Hi all,
Currently I have worked on task where I encrypted the program flash in release mode with externally generated 256 bit key. Now I have verified that plain text firmware is not working on my board when i download image serially. That is what i wanted.
Now i want clarification on OTA updates. I did OTA of plaintext firmware image. It worked successfully. Is it ok ? Or even in the ota also image should be encrypted!!
We are using esp_ota_write API for writing OTA.
Below one is our flash_partition.csv file.
# Name, Type, SubType, Offset, Size, Flags
# Note: if you change the phy_init or app partition offset, make sure to change the offset in Kconfig.projbuild,,,,
phy_init, data, phy, 0x9000, 0x1000,
otadata, data, ota, , 0x2000,
factory,0,0, 0x10000, 2M,
ota_0, app, ota_0, , 2M,
ota_1,0, ota_1, , 2M,
nvs, data, nvs, , 0x60000,
how plaintext image is able to run in the encrypted flash? Is it recommended to have plaintext image at OTA ?
Waiting for quick reply.
Flash encryption is enabled but through OTA, plaintext image is working. Is it recommended ?
Re: Flash encryption is enabled but through OTA, plaintext image is working. Is it recommended ?
When the plaintext ota image is written to the flash it is encrypted. So you have to decide if it is a risk to have plaintext ota image on the server. If server is secure and it is downloaded over https with mutual auth then maybe it is secure enough.