ESP32 Signing and secure bootload with OTA

[hacksome]

Hi all

I got the OTA example working. Then I tried secure bootloader with "one time programming" enabled and application signing and it all works and starts
My question is , if I take this to production as it is. Then the signed images I create will still work with OTA? is there a limit to how many times you can OTA?
The reason I am asking this is that I am not sure what impact "one time programming" (which auto generates signing key and stores in efuse) has on OTA image that is going to multiple device
Thanks so much

[ESP_Angus]

The short answer is that OTA has no limits on updates.

If you're using secure boot, the "one-time flash" is of the bootloader because the bootloader is protected with a digest calculated by the ROM code, and you can't regenerate it without the secure boot key storedi n efuse. On the other hand, the apps are signed and as long as you keep a copy of the signing key (different to the key in efuse) then you can sign as many apps as necessary.

The OTA update code will check the signature as part of the update, so unsigned or incorrectly signed OTA updates should be rejected at update time.

For flash encryption, the situation is similar - you can't serial flash to an encrypted device, but OTA will encrypt the data as it's written.

[hacksome]

Thanks a lot this was very useful information!