Hi,
Assuming that you have to publish the binary files publicly online, Is it possible to use Pre encrypt the binary file using a pre generated key and use that to update a flash encryption enabled ESP32 using OTA?
Pre encrypted firmware over OTA
-
ESP_Sprite
- Posts: 9719
- Joined: Thu Nov 26, 2015 4:08 am
Re: Pre encrypted firmware over OTA
In theory yes, however it is not advised to do so, as retrieving the encryption key for one device will lead to all devices being compromised. I'm not sure to what extent ESP-IDF supports this.
-
jojojijijojo
- Posts: 18
- Joined: Thu Feb 20, 2020 8:18 am
Re: Pre encrypted firmware over OTA
Thank you @ESP_Sprite for your reply.
If I understand correctly, if flash encryption is enabled on an ESP32 device, does it expect all future OTA binary files to be in plain text or to be pre-encrypted? And how does it differentiate between the two cases?
If I understand correctly, if flash encryption is enabled on an ESP32 device, does it expect all future OTA binary files to be in plain text or to be pre-encrypted? And how does it differentiate between the two cases?
-
jojojijijojo
- Posts: 18
- Joined: Thu Feb 20, 2020 8:18 am
Re: Pre encrypted firmware over OTA
Thanks, I already went through the new pre_encrypted_ota, but I cannot tell if it works with flash encryption. The way I understand is that pre_encrypted_ota is used to encrypt OTA binaries during transport, and then they are decrypted on device as plaintext, which is the opposite of flash encryption, where we want encrypted OTA binaries during transport, and encrypted flash on device.
Re: Pre encrypted firmware over OTA
It should work.
Who is online
Users browsing this forum: No registered users and 74 guests