Reverting back from Secure Boot

I initiated secure boot for my Pixhawk CubeOrange+. The process went as expected and secure boot is running fine. I checked by uploading unsigned firmware and the Pixhawk does not boot past the bootloader, again as expected. Now I want to revert back to normal boot.

I’m following the instructions on the github, using WSL2. The board is currently working fine with the signed firmware.

I connected my autopilot to MAVproxy. I’m having trouble understanding the commands to be executed. The documentation lists the commands as follows in MAVproxy:

 module load SecureCommand
  securecommand set private_keyfile my_private_key.dat
  securecommand getsessionkey

I replaced the dat file name with my private key file name, but after executing the command I get the message ‘No private key set’. I’m definitely going wrong in providing the private key file. I’m using MAVproxy in windows. Am I supposed to give the path to the private key file or enter the key itself? Could someone help me with the correct command and order?


1 Like

Update: I managed to remove the public keys via mavproxy. Now the issue when I push the new unsigned firmware, the board still remains in the bootloader loop. This prevents me from connecting to the board via serial connection and flashing the unsigned bootloader. Has anyone reverted back from secure boot to normal boot before?

1 Like

I’m also running into this issue, please ask, have you solved this issue now

1 Like

Same with me, getting the ‘No private key set’ message while running the securecommand instruction. How did you managed to remove the public keys via mavproxy?

Edit: seems like some issue with the pymonocypher module.
while loading the SecureCommand in MAVProxy, I get the text ‘Please install monocypher with: python3 -m pip install pymonocypher’
Digging into the code, I found out that this implies an import error for monocypher as it can be seen in the following snippet.

Issue Resolved.

  1. Ensure proper installation of pymonocypher
    Although you might install it via pip install pymonocypher, check by running the line import monocypher in python to ensure the proper installation of it.

  2. Run MAVProxy from the directory where the public and private keys are saved.

  3. After executing the command securecommand getpublickeys, you will get a list of public keys like this:

here, the total number of public keys is 4 (i.e. from 0 to 3). Hence, while executing the command securecommand removepublickeys 0 X (where X is the number of public keys), you must enter the value of X as 4 (and not 3).

These are the 3 things I was not following properly. Following these points I was able to shift from signed firmware to unsigned firmware and burn the unsigned bootloader.

1 Like

thank you very much !!

1 Like