OTA via HTTPS will just work even if the flash is encrypted. I’m not sure but the update will be downloaded on the OTA partition and validated, if it is good it will be written on the APP partition and encrypted and a new random key generated I think.
The encryption key is saved somewhere in the esp but the key itself is obscured and encrypted and not accessible. Nobody will be able to retrieve it.
1 Like
Great work @pedros89
about this
I’m not sure but the update will be downloaded on the OTA partition and validated, if it is good it will be written on the APP partition and encrypted and a new random key generated I think.
someone should try an ota update and verify after ota that the flash is still encrypted but the new firmware is installed…
is it correct?
Thanks
Hello,
you can create via ESP-IDF a key file. Then can you encrypt the esp whith the key file. In that case, you should be able to encrypt your firmware and flash via usb.
The key is written in the esp. It will be never change and readable!
You can check encryption:
Update via OTA the firmware
Upload via ESP-IDF via usb the firmware of encrypted esp flash.
Open both firmwares with a hexeditor and compare it.
Best regards