OTA update using encrypted binary over HTTPS

Asvn Rohit
Posts: 3
Joined: Mon May 31, 2021 6:33 am

OTA update using encrypted binary over HTTPS

Postby Asvn Rohit » Tue Jun 01, 2021 6:07 am

Hello,

I am trying to implement OTA along with flash encryption and secure boot. I am using esp32s2 and the esp-idf version is 4.2.1

The secure boot and flash encryption are working. I am able to upload plain text to my server and get update the chip over OTA.

I host generated the flash encryption key so that I can encrypt the app image and upload it to the server for OTA update. I signed the app with the secure boot key and encrypted the signed app. I uploaded it to the server but I get a secure boot error (magic word wrong). Then I tried encrypting the image first and then signing it with the secure boot key and this also didn't work.

Is there a way to OTA update the chip using an encrypted signed binary to the server? or only plaintext update possible?

jhulbert
Posts: 4
Joined: Thu Jan 28, 2021 9:50 pm

Re: OTA update using encrypted binary over HTTPS

Postby jhulbert » Thu Jun 03, 2021 8:07 pm

Replying for traction. I'm also interested in seeing an answer to this.

WiFive
Posts: 3241
Joined: Tue Dec 01, 2015 7:35 am

Re: OTA update using encrypted binary over HTTPS

Postby WiFive » Thu Jun 03, 2021 11:04 pm

You would have to either modify existing or use a custom ota routine to write the image to the flash without encrypting it

Who is online

Users browsing this forum: Majestic-12 [Bot] and 46 guests