ESP32 OTA firmware update via HTTPS (coded on platform)

ESP32 OTA update firmware via HTTPS (code on platform)

Table of Contents

  • ESP32 OTA firmware update via HTTPS (coded on platform)
  • 1. Introduction to OTA technology
  • 2. Introduction to this chapter
  • 3. HTTPS OTA update process
    • 3.1, HTTP OTA update process
    • 3.2. HTTPS OTA update process
  • 4. Implementation of HTTPS OTA
    • 4.1. Write the firmware to be updated
    • 4.2. Store the firmware to be updated on the Amazon S3 storage bucket. (firmware. bin)
    • 4.2. Obtain Amazon S3 website certificate
    • 4.3. Write HTTPS OTA update firmware program
    • 4.4. Write the program, compile it, burn it into the ESP32 and press the reboot button to start the OTA update.
  • 5. Questions
    • 5.1 Problem 1: The certificate is wrong
    • 5.2 Problem 2: The firmware can be downloaded, but the update still fails

1. Introduction to OTA technology

OTA: Over-the-Air Technology, literally means: over-the-air download technology.
OTA online upgrade: A way to realize product software update through OTA.
To put it simply, it is to update the firmware of esp32 through wireless, instead of updating the firmware through the traditional connecting data line.

2. Introduction to this chapter

The purpose of writing this article is to introduce a method of ESP32 OTA firmware update – update via HTTPS, this article is carried out under the environment of vscode + platform , refer to this article for the download method.
ESP32 PlatformIO IDE Installation Tutorial

3. HTTPS OTA update process

3.1, HTTP OTA update process

Before you know the HTTPS OTA update process, you must know the HTTP OTA update process.

①.Connect ESP32 to AP. e.g. mobile hotspot
②. Build the firmware to be updated on the PC.
③. Upload the .bin file to the server.
④. ESP32 automatically downloads.

3.2, HTTPS OTA update process

The only difference between HTTPS and HTTP is that the HTTPS protocol is a network protocol constructed by the SSL/TLS + HTTP protocol that can perform encrypted transmission and identity authentication. It is safer than the HTTP protocol, so you need to obtain a website certificate to perform OTA updates through HTTPS.

4. Implementation of HTTPS OTA

4.1, Write the firmware to be updated

In order to ensure that the updated firmware can run normally and the updated effect can be seen, we write a flashing program. (First compile and burn to ESP32 to see the effect)

Note: First configure which light to flash in the platformio.ini file.
My configuration (LED):

[env:esp32cam]
platform = espressif32
board = esp32cam
framework = arduino
monitor_speed = 115200
build_flags=
; https://docs.espresslf.com/projects/esp-dif/en/latest/get-started/get-started-wrover-kit.html#rgb-led
-D LED_BUILTIN=4
lib_deps = yoursunny/esp32cam@^0.0.20221229

ESP32 flash program
Effect: The interval between LED light on and off is 1s.

#include <Arduino.h>

// Set LED_BUILTIN if it is not defined by Arduino framework
// #define LED_BUILTIN 2

void setup()
{
// initialize LED digital pin as an output.
pinMode(LED_BUILTIN, OUTPUT);
}

void loop()
{
// turn the LED on (HIGH is the voltage level)
digitalWrite(LED_BUILTIN, HIGH);
// wait for a second
delay(1000);
// turn the LED off by making the voltage LOW
digitalWrite(LED_BUILTIN, LOW);
// wait for a second
delay(1000);
}

4.2. Store the firmware to be updated on the Amazon S3 storage bucket. (firmware. bin)

Amazon is divided into international regions and China regions. I have tried to read files even if the permissions are set to everyone in the China region. The reason is that you need to contact AWS after-sales support for ICP filing before using S3 in the China region. So I put the firmware on the S3 in the international zone.

4.2. Obtain Amazon S3 website certificate

You can use openssl to obtain website certificates.
openssl is an open source software library package that can be used by applications to communicate securely, avoid eavesdropping, and confirm the identity of the other end of the connection. This package is widely used on web servers on the Internet.
Use openssl to view website certificate

4.3, write HTTPS OTA update firmware program

After the above-mentioned things to be prepared are ready, you can start writing the program to update the firmware.

To add WiFi name, WiFi password and obtained certificate to the code.

// This sketch provide the functionality of OTA Firmware Upgrade
#include "WiFi.h"
#include "HttpsOTAUpdate.h"
#include "esp_ota_ops.h"

// This sketch shows how to implement HTTPS firmware update Over The Air.
// Please provide your WiFi credentials, https URL to the firmware image and the server certificate.

