ESP32 Forum

ESP32 Official Forum
https://esp32.com/

Secure Boot V2 Reflashable + flash encryption

https://esp32.com/viewtopic.php?f=13&t=25602

Page 1 of 1

Secure Boot V2 Reflashable + flash encryption

Posted: Mon Jan 17, 2022 5:11 pm
by RMandR
The IDF 4.1.2 documentation refers to reflashable but I think that's only for V1.

Provided that we have host generated per device flash encryption keys and secure boot keys, what steps do we need to take allow for serial uploading of new firmware (signed and encrypted)?

thx

Re: Secure Boot V2 Reflashable + flash encryption

Posted: Thu Feb 10, 2022 7:03 am
by ESP_Mahavir
Provided that we have host generated per device flash encryption keys and secure boot keys, what steps do we need to take allow for serial uploading of new firmware (signed and encrypted)?
(Assuming this in context of ESP32) If you have host generated keys then you could always update signed and encrypted firmware via UART port. Firmware must be signed with private RSA key on host machine and then uploaded to device over UART. Please note that, "UART ROM download mode" must be kept enabled for this. For co-existence with flash encryption enabled case, please see documentation at https://docs.espressif.com/projects/esp ... pted-flash.

If its case of OTA update then only signing is required for firmware. Encryption part will be taken care on device itself. Please see more details at https://docs.espressif.com/projects/esp ... -of-images

Please let us know if you have any followup questions.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/