Differences between idf 4.3 and 4.4 regarding OTA update with flash encryption and secure boot enabled the first time.
Posted: Thu Apr 13, 2023 8:37 am
This is not a problem I am stuck on but I am asking because I want to know the root cause of the issue.
We have an "Installer" build which is flashed before the main application via UART and is used to install a BLE certificate. Afterwards the actual "Release" build is flashed using the OTA feature. At some point we had a constellation that Installer build did not have Secure Boot and Flash Encryption enabled but we did burn a public key into the Fuses prior to that. Did not burn the ABS_DONE flag tough as that was intended to be done via the app on boot. The Release build did have SB and FE in Release mode enabled. This constellation seemed to work while we were flashing 4.3.4 firmware on those boards. But when we upgraded to 4.4.4 the boards produced that way all broke on update and refused to boot the application binary after the bootloader loaded. We switched to the Installer having SB and FE enabled and then it worked.
So my main questions are:
1. What happens when you enable SB and FE in a app binary that you then flash via OTA on a build that does not have them enabled? Should it even work and if yes, are there caveats?
2. What are the differences between 4.3 and 4.4 that could have caused this behaviour? Reading the changelogs or doing a diff of the two sdkconfigs did not indicate anything to produce such a different behaviour.
We have an "Installer" build which is flashed before the main application via UART and is used to install a BLE certificate. Afterwards the actual "Release" build is flashed using the OTA feature. At some point we had a constellation that Installer build did not have Secure Boot and Flash Encryption enabled but we did burn a public key into the Fuses prior to that. Did not burn the ABS_DONE flag tough as that was intended to be done via the app on boot. The Release build did have SB and FE in Release mode enabled. This constellation seemed to work while we were flashing 4.3.4 firmware on those boards. But when we upgraded to 4.4.4 the boards produced that way all broke on update and refused to boot the application binary after the bootloader loaded. We switched to the Installer having SB and FE enabled and then it worked.
So my main questions are:
1. What happens when you enable SB and FE in a app binary that you then flash via OTA on a build that does not have them enabled? Should it even work and if yes, are there caveats?
2. What are the differences between 4.3 and 4.4 that could have caused this behaviour? Reading the changelogs or doing a diff of the two sdkconfigs did not indicate anything to produce such a different behaviour.