Page 1 of 1

OTA update using encrypted binary over HTTPS

Posted: Tue Jun 01, 2021 6:07 am
by Asvn Rohit
Hello,

I am trying to implement OTA along with flash encryption and secure boot. I am using esp32s2 and the esp-idf version is 4.2.1

The secure boot and flash encryption are working. I am able to upload plain text to my server and get update the chip over OTA.

I host generated the flash encryption key so that I can encrypt the app image and upload it to the server for OTA update. I signed the app with the secure boot key and encrypted the signed app. I uploaded it to the server but I get a secure boot error (magic word wrong). Then I tried encrypting the image first and then signing it with the secure boot key and this also didn't work.

Is there a way to OTA update the chip using an encrypted signed binary to the server? or only plaintext update possible?

Re: OTA update using encrypted binary over HTTPS

Posted: Thu Jun 03, 2021 8:07 pm
by jhulbert
Replying for traction. I'm also interested in seeing an answer to this.

Re: OTA update using encrypted binary over HTTPS

Posted: Thu Jun 03, 2021 11:04 pm
by WiFive
You would have to either modify existing or use a custom ota routine to write the image to the flash without encrypting it

Re: OTA update using encrypted binary over HTTPS

Posted: Fri Jun 03, 2022 3:09 pm
by jojojijijojo
If flash key is generated on host, then burned to ESP, do we have to encrypt flash binary file before deploying it for OTA updates or do we deploy plain text flash binary?

In other words, every time we release an update over the air, do we encrypt the binary file before sending it to remote ESPs or do we send the binaries in plaintext? Given that we have flash key generated on host.

Re: OTA update using encrypted binary over HTTPS

Posted: Wed Jul 27, 2022 12:23 pm
by martins
jojojijijojo wrote:
Fri Jun 03, 2022 3:09 pm
If flash key is generated on host, then burned to ESP, do we have to encrypt flash binary file before deploying it for OTA updates or do we deploy plain text flash binary?

In other words, every time we release an update over the air, do we encrypt the binary file before sending it to remote ESPs or do we send the binaries in plaintext? Given that we have flash key generated on host.
By my understanding it seems that you would deploy plaintext anyways, because encryption/decryption happens on targer ESP during write/read.

I on the other hand deffinitelly need the ota update image to be encrypted while flash contents would not even need to be enrypted (I'm using PICO-V3 where flash contents should not really be externally accessible). But from discuccions it seems that OTA updates does not work with pre-encrypted images?

Can anyone explain or share the info on how to use pre-encrypted OTA images correctly?

Edit:
Found this topic https://www.esp32.com/viewtopic.php?f=2&t=28639 , which refers to this issue https://github.com/espressif/esp-idf/issues/8776 , which also refers to this issue https://github.com/espressif/esp-idf/issues/6172 . Hopefully that would make it to stable IDF v4.x eventually.