In ESP-IDF, the the default process for updating firmware rely on TLS to encrypt and hide the firmware update from users (or attackers).
When using the mupgrade component, there does not seem to be any encryption other than the WPA password set for the mesh network. A user could then capture the update binary if knowing the AP password.
Am I correct or did I miss something?
firmware upgrade encryption using mupgrade
Re: firmware upgrade encryption using mupgrade
The current version has this problem, and we will add encrypted APIs in later versions.
Re: firmware upgrade encryption using mupgrade
@it_zzc, thank you for the confirmation.
Please also consider providing a way to encrypt all communications, as I realized that this is also an issue with application messages.
Please also consider providing a way to encrypt all communications, as I realized that this is also an issue with application messages.
Who is online
Users browsing this forum: No registered users and 29 guests