当前位置:网站首页>Process of manually encrypting and burning the mass production firmware of ESP equipment

Process of manually encrypting and burning the mass production firmware of ESP equipment

2022-06-13 11:33:00 25March

Requirements are as follows :

Want to encrypt the mass production firmware , After encryption, tools can be used to erase the old firmware , Supports repeated firmware burning .

The tools needed :

Reference documents :

Solution :

Appoint Flash Encryption key (key.bin), That is, each module uses the same Flash Encryption key (key.bin). First compile the project into a separate binary plaintext firmware Use Flash Encryption key (key.bin) To encrypt ; Then you can use Flash Download tool Burning encrypted ciphertext firmware . After the ciphertext firmware is burned , Need to use esptool hold Flash Encryption key (key.bin) Burn to Efuse And open Efuse Medium Flash The encrypted control bit enables the encrypted firmware to run normally . Steps are as follows :*

1 Use esptool Tools , Generate... For mass production firmware Flash Encryption key (key.bin) , For example, the generated encryption key is key.bin

espsecure.py generate_flash_encryption_key key.bin

2 For each firmware to be mass produced and burned ( bin file ) To encrypt , With hello-world Routine as an example

  • Need to be in menuconfig In the open Flash Encryption options , as follows :

menuconfig -> Security features -> Enable flash encryption on boot
Insert picture description here

  • because Flash Encryption will increase bootloader.bin Size of firmware , So you need to adjust the offset of the default partition table , The default is 0x8000 , Adjustable to 0xa000 . Can be found in menuconfig Revision in China partition_table Set up . as follows :

menuconfig -> Partition Table -> Offset of partition table
Insert picture description here
Insert picture description here

  • Then compile the project , View the firmware download address corresponding to the compiled firmware . You can see hello-world.bin The download address of became 0x20000
Project build complete. To flash, run this command:
E:\.espressif\python_env\idf4.3_py3.8_env\Scripts\python.exe ..\..\..\components\esptool_py\esptool\esptool.py -p (PORT) -b 460800 --before default_reset --after no_reset --chip esp32c3  write_flash --flash_mode dio --flash_size detect --flash_freq 80m 0x0 build\bootloader\bootloader.bin 0xa000 build\partition_table\partition-table.bin 0x20000 build\hello-world.bin
or run 'idf.py -p (PORT) flash'

3 then , Use generated Flash Encryption key ( key.bin file ) For each independent firmware after project compilation ( bin file ) To encrypt . as follows :

  • Use generated Flash Encryption key ( key.bin ) Yes bootloader.bin To encrypt , Encrypted bootloader.bin by key_bootloader.bin
espsecure.py encrypt_flash_data --keyfile key.bin --address 0x1000 -o key_bootloader.bin build/bootloader/bootloader.bin
  • Use generated Flash Encryption key ( key.bin ) Yes partition-table.bin To encrypt , Encrypted partition-table.bin by key_partition-table.bin
espsecure.py encrypt_flash_data --keyfile key.bin --address 0xa000 -o key_partition-table.bin build/partition_table/partition-table.bin
  • Use generated Flash Encryption key ( key.bin ) Yes hello_world.bin To encrypt , Encrypted hello-world.bin by key_hello-world.bin
espsecure.py encrypt_flash_data --keyfile key.bin --address 0x20000 -o key_hello-world.bin build/hello_world.bin

4 The corresponding download address of the firmware generated according to the project compilation , Burning encrypted firmware ( Encrypted bin file ), Use the following esptool Tools to download encrypted firmware :

esptool.py -b 460800 --before default_reset --after no_reset --chip esp32  write_flash --flash_mode dio --flash_size detect --flash_freq 40m 0x1000 key_bootloader.bin 0xa000 key_partition-table.bin 0x20000 key_hello-world.bin

Be careful :

This step of downloading encrypted firmware can also be used directly Flash Download tool To download , as follows :
Insert picture description here

5 take Flash Encryption key (key.bin) Burn to Efuse in :

espefuse.py burn_key flash_encryption key.bin

6 Use esptool Tool on Efuse Medium Flash Encrypted control bit :

espefuse.py burn_efuse FLASH_CRYPT_CONFIG 0xF FLASH_CRYPT_CNT 1

explain :

  • if Efuse No write in Flash Encryption key ( key.bin ) And on Efuse Medium Flash Encrypted control bit , The encrypted... Cannot be run normally “ The firmware ”( bin file ).
  • Module on Flash After encryption , Can't use Flash Download tool To re burn firmware and erase firmware , But it supports the use of esptool Tools to re burn firmware and erase firmware .
  • Yes Flash The encrypted module rebuilds the firmware , The re fired firmware is required to be in menuconfig In the open ”Flash encryption “ And use the same encryption key as the old firmware (key.bin) To encrypt and then burn , In this way, the firmware after reburning can operate normally .
  • Efuse The encryption key cannot be erased , Therefore, the new key cannot be re burned .
  • This solution can be used after the module mass production firmware is encrypted esptool Tools to modify the module Reburning firmware 、 erase 、 read Flash The operation of , But the firmware read out is encrypted firmware . If the new module does not burn the key corresponding to the encrypted firmware (key.bin) Words , Just burning the read encrypted firmware to a new module will not work properly .
原网站

版权声明
本文为[25March]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/164/202206131114438639.html

边栏推荐

猜你喜欢

随机推荐