

If I first upload the signed bootloader and then execute -p /dev/cu.usbserial-11101 monitor flash with the same settings and addresses as I execute merge_bin, the application starts.

The merged file, however, does not want to run.

Is it possible to find somewhere documentation that shows step by step how to prepare merged file for factory upload with encryption and signature enabled?
With encryption alone, I never had a problem.

[mahavirj]

@MacWyznawca

There is no separate documentation for the merge_bin workflow. But I believe the command itself is only responsible to prepare a combined file based on the offsets and the data supplied. CC @radimkarnis @dobairoland

Do you see same contents in the merged binary at offset 0xc000 as what you read from the flash? Or they are different?

[MacWyznawca]

Hi @mahavirj

Ok. In the flash memory zone for the partition map there are some data that I can not associate with anything.

Today I will check on a new, clean copy of the device, but all operations in the code that I perform using writing to flash memory concern other addresses, and in addition, the application itself is not even launched.

[dobairoland]

JFYI, here is the documentation for merge_bin: https://docs.espressif.com/projects/esptool/en/latest/esp32/esptool/basic-commands.html#merge-binaries-for-flashing-merge-bin

@mahavirj's statement is correct. It just joins pieces together.

[MacWyznawca]

@dobairoland Thank you, this documentation I know and use.
However, in the documentation for secureboot v2, the process looks like they recommend uploading the signed bootloader first and then the rest of the files. In production, we prefer to avoid this and upload one file. The encryption process alone slows down the firmware upload process a bit in production.

[MacWyznawca]

Hi @mahavirj, @dobairoland
Is it possible that the problem is caused by the absence of the digit 6 in the subtype of the sec_cert partition?

After completion, it was able to upload and run with developer encryption mode and signature secyreboot v2. Signed OTA updates also work.

I'm still waiting for a test in release mode, but I'd rather hold off until a response from you.

# Name,   Type, SubType, Offset,  Size, Flags
sec_cert,       0x3F,   6,          0x10000,    0x3000, 

[mahavirj]

@MacWyznawca

If the subtype is not defined for a partition, then it would be set to 6 (undefined). This was fixed in 9b654db. Even the esp_secure_cert partition format guide do not specify explicit subtype.

So, I think this should be okay, as long as the build system is generating the partition table binary.

[mahavirj]

@MacWyznawca Any further update on this or we can close the issue?