I use Platform IO with the ESP32-S3 in the Arduino framework and want to enable Secure Boot and Flash Encryption for my firmware. I’ve tried multiple times using AI and online references, but it hasn’t worked properly.
Don’t trust AI, use your power!
Use the search function and you’ll find this post from 8 days ago…
I already tried the suggested solution by adding
; ---- Flash Encryption ----
-D CONFIG_FLASH_ENCRYPTION_ENABLED=y
-D FLASH_ENCRYPTION_ENABLED=1
to the .ini file, but it didn’t configure flash encryption at the system level.
Unfortunately, this says nothing about what you have already tried and what your current configuration looks like.
Since there is already a (still very fresh) thread on the same topic with the same hardware (ESP32-S3), I suggest that you attach your question there and show the content of your platformio.ini.
[env:esp32-s3-devkitm-1]
platform = espressif32
board = esp32-s3-devkitm-1
framework = arduino
upload_speed = 921600
monitor_speed = 115200
board_build.mcu = esp32s3
board_build.cpu = esp32s3
board_build.f_cpu = 240000000L
board_build.flash_mode = qio
board_build.flash_freq = 80m
board_build.flash_size = 8MB
build_flags =
; ---- Arduino USB Config ----
-D ARDUINO_USB_CDC_ON_BOOT=1
-D ARDUINO_USB_MODE=1 ; USB Mode: CDC + JTAG
-D CONFIG_ARDUINO_RUNNING_CORE=1
-D CONFIG_ARDUINO_EVENT_RUNNING_CORE=1
-D CORE_DEBUG_LEVEL=2
; ---- Flash Encryption ----
-D CONFIG_FLASH_ENCRYPTION_ENABLED=y
-D FLASH_ENCRYPTION_ENABLED=1
-D CONFIG_FLASH_ENCRYPTION_INSECURE=1
; ---- Secure Boot V2 ----
-D CONFIG_SECURE_BOOT=y
-D CONFIG_SECURE_BOOT_V2_ENABLED=y
-D CONFIG_SECURE_SIGNED_BINARIES=y
-D CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y
-D CONFIG_SECURE_BOOT_V2_EFUSE_KEY_BLOCK_KEY0=y
-D CONFIG_SECURE_BOOT_V2_EFUSE_KEY_DIS_WRITE_PROTECT=y
; ---- NVS Encryption ----
-D CONFIG_NVS_ENCRYPTION=n
lib_deps =
zinggjm/GxEPD2@^1.6.2
bblanchon/ArduinoJson@^7.3.0
bogde/HX711@^0.7.5
https://github.com/tueddy/CLRC663-Library.git
upload_protocol = esptool
This is my platformio ini file
After I compile and flash that, I go to ESP-IDF Terminal and Give the command of ‘espefuse.py --port COMx summary’
It Gives in flash efuse field
Flash fuses:
FLASH_TPUW (BLOCK0) Configures flash waiting time after power-up; in u = 0 R/W (0x0)
nit of ms. If the value is less than 15; the waiti
ng time is the configurable value. Otherwise; the
waiting time is twice the configurable value
FLASH_ECC_MODE (BLOCK0) Flash ECC mode in ROM = 16to18 byte R/W (0b0)
FLASH_TYPE (BLOCK0) SPI flash type = 4 data lines R/W (0b0)
FLASH_PAGE_SIZE (BLOCK0) Set Flash page size = 0 R/W (0b00)
FLASH_ECC_EN (BLOCK0) Set 1 to enable ECC for flash boot = False R/W (0b0)
FORCE_SEND_RESUME (BLOCK0) Set this bit to force ROM code to send a resume co = False R/W (0b0)
mmand during SPI boot
FLASH_CAP (BLOCK1) Flash capacity = 8M R/W (0b001)
FLASH_TEMP (BLOCK1) Flash temperature = 85C R/W (0b10)
FLASH_VENDOR (BLOCK1) Flash vendor = GD R/W (0b010)
why are flash flags do not enable? and first of all, I have doubt on my process is correct? please tell how to do properly.