OTA update using encrypted binary over HTTPS
Posted: Tue Jun 01, 2021 6:07 am
Hello,
I am trying to implement OTA along with flash encryption and secure boot. I am using esp32s2 and the esp-idf version is 4.2.1
The secure boot and flash encryption are working. I am able to upload plain text to my server and get update the chip over OTA.
I host generated the flash encryption key so that I can encrypt the app image and upload it to the server for OTA update. I signed the app with the secure boot key and encrypted the signed app. I uploaded it to the server but I get a secure boot error (magic word wrong). Then I tried encrypting the image first and then signing it with the secure boot key and this also didn't work.
Is there a way to OTA update the chip using an encrypted signed binary to the server? or only plaintext update possible?
I am trying to implement OTA along with flash encryption and secure boot. I am using esp32s2 and the esp-idf version is 4.2.1
The secure boot and flash encryption are working. I am able to upload plain text to my server and get update the chip over OTA.
I host generated the flash encryption key so that I can encrypt the app image and upload it to the server for OTA update. I signed the app with the secure boot key and encrypted the signed app. I uploaded it to the server but I get a secure boot error (magic word wrong). Then I tried encrypting the image first and then signing it with the secure boot key and this also didn't work.
Is there a way to OTA update the chip using an encrypted signed binary to the server? or only plaintext update possible?