Page 1 of 1

Secure boot + HTTPS OTA firmware updates.

Posted: Wed Jul 22, 2020 9:26 pm
by SombraRPK
Hi you all!
I'm currently working on Arduino IDE and need to:

- Update the firmware using HTTPS OTA.
- Verify the new firmware is signed by myself.

Currently I do the OTA firmware update using HTTP protocol and everything works fine. But in order to implement better security practices, and given that the device must be updated periodically, I need to make this work this way. I'm just starting to know how the Secure Boot feature works. Can you help me, guys? Any ideas are welcome!

Re: Secure boot + HTTPS OTA firmware updates.

Posted: Thu Jul 23, 2020 5:11 am
by ESP_Angus
Hi Sombra,

ESP-IDF has support for both hardware secure boot and a simpler method where app digital signature is verified on OTA update.

However, I'm afraid you can't enable these options from Arduino IDE. Need to use ESP-IDF where you can edit the project configuration.

Angus

Re: Secure boot + HTTPS OTA firmware updates.

Posted: Thu Jul 23, 2020 2:42 pm
by SombraRPK
Thanks for your answer, Angus!
I understand. Is there a way to use both Arduino and ESP-IDF? Or do I need to migrate all all to ESP-IDF.

Greetings!

Re: Secure boot + HTTPS OTA firmware updates.

Posted: Fri Jul 24, 2020 5:25 am
by ESP_Angus
There is a way to use the Arduino support as an ESP-IDF component:
https://github.com/espressif/arduino-es ... mponent.md

(This doc looks like it may be a little out of date for the latest ESP-IDF, but the approach is there.)

Re: Secure boot + HTTPS OTA firmware updates.

Posted: Tue Jul 28, 2020 1:35 pm
by SombraRPK
This will help me a lot, thanks, Angus!!