Secure flash and firmware update.
Posted: Sun Apr 17, 2022 7:37 am
Hi there,
i use esp32_arduino + w5500 + tcp/ip client/server to update my firmware over Internet.
upgrade mechanism looks like:
Download process:
1 - download parts through my tcp/ip server
[encrypted_data_pat_1][crc_32]
[encrypted_data_pat_2][crc_32]
[encrypted_data_pat_3][crc_32]
...
2 - calculate crc32 for each part and compare it
3 - then i do decription
4 - write part to flash (through LITTLE_FS function file.write(part..))
5 - then i use Update.h to apply my firmware
Works good.
Now, i wan't to use secure flash function to secure my app
I downloaded and install esp-idf and esp32_ardiono and setted esp32_arduino as component. Copyed hello_world example and flashed it. So, all i described before can be runned through esp32_arduino idf component. Now i can obtain esp-idf functionality.
I know, i have to use FATFS to store data becuse of secure mode.
My plan is:
1 - Download part's like described before and store it in flash through FATFS and function fprintf.
2 - Using some function (maby part of OTA that can apply firmware in secure mode)
something else.
Question:
1 - It's possible?
Help
i use esp32_arduino + w5500 + tcp/ip client/server to update my firmware over Internet.
upgrade mechanism looks like:
Download process:
1 - download parts through my tcp/ip server
[encrypted_data_pat_1][crc_32]
[encrypted_data_pat_2][crc_32]
[encrypted_data_pat_3][crc_32]
...
2 - calculate crc32 for each part and compare it
3 - then i do decription
4 - write part to flash (through LITTLE_FS function file.write(part..))
5 - then i use Update.h to apply my firmware
Works good.
Now, i wan't to use secure flash function to secure my app
I downloaded and install esp-idf and esp32_ardiono and setted esp32_arduino as component. Copyed hello_world example and flashed it. So, all i described before can be runned through esp32_arduino idf component. Now i can obtain esp-idf functionality.
I know, i have to use FATFS to store data becuse of secure mode.
My plan is:
1 - Download part's like described before and store it in flash through FATFS and function fprintf.
2 - Using some function (maby part of OTA that can apply firmware in secure mode)
something else.
Question:
1 - It's possible?
Help