Hello,
I am currently doing OTA updates with pre-encrypted data. I use two partitions for each app (one updateable, one fallback in case of update fails). When the update is succesful, the partitions swap their roles, so that the other partition gets updated next time.
This creates a problem because images have to be encrypted with flash offset. So currently I try to provide Images for both partitions via OTA. In this case one update will definitely fail because the flash Offset in the encryption doesnt fit the partition.
How can I decrypt Incoming OTA data before erasing / writing to flash to check the magic byte and determine if I can process the Image or continue with the next one?
Thanks for the support
Pre-encrypted OTA Update - Check magic byte before erase?
-
- Posts: 21
- Joined: Wed Apr 03, 2019 1:29 pm
Re: Pre-encrypted OTA Update - Check magic byte before erase?
Hi bewatermyfriend,
The only way to decrypt data encrypted via flash encryption is to write it to flash and then read it back with decryption enabled.
Also, please keep in mind that approx 1 in 256 invalid images will also have the first byte E9. So you can use the first byte as a signal "this image might be correct", but not "this image is correct".
How about a different approach: Use the esp_ota_get_running_partiton() function to test which partition is currently in use, and then download the image file corresponding to the other partition (the other Partition APIs can help to find, for example, the offset of the other partition in flash and then use this to generate the file name to download.)
The only way to decrypt data encrypted via flash encryption is to write it to flash and then read it back with decryption enabled.
Also, please keep in mind that approx 1 in 256 invalid images will also have the first byte E9. So you can use the first byte as a signal "this image might be correct", but not "this image is correct".
How about a different approach: Use the esp_ota_get_running_partiton() function to test which partition is currently in use, and then download the image file corresponding to the other partition (the other Partition APIs can help to find, for example, the offset of the other partition in flash and then use this to generate the file name to download.)
-
- Posts: 21
- Joined: Wed Apr 03, 2019 1:29 pm
Re: Pre-encrypted OTA Update - Check magic byte before erase?
Thanks for your reply. Yes I also came to the conclusion that my first approach isnt the right thing to do.
I solved this issue by creating a webserver function (using esp_get_running_partition and esp_get_boot_partition) which returns a tuple (x,y) where x says which app partition is ready for update (partition 1 or 2). Y is for the factory Image.
On the client side I process this value with JavaScript and upload the correct Image from a zip file. This is now working very well.
I solved this issue by creating a webserver function (using esp_get_running_partition and esp_get_boot_partition) which returns a tuple (x,y) where x says which app partition is ready for update (partition 1 or 2). Y is for the factory Image.
On the client side I process this value with JavaScript and upload the correct Image from a zip file. This is now working very well.
Re: Pre-encrypted OTA Update - Check magic byte before erase?
Great news, glad you found an approach that works.
Who is online
Users browsing this forum: Google [Bot] and 82 guests