esp-idf/examples/system/efuse/pytest_system_efuse_example.py

# SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Unlicense OR CC0-1.0
from __future__ import unicode_literals

import logging
import os

import pytest
from pytest_embedded import Dut
from pytest_embedded_qemu.dut import QemuDut


@pytest.mark.generic
@pytest.mark.esp32
@pytest.mark.esp32c2
@pytest.mark.esp32c3
def test_examples_efuse(dut: Dut) -> None:
    dut.expect(r'example: Coding Scheme (3/4)|(NONE)|(REPEAT)|(RS \(Reed-Solomon coding\))', timeout=20)
    dut.expect(['example: read efuse fields',
                r'example: 1. read MAC address: {}'.format(r':'.join((r'[0-9a-f]{2}',) * 6)),
                'example: 2. read secure_version: 0',
                'example: 3. read custom fields',
                'example: module_version = 0',
                'example: device_role = None',
                'example: setting_1 = 0',
                'example: setting_2 = 0',
                'example: custom_secure_version = 0',
                'example: This example does not burn any efuse in reality only virtually',
                'example: Write operations in efuse fields are performed virtually',
                'example: write custom efuse fields',
                'efuse: Virtual efuses enabled: Not really burning eFuses',
                'example: module_version = 1',
                'example: device_role = Slave',
                'example: setting_1 = 3',
                'example: setting_2 = 4',
                'example: custom_secure_version = 5',
                'example: Done'], expect_all=True)


@pytest.mark.generic
@pytest.mark.esp32
@pytest.mark.esp32c2
@pytest.mark.esp32c3
@pytest.mark.esp32c6
@pytest.mark.esp32h2
@pytest.mark.esp32s2
@pytest.mark.esp32s3
@pytest.mark.parametrize('config', ['virt_flash_enc',], indirect=True)
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
def test_examples_efuse_with_virt_flash_enc(dut: Dut) -> None:
    # check and log bin size
    binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
    bin_size = os.path.getsize(binary_file)
    logging.info('{}_bootloader_virt_flash_enc_bin_size: {}KB'.format(dut.app.target, bin_size // 1024))

    print(' - Erase flash')
    dut.serial.erase_flash()

    print(' - Start app (flash partition_table and app)')
    dut.serial.write_flash_no_enc()
    dut.expect('Loading virtual efuse blocks from real efuses')
    dut.expect('Checking flash encryption...')
    dut.expect('Generating new flash encryption key...')
    if dut.app.target == 'esp32':
        dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 2')
        dut.expect('Setting CRYPT_CONFIG efuse to 0xF')
        dut.expect('Not disabling UART bootloader encryption')
        dut.expect('Disable UART bootloader decryption...')
        dut.expect('Disable UART bootloader MMU cache...')
        dut.expect('Disable JTAG...')
        dut.expect('Disable ROM BASIC interpreter fallback...')
    else:
        if dut.app.target == 'esp32c2':
            dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 1')
        else:
            dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 4')
        dut.expect('Not disabling UART bootloader encryption')
        if dut.app.target != 'esp32h2':
            dut.expect('Disable UART bootloader cache...')
        dut.expect('Disable JTAG...')
    dut.expect('bootloader encrypted successfully')
    dut.expect('partition table encrypted and loaded successfully')
    dut.expect('Flash encryption completed', timeout=90)
    dut.expect('Resetting with flash encryption enabled...')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Checking flash encryption...')
    if dut.app.target == 'esp32':
        dut.expect_exact('flash encryption is enabled (3 plaintext flashes left)', timeout=3)
    else:
        dut.expect_exact('flash encryption is enabled (1 plaintext flashes left)')

    dut.expect_exact('Flash encryption mode is DEVELOPMENT (not secure)')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')


@pytest.mark.generic
@pytest.mark.esp32s2
@pytest.mark.parametrize('config', ['virt_flash_enc_aes_256',], indirect=True)
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
def test_examples_efuse_with_virt_flash_enc_aes_256(dut: Dut) -> None:
    # Only ESP32-S2 has support AES-256 FLASH_ENCRYPTION key
    # check and log bin size
    binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
    bin_size = os.path.getsize(binary_file)
    logging.info('{}_bootloader_virt_flash_enc_aes_256_bin_size: {}KB'.format(dut.app.target, bin_size // 1024))

    print(' - Erase flash')
    dut.serial.erase_flash()

    print(' - Start app (flash partition_table and app)')
    dut.serial.write_flash_no_enc()
    dut.expect('Loading virtual efuse blocks from real efuses')
    dut.expect('Checking flash encryption...')
    dut.expect('Generating new flash encryption key...')

    dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 2')
    dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 3')
    dut.expect('Not disabling UART bootloader encryption')
    if dut.app.target != 'esp32h2':
        dut.expect('Disable UART bootloader cache...')
    dut.expect('Disable JTAG...')

    dut.expect('bootloader encrypted successfully')
    dut.expect('partition table encrypted and loaded successfully')
    dut.expect('Flash encryption completed', timeout=90)
    dut.expect('Resetting with flash encryption enabled...')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Checking flash encryption...')
    dut.expect_exact('flash encryption is enabled (1 plaintext flashes left)')

    dut.expect_exact('Flash encryption mode is DEVELOPMENT (not secure)')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')


@pytest.mark.generic
@pytest.mark.esp32
@pytest.mark.esp32c2
@pytest.mark.esp32c3
@pytest.mark.esp32c6
@pytest.mark.esp32h2
@pytest.mark.esp32s2
@pytest.mark.esp32s3
@pytest.mark.parametrize('config', ['virt_flash_enc',], indirect=True)
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
def test_examples_efuse_with_virt_flash_enc_pre_loaded(dut: Dut) -> None:

    print(' - Erase flash')
    dut.serial.erase_flash()

    print(' - Start app (flash partition_table and app)')
    dut.serial.write_flash_no_enc()
    dut.expect('Loading virtual efuse blocks from real efuses')
    dut.expect('Flash encryption completed', timeout=90)
    dut.expect('Resetting with flash encryption enabled...')

    dut.expect_exact('Flash encryption mode is DEVELOPMENT (not secure)')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')

    if dut.app.target == 'esp32':
        print(' - Flash emul_efuse with pre-loaded efuses (FLASH_CRYPT_CNT 1 -> 0)')
        # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
        FLASH_CRYPT_CNT = 20
        # Resets eFuse, which enables Flash encryption feature
        dut.serial.erase_field_on_emul_efuse([FLASH_CRYPT_CNT])
    elif dut.app.target == 'esp32c2':
        FLASH_CRYPT_CNT = 39
        dut.serial.erase_field_on_emul_efuse([FLASH_CRYPT_CNT])
    else:
        # offset of this eFuse is taken from components/efuse/{target}/esp_efuse_table.csv
        print(' - Flash emul_efuse with pre-loaded efuses (SPI_BOOT_CRYPT_CNT 1 -> 0)')
        SPI_BOOT_CRYPT_CNT = 82
        # Resets eFuse, which enables Flash encryption feature
        dut.serial.erase_field_on_emul_efuse([SPI_BOOT_CRYPT_CNT])

    print(' - Start app (flash partition_table and app)')
    dut.serial.write_flash_no_enc()
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Checking flash encryption...')
    dut.expect('Using pre-loaded flash encryption key in efuse')
    if dut.app.target == 'esp32':
        dut.expect('Setting CRYPT_CONFIG efuse to 0xF')
        dut.expect('Not disabling UART bootloader encryption')
        dut.expect('Disable UART bootloader decryption...')
        dut.expect('Disable UART bootloader MMU cache...')
        dut.expect('Disable JTAG...')
        dut.expect('Disable ROM BASIC interpreter fallback...')
    else:
        dut.expect('Not disabling UART bootloader encryption')
        if dut.app.target != 'esp32h2':
            dut.expect('Disable UART bootloader cache...')
        dut.expect('Disable JTAG...')
    dut.expect('bootloader encrypted successfully')
    dut.expect('partition table encrypted and loaded successfully')
    dut.expect('Flash encryption completed', timeout=90)
    dut.expect('Resetting with flash encryption enabled...')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Checking flash encryption...')
    if dut.app.target == 'esp32':
        dut.expect_exact('flash encryption is enabled (3 plaintext flashes left)')
    else:
        dut.expect_exact('flash encryption is enabled (1 plaintext flashes left)')

    dut.expect_exact('Flash encryption mode is DEVELOPMENT (not secure)')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')


