I use Platform IO with the ESP32-S3 in the Arduino framework and want to enable Secure Boot and Flash Encryption for my firmware. I’ve tried multiple times using AI and online references, but it hasn’t worked properly.
Don’t trust AI, use your power!
Use the search function and you’ll find this post from 8 days ago…
I already tried the suggested solution by adding
; ---- Flash Encryption ----
-D CONFIG_FLASH_ENCRYPTION_ENABLED=y
-D FLASH_ENCRYPTION_ENABLED=1
to the .ini file, but it didn’t configure flash encryption at the system level.
Unfortunately, this says nothing about what you have already tried and what your current configuration looks like.
Since there is already a (still very fresh) thread on the same topic with the same hardware (ESP32-S3), I suggest that you attach your question there and show the content of your platformio.ini.
[env:esp32-s3-devkitm-1]
platform = espressif32
board = esp32-s3-devkitm-1
framework = arduino
upload_speed = 921600
monitor_speed = 115200
board_build.mcu = esp32s3
board_build.cpu = esp32s3
board_build.f_cpu = 240000000L
board_build.flash_mode = qio
board_build.flash_freq = 80m
board_build.flash_size = 8MB
build_flags =
; ---- Arduino USB Config ----
-D ARDUINO_USB_CDC_ON_BOOT=1
-D ARDUINO_USB_MODE=1 ; USB Mode: CDC + JTAG
-D CONFIG_ARDUINO_RUNNING_CORE=1
-D CONFIG_ARDUINO_EVENT_RUNNING_CORE=1
-D CORE_DEBUG_LEVEL=2
; ---- Flash Encryption ----
-D CONFIG_FLASH_ENCRYPTION_ENABLED=y
-D FLASH_ENCRYPTION_ENABLED=1
-D CONFIG_FLASH_ENCRYPTION_INSECURE=1
; ---- Secure Boot V2 ----
-D CONFIG_SECURE_BOOT=y
-D CONFIG_SECURE_BOOT_V2_ENABLED=y
-D CONFIG_SECURE_SIGNED_BINARIES=y
-D CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y
-D CONFIG_SECURE_BOOT_V2_EFUSE_KEY_BLOCK_KEY0=y
-D CONFIG_SECURE_BOOT_V2_EFUSE_KEY_DIS_WRITE_PROTECT=y
; ---- NVS Encryption ----
-D CONFIG_NVS_ENCRYPTION=n
lib_deps =
zinggjm/GxEPD2@^1.6.2
bblanchon/ArduinoJson@^7.3.0
bogde/HX711@^0.7.5
https://github.com/tueddy/CLRC663-Library.git
upload_protocol = esptool
This is my platformio ini file
After I compile and flash that, I go to ESP-IDF Terminal and Give the command of ‘espefuse.py --port COMx summary’
It Gives in flash efuse field
Flash fuses:
FLASH_TPUW (BLOCK0) Configures flash waiting time after power-up; in u = 0 R/W (0x0)
nit of ms. If the value is less than 15; the waiti
ng time is the configurable value. Otherwise; the
waiting time is twice the configurable value
FLASH_ECC_MODE (BLOCK0) Flash ECC mode in ROM = 16to18 byte R/W (0b0)
FLASH_TYPE (BLOCK0) SPI flash type = 4 data lines R/W (0b0)
FLASH_PAGE_SIZE (BLOCK0) Set Flash page size = 0 R/W (0b00)
FLASH_ECC_EN (BLOCK0) Set 1 to enable ECC for flash boot = False R/W (0b0)
FORCE_SEND_RESUME (BLOCK0) Set this bit to force ROM code to send a resume co = False R/W (0b0)
mmand during SPI boot
FLASH_CAP (BLOCK1) Flash capacity = 8M R/W (0b001)
FLASH_TEMP (BLOCK1) Flash temperature = 85C R/W (0b10)
FLASH_VENDOR (BLOCK1) Flash vendor = GD R/W (0b010)
why are flash flags do not enable? and first of all, I have doubt on my process is correct? please tell how to do properly.
esptool.py v4.9.0
Serial port COM38
Connecting...
Chip is ESP32-S3 (QFN56) (revision v0.2)
Features: WiFi, BLE, Embedded Flash 8MB (GD)
Crystal is 40MHz
USB mode: USB-Serial/JTAG
MAC: b4:3a:45:b3:64:14
Uploading stub...
Running stub...
A fatal error occurred: Invalid head of packet (0x45): Possible serial noise or corruption.
I enabled flash encryption on an ESP32-S3 board and mistakenly flashed an encrypted bootloader incorrectly. After that, I received an error and could no longer perform any operations on the board, effectively making the module unusable. I’m now asking if there’s any way to recover that module.
AFAIK no.
But maybe the guys from Espressif can help you…
Yeah, I email to espressif and they said the SECURE BOOT or FLASH ENCRYPTION is not support in Platform Io.
Espressif mail - " I checked with ESP Arduino team, the platformIO + Arduino scenario(Or Arduino itself) does not seem to support secure boot at all, the only way to use secure boot is by using Arduino as IDF component."
1 Like
That’s a bit confusing. Did they really mean “PlatformIO” or “Arduino” Framework?
Because with PlatformIO you can create a “Arduino as IDF component” project and use menuconfig to configure the ESP-IDF SDK:
platformio.ini:
[env:esp32-s3-devkitm-1]
platform = espressif32
board = esp32-s3-devkitm-1
framework = espidf, arduino
Terminal command for menuconfig:
pio run -t menuconfig
Yeah, its correct but before I tried only Arduino framework, so I confused. Thank for your reply.
I gave the command “pio run -t menuconfig”
and my platformio.ini file has
[env:esp32-s3-devkitm-1]
platform = espressif32
board = esp32-s3-devkitm-1
framework = espidf, arduino
monitor_speed = 115200
I got error of
Traceback (most recent call last):
File "/usr/bin/pio", line 33, in <module>
sys.exit(load_entry_point('platformio==4.3.4', 'console_scripts', 'pio')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/bin/pio", line 25, in importlib_load_entry_point
return next(matches).load()
^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/importlib/metadata/__init__.py", line 205, in load
module = import_module(match.group('module'))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/usr/lib/python3/dist-packages/platformio/__main__.py", line 66, in <module>
@cli.resultcallback()
^^^^^^^^^^^^^^^^^^
AttributeError: 'PlatformioCLI' object has no attribute 'resultcallback'. Did you mean: 'result_callback'?
How to solve this?