picotool encryption example #282
Description
Hi everyone,
I think it would be useful for many of us to have a complete example showing how to enable secure boot and program encryption with picotool, starting from a UF2 file generated by the Arduino IDE.
For example I have this Arduino sketch:
---------------------------------
sketch.ino
---------------------------------
void setup() {
pinMode(LED_BUILTIN, OUTPUT); // Initialize onboard LED as output
}
void loop() {
digitalWrite(LED_BUILTIN, HIGH); // Turn LED on
delay(500);
digitalWrite(LED_BUILTIN, LOW); // Turn LED off
delay(500);
}
After compiling in the folder C:\Users$user\AppData\Local\arduino\sketches<sketch_id>I can find sketch.uf2, skecth.bin, sketch.elf.
I moved this 3 files under my Raspberry Pi 5 with picotool compiled from source.
I followed your docs to create my private.pem, privateaes.bin and ivsalt.bin and I moved them under key folder.
The next step I made was try to encrypt with picotool:
picotool encrypt --embed --sign --hash sketch.elf sketch.enc.elf key/privateaes.bin key/ivsalt.bin key/private.pem out.json
I added embed options because I haven't my custom bootloader.
After the execution I have in the folder sketch.enc.elf and out.json.
So I loaded them with:
picotool load sketch.enc.elf
picotool otp load out.json
I get positive result from picotool, but on Pico2 the led is not blinking, so I not sent the cmd to enable secure boot.
picotool otp set OTP_DATA_CRIT1.SECURE_BOOT_ENABLE 1
Maybe when I load the sketch.enc.elf I have to specify the address?
Thank you!