@pytest.mark.generic
@pytest.mark.esp32
@pytest.mark.esp32c2
@pytest.mark.esp32c3
@pytest.mark.esp32c6
@pytest.mark.esp32h2
@pytest.mark.esp32s2
@pytest.mark.esp32s3
@pytest.mark.parametrize('config', ['virt_flash_enc_release',], indirect=True)
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
def test_examples_efuse_with_virt_flash_enc_release(dut: Dut) -> None:
    # check and log bin size
    binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
    bin_size = os.path.getsize(binary_file)
    logging.info('{}_bootloader_virt_flash_enc_release_bin_size: {}KB'.format(dut.app.target, bin_size // 1024))

    dut.serial.erase_flash()

    print(' - Start app (flash partition_table and app)')
    dut.serial.write_flash_no_enc()
    dut.expect('Loading virtual efuse blocks from real efuses')
    dut.expect('Checking flash encryption...')
    dut.expect('Generating new flash encryption key...')
    if dut.app.target == 'esp32':
        dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 2')
        dut.expect('Setting CRYPT_CONFIG efuse to 0xF')
        dut.expect('Disable UART bootloader encryption...')
        dut.expect('Disable UART bootloader decryption...')
        dut.expect('Disable UART bootloader MMU cache...')
        dut.expect('Disable JTAG...')
        dut.expect('Disable ROM BASIC interpreter fallback...')
    else:
        if dut.app.target == 'esp32c2':
            dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 1')
        else:
            dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 4')
        dut.expect('Disable UART bootloader encryption')
        if dut.app.target != 'esp32h2':
            dut.expect('Disable UART bootloader cache...')
        dut.expect('Disable JTAG...')
    dut.expect('bootloader encrypted successfully')
    dut.expect('partition table encrypted and loaded successfully')
    dut.expect('Setting CRYPT_CNT for permanent encryption', timeout=90)
    dut.expect('Flash encryption completed')
    dut.expect('Resetting with flash encryption enabled...')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Checking flash encryption...')
    dut.expect_exact('flash encryption is enabled (0 plaintext flashes left)', timeout=5)
    dut.expect('Flash encryption mode is RELEASE')
    dut.expect('Start eFuse example')
    dut.expect('Flash Encryption is in RELEASE mode')
    dut.expect('example: Done')


@pytest.mark.generic
@pytest.mark.esp32
@pytest.mark.parametrize('config', ['virt_secure_boot_v1',], indirect=True)
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
def test_examples_efuse_with_virt_secure_boot_v1(dut: Dut) -> None:
    # only for ESP32
    # check and log bin size
    binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
    bin_size = os.path.getsize(binary_file)
    logging.info('{}_bootloader_virt_secure_boot_v1_bin_size: {}KB'.format(dut.app.target, bin_size // 1024))

    print(' - Erase flash')
    dut.serial.erase_flash()

    print(' - Flash bootloader')
    dut.serial.bootloader_flash()

    print(' - Start app (flash partition_table and app)')
    dut.serial.flash()
    dut.expect('Loading virtual efuse blocks from real efuses')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v1: Generating new secure boot key...')
    dut.expect('secure_boot_v1: Generating secure boot digest...')
    dut.expect('secure_boot_v1: Digest generation complete')
    dut.expect('Checking secure boot...')

    dut.expect('secure_boot_v1: blowing secure boot efuse...')
    dut.expect('Read & write protecting new key...')
    dut.expect('Disable JTAG...')
    dut.expect('Disable ROM BASIC interpreter fallback...')
    dut.expect('secure_boot_v1: secure boot is now enabled for bootloader image')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')

    dut.serial.hard_reset()
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v1: bootloader secure boot is already enabled. No need to generate digest. continuing..')
    dut.expect('boot: Checking secure boot...')
    dut.expect('secure_boot_v1: bootloader secure boot is already enabled, continuing..')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')


@pytest.mark.generic
@pytest.mark.esp32
@pytest.mark.parametrize('config', ['virt_secure_boot_v1',], indirect=True)
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
def test_examples_efuse_with_virt_secure_boot_v1_pre_loaded(dut: Dut) -> None:
    print(' - Erase flash')
    dut.serial.erase_flash()
    print(' - Flash bootloader')
    dut.serial.bootloader_flash()
    print(' - Start app (flash partition_table and app)')
    dut.serial.flash()

    dut.expect('Loading virtual efuse blocks from real efuses')
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')

    print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_0 1 -> 0)')
    # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
    ABS_DONE_0 = 196
    # Resets eFuse, which enables Secure boot (V1) feature
    dut.serial.erase_field_on_emul_efuse([ABS_DONE_0])

    print(' - Start app (flash partition_table and app)')
    dut.serial.flash()
    dut.expect('Loading virtual efuse blocks from flash')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v1: Using pre-loaded secure boot key in EFUSE block 2')
    dut.expect('secure_boot_v1: Generating secure boot digest...')
    dut.expect('secure_boot_v1: Digest generation complete')
    dut.expect('Checking secure boot...')

