tcsullivan
commented
5 months ago This is now supported in the new-api branch. Since the "arduino" platform in PlatformIO doesn't really support a custom bootloader (required by the linked solution), signature verification will be done in the firmware after an update is downloaded.
Signing is done with a 4096-bit RSA key. The public key is kept in firmware, and OTA images have their signature stored in their first 512 bytes. Build hooks were added so that pio run produces a firmware_signed.bin file that can be uploaded directly to the server.
https://docs.espressif.com/projects/esp-idf/en/latest/esp32c3/security/secure-boot-v2.html#signed-app-verification-without-hardware-secure-boot
Build signature verification into the firmware so we can be certain that OTA updates will only occur with software we've released ourselves. This will be in lieu of full secure boot (at the moment), since we do not want to restrict users from reprogramming their devices themselves via USB.