static const char *ssid = "your-ssid"; // your network SSID (name of wifi network)
static const char *password = "your-password"; // your network password

static const char *url = "https://example.com/firmware.bin"; //state url of your firmware image


static const char *server_certificate = "-----BEGIN CERTIFICATE-----\
" \
"MIIESTCCAzGgAwIBAgITBn + UV4WH6Kx33rJTMlu8mYtWDTANBgkqhkiG9w0BAQsF\
" \
"ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\
" \
"
"b24gUm9vdCBDQSAxMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjEL\
" \
"
"MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENB\
" \
"
"IDFCMQ8wDQYDVQQDEwZBbWF6b24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\
" \
"
"AoIBAQDCThZn3c68asg3Wuw6MLAd5tES6BIoSMzoKcG5blPVo + sDORrMd4f2AbnZ\
" \
"cMzPa43j4wNxhplty6aUKk4T1qe9BOwKFjwK6zmxxLVYo7bHViXsPlJ6qOMpFge5\
" \
"blDP + 18x + B26A0piiQOuPkfyDyeR4xQghfj66Yo19V + emU3nazfvpFA + ROz6WoVm\
" \
"B5x + F2pV8xeKNR7u6azDdU5YVX1TawprmxRC1 + WsAYmz6qP + z8ArDITC2FMVy2fw\
" \
"0IjKOtEXc/VfmtTFch5 + AfGYMGMqqvJ6LcXiAhqG5TI + Dr0RtM88k + 8XUBCeQ8IG\
" \
"KuANaL7TiItKZYxK1MMuTJtV9IblAgMBAAGjggE7MIIBNzASBgNVHRMBAf8ECDAG\
" \
"
"AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUWaRmBlKge5WSPKOUByeW\
" \
"
"dFv5PdAwHwYDVR0jBBgwFoAUhBjMhTTsvAyUlC4IWZzHshBOCggwewYIKwYBBQUH\
" \
"AQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5yb290Y2ExLmFtYXpvbnRy\
" \
"
"dXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5yb290Y2ExLmFtYXpvbnRy\
" \

"dXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3Js\
" \

"LnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTEuY3JsMBMGA1UdIAQMMAow\
" \
"
"CAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IBAQCFkr41u3nPo4FCHOTjY3NTOVI1\
" \
"
"59Gt/a6ZiqyJEi + 752 + a1U5y6iAwYfmXss2lJwJFqMp2PphKg5625kXg8kP2CN5t\
" \

"6G7bMQcT8C8xDZNtYTd7WPD8UZiRKAJPBXa30/AbwuZe0GaFEQ8ugcYQgSn + IGBI\
" \

"8/LwhBNTZTUVEWuCUUBVV18YtbAiPq3yXqMB48Oz + ctBWuZSkbvkNodPLamkB2g1\
" \
"upRyzQ7qDn1X8nn8N8V7YJ6y68AtkHcNSRAnpTitxBKjtKPISLMVCx7i4hncxHZS\
" \

"yLyKQXhw2W2Xs0qLeC1etA + jTGDK4UfLeC0SF7FSi8o5LL21L8IzApar2pR/\
" \
"-----END CERTIFICATE-----";

static HttpsOTAStatus_t otastatus;

void HttpEvent(HttpEvent_t *event)
{
    switch(event->event_id) {
        case HTTP_EVENT_ERROR:
            Serial.println("Http Event Error");
            break;
        case HTTP_EVENT_ON_CONNECTED:
            Serial.println("Http Event On Connected");
            break;
        case HTTP_EVENT_HEADER_SENT:
            Serial.println("Http Event Header Sent");
            break;
        case HTTP_EVENT_ON_HEADER:
            Serial.printf("Http Event On Header, key=%s, value=%s\
", event->header_key, event->header_value);
            break;
        case HTTP_EVENT_ON_DATA:
            break;
        case HTTP_EVENT_ON_FINISH:
            Serial.println("Http Event On Finish");
            break;
        case HTTP_EVENT_DISCONNECTED:
            Serial.println("Http Event Disconnected");
            break;
    }
}

void setup(){

    Serial.begin(115200);
    Serial.print("Attempting to connect to SSID: ");
    WiFi.begin(ssid, password);

    // attempt to connect to Wifi network:
    while (WiFi. status() != WL_CONNECTED) {
        Serial. print(".");
        delay(1000);
    }

    Serial. print("Connected to ");
    Serial.println(ssid);
    
    HttpsOTA.onHttpEvent(HttpEvent);
    Serial.println("Starting OTA");
    HttpsOTA.begin(url, server_certificate);
    
    Serial.println("Please Wait it takes some time...");
}

void loop(){
    otastatus = HttpsOTA.status();
    if(otastatus == HTTPS_OTA_SUCCESS) {
        Serial.println("Firmware written successfully. To reboot device, call API ESP.restart() or PUSH restart button on device");
        ESP.restart();
    } else if(otastatus == HTTPS_OTA_FAIL) {
        Serial.println("Firmware Upgrade Fail");
    }
    delay(1000);
}

4.4. Write the program, compile it, burn it into the ESP32 and press the reboot button to start the OTA update.

5. Question

I encountered many problems in the process of implementing this, and I wrote it down in the article for a record.

5.1 Question 1: Incorrect certificate

If the obtained certificate is incorrect, the running result will directly display an error, so the certificate must be correct.

5.2 Question 2: The firmware can be downloaded, but the update still fails

The error code I got back: ESP_ERR_OTA_PARTITION_CONFLICT
The reason is: the partition maintains the correct running firmware and cannot be updated to this place.

For other error codes, see Error Code.

To solve this problem, we need to know how the ESP32 is partitioned.
ESP32-Flash partition, based on PlatfromIO-Arduino

We add the partition.csv file to the project and add a partition ota_1 to solve the problem.

# Name Type SubType Offset Size Flags
nvs, data, nvs, 0x9