Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation of bootloader example #558

Open
phidahl opened this issue Oct 1, 2024 · 4 comments
Open

Documentation of bootloader example #558

phidahl opened this issue Oct 1, 2024 · 4 comments
Assignees
@will-v-pi
Labels
documentation Improvements or additions to documentation question Further information is requested

Comments

@phidahl
Copy link

phidahl commented Oct 1, 2024

I suggest on elaborating more on the pico-examples/bootloaders/encrypted example. As far as I dug into the documentation this example might become a reference implementation for those with the need to execute encrypted code on RP2350 devices. This capability is of great importance for most commercial users here.

The problem I encountered is, that the bootloader often fails with other binaries than the hello_serial example. The encryption and signature worked. But in the very end

rc = rom_chain_image(
        workarea,
        sizeof(workarea),
        SRAM_BASE,
        data_size
    );

returns with a value of -4. This means according to the headers BOOTROM_ERROR_NOT_PERMITTED.

It keeps me puzzled since I have used the bootloader, the partition table etc exactly as in the example. Make the binary bigger sometimes helped and it worked.. The binary should be small enough with 75 kbyte and lots of free space for the heap.

What I also don't understand is that I assumed that the bootloader does not write to the flash, but only to RAM. So why can there be a permission problem?

Having those error codes mentioned in the readme with an explanation would be helpful.
@lurch lurch added documentation Improvements or additions to documentation question Further information is requested labels Oct 2, 2024
@will-v-pi
Copy link
Contributor

The problem I encountered is, that the bootloader often fails with other binaries than the hello_serial example.

Can you share any of these other binaries, as this sounds like a bug which needs to be fixed

@phidahl
Copy link
Author

phidahl commented Oct 2, 2024

I'll try to come up with a minimal example reproducing this behaviour. The binaries and keys I cannot share. Sorry.

@will-v-pi
Copy link
Contributor

I've managed to reproduce this with the hello_usb example, and it seems to be an issue in picotool encrypt when there is a gap between the .text and .rodata sections in the ELF file. I will investigate further, but for a temporary fix you can apply this diff to the pico-sdk and it should work.

--- a/src/rp2_common/pico_crt0/rp2350/memmap_no_flash.ld
+++ b/src/rp2_common/pico_crt0/rp2350/memmap_no_flash.ld
@@ -70,10 +70,10 @@ SECTIONS
         *(.dtors)
 
         *(.eh_frame*)
+        . = ALIGN(8);
     } > RAM
 
     .rodata : {
-        . = ALIGN(4);
         *(.rodata*)
         *(.srodata*)
         . = ALIGN(4);

@will-v-pi will-v-pi mentioned this issue Oct 2, 2024
Open
@phidahl
Copy link
Author

phidahl commented Oct 2, 2024

That is interesting! Thanks!
I'm still working on my minimal example. It seems that if I add tinyusb to hello_serial example, causes the error. But only if I add some arrays to bloat the code.
But this seem to be consistent with your findings on hello_usb.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@will-v-pi will-v-pi

Labels
documentation Improvements or additions to documentation question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lurch @phidahl @will-v-pi