Hi, Please could someone help me clear up how updating SSL certificates for OTA would work on the ESP32 as they are currently compiled into the firmware. I'm using LetsEncrypt which requires certificates to be renewed every 90 days, although this question applies to all SSL certificates as they all ...

I'm having trouble understanding exactly what might be exposed, or what I need todo, if I'm using flash encryption and try to do an OTA update (via HTTPS). The binary downloaded can't be encrypted if every ESP32 has it's own unique decryption key, so, it must come down unencrypted (apart from the SS...

Thank you for letting me know. After your comment and re-reading the docs I've found this, for future reference: https://docs.espressif.com/projects/esp-idf/en/latest/security/flash-encryption.html#flash-encryption-initialisation On first boot, the bootloader sees FLASH_CRYPT_CNT efuse is set to 0 (...

I am planning to use encrypted flash to protect my IP. I am planning to use secure boot to protect the device. I'm currently using a WROOM-32 module. What I don't want is to allow a bit2bit copy of the (encrypted) flash to enable the original licensed device firmware/data to be copied to a secondary...

Hi,

I'm also facing exactly the same issue with fa59b1b1c9e9085dde5fb2bbc7610bbdb2289741

I've attach an edited version of make list-components. It has my projects components and pathnames omitted for NDA reasons.

Thanks