Good evening, I am trying to replicate the auto update in IotaWatt since I have made some minor changes on firmware (i.e., change time server to ntp.org) and I still need the secure OTA. I already developed auto update server but the uploaded firmware signature cant be verified by device (all headers are unpacked correctly). I know you already signed your firmware with the private key and they only get verified through the public key hardcoded in device. I don’t want you to tell me your private key. However, I want to develop my own private-public keys. Could you explain how can I generate proper firmware with different public and private key. Could you provide a sample code to generate proper firmware supplied by new private key? I Think this will let the other developers to develop new firmware without security issue.
@overeasy In fact, consider I have a firmware.bin file generated by Platformio. I have a version.json file in server and need to generate a signed firmware.bin with my own private key. How can I generate a correct firmware which can be successfully uploaded to device? I have already tested your firmware on my server and they are uploaded successfully.
I don’t consider the software update system to be part of the basic firmware. The update code in the open-source repo is there for you to reverse engineer if you are in need of a similar system, but I developed that a long time ago and don’t have any documentation to offer.
On my end, the creation of the release blobs is done using a standalone ESP8266 that is airgapped from the internet. The update blob is not encrypted, so you shoud be able to figure that out. The signature that is appended is the only cryptographic element. Digital signature technology is readily available and you can use your own method since your firmware will also need your own public key and has the algorithm to check it. You can also just rip out the signature verification part and it will work just fine.
Thanks for your support and great HW/SW product. Could you send me the link of open-source update code? I am wondering how you can create such release blob using ESP8266. Did you have any source code that can be available for users to create such releases? I can generate .bin files but checking your generated firmware shows that you have appended some headers to it. I have tried to create an acceptable format for iotawatt but in some cases the header seems is not valid.
The update code is in update.cpp in the repo. I don’t have anything else to offer.
Thank you. That would be enough.