Hi all,
Currently I have worked on task where I encrypted the program flash in release mode with externally generated 256 bit key. Now I have verified that plain text firmware is not working on my board when i download image serially. That is what i wanted.
Now i want clarification on OTA updates. I did OTA of plaintext firmware image. It worked successfully. Is it ok ? Or even in the ota also image should be encrypted!!
We are using esp_ota_write API for writing OTA.
Below one is our flash_partition.csv file.
# Name, Type, SubType, Offset, Size, Flags
# Note: if you change the phy_init or app partition offset, make sure to change the offset in Kconfig.projbuild,,,,
phy_init, data, phy, 0x9000, 0x1000,
otadata, data, ota, , 0x2000,
factory,0,0, 0x10000, 2M,
ota_0, app, ota_0, , 2M,
ota_1,0, ota_1, , 2M,
nvs, data, nvs, , 0x60000,
how plaintext image is able to run in the encrypted flash? Is it recommended to have plaintext image at OTA ?
Waiting for quick reply.
Flash encryption is enabled but through OTA, plaintext image is working. Is it recommended ?
Re: Flash encryption is enabled but through OTA, plaintext image is working. Is it recommended ?
When the plaintext ota image is written to the flash it is encrypted. So you have to decide if it is a risk to have plaintext ota image on the server. If server is secure and it is downloaded over https with mutual auth then maybe it is secure enough.
Who is online
Users browsing this forum: Baidu [Spider] and 167 guests