- Patch the $(IDF_PATH) with the attached diff
This will disable the https OTA and use normal http instead
Also it prevents the double encryption when flashing OTA since the firmware binary is already encrpted - Generate a unique flash encryption key
$(ESPSECURE) generate_flash_encryption_key aes_key.bin - Burn the key and protect it
$(ESPEFUSE) burn_key flash_encryption aes_key.bin - Compile your application WITHOUT enabling flash encryption on boot
- Encrypt the binary files (add in Makefile this rule)
%.xbin: %.bin
$(ESPSECURE) encrypt_flash_data -k aes_key.bin --flash_crypt_conf 0 -a 0 -o $@ $^ - Use esptool to program the encrypted binaries for the first time
$(ESPTOOL) --chip esp32 --port /dev/ttyUSB0 --baud 115200 ... - Burn the flash encryption fuse
$(ESPEFUSE) burn_efuse FLASH_CRYPT_CNT - For subsequent OTA firmware updates just place the new encrypted application binary on a website
and in your code use some version numbering scheme and call 'esp_https_ota' when a newer version is found
The secure boot needs to be enabled for production (as explained in the ESP32 documents) so that your code remains protected from physical access to your device.
The advantages of this scheme is that you can use a unique AES key for all the devices and you don't have to bother with certificates and expiration dates or website authentication. In fact you can completely remove all the mbedTLS stuff and even SSL if that's not used elsewhere. Completely removing the mbedTLS component need extra patching though, just disabling it in menuconfig is not enough because there are still a lot of inter-dependencies. Another bonus is that this will significantly reduce your code size.
Code: Select all
diff --git a/components/app_update/esp_ota_ops.c b/components/app_update/esp_ota_ops.c
index 5e4dcb424..20d4a92f2 100644
--- a/components/app_update/esp_ota_ops.c
+++ b/components/app_update/esp_ota_ops.c
@@ -44,7 +44,7 @@
typedef struct ota_ops_entry_ {
uint32_t handle;
- const esp_partition_t *part;
+ esp_partition_t *part;
uint32_t erased_size;
uint32_t wrote_size;
uint8_t partial_bytes;
@@ -123,7 +123,7 @@ esp_err_t esp_ota_begin(const esp_partition_t *partition, size_t image_size, esp
new_entry->erased_size = image_size;
}
- new_entry->part = partition;
+ new_entry->part = (esp_partition_t *)partition;
new_entry->handle = ++s_ota_ops_last_handle;
*out_handle = new_entry->handle;
return ESP_OK;
@@ -146,7 +146,7 @@ esp_err_t esp_ota_write(esp_ota_handle_t handle, const void *data, size_t size)
// must erase the partition before writing to it
assert(it->erased_size > 0 && "must erase the partition before writing to it");
- if(it->wrote_size == 0 && size > 0 && data_bytes[0] != 0xE9) {
+ if(0 && it->wrote_size == 0 && size > 0 && data_bytes[0] != 0xE9) {
ESP_LOGE(TAG, "OTA image has invalid magic byte (expected 0xE9, saw 0x%02x", data_bytes[0]);
return ESP_ERR_OTA_VALIDATE_FAILED;
}
@@ -163,6 +163,7 @@ esp_err_t esp_ota_write(esp_ota_handle_t handle, const void *data, size_t size)
if (it->partial_bytes != 16) {
return ESP_OK; /* nothing to write yet, just filling buffer */
}
+ it->part->encrypted = false;
/* write 16 byte to partition */
ret = esp_partition_write(it->part, it->wrote_size, it->partial_data, 16);
if (ret != ESP_OK) {
@@ -182,7 +183,7 @@ esp_err_t esp_ota_write(esp_ota_handle_t handle, const void *data, size_t size)
memcpy(it->partial_data, data_bytes + size, it->partial_bytes);
}
}
-
+ it->part->encrypted = false;
ret = esp_partition_write(it->part, it->wrote_size, data_bytes, size);
if(ret == ESP_OK){
it->wrote_size += size;
@@ -235,7 +236,7 @@ esp_err_t esp_ota_end(esp_ota_handle_t handle)
.offset = it->part->address,
.size = it->part->size,
};
-
+ it->part->encrypted = true;
if (esp_image_verify(ESP_IMAGE_VERIFY, &part_pos, &data) != ESP_OK) {
ret = ESP_ERR_OTA_VALIDATE_FAILED;
goto cleanup;
diff --git a/components/esp_https_ota/src/esp_https_ota.c b/components/esp_https_ota/src/esp_https_ota.c
index 9929a1856..5cffadf80 100644
--- a/components/esp_https_ota/src/esp_https_ota.c
+++ b/components/esp_https_ota/src/esp_https_ota.c
@@ -35,7 +35,7 @@ esp_err_t esp_https_ota(const esp_http_client_config_t *config)
return ESP_ERR_INVALID_ARG;
}
- if (!config->cert_pem) {
+ if (0 && !config->cert_pem) {
ESP_LOGE(TAG, "Server certificate not found in esp_http_client config");
return ESP_FAIL;
}
@@ -46,7 +46,7 @@ esp_err_t esp_https_ota(const esp_http_client_config_t *config)
return ESP_FAIL;
}
- if (esp_http_client_get_transport_type(client) != HTTP_TRANSPORT_OVER_SSL) {
+ if (0 && esp_http_client_get_transport_type(client) != HTTP_TRANSPORT_OVER_SSL) {
ESP_LOGE(TAG, "Transport is not over HTTPS");
return ESP_FAIL;
}