ESP32 Signing and secure bootload with OTA

hacksome
Posts: 14
Joined: Sat Apr 13, 2019 8:23 am

ESP32 Signing and secure bootload with OTA

Postby hacksome » Sat Apr 13, 2019 10:33 am

Hi all

I got the OTA example working. Then I tried secure bootloader with "one time programming" enabled and application signing and it all works and starts
My question is , if I take this to production as it is. Then the signed images I create will still work with OTA? is there a limit to how many times you can OTA?
The reason I am asking this is that I am not sure what impact "one time programming" (which auto generates signing key and stores in efuse) has on OTA image that is going to multiple device
Thanks so much

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: ESP32 Signing and secure bootload with OTA

Postby ESP_Angus » Sun Apr 14, 2019 11:44 pm

The short answer is that OTA has no limits on updates.

If you're using secure boot, the "one-time flash" is of the bootloader because the bootloader is protected with a digest calculated by the ROM code, and you can't regenerate it without the secure boot key storedi n efuse. On the other hand, the apps are signed and as long as you keep a copy of the signing key (different to the key in efuse) then you can sign as many apps as necessary.

The OTA update code will check the signature as part of the update, so unsigned or incorrectly signed OTA updates should be rejected at update time.

For flash encryption, the situation is similar - you can't serial flash to an encrypted device, but OTA will encrypt the data as it's written.

hacksome
Posts: 14
Joined: Sat Apr 13, 2019 8:23 am

Re: ESP32 Signing and secure bootload with OTA

Postby hacksome » Mon Apr 29, 2019 5:29 am

Thanks a lot this was very useful information!

Who is online

Users browsing this forum: No registered users and 145 guests