Thank you for the extra detail - it's making a lot more sense now. A requested feature is a way to provide pre-encrypted firmware binaries, so they can be served from a generic web server without any access controls. We don't have this in ESP-IDF right now. Do you have a link to where the above feat...

Thank you for your reply.

Just to be clear, after the first boot initial encryption of the flash, any subsequent OTA update could be sent in plaintext (over TLS) and would be automatically encrypted by the device on write to the flash?

Hi I have a question regarding the following statement from the ESP32 Flash Encryption introduction page. Flash encryption is intended for encrypting the contents of the ESP32’s off-chip flash memory. Once this feature is enabled, firmware is flashed as plaintext, and then the data is encrypted in p...