Encrypted OTA firmware

User avatar
fly135
Posts: 565
Joined: Wed Jan 03, 2018 8:33 pm
Location: Orlando, FL

Re: Encrypted OTA firmware

Postby fly135 » Fri Nov 09, 2018 4:07 pm

ESP_Angus wrote:
Mon Oct 01, 2018 11:22 pm
I believe the idea was to make it difficult to ship devices which use an insecure protocol for their OTA updates. Is HTTPS really that hard these days?
Also, supporting HTTPS is easy. No different than HTTP on the ESP32 side. It's the certificate that's extra work.

John A

User avatar
brp80000
Posts: 115
Joined: Thu Oct 04, 2018 7:13 pm

Re: Encrypted OTA firmware

Postby brp80000 » Tue Jan 08, 2019 1:37 pm

My device has factory partition and two OTA partitions.
Factory partition will be flash in the production of the PCB. Access to serial downloading will only be in production, then the PCB will be filled with a compound. The devices are then updated via OTA via TCP protocol from my server. I don't trust HTTPS its easy to crack.
I use esp-idf-v3.1.2 ...
How can I transfer already encrypted data through OTA?

User avatar
brp80000
Posts: 115
Joined: Thu Oct 04, 2018 7:13 pm

Re: Encrypted OTA firmware

Postby brp80000 » Thu Jan 10, 2019 8:51 am

ESP_Angus wrote:
Mon Oct 01, 2018 7:53 am
Hi zelea20,
Thanks for explaining your process so clearly. We'll add official support for pre-encrypted OTA updates in a future IDF update.
Was this added to the new IDF?
Can i use for it?
  • esp_ota_write

User avatar
brp80000
Posts: 115
Joined: Thu Oct 04, 2018 7:13 pm

Re: Encrypted OTA firmware

Postby brp80000 » Thu Jan 17, 2019 12:49 pm

Tell me the first time you compile the APP WITHOUT enabling flash encryption on boot. Then Encrypt the binary files and flash it.
Then you burn fuse FLASH_CRYPT_CNT
I do not understand when encrypted boot and partition table?

matiasalejandro
Posts: 2
Joined: Sat Jan 26, 2019 10:38 pm

Re: Encrypted OTA firmware

Postby matiasalejandro » Sat Jan 26, 2019 10:46 pm

Hi, coul you please send your esp_ota_ops.c
because I can not patch it with mine
Thanks.

User avatar
brp80000
Posts: 115
Joined: Thu Oct 04, 2018 7:13 pm

Re: Encrypted OTA firmware

Postby brp80000 » Tue Jan 29, 2019 1:39 am

Comrades from support, see what an important topic this is, add this feature to IDF. As you promised.
Sorry, my file won't work for you. Because I don't use https or http. I settled on the tcp. If you still want to see my file, send me your email in a private message.

matiasalejandro
Posts: 2
Joined: Sat Jan 26, 2019 10:38 pm

Re: Encrypted OTA firmware

Postby matiasalejandro » Wed Jan 30, 2019 1:33 pm

I, I cant send still private mesasge, my mail is matiasaleruizm@gmail.com Thanks.

Who is online

Users browsing this forum: Bing [Bot] and 19 guests