2 partition OTA with magnet reset idea feasible?

[jcsbanks]

Device has no buttons, no USB. Initial prog of factory application and partition table via serial header on board which is then not user accessible. Secure boot and encrypted flash are enabled.

I don't want two 1.5MB OTA partitions, I don't need the running application to update another copy of itself, but want it all to be done by a compact "factory" application. Trying to move to 16MB flash WROVER instead of 4MB WROOM, but want to use the extra memory, not waste it on a second copy of an app that doesn't update itself.

Factory application:

If magnet is not present near the hall sensor and OTA application present run OTA application.
If no security key, make one based on unique device ID.
If no WiFi credentials stored or unsuccessful connection as STA: WiFi as AP, enter credentials.
WiFi as STA.
https connection to server and transfers public key to authorise and use to encrypt the flash to the unique device.
Download OTA application and data from server which are flashed to large single OTA/data areas.
Advise when complete and offer to restart

On subsequent restarts:

Run factory (which runs OTA if no magnet).

OTA application:

WiFi as AP.
Does not do any OTA updates.
Allows restart.

--
Question: do I need to collect public keys from the device when it is first flashed over serial? If so, I need to do this in a trusted environment?

The security aspects of all this are new to me and I've devised the above after reading the docs, searching the forums. I want to reuse the lightest examples and avoid excessive complication or mistakes, but not leave vulnerabilities.

The actual application is working great, the magnet tests are good. But I've never done anything OTA with an ESP32 yet.

Any thoughts on the above appreciated, better ways of doing it, security holes, misunderstandings, suggestions.

Edit: https://github.com/warmcat/lws-esp32-factory built and flashed this yesterday, it might do most of what I need, but the mbed stuff seems to get broken, and it needs changes for the latest ESP-IDF, the webpage it served up needed https but then the certificate was invalid, the webpage would refresh and hang etc and to be honest I got a bit lost.

[WiFive]

If you just want to reset some data why can't you build all the necessary functionality into one app?

[jcsbanks]

That does not leave opportunity for later changing the firmware in the field which will be a huge missed opportunity? Or do you mean a single OTA app with a factory updating app, which is what I think I want.

[WiFive]

Ok if you want a factory partition that can do ota then you just need 1 factory partition and 1 ota partition. Factory reset will clear otadata partition and boot from factory and after ota will boot from ota. Then you have to decide how to reset user data.

[jcsbanks]

Thanks, making some progress. Working out how to read the hall sensor during the second stage bootloader (without FreeRTOS) as a buttonless recovery situation.

[loboris]

Thanks, making some progress. Working out how to read the hall sensor during the second stage bootloader (without FreeRTOS) as a buttonless recovery situation.

It is probably simpler to use reed switch for activation with magnet, you can also use it to wake up from deepsleep...

[jcsbanks]

It is not pretty or future proof because it reduces the nice IDF functions to low level commands using soc includes and inlines them, but as a proof of concept it works.