Page 1 of 1

OTA update using DS module

Posted: Fri Aug 18, 2023 8:26 am
by am0xffff
Hello,

We are working with a esp32-c3 module (devkit-m1) and are using the Digital Signature module to establish mTLS.

We are using the esp-tls component for https operations, since it supports the DS module.

The issue we are facing is that the esp_https_ota component used for ota updates doesn't seem to support esp-tls configurations, but rather it wants an esp_http_client config. This configuration seems to offer support for secure element, but not DS module.
Is DS supported by esp_https_ota? Or are there any other ways to perform ota updates using DS that we are missing?

Many thanks,
Alex

Re: OTA update using DS module

Posted: Mon Aug 21, 2023 5:13 am
by ESP_flying_raijin
Hi Alex,
Yes you are right, the DS support is not present in the client configuration structure.
I will soon share a patch with you that shall enable you to use DS peripheral for establishing the TLS connection at the time of OTA.

Re: OTA update using DS module

Posted: Mon Aug 21, 2023 2:25 pm
by am0xffff
That's great, thanks @ESP_flying_raijin

Re: OTA update using DS module

Posted: Wed Aug 23, 2023 8:42 am
by am0xffff
ESP_flying_raijin wrote:
Mon Aug 21, 2023 5:13 am
Hi Alex,
Yes you are right, the DS support is not present in the client configuration structure.
I will soon share a patch with you that shall enable you to use DS peripheral for establishing the TLS connection at the time of OTA.
Hello,
I was wondering if there were any updates on the patch mentioned?

Re: OTA update using DS module

Posted: Mon Sep 04, 2023 3:29 am
by ESP_flying_raijin
Hi Alex,

Sorry for the delayed reply.

Please find the patch at this link https://gist.github.com/AdityaHPatwardh ... eral-patch
With this you would have to provide the DS context to the esp_http_client configuration structure.
Just for reference - The ds_context would act as a private key hence you only need to provide the DS context and no private key needs to be provided. Other configurations remain the same.
To generate the ds context and store it on the device in a standard manner you can make use of the https://github.com/espressif/esp_secure_cert_mgr library.

Please find the instructions at https://github.com/espressif/esp_secure ... -partition

Thanks,
Aditya

Re: OTA update using DS module

Posted: Tue Sep 05, 2023 8:06 am
by am0xffff
Hi Aditya,

Works like a charm, thank you very much!

Any plans on adding this to future release of esp-idf?