Allows OTA updates to be secured via signature checks, without requiring the overhead or complexity
of a full secure boot implementation.
Uses same signing mechanisms (build system and/or espsecure.py as Secure Boot).
Requires:
* [ ] More testing
* [ ] Documentation
in the include file esp_ota_ops.h "esp_partition.h" is included.
This is from spi_flash so component that requires app_update also will need that
this fixes this error:
In file included from ../components/esp32-homie/ota.c:11:0:
/esp-idf/components/app_update/include/esp_ota_ops.h:22:27: fatal error: esp_partition.h: No such file or directory
Signed-off-by: Nicola Lunghi <25422924+nicola-lunghi@users.noreply.github.com>
Merges https://github.com/espressif/esp-idf/pull/1947
* Philosophical: "explicit is better than implicit".
* Practical: Allows useful errors if invalid directories given in components as the defaults aren't
always used. Also trims the -I path from a number of components that have no actual include
directory.
* Simplifies knowing which components will be header-only and which won't
Makes app image booting more reliable (256-bit rather than 8-bit verification.)
Some measurements, time to boot a 655KB app.bin file and run to app_main() execution.
(All for rev 1 silicon, ie no 340ms spurious WDT delay.)
80MHz QIO mode:
before = 300ms
after = 140ms
40MHz DIO mode:
before = 712ms
after = 577ms
40MHz DIO mode, secure boot enabled
before = 1380ms
after = 934ms
(Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
Even if firmware is compiled without CONFIG_FLASH_ENCRYPTION_ENABLED
Rayionale: CONFIG_FLASH_ENCRYPTION_ENABLED controls whether boot loader
generates keys for encryption or not, but flash encryption can be
configured externally. With this change, it's possible to have boot
loader not generate keys but still have encryption working.
Also fix use of it->part
Verify 0xE9 magic byte on first write, verify entire image before
switching.
Enable verification for secure boot signature (was using invalid ifdef
guard)
bugfix/init_factory_bin: fix inconsistency between bootloader and OTA code
init_factory_bin: 2nd bootloader use a wrong logic select factory image to boot,and some bug in OTA code
See merge request !266