pennam
commented
1 year ago Hi @lukas-schwab, thanks for your interest in this project. There is some work going on about secure OTA using mcuboot. Please take a look at this PR: https://github.com/arduino/ArduinoCore-mbed/pull/640
To enable secure features of OPTA bootloader you need first to write the signature and encriprion keys like we do here: https://github.com/arduino/ArduinoCore-mbed/blob/f10a89530b5ccad3a6ec9163c37106a31fa333b2/libraries/STM32H747_System/examples/STM32H747_manageBootloader/STM32H747_manageBootloader.ino#L336-L340
Pay attention: if you mess up the keys you will not able to boot any sketch an you need a way to erase your flash (swd or other) to restore standard functionality.
I suggest you to take a look at this document first and to test secure featurs of the bootloader locally before try an OTA:
- https://docs.arduino.cc/tutorials/portenta-h7/secure-boot
- https://arduino.github.io/arduino-cli/0.31/guides/secure-boot/
If you want to give a try to standard OTA you can use this library: https://github.com/arduino-libraries/Arduino_Portenta_OTA
I want to update my Arduino Opta using OTA/OTEthernet. This library seems capable to do it securely since there are obviously source files related to this. However, I can't seem to find any documentation or examples regarding this functionality. If someone could provide further insights in how it's done I'd highly appreciate it!
Also thanks for everyone working on this project. The Arduino community is outstanding.