We will be manufacturing our product offshore. The plan is to provide the manufacturer with a basic app binary that will enable secure boot and flash encryption then reboot and run some diagnostics, and then pull down our application binary from a secure server in the cloud using https.
My issue/question concerns the inital binary loaded on the factory floor. This binary, the first ever run on our hardware needs to be loaded in unencrypted form as far as I can tell from the docs. It seems like an unscrupulous CM could hex dump/dissassemble this binary and get ahold of our OTA url and auth strings. Then they could use wget and pull our unencrypted app binary which has valuable intellectual property within to their computer (the https tunnel provided by OTA serving only to validate our server is legit and protect the binary from prying eyes while in transit).
Has anybody solved this problem definitively? Am I missing an important detail?
OTA Security / Contract Manufacture
Return to “General Discussion”
Jump to
- English Forum
- Explore
- News
- General Discussion
- FAQ
- Documentation
- Documentation
- Sample Code
- Discussion Forum
- Hardware
- ESP-IDF
- ESP-BOX
- ESP-ADF
- ESP-MDF
- ESP-WHO
- ESP-SkaiNet
- ESP32 Arduino
- IDEs for ESP-IDF
- ESP-AT
- ESP IoT Solution
- ESP RainMaker
- Rust
- ESP8266
- Report Bugs
- Showcase
- Chinese Forum 中文社区
- 活动区
- 乐鑫活动专区
- 讨论区
- 全国大学生物联网设计竞赛乐鑫答疑专区
- ESP-IDF 中文讨论版
- 《ESP32-C3 物联网工程开发实战》书籍讨论版
- 中文文档讨论版
- ESP-AT 中文讨论版
- ESP-BOX 中文讨论版
- ESP IoT Solution 中文讨论版
- ESP-ADF 中文讨论版
- ESP Mesh 中文讨论版
- ESP Cloud 中文讨论版
- ESP-WHO 中文讨论版
- ESP-SkaiNet 中文讨论版
- ESP 生产支持讨论版
- 硬件问题讨论
- 项目展示
Who is online
Users browsing this forum: TomAatjes and 97 guests
- All times are UTC
- Top
- Delete cookies
About Us
Espressif Systems is a fabless semiconductor company providing cutting-edge low power WiFi SoCs and wireless solutions for wireless communications and Internet of Things applications. ESP8266EX and ESP32 are some of our products.