Is OTA Update of encrypted application possible?
Posted: Fri Jan 06, 2023 12:56 am
I have implemented OTA update in my application similar to this example:
https://randomnerdtutorials.com/esp32-o ... ogramming/
That works fine. My application has both secure boot V2 and flash encryption with manually generated key. When I am in development mode for flash encryption, I can still do the OTA update: it accepts the unencrypted bin and it installs. That makes sense, it can do the encryption itself.
Then I turned on "release mode" for flash encryption via my application calling esp_flash_encryption_set_release_mode(). Now I can't get the OTA update to work anymore. I just get "Wrong magic byte" messages.
I am uploading versions of the same .bin application I previously used in development mode that I was able to upload successfully, but I made encrypted versions myself with "espsecure.py encrypt_flash_data". Shouldn't this work? What does the "Wrong magic byte" message mean?
https://randomnerdtutorials.com/esp32-o ... ogramming/
That works fine. My application has both secure boot V2 and flash encryption with manually generated key. When I am in development mode for flash encryption, I can still do the OTA update: it accepts the unencrypted bin and it installs. That makes sense, it can do the encryption itself.
Then I turned on "release mode" for flash encryption via my application calling esp_flash_encryption_set_release_mode(). Now I can't get the OTA update to work anymore. I just get "Wrong magic byte" messages.
I am uploading versions of the same .bin application I previously used in development mode that I was able to upload successfully, but I made encrypted versions myself with "espsecure.py encrypt_flash_data". Shouldn't this work? What does the "Wrong magic byte" message mean?