(Solved) OTA encrypted flash transmission.

[brp80000]

My device has factory partition and two OTA partitions. Factory partition I flash at production together with the same encryption key AES. The devices are then updated via OTA via TCP protocol from my server. I don't trust HTTPS its easy to crack. I want to use flash encryption.
I use esp-idf-v3.1.2 ...
How can I transfer already encrypted data through OTA?

[brp80000]

Is it possible to use the transmission of encoded data in the new esp-idf-v3.1.2

[thethinker]

I believe there are multiple functions for writing to the Flash. According to:
https://demo-dijiudu.readthedocs.io/en/ ... ption.html

It says:

The ROM function esp_rom_spiflash_write_encrypted will write encrypted data to flash, the ROM function SPIWrite will write unencrypted to flash. (these function are not supported in esp-idf apps).

So if you want to write already encrypted file to flash, one way is to copy the HTTPS_OTA component files over to your project directory and modify it to use the SPIWrite. You will need to do all the checks that the partition_write does manually yourself.
Good luck

[brp80000]

I wanted to understand whether there was support for such a regime, as promised

ESP_Angus

http://bbs.esp32.com/viewtopic.php?f=2& ... a2028ce98c

[brp80000]

Comrades of the support I have already locked 3 of the chip well be so kind to help me. I have at stake a large batch of devices in a few thousand. This your sales. With created already 4 themes with questions to you. It is very difficult for me to understand the translation of your texts, probably they are written in Chinese-English or my level of English is not enough to understand your level. Well, or you have a new year?

[brp80000]

I answer myself: the function has not been implemented. I followed the example from the link and despite some differences in the new IDF I was able to do OTA with pre-encrypted firmware data, without decrypting it when placed in flash