    dut.expect('secure_boot_v1: blowing secure boot efuse...')
    dut.expect('Read & write protecting new key...')
    dut.expect('Disable JTAG...')
    dut.expect('Disable ROM BASIC interpreter fallback...')
    dut.expect('secure_boot_v1: secure boot is now enabled for bootloader image')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')

    dut.serial.hard_reset()
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v1: bootloader secure boot is already enabled. No need to generate digest. continuing..')
    dut.expect('Checking secure boot...')
    dut.expect('secure_boot_v1: bootloader secure boot is already enabled, continuing..')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')


@pytest.mark.esp32
@pytest.mark.esp32eco3
@pytest.mark.parametrize('config', [('virt_secure_boot_v2'),], indirect=True)
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
def test_examples_efuse_with_virt_secure_boot_v2(dut: Dut) -> None:
    # only for ESP32 ECO3
    binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
    bin_size = os.path.getsize(binary_file)
    logging.info('{}_bootloader_secure_boot_v2_bin_size: {}KB'.format(dut.app.target, bin_size // 1024))

    print(' - Erase flash')
    dut.serial.erase_flash()
    print(' - Flash bootloader')
    dut.serial.bootloader_flash()
    print(' - Start app (flash partition_table and app)')
    dut.serial.flash()
    dut.expect('Loading virtual efuse blocks from real efuses')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...', timeout=20)
    dut.expect('secure_boot_v2: Signature verified successfully!')

    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: Secure boot digests absent, generating..')
    dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
    dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the bootloader')

    dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 3')
    dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
    dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the app')
    dut.expect_exact('secure_boot_v2: Application key(0) matches with bootloader key(0)')

    dut.expect('secure_boot_v2: blowing secure boot efuse...')
    dut.expect('Disable JTAG...')
    dut.expect('Disable ROM BASIC interpreter fallback...')
    dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED')
    dut.expect('Prevent read disabling of additional efuses...')
    dut.expect('secure_boot_v2: Secure boot permanently enabled')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')

    dut.serial.hard_reset()
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')
    print(' - Erase flash')
    dut.serial.erase_flash()

    print(' - Flash bootloader and app')
    dut.serial.bootloader_flash()
    dut.serial.flash()
    dut.expect('Loading virtual efuse blocks from real efuses')
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')

    print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_1 1 -> 0)')
    # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
    ABS_DONE_1 = 197
    # Resets eFuse, which enables Secure boot (V2) feature
    dut.serial.erase_field_on_emul_efuse([ABS_DONE_1])

    print(' - Start app (flash partition_table and app)')
    dut.serial.flash()
    dut.expect('Loading virtual efuse blocks from flash')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully!')

    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: Secure boot digests already present')
    dut.expect('secure_boot_v2: Using pre-loaded public key digest in eFuse')
    dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
    dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the app')
    dut.expect_exact('secure_boot_v2: Application key(0) matches with bootloader key(0)')

    dut.expect('secure_boot_v2: blowing secure boot efuse...')
    dut.expect('Disable JTAG...')
    dut.expect('Disable ROM BASIC interpreter fallback...')
    dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED')
    dut.expect('Prevent read disabling of additional efuses...')
    dut.expect('secure_boot_v2: Secure boot permanently enabled')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')

    dut.serial.hard_reset()
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')


@pytest.mark.esp32
@pytest.mark.esp32eco3
@pytest.mark.parametrize('config', [('virt_secure_boot_v2'),], indirect=True)
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
def test_examples_efuse_with_virt_secure_boot_v2_pre_loaded(dut: Dut) -> None:

    print(' - Erase flash')
    dut.serial.erase_flash()
    print(' - Flash bootloader and app')
    dut.serial.bootloader_flash()
    print(' - Start app (flash partition_table and app)')
    dut.serial.flash()
    dut.expect('Loading virtual efuse blocks from real efuses')
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')

    print(' - Flash emul_efuse with pre-loaded efuses (ABS_DONE_1 1 -> 0)')
    # offset of this eFuse is taken from components/efuse/esp32/esp_efuse_table.csv
    ABS_DONE_1 = 197
    # Resets eFuse, which enables Secure boot (V2) feature
    dut.serial.erase_field_on_emul_efuse([ABS_DONE_1])

    print(' - Start app (flash partition_table and app)')
    dut.serial.flash()
    dut.expect('Loading virtual efuse blocks from flash')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully!')

