Working on an app that currently includes OTA updates. Maybe I am missing something here but it seems to me like sending a plaintext update over the web and then encrypting it when it is burned into flash is upside down. Of course encryption in flash is a good idea, but the plaintext update seems a much more likely attack vector. It certainly seems like securing the OTA update itself would be a much higher priority than securing the flash. Of course you can sign the update to prevent it from being modified but that doesn't help with reverse engineering of your code.
I did see some discussion of this as well as this statement at:
https://www.esp32.com/viewtopic.php?f=2 ... 536#p31607
We'll add official support for pre-encrypted OTA updates in a future IDF update.
Has this happened? If it has not, am I missing something regarding it's importance?
Thanks,
Don