Hi,
I worked on a program with IDF 5.0. It generates a webserser (via Acces Point mode) where i can directly upload an .bin firmware to update the firmware with simples OTA tools, without using HTTPS OTA. This works fine.
After, I have begun to implement a secure boot and the firmware encryption, but I need to read an encrypted .bin for the OTA to secure our futur products of course. In the official documentation, i saw an example to make a pre encrypted OTA with HTTPS OTA tools.
So, is there a way to upload a pre encrypted .bin on the ESP32C3 webserver with secure boot on and encryption on, without using HTTPS OTA tools ? Using simple functions that I already use such as esp_ota_begin, esp_ota_write... And of course, if i use a not encrypted .bin for OTA, the firmware refuses to updating.
Thanks you for your help.
Paul
Upload a pre-encrypted .bin on ESP32C3 webserver for OTA with IDF 5.0
-
ESP_Mahavir
- Posts: 190
- Joined: Wed Jan 24, 2018 6:51 am
Re: Upload a pre-encrypted .bin on ESP32C3 webserver for OTA with IDF 5.0
Hello Paul,
Pre-encrypted OTA example also generates an encrypted firmware image as a part of the build system. Please refer to https://github.com/espressif/esp-idf/tr ... sh-example. You may upload this image on the server for OTA updates.
Pre-encrypted OTA example also generates an encrypted firmware image as a part of the build system. Please refer to https://github.com/espressif/esp-idf/tr ... sh-example. You may upload this image on the server for OTA updates.
Mahavir
https://github.com/mahavirj/
https://github.com/mahavirj/
Re: Upload a pre-encrypted .bin on ESP32C3 webserver for OTA with IDF 5.0
Hi,
Ok, there is something I didn't understand. The pre-encryption image (.bin) for OTA uses a different key than the firmware encryption.
It is clearer in my mind. Finally, I fixed some problems, I can update my firmware (encryption on and secure boot on) with OTA, with a .bin unencrypted. I will work with a encrypted .bin later, this is not urgent.
Thanks for your help.
Ok, there is something I didn't understand. The pre-encryption image (.bin) for OTA uses a different key than the firmware encryption.
It is clearer in my mind. Finally, I fixed some problems, I can update my firmware (encryption on and secure boot on) with OTA, with a .bin unencrypted. I will work with a encrypted .bin later, this is not urgent.
Thanks for your help.
-
Uschi_bloom
- Posts: 3
- Joined: Tue Feb 14, 2023 1:50 pm
Re: Upload a pre-encrypted .bin on ESP32C3 webserver for OTA with IDF 5.0
Hey Paul,Pandre4 wrote: ↑Fri Dec 16, 2022 11:14 amHi,
Ok, there is something I didn't understand. The pre-encryption image (.bin) for OTA uses a different key than the firmware encryption.
It is clearer in my mind. Finally, I fixed some problems, I can update my firmware (encryption on and secure boot on) with OTA, with a .bin unencrypted. I will work with a encrypted .bin later, this is not urgent.
Thanks for your help.
did you manage to set up ota updates with pre-encrypted bin files via your esp webserver?
I am currently looking for a solution to this problem as well.
Who is online
Users browsing this forum: Majestic-12 [Bot] and 61 guests