    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: Secure boot digests already present')
    dut.expect('secure_boot_v2: Using pre-loaded public key digest in eFuse')
    dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
    dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the app')
    dut.expect_exact('secure_boot_v2: Application key(0) matches with bootloader key(0)')

    dut.expect('secure_boot_v2: blowing secure boot efuse...')
    dut.expect('Disable JTAG...')
    dut.expect('Disable ROM BASIC interpreter fallback...')
    dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED')
    dut.expect('Prevent read disabling of additional efuses...')
    dut.expect('secure_boot_v2: Secure boot permanently enabled')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')

    dut.serial.hard_reset()
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')


@pytest.mark.esp32c3
@pytest.mark.esp32c2
@pytest.mark.esp32c6
@pytest.mark.esp32h2
@pytest.mark.esp32p4
@pytest.mark.esp32s2
@pytest.mark.esp32s3
@pytest.mark.generic
@pytest.mark.parametrize('config', ['virt_secure_boot_v2'], indirect=True)
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(dut: Dut) -> None:
    # check and log bin size
    binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
    bin_size = os.path.getsize(binary_file)
    logging.info('{}_bootloader_virt_secure_boot_v2_bin_size: {}KB'.format(dut.app.target, bin_size // 1024))

    print(' - Erase flash')
    dut.serial.erase_flash()
    print(' - Flash bootloader')
    dut.serial.bootloader_flash()
    print(' - Start app (flash partition_table and app)')
    dut.serial.flash()
    dut.expect('Loading virtual efuse blocks from real efuses')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
    if dut.app.target == 'esp32c2':
        signed_scheme = 'ECDSA'
    else:
        signed_scheme = 'RSA-PSS'
    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
    dut.expect('secure_boot_v2: Signature verified successfully!')

    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: Secure boot digests absent, generating..')
    dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
    dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the bootloader')

    if dut.app.target == 'esp32c2':
        dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 3')
    else:
        dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 9')
    dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
    dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the app')
    dut.expect_exact('secure_boot_v2: Application key(0) matches with bootloader key(0)')
    if dut.app.target != 'esp32c2':
        dut.expect_exact('secure_boot_v2: Revoking empty key digest slot (1)...')
        dut.expect_exact('secure_boot_v2: Revoking empty key digest slot (2)...')
    dut.expect('secure_boot_v2: blowing secure boot efuse...')
    dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED')
    dut.expect('Disable hardware & software JTAG...')
    dut.expect('secure_boot_v2: Secure boot permanently enabled')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')

    dut.serial.hard_reset()
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')


@pytest.mark.esp32c3
@pytest.mark.esp32c2
@pytest.mark.esp32c6
@pytest.mark.esp32h2
@pytest.mark.esp32p4
@pytest.mark.esp32s2
@pytest.mark.esp32s3
@pytest.mark.generic
@pytest.mark.parametrize('config', ['virt_secure_boot_v2'], indirect=True)
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
def test_example_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(dut: Dut) -> None:
    print(' - Erase flash')
    dut.serial.erase_flash()

    print(' - Flash bootloader and app')
    dut.serial.bootloader_flash()
    dut.serial.flash()
    dut.expect('Loading virtual efuse blocks from real efuses')
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')

    print(' - Flash emul_efuse with pre-loaded efuses (SECURE_BOOT_EN 1 -> 0, SECURE_BOOT_KEY_REVOKE[0..2] -> 0)')
    # offsets of eFuses are taken from components/efuse/{target}/esp_efuse_table.csv
    if dut.app.target == 'esp32c2':
        SECURE_BOOT_EN = 53
        dut.serial.erase_field_on_emul_efuse([SECURE_BOOT_EN])
    else:
        SECURE_BOOT_EN = 116
        SECURE_BOOT_KEY_REVOKE0 = 85
        SECURE_BOOT_KEY_REVOKE1 = 86
        SECURE_BOOT_KEY_REVOKE2 = 87
        # Resets eFuse, which enables Secure boot feature
        # Resets eFuses, which control digest slots
        dut.serial.erase_field_on_emul_efuse([SECURE_BOOT_EN, SECURE_BOOT_KEY_REVOKE0, SECURE_BOOT_KEY_REVOKE1, SECURE_BOOT_KEY_REVOKE2])

    print(' - Start app (flash partition_table and app)')
    dut.serial.flash()
    dut.expect('Loading virtual efuse blocks from flash')

    dut.expect('Verifying image signature...')
    if dut.app.target == 'esp32c2':
        signed_scheme = 'ECDSA'
    else:
        signed_scheme = 'RSA-PSS'

    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: Secure boot digests already present')
    dut.expect('secure_boot_v2: Using pre-loaded public key digest in eFuse')
    dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
    dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the app')
    if dut.app.target != 'esp32c2':
        dut.expect_exact('secure_boot_v2: Revoking empty key digest slot (1)...')
        dut.expect_exact('secure_boot_v2: Revoking empty key digest slot (2)...')

