Code signing for [OTA] Updates #8141
Description
Related area
Updater library, Build process, OTA
Hardware specification
ESP32-S3 specifically. Generally, every ESP32.
Is your feature request related to a problem?
I'm missing the possibility to enforce signed OTA updates with ESP32, which are possible with ESP8266. This is critical to ensure that only authorized code will run on end devices, even if update server gets compromised.
Describe the solution you'd like
The same procedure as with ESP8266:
https://arduino-esp8266.readthedocs.io/en/latest/ota_updates/readme.html#advanced-security-signed-updates
// <in globals>
BearSSL::PublicKey signPubKey( ... key contents ... );
BearSSL::HashSHA256 hash;
BearSSL::SigningVerifier sign( &signPubKey );
//...
//<in setup()>
Update.installSignature( &hash, &sign );Possibly should work for any update sources, including https://github.com/espressif/arduino-esp32/blob/master/libraries/Update/examples/SD_Update/SD_Update.ino
- https://github.com/esp8266/Arduino/blob/master/cores/esp8266/Updater.cpp
- https://github.com/esp8266/Arduino/blob/master/cores/esp8266/Updater.h
- https://github.com/esp8266/Arduino/blob/master/cores/esp8266/Updater_Signing.h
- https://github.com/esp8266/Arduino/blob/master/tools/signing.py
Describe alternatives you've considered
No response
Additional context
No response
I have checked existing list of Feature requests and the Contribution Guide
- I confirm I have checked existing list of Feature requests and Contribution Guide.