The secure boot solution features have been seamlessly integrated into
ESP-IDF. By familiarising yourself with the implementation principles
and configuring the appropriate options in the
menuconfig, you can
easily enable these features according to your requirements. In
comparison to the software secure boot solution, the hardware secure
boot provides a more comprehensive verification of firmware validity.
Thus, it is recommended to utilise the hardware secure boot solution to
enhance device security during the mass production stage. This section
will present several examples of enabling hardware secure boot, which
can be utilised for testing purposes. Furthermore, if you encounter any
errors while sending new firmware to the device using hardware secure
boot, the following log messages can serve as a reference for
When hardware secure boot is enabled according to the steps described in 13.4.4, starting up the device for the first time will get the following log message:
I (10251) secure_boot_v2: Secure boot V2 is not enabled yet and eFsue digest keys are not set I (10256) secure_boot_v2: Verifying with RSA-PSS... I (10254) secure_boot_v2: Signature verified successfully! I (10272) boot: boot: Loaded app from partition at offset 0X120000 I (10274) secure_boot_v2: Enabling secure boot V2...
Re-powering up the device will get the following message:
ESP-ROM:esp32c3-api1-20210207 Build:Feb 7 2021 rst:0x1 (POWERON),boot:0xC(SPI_FAST_FLASH_BOOT) SPIWP:0xee mode:DIO, clock div:1 Valid Secure Boot key blocks: 0 Secure Boot verification succeeded load:0x3fcd6268,len:0x2ebc load:0x403ce000,len:0x928 load:0x403d0000,len:0x4ce4 entry 0x403ce000 I (71) boot: ESP-IDF v4.3.2-2741-g7c0fa3fc70 2nd stage bootloader
Flashing unsigned bootloader to the device will get the following error message and terminate boot process.
ESP-ROM:esp32c3-api1-20210207 Build:Feb 7 2021 rst:0x1 (POWERON),boot:0xC(SPI_FAST_FLASH_BOOT) SPIWP:0xee mode:DIO, clock div:1 Valid secure boot key blocks: 0 No signature block magic byte found at signature sector (found 0xcd not 0xe7). Image not V2 signed? secure boot verification failed ets_main.c 333
Flashing unsigned app firmware to the device will get the following error message and terminate boot process.
I (310) esp_image: Verifying image signature... I (312) secure_boot_v2: Verifying with RSA-PSS... No signature block magic byte found at signature sector (found 0x41 not 0xe7). Image not V2 signed? E (326) secure_boot_v2: Secure Boot V2 verification failed. E (332) esp_image: Secure boot signature verification failed I (339) esp_image: Calculating simple hash to check for corruption... W (418) esp_image: image valid, signature bad
Sending unsigned app firmware to the device through OTA upgrade will cause signature verification failure, thus ending the data transmission, and preventing firmware loading.
I (4487) simple_ota_example: Starting OTA example I (5657) esp_https_ota: Starting OTA... I (5657) esp_https_ota: Writing to partition subtype 16 at offset 0x120000 I (26557) esp_image: segment 0: paddr=00120020 vaddr=3c0a0020 size=1b488h (111752) map I (26567) esp_image: segment 1: paddr=0013b4b0 vaddr=3fc8d800 size=02b10h ( 11024) I (26567) esp_image: segment 2: paddr=0013dfc8 vaddr=40380000 size=02050h ( 8272) I (26577) esp_image: segment 3: paddr=00140020 vaddr=42000020 size=9d9ech (645612) map I (26667) esp_image: segment 4: paddr=001dda14 vaddr=40382050 size=0b60ch ( 46604) I (26667) esp_image: segment 5: paddr=001e9028 vaddr=50000000 size=00010h ( 16) I (26667) esp_image: Verifying image signature... I (26677) secure_boot_v2: Take trusted digest key(s) from eFuse block(s) E (26687) esp_image: Secure boot signature verification failed I (26687) esp_image: Calculating simple hash to check for corruption... W (26757) esp_image: image valid, signature bad E (26767) simple_ota_example: Firmware upgrade failed