ESP32 OTA with encrypted firmware

[hoainguyen265]

https://docs.espressif.com/projects/esp ... ption.html
In ESP document for flash encryption i found

OTA updates to encrypted partitions will automatically write encrypted, as long as the esp_partition_write function is used.

And in

Code: Select all

esp_ota_write

we use

Code: Select all

esp_partition_write

It mean the firmware ota is must be plaintext firmware.
But i want to do ota with encrypted firmware. This is a requirement for production.
Based on IDF document, i think i have to modified

Code: Select all

esp_partition_write

for write unencrypted data.

Is there any solution for this?
I also looking for ESP32 production guide.

[jcsbanks]

If you use https to fetch the firmware, and authenticate the ESP32, would that be a solution? This is what I am planning, to solve what sounds like a similar problem.

An alternative would be to encrypt the firmware to the individual device before sending it, will find and post the link...

[jcsbanks]

https://www.esp32.com/viewtopic.php?f=2 ... ted#p31536

[Ritesh]

https://docs.espressif.com/projects/esp ... ption.html
In ESP document for flash encryption i found

OTA updates to encrypted partitions will automatically write encrypted, as long as the esp_partition_write function is used.

And in

Code: Select all

esp_ota_write

we use

Code: Select all

esp_partition_write

It mean the firmware ota is must be plaintext firmware.
But i want to do ota with encrypted firmware. This is a requirement for production.
Based on IDF document, i think i have to modified

Code: Select all

esp_partition_write

for write unencrypted data.

Is there any solution for this?
I also looking for ESP32 production guide.

Hi,

Why you want OTA Firmware at time of production time? Because I believe you will just flash firmware using ESP32 tool at time of production and then user will update firmware using OTA based on requirements into device.

But it will be good to have encrypted firmware because of security.