Search found 9 matches

by ESPtronic
Thu Oct 26, 2017 7:17 pm
Forum: General Discussion
Topic: Questions regarding flash encryption and Secure Boot
Replies: 37
Views: 41663

Re: Questions regarding flash encryption and Secure Boot

WiFive wrote:But you did say "storing the binary pre-encrypted in the server".
Oh, sorry, I’ve just realized about the implications of storing the binary pre-encrypted in the server. My bad. I’ll probably just use the HTTPS method.
by ESPtronic
Thu Oct 26, 2017 4:14 pm
Forum: General Discussion
Topic: Questions regarding flash encryption and Secure Boot
Replies: 37
Views: 41663

Re: Questions regarding flash encryption and Secure Boot

There is a factory image in the default ota partition table but it is not required and with big apps there is not much room for it on 4mb flash. You're right. Fortunately mine isn't. And even if it was, I could simply buy more flash memory. He meant if the devices have unique flash encryption keys ...
by ESPtronic
Thu Oct 26, 2017 3:57 pm
Forum: General Discussion
Topic: Questions regarding flash encryption and Secure Boot
Replies: 37
Views: 41663

Re: Questions regarding flash encryption and Secure Boot

We'd normally recommend using HTTPS to secure the update in transit instead (you can have the firmware authenticate itself to the server in some way if necessary), and then send the binary itself unencrypted. That's another option that could be feasible. I was thinking in the following method: The ...
by ESPtronic
Wed Oct 25, 2017 5:00 pm
Forum: General Discussion
Topic: Questions regarding flash encryption and Secure Boot
Replies: 37
Views: 41663

Re: Questions regarding flash encryption and Secure Boot

Thanks everyone for your help. I suppose I'll just use a high entropy source (a TRNG), (e.g. using avalanche noise). The reason I want to use a pregenerated key is the following: imagine you have 1 million devices in production, and then you make a mistake that makes OTA updates impossible. You forg...
by ESPtronic
Tue Oct 24, 2017 1:58 pm
Forum: General Discussion
Topic: Questions regarding flash encryption and Secure Boot
Replies: 37
Views: 41663

Re: Questions regarding flash encryption and Secure Boot

Sending the key to the computer would weaken it Yes, but why not offer it as an option? After all there's an option for pregenerating your own key, that may be even less safe, depending on the randomness of the source (I'm going to use it anyway). as well as encrypted with the flash encryption key ...
by ESPtronic
Fri Sep 01, 2017 3:37 pm
Forum: General Discussion
Topic: Change boot partition command
Replies: 0
Views: 2628

Change boot partition command

Hello, I would like to know if I can change the boot partition through the Terminal, with esptool.py or similar. I'm working with OTA, and if I need to update via flash, I must erase the flash before. I just wanted to know if there is a better and faster method.
by ESPtronic
Fri Sep 01, 2017 3:25 pm
Forum: General Discussion
Topic: Questions regarding flash encryption and Secure Boot
Replies: 37
Views: 41663

Questions regarding flash encryption and Secure Boot

Hello, I've ben reading the ESP-IDF docs and I have a few questions regarding flash encryption and Secure Boot. Why did you design the ESP32 so that you have to burn an efuse (FLASH_CRYPT_CNT) for updating via serial, limiting the number of reflashes? Couldn't it just encrypt the firmware by default...
by ESPtronic
Mon Jun 05, 2017 1:58 pm
Forum: General Discussion
Topic: LoadProhibited on core 0 when concatenating with sprintf
Replies: 2
Views: 5270

Re: LoadProhibited on core 0 when concatenating with sprintf

I finally figured out the problem. It was that the http_get_task executed before getting an IP. So sprintf had nothing to put on the string, as I didn't put any default value. For solving the problem, I just moved the sprintf into the while loop. Now there is no error, but there's still a problem: o...
by ESPtronic
Sun Jun 04, 2017 5:51 pm
Forum: General Discussion
Topic: LoadProhibited on core 0 when concatenating with sprintf
Replies: 2
Views: 5270

LoadProhibited on core 0 when concatenating with sprintf

Hello, I need to send as a GET parameter ESP32 IP address to my web server. The problem is that, when I want to concatenate the strings with the URL, the IP and the rest of the request, it gives me the following error: Guru Meditation Error of type LoadProhibited occurred on core 0. Exception was un...