    dut.expect('secure_boot_v2: blowing secure boot efuse...')
    dut.expect('UART ROM Download mode kept enabled - SECURITY COMPROMISED')
    dut.expect('Disable hardware & software JTAG...')
    dut.expect('secure_boot_v2: Secure boot permanently enabled', timeout=20)

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')

    dut.serial.hard_reset()
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
    dut.expect('Start eFuse example')
    dut.expect('example: Done')


@pytest.mark.generic
@pytest.mark.esp32
@pytest.mark.parametrize('config', ['virt_sb_v1_and_fe',], indirect=True)
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
def test_examples_efuse_with_virt_sb_v1_and_fe(dut: Dut) -> None:
    # check and log bin size
    binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
    bin_size = os.path.getsize(binary_file)
    logging.info('{}_bootloader_virt_sb_v1_and_fe_bin_size: {}KB'.format(dut.app.target, bin_size // 1024))

    print(' - Erase flash')
    dut.serial.erase_flash()

    print(' - Flash bootloader')
    dut.serial.bootloader_flash()

    print(' - Start app (flash partition_table and app)')
    dut.serial.write_flash_no_enc()
    dut.expect('Loading virtual efuse blocks from real efuses')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v1: Generating new secure boot key...')
    dut.expect('secure_boot_v1: Generating secure boot digest...')
    dut.expect('secure_boot_v1: Digest generation complete')

    dut.expect('Checking flash encryption...')
    dut.expect('flash_encrypt: Generating new flash encryption key...')
    dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 2')
    dut.expect('flash_encrypt: Setting CRYPT_CONFIG efuse to 0xF')
    dut.expect('flash_encrypt: Not disabling UART bootloader encryption')
    dut.expect('flash_encrypt: Disable UART bootloader decryption...')
    dut.expect('flash_encrypt: Disable UART bootloader MMU cache...')
    dut.expect('flash_encrypt: Disable JTAG...')
    dut.expect('flash_encrypt: Disable ROM BASIC interpreter fallback...')

    dut.expect('flash_encrypt: bootloader encrypted successfully')
    dut.expect('flash_encrypt: partition table encrypted and loaded successfully')

    dut.expect('Verifying image signature...')
    dut.expect('flash_encrypt: Flash encryption completed', timeout=90)

    dut.expect('Checking secure boot...')
    dut.expect('secure_boot_v1: blowing secure boot efuse...')
    dut.expect('Read & write protecting new key...')
    dut.expect('Disable JTAG...')
    dut.expect('Disable ROM BASIC interpreter fallback...')
    dut.expect('secure_boot_v1: secure boot is now enabled for bootloader image')
    dut.expect('Resetting with flash encryption enabled...')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v1: bootloader secure boot is already enabled. No need to generate digest. continuing..')
    dut.expect('Checking flash encryption...')
    dut.expect_exact('flash_encrypt: flash encryption is enabled (3 plaintext flashes left)')
    dut.expect('Checking secure boot...')
    dut.expect('secure_boot_v1: bootloader secure boot is already enabled, continuing..')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect_exact('flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Flash Encryption is NOT in RELEASE mode')
    dut.expect('example: Secure Boot is in RELEASE mode')
    dut.expect('example: Done')


@pytest.mark.esp32
@pytest.mark.esp32eco3
@pytest.mark.parametrize('config', ['virt_sb_v2_and_fe',], indirect=True)
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
def test_examples_efuse_with_virt_sb_v2_and_fe(dut: Dut) -> None:
    # check and log bin size
    binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
    bin_size = os.path.getsize(binary_file)
    logging.info('{}_bootloader_virt_sb_v2_and_fe_bin_size: {}KB'.format(dut.app.target, bin_size // 1024))

    print(' - Erase flash')
    dut.serial.erase_flash()

    print(' - Flash bootloader')
    dut.serial.bootloader_flash()

    print(' - Start app (flash partition_table and app)')
    dut.serial.write_flash_no_enc()
    dut.expect('Loading virtual efuse blocks from real efuses')

    dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully!')

