Flash Update using SD card & Flash Encryption

DreadNaught
Posts: 8
Joined: Thu May 09, 2024 1:17 am

Flash Update using SD card & Flash Encryption

Postby DreadNaught » Tue Jul 02, 2024 2:18 pm

I'm using IDF v5.2.2 on an ESP32 rev1 dev kit C.

I use the SD card to update the firmware and reboot. It works very well and is based on this code:
viewtopic.php?t=19364
Thank you @minze25 !

I will be enabling flash encryption and want to be able to update via the SD card.
The flash encryption key is known and has been burned before first re-boot.

• How do I encrypt the updated app.bin file?
• Do I still use esp_ota_begin() to update?

Thanks in advance!

DreadNaught
Posts: 8
Joined: Thu May 09, 2024 1:17 am

Re: Flash Update using SD card & Flash Encryption

Postby DreadNaught » Sat Jul 06, 2024 10:51 pm

After many hours of reading docs and testing code, as far as I can see, it is not possible to use a pre-encrypted flash bin file, using the same burned in flash encryption key that was saved to host, to update via SD card.

This is due to the verification of the app image via the "magic number" checks, as they fail due to encryption. (magic number is changed from 0xE9)

Flashing a pre-encrypted bin images does work via UART if using the --force option, but that is not customer friendly. (need USB cable, esptool.exe and how to use it)

I wish the ESP32 used a similar method as the STM32 products, all you need to do is select a few boxes to prevent memory read.

Who is online

Users browsing this forum: Bing [Bot] and 84 guests