Hello all,
I deployed a few ESP32 sensors. I didn't encrypt the firmware or burn any efuse. The sensors are running ESP-IDF 4.4 with OTA enabled.
I was able to get the efuse burned using the efuse library, so I was able to disable JTAG remotely. However, I was looking for a way to encrypt the firmware remotely using OTA. Since the ESP32 relies on the EFUSE for the AES key and to check if the ESP has a secure boot on, is there a way to create a firmware that will burn the correct efuse, set encryption, and ensure any new firmware must be signed?
For one of my projects, all ESP32s are V3, so I want to use Secure Boot V2. However, my other projects, all use ESP32s but the rev is varied, so I want to enable Secure Boot V1.
Thanks!
Encrypt firmware after deployement without physical access
Who is online
Users browsing this forum: No registered users and 127 guests