---
Hello friends,
I’ve officially gone insane trying to get this to work. My carpet is now Gorilla-glued to the ceiling, and I’m still no closer to making a encrypted sealed RP2350 image actually *boot*.
I’m experimenting with the **RP2350 secure boot flow**, trying to get a fully sealed and encrypted image to run, tried loading from flash (via partitions and just the normal way via "picotool load") and also tried chain-loading from a small unencrypted (but signed) stub in partition A.
---
![🧩]()
What I attempted
Here’s the rough sequence of pain and discovery:
1. Built a no-flash firmware
* Compiled a simple ELF with `PICO_NO_FLASH=1` so it runs entirely from SRAM (`.text` at `0x20000000`, vectors at `0x20080000`).
* Confirmed section layout looked good via `arm-none-eabi-readelf`.
2. Tried sealing it directly
* Used `picotool seal` to sign the ELF, then ran encrypt with --sign and --embed and then sealed the encrypted elf once more to get my final image.
* I tried loading it with `picotool load`. It would only write to **RAM**, never flash, and the device didn’t execute anything.
4. Verified sealed image
* `picotool info -a` *does* show metadata for the sealed image (when using partitions otherwise “Program Information: none”):
* Valid hash and signature
* Image type: ARM Secure
* But the ROM never executes it, device freezes up(?)
5. Partition experiments
* Current flash map (from `picotool partition info`):
* Tried loading the sealed image into Partition 1 (`-p 1`), and a small unencrypted loader into Partition 0.
* The loader reads the ELF header from flash, copies sections to SRAM, sets VTOR/MSP, and tries to jump.
* It blinks an LED to show progress, it only ever gets to **1 blink** (found ELF header, crash during copy). [This is me giving up and trying random stuff idk, for some reason when using --embed, it gives a elf that's still not linked to flash but rather no_flash and I don't understand what I'm doing wrong, or why the --embed command is even there if it doesn't produce a flash image, I tried compiling the enc_bootloader but I can't get it to compile properly (only produces elf, bin, but not the uf2 file, and crashes picotool when attempting to sign it), not sure if that's related or not.]
6. Even tried converting to UF2
* It flashed to FLASH, but as you would expect, it didn't run. (Didn't think it would.)
* Yes I uploaded the OTP.json, and yes signed images (non-encrypted) do run, my issue is specifically with encryption.
* And yes the image I'm trying to encrypt (original sketch) was built with no_flash.
---
![⚙️]()
What I suspect
* I did something wrong (probably this one)
---
![❓]()
What I’m hoping to learn
1. How to properly flash and boot a **encrypted, sealed, signed image** on RP2350, not just into RAM, but encrypted and put onto the flash memory.
2. Whether `picotool load` supports writing secure encrypted images to **flash partitions** yet.
3. Whether sealing + encryption of a no-flash ELF is even the correct workflow for a fully RAM-resident secure app.
4. How to remove gorilla glue.
---
![🧠]()
Environment
* OS: Windows 11
* Board: RP2350 (Pico 2 W)
* Tools:
* `picotool 2.2.0-a4-x64-win`
* Arduino-Pico 4.7.0
* `arm-none-eabi-gcc` 12.x
---
![💬]()
Closing
At this point, I’ve tried sealing, signing, encrypting, re-sealing, raw ELF, UF2, BIN, partitioned and unpartitioned loads, all of which either crash, only load to RAM, or simply don’t execute.
If there’s any official documentation (I've seen them all I'm pretty sure, but I still don't understand it) or working example showing how a **encrypted, sealed secure image** should actually be flashed and booted on the RP2350, I’d love to see it, before I glue anything else to the ceiling.
Thank you kindly![🙏]()
- *A very tired carpet-gluer*
Hello friends,
I’ve officially gone insane trying to get this to work. My carpet is now Gorilla-glued to the ceiling, and I’m still no closer to making a encrypted sealed RP2350 image actually *boot*.
I’m experimenting with the **RP2350 secure boot flow**, trying to get a fully sealed and encrypted image to run, tried loading from flash (via partitions and just the normal way via "picotool load") and also tried chain-loading from a small unencrypted (but signed) stub in partition A.
---
What I attemptedHere’s the rough sequence of pain and discovery:
1. Built a no-flash firmware
* Compiled a simple ELF with `PICO_NO_FLASH=1` so it runs entirely from SRAM (`.text` at `0x20000000`, vectors at `0x20080000`).
* Confirmed section layout looked good via `arm-none-eabi-readelf`.
2. Tried sealing it directly
* Used `picotool seal` to sign the ELF, then ran encrypt with --sign and --embed and then sealed the encrypted elf once more to get my final image.
* I tried loading it with `picotool load`. It would only write to **RAM**, never flash, and the device didn’t execute anything.
4. Verified sealed image
* `picotool info -a` *does* show metadata for the sealed image (when using partitions otherwise “Program Information: none”):
* Valid hash and signature
* Image type: ARM Secure
* But the ROM never executes it, device freezes up(?)
5. Partition experiments
* Current flash map (from `picotool partition info`):
Code:
0 (A) 00010000→00080000 “A” rp2350-arm-s 1 (B) 00080000→000F0000 “B” rp2350-arm-s * The loader reads the ELF header from flash, copies sections to SRAM, sets VTOR/MSP, and tries to jump.
* It blinks an LED to show progress, it only ever gets to **1 blink** (found ELF header, crash during copy). [This is me giving up and trying random stuff idk, for some reason when using --embed, it gives a elf that's still not linked to flash but rather no_flash and I don't understand what I'm doing wrong, or why the --embed command is even there if it doesn't produce a flash image, I tried compiling the enc_bootloader but I can't get it to compile properly (only produces elf, bin, but not the uf2 file, and crashes picotool when attempting to sign it), not sure if that's related or not.]
6. Even tried converting to UF2
* It flashed to FLASH, but as you would expect, it didn't run. (Didn't think it would.)
* Yes I uploaded the OTP.json, and yes signed images (non-encrypted) do run, my issue is specifically with encryption.
* And yes the image I'm trying to encrypt (original sketch) was built with no_flash.
---
What I suspect* I did something wrong (probably this one)
---
What I’m hoping to learn1. How to properly flash and boot a **encrypted, sealed, signed image** on RP2350, not just into RAM, but encrypted and put onto the flash memory.
2. Whether `picotool load` supports writing secure encrypted images to **flash partitions** yet.
3. Whether sealing + encryption of a no-flash ELF is even the correct workflow for a fully RAM-resident secure app.
4. How to remove gorilla glue.
---
Environment* OS: Windows 11
* Board: RP2350 (Pico 2 W)
* Tools:
* `picotool 2.2.0-a4-x64-win`
* Arduino-Pico 4.7.0
* `arm-none-eabi-gcc` 12.x
---
ClosingAt this point, I’ve tried sealing, signing, encrypting, re-sealing, raw ELF, UF2, BIN, partitioned and unpartitioned loads, all of which either crash, only load to RAM, or simply don’t execute.
If there’s any official documentation (I've seen them all I'm pretty sure, but I still don't understand it) or working example showing how a **encrypted, sealed secure image** should actually be flashed and booted on the RP2350, I’d love to see it, before I glue anything else to the ceiling.
Thank you kindly
- *A very tired carpet-gluer*
Statistics: Posted by Mr.C_Lang — Tue Oct 21, 2025 11:32 pm