    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully')
    dut.expect('secure_boot_v2: Secure boot digests absent, generating..')
    dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
    dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the bootloader')

    dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 3')
    dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
    dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the app')
    dut.expect_exact('secure_boot_v2: Application key(0) matches with bootloader key(0)')

    dut.expect('secure_boot_v2: blowing secure boot efuse...')
    dut.expect('Disable JTAG...')
    dut.expect('Disable ROM BASIC interpreter fallback...')
    dut.expect('Disable ROM Download mode...')
    dut.expect('secure_boot_v2: Secure boot permanently enabled')

    dut.expect('Checking flash encryption...')
    dut.expect('flash_encrypt: Generating new flash encryption key...')
    dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 2')
    dut.expect('flash_encrypt: Setting CRYPT_CONFIG efuse to 0xF')
    dut.expect('flash_encrypt: Not disabling UART bootloader encryption')
    dut.expect('flash_encrypt: Disable UART bootloader decryption...')
    dut.expect('flash_encrypt: Disable UART bootloader MMU cache...')
    dut.expect('flash_encrypt: Disable JTAG...')
    dut.expect('flash_encrypt: Disable ROM BASIC interpreter fallback...')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('flash_encrypt: bootloader encrypted successfully')
    dut.expect('flash_encrypt: partition table encrypted and loaded successfully')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('flash_encrypt: Flash encryption completed', timeout=90)
    dut.expect('Resetting with flash encryption enabled...')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
    dut.expect_exact('flash_encrypt: flash encryption is enabled (3 plaintext flashes left)')
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect_exact('flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Flash Encryption is NOT in RELEASE mode')
    dut.expect('example: Secure Boot is in RELEASE mode')
    dut.expect('example: Done')


@pytest.mark.esp32
@pytest.mark.host_test
@pytest.mark.qemu
@pytest.mark.parametrize('config', ['virt_sb_v2_and_fe.esp32.qemu',], indirect=True)
@pytest.mark.parametrize(
    'qemu_extra_args',
    [
        f'-drive file={os.path.join(os.path.dirname(__file__), "test", "esp32eco3_efuses.bin")},if=none,format=raw,id=efuse '
        '-global driver=nvram.esp32.efuse,property=drive,value=efuse '
        '-global driver=timer.esp32.timg,property=wdt_disable,value=true',
    ],
    indirect=True,
)
def test_examples_efuse_with_virt_sb_v2_and_fe_qemu(dut: QemuDut) -> None:
    try:
        dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
        dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
        dut.expect('secure_boot_v2: Signature verified successfully!')

        dut.expect('secure_boot_v2: enabling secure boot v2...')
        dut.expect('Verifying image signature...')
        dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
        dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
        dut.expect('secure_boot_v2: Signature verified successfully')
        dut.expect('secure_boot_v2: Secure boot digests absent, generating..')
        dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
        dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the bootloader')

        dut.expect('Writing EFUSE_BLK_KEY1 with purpose 3')
        dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
        dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the app')
        dut.expect_exact('secure_boot_v2: Application key(0) matches with bootloader key(0)')

        dut.expect('secure_boot_v2: blowing secure boot efuse...')
        dut.expect('Disable JTAG...')
        dut.expect('Disable ROM BASIC interpreter fallback...')
        dut.expect('Disable ROM Download mode...')
        dut.expect('secure_boot_v2: Secure boot permanently enabled')

        dut.expect('Checking flash encryption...')
        dut.expect('flash_encrypt: Generating new flash encryption key...')
        dut.expect('Writing EFUSE_BLK_KEY0 with purpose 2')
        dut.expect('flash_encrypt: Setting CRYPT_CONFIG efuse to 0xF')
        dut.expect('flash_encrypt: Not disabling UART bootloader encryption')
        dut.expect('flash_encrypt: Disable UART bootloader decryption...')
        dut.expect('flash_encrypt: Disable UART bootloader MMU cache...')
        dut.expect('flash_encrypt: Disable JTAG...')
        dut.expect('flash_encrypt: Disable ROM BASIC interpreter fallback...')

        dut.expect('Verifying image signature...')
        dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
        dut.expect('secure_boot_v2: Signature verified successfully!')
        dut.expect('flash_encrypt: bootloader encrypted successfully')
        dut.expect('flash_encrypt: partition table encrypted and loaded successfully')

        dut.expect('Verifying image signature...')
        dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
        dut.expect('secure_boot_v2: Signature verified successfully!')
        dut.expect('flash_encrypt: Flash encryption completed', timeout=120)
        dut.expect('Resetting with flash encryption enabled...')

