New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate from doing OTA with esp_https_ota in ESP-IDF v4.3 #69
Comments
Yes. You will need to modify the ota_pal.c file to skip code signing verification. Simply modify otaPal_CheckFileSignature to return OTA_PAL_COMBINE_ERR( OtaPalSuccess, 0 ) ).
The certificate is provided to ota_pal.c via the otaPal_SetCodeSigningCertificate function called in ota_demo_core_mqtt.c. Since you're not using code signing, you can ignore this part and remove the certificate portions which are not necessary for your use case.
Generally, ECDSA is preferred because it is faster to compute and more secure for a given key size. That said, RSA is widely regarded as acceptable. In the OTA example in this repository, code is signed twice:
OTA over MQTT is driven by the MQTT File Delivery Service (aka mqtt streams). The best explanation available is probably in the MQTT File Streams Library which is part of our newer approach to OTA and partially replaces our existing OTA library. We plan to update this reference integration with our new set of OTA libraries in the coming months. I would suggest using the http method because it avoids unnecessary costs due to a large number of OTA messages. |
Thanks @paulbartell. Mind if I double check.
I'll obviously go and test it now too, but I wanted to check that my understanding was ok? |
@monkeytronics Yes. That sounds correct. |
Yip, that seems to work. Had to comment out much of otaPal_CloseFile in the end. But works fine. |
Appreciate that this is not encouraged, so no need to do anything... |
Describe the issue
In my old code, ( ESP-IDF v4.3 ), OTA is done by subscribing to jobs etc and when a new ota_url arrives, executing this function:
On the AWS side, I create a custom job and drop the firmware binary and job file at suitable locations. The above code works fine with both signed and unsigned binaries. The unsigned being an important part of the test strategy before rolling it out to production devices which have encrypted firmware.
Is there any documentation that would describe how to migrate from this method of OTA to use the code in this library for MQTT and HTTP OTA? Some issues that spring to mind:
notes
I am using an ESP32, not the C3 device. But I have made the necessary changes so that these demos work fine.
Specific Road Blocks
The text was updated successfully, but these errors were encountered: