From c4e445b6f38f753f496aac295c6eb90158e36555 Mon Sep 17 00:00:00 2001 From: Sachin Parekh Date: Tue, 21 Sep 2021 17:13:01 +0530 Subject: [PATCH] secure_boot: Enable --no-stub if secure boot enabled ROM code doesn't allow loader stub to be executed in case secure boot in enabled. Providing --no-stub flag to esptool allows user to flash new firmware, given download mode hasn't been disabled --- components/bootloader/Kconfig.projbuild | 1 + 1 file changed, 1 insertion(+) diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild index 1ad38ea99a..282b68c6a7 100644 --- a/components/bootloader/Kconfig.projbuild +++ b/components/bootloader/Kconfig.projbuild @@ -502,6 +502,7 @@ menu "Security features" bool "Enable hardware Secure Boot in bootloader (READ DOCS FIRST)" default n depends on IDF_TARGET_ESP32 || IDF_TARGET_ESP32S2 || ESP32C3_REV_MIN_3 || IDF_TARGET_ESP32S3 + select ESPTOOLPY_NO_STUB if !IDF_TARGET_ESP32 && !IDF_TARGET_ESP32S2 help Build a bootloader which enables Secure Boot on first boot.