        dut.expect('Verifying image signature...', timeout=180)
        dut.expect('secure_boot_v2: Verifying with RSA-PSS...')
        dut.expect('secure_boot_v2: Signature verified successfully!')
        dut.expect('secure_boot_v2: enabling secure boot v2...')
        dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
        dut.expect_exact('flash_encrypt: flash encryption is enabled (3 plaintext flashes left)')
        dut.expect_exact('flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)')
        dut.expect('main_task: Calling app_main()')
        dut.expect('Start eFuse example')
        dut.expect('example: Flash Encryption is NOT in RELEASE mode')
        dut.expect('example: Secure Boot is in RELEASE mode')
        dut.expect('example: Done')

    finally:
        # the above example test burns the efuses, and hence the efuses file which the
        # qemu uses to emulate the efuses, "test/esp32eco3_efuses.bin", gets modified.
        # Thus, restore the efuses file values back to the default ESP32-ECO3 efuses values.
        with open(os.path.join(os.path.dirname(__file__), 'test', 'esp32eco3_efuses.bin'), 'wb') as efuse_file:
            esp32eco3_efuses = '0' * 26 + '8' + '0' * 17 + '1' + '0' * 203
            efuse_file.write(bytearray.fromhex(esp32eco3_efuses))


@pytest.mark.esp32c3
@pytest.mark.esp32c2
@pytest.mark.esp32c6
@pytest.mark.esp32h2
@pytest.mark.esp32s2
@pytest.mark.esp32s3
@pytest.mark.generic
@pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True)
@pytest.mark.parametrize('config', ['virt_sb_v2_and_fe'], indirect=True)
def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(dut: Dut) -> None:
    # check and log bin size
    binary_file = os.path.join(dut.app.binary_path, 'bootloader', 'bootloader.bin')
    bin_size = os.path.getsize(binary_file)
    logging.info('{}_bootloader_virt_sb_v2_and_fe_bin_size: {}KB'.format(dut.app.target, bin_size // 1024))

    dut.serial.erase_flash()

    print(' - Flash bootloader')
    dut.serial.bootloader_flash()

    print(' - Start app (flash partition_table and app)')
    dut.serial.write_flash_no_enc()
    dut.expect('Loading virtual efuse blocks from real efuses')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
    signed_scheme = 'ECDSA' if dut.app.target == 'esp32c2' else 'RSA-PSS'
    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
    dut.expect('secure_boot_v2: Signature verified successfully!')

    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set')
    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: Secure boot digests absent, generating..')
    dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
    dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the bootloader')

    if dut.app.target == 'esp32c2':
        dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 3')
    else:
        dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 9')
    dut.expect('secure_boot_v2: Digests successfully calculated, 1 valid signatures')
    dut.expect_exact('secure_boot_v2: 1 signature block(s) found appended to the app')
    dut.expect_exact('secure_boot_v2: Application key(0) matches with bootloader key(0)')
    if dut.app.target != 'esp32c2':
        dut.expect_exact('secure_boot_v2: Revoking empty key digest slot (1)...')
        dut.expect_exact('secure_boot_v2: Revoking empty key digest slot (2)...')
    dut.expect('secure_boot_v2: blowing secure boot efuse...')
    dut.expect('Enabling Security download mode...')
    dut.expect('Disable hardware & software JTAG...')

    if dut.app.target != 'esp32c2':
        dut.expect('secure_boot_v2: Secure boot permanently enabled')

    dut.expect('Checking flash encryption...')
    dut.expect('flash_encrypt: Generating new flash encryption key...')
    if dut.app.target == 'esp32c2':
        dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 2')
    else:
        dut.expect(r'Writing EFUSE_BLK_KEY\d with purpose 4')

    dut.expect('Not disabling UART bootloader encryption')
    if dut.app.target != 'esp32h2':
        dut.expect('Disable UART bootloader cache...')
    dut.expect('Disable JTAG...')

    if dut.app.target == 'esp32c2':
        dut.expect('boot: Secure boot permanently enabled')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('flash_encrypt: bootloader encrypted successfully')
    dut.expect('flash_encrypt: partition table encrypted and loaded successfully')

    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('flash_encrypt: Flash encryption completed', timeout=90)
    dut.expect('Resetting with flash encryption enabled...')

    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect('Verifying image signature...')
    dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme)
    dut.expect('secure_boot_v2: Signature verified successfully!')
    dut.expect('secure_boot_v2: enabling secure boot v2...')
    dut.expect('secure_boot_v2: secure boot v2 is already enabled, continuing..')
    dut.expect_exact('flash_encrypt: flash encryption is enabled (1 plaintext flashes left)')
    dut.expect('Loading virtual efuse blocks from flash')
    dut.expect_exact('flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure)')
    dut.expect('main_task: Calling app_main()')
    dut.expect('Start eFuse example')
    dut.expect('example: Flash Encryption is NOT in RELEASE mode')
    dut.expect('example: Secure Boot is in RELEASE mode')
    dut.expect('example: Done')