You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/en/api-reference/system/esp_https_ota.rst
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -79,17 +79,17 @@ Pre-encrypted firmware distribution ensures that the firmware image stays encryp
79
79
Design
80
80
^^^^^^
81
81
82
-
* This scheme requires a unique RSA-3072 public-private key pair to be generated first. The public key stays on the OTA update server for encryption purpose and the private key is part of the device (e.g., embedded in firmware) for decryption purpose.
83
-
* Pre-encrypted firmware is encrypted using AES-GCM key which is then appended to the image as header (along with config parameters).
84
-
* Further the AES-GCM key gets encrypted using RSA public key and the resultant image gets hosted on the OTA update server.
85
-
* On the device side, first the AES-GCM key is retrieved by decrypting the image header using RSA private key available to the device.
86
-
* Finally, the contents of the image are decrypted using AES-GCM key (and config parameters) and written to the flash storage.
82
+
Pre-encrypted firmware is a **transport security scheme** that ensures firmware images remain encrypted **in transit** from the OTA server to the device (irrespective of the underlying transport security). This approach differs from :doc:`../../security/flash-encryption` in several key ways:
87
83
88
-
This whole workflow is managed by an external component `esp_encrypted_image <https://github.com/espressif/idf-extra-components/blob/master/esp_encrypted_img>`_ and it gets plugged into the OTA update framework through decryption callback (:cpp:member:`esp_https_ota_config_t::decrypt_cb`) mechanism.
84
+
* **Key Management**: Uses externally managed encryption keys rather than per-device unique keys generated internally
* **Transport Protection**: Provides encryption protection during firmware distribution, not device-level storage security
89
87
90
-
.. note::
88
+
**Important Security Note**: Pre-encrypted firmware does not provide device-level security on its own. Once received, the firmware is decrypted on the device and stored according to the device's flash encryption configuration. For device-level security, flash encryption must be separately enabled.
89
+
90
+
This process is managed by the `esp_encrypted_img <https://github.com/espressif/idf-extra-components/tree/master/esp_encrypted_img>`_ component, which integrates with the OTA update framework via the decryption callback (:cpp:member:`esp_https_ota_config_t::decrypt_cb`).
91
91
92
-
The supported scheme is based on RSA-3072 and the private key on device side must be protected using platform security features.
92
+
For detailed information on the image format, key generation, and implementation details, refer to the `esp_encrypted_img component documentation <https://github.com/espressif/idf-extra-components/tree/master/esp_encrypted_img>`_.
0 commit comments