dalbert
February 12, 2023, 1:22am
1
Is there any information about how to generate signed binary firmware for secure OTA updates for ESP8266 using PlatformIO (I’m using it with VSCode)? Any pointers would be appreciated!
Reference: esp8266: flash compiled and signed firmware (.bin) – 1 – Renzo Mischianti
You can execute the same instructions as the Arduino IDE would for signing the binary.
Automating this is still an open issue per
opened 12:35AM - 24 Feb 19 UTC
feature
Hello,
I have a problem with binary signing which is related with secure OTA u… pdate in new version of esp8266Arduino core <https://arduino-esp8266.readthedocs.io/en/latest/ota_updates/readme.html>
Basically, to sign binaries, two activities are essential:
1. invoke tool signing.py with appropiate flags before whole build process: it dynamically build header which is placed in core headers directory based on finding public RSA key in main source code directory
2. invoke the same tool with other flags in order to sign produced binary with RSA private key.
As far as I tried to do this activites by write proper scripts in Python and bind them to PIO in pre/post hooks mechanism, I have no success in this matter (my functions are invoked by PIO in wrong places and I didn't found tutorial good enough for my basic Python experience to programatically obtain correct directories). In the end, I have hardcoded my directories and that forces me to run Python before build to generate headers, build project in PIO and run Python again to sign binary. By using Arduino IDE, it is very easy activity, because of implementing this mechanism in default build sequence. Is it possible to do the same in PIO?
1 Like
For everyone that need it, read
opened 12:35AM - 24 Feb 19 UTC
feature
Hello,
I have a problem with binary signing which is related with secure OTA u… pdate in new version of esp8266Arduino core <https://arduino-esp8266.readthedocs.io/en/latest/ota_updates/readme.html>
Basically, to sign binaries, two activities are essential:
1. invoke tool signing.py with appropiate flags before whole build process: it dynamically build header which is placed in core headers directory based on finding public RSA key in main source code directory
2. invoke the same tool with other flags in order to sign produced binary with RSA private key.
As far as I tried to do this activites by write proper scripts in Python and bind them to PIO in pre/post hooks mechanism, I have no success in this matter (my functions are invoked by PIO in wrong places and I didn't found tutorial good enough for my basic Python experience to programatically obtain correct directories). In the end, I have hardcoded my directories and that forces me to run Python before build to generate headers, build project in PIO and run Python again to sign binary. By using Arduino IDE, it is very easy activity, because of implementing this mechanism in default build sequence. Is it possible to do the same in PIO?