Chapter 4. Software framework
4.7.13 What are the use scenarios for secure boot and ash encryption?
• When secure boot is enabled, the device will only load and run rmware that is signed by the specied key.
Therefore, it can prevent the device from loading illegal rmware and prevent unauthorized rmware from
being ashed to the device.
• When ash encryption is enabled, the partitions on the ash where rmware is stored and the data in the
partitions marked as “encrypeted”will be encrypted. Therefore, it can prevent the data from being illegally
viewed, and rmware data copied from ash cannot be applied to other devices.
4.7.14 What are the data stored in eFuse involved in secure boot and ash encryption?
• For the data stored in eFuse used in secure boot v1, please refer to secure boot v1 efuses。
• For the data stored in eFuse used in secure boot v2, please refer to secure boot v2 efuses。
• For the data stored in eFuse used in ash encryption, please refer to ash encryption efuses。
4.7.15 Enabling secure boot failed with the log “Checksum failure”. How to x it?
• After enabling secure boot, the size of bootloader.bin will increase, please check whether the size of the
bootloader partition is enough to store the compiled bootloader.bin. For more information, please refer to
Bootloader Size。
4.7.16 NVS encryption failed to start and an error occurred as nvs: Failed to read
NVS security cfg: [0x1117] (ESP_ERR_NVS_CORRUPT_KEY_PART).
How can I solve this issue?
• Please erase ash once using the ash tool before starting NVS encryption, and then ash the rmware which
can enable the NVS encryption to the SoC.
4.7.17 After ash encryption was enabled, a warning occurred as esp_image: image
at 0x520000 has invalid magic byte (nothing flashed here).
How can I solve this issue?
• After SoC starts ash encryption, it will try to encrypt the data of all the partitions of the app type. If there is
no corresponding app rmware stored in one app partition, the above log will appear. To avoid this warning,
you can ash pre-compiled app rmware to the partitions of the app type when starting ash encryption.
4.7.18 Why is reltead data not encrypted after I enable CONFIG_EFUSE_VIRTUAL and
ash encryption?
• Currently, Virtual eFuses is only used to test the update of eFuse data. Thus, ash encryption is not enabled
completely even this function is enabled.
4.7.19 Can I update an app rmware which enables ash encryption in a device which
does not enable fash encryption through OTA?
• Yes, please deselect
Check Flash Encryption enabled on app startup
when compiling.
Espressif Systems 107
Submit Document Feedback
Release master
To Next Page
Loading...
Need help?
General