Mismatch chip id on preencrypted OTA
Posted: Fri Dec 16, 2022 9:43 am
Hi all.
I am playing with preencrypted OTA on ESP-IDF v4.4.3. I have used https://components.espressif.com/compon ... rypted_img and backported some stuff of esp_https_ota from v5.0.
I did the following:
1. Check that RSA 3072 on the device and in the CICD are the same.
2. Prepare the application (sign, encode for FE, encrypted with RSA, decrypt it back for checking).
3. Store the firmware on S3 (it supports HTTPS) and check that it is downloadable.
4. Send to device a command to start OTA:
I (41003071) esp_https_ota: Starting OTA...
I (41003081) esp_https_ota: Writing to partition subtype 17 at offset 0x190000
I (41003171) esp_encrypted_img: Magic Verified
I (41003191) esp_encrypted_img: Reading RSA private key
E (41007311) esp_https_ota: Mismatch chip id, expected 0, found 3556
E (41007311) OTA: Complete data was not received.
E (41007321) OTA: ESP_HTTPS_OTA upgrade failed
Also, I removed chip id check from OTA and got:
E (114171) esp_ota_ops: OTA image has invalid magic byte (expected 0xE9, saw 0x4a)
E (114171) esp_https_ota: Error: esp_ota_write failed! err=0x1503
D (114171) HTTP_CLIENT: Data processed 1024 != Data specified in content length 741888
E (114181) OTA: Complete data was not received.
E (114191) OTA: ESP_HTTPS_OTA upgrade failed
It seems that there is a RSA decryption problems (i.e. decryption of block is passed ok but there are some problems in data structures).
Is there anyone who uses preencrypted OTA successfully?
I am playing with preencrypted OTA on ESP-IDF v4.4.3. I have used https://components.espressif.com/compon ... rypted_img and backported some stuff of esp_https_ota from v5.0.
I did the following:
1. Check that RSA 3072 on the device and in the CICD are the same.
2. Prepare the application (sign, encode for FE, encrypted with RSA, decrypt it back for checking).
3. Store the firmware on S3 (it supports HTTPS) and check that it is downloadable.
4. Send to device a command to start OTA:
I (41003071) esp_https_ota: Starting OTA...
I (41003081) esp_https_ota: Writing to partition subtype 17 at offset 0x190000
I (41003171) esp_encrypted_img: Magic Verified
I (41003191) esp_encrypted_img: Reading RSA private key
E (41007311) esp_https_ota: Mismatch chip id, expected 0, found 3556
E (41007311) OTA: Complete data was not received.
E (41007321) OTA: ESP_HTTPS_OTA upgrade failed
Also, I removed chip id check from OTA and got:
E (114171) esp_ota_ops: OTA image has invalid magic byte (expected 0xE9, saw 0x4a)
E (114171) esp_https_ota: Error: esp_ota_write failed! err=0x1503
D (114171) HTTP_CLIENT: Data processed 1024 != Data specified in content length 741888
E (114181) OTA: Complete data was not received.
E (114191) OTA: ESP_HTTPS_OTA upgrade failed
It seems that there is a RSA decryption problems (i.e. decryption of block is passed ok but there are some problems in data structures).
Is there anyone who uses preencrypted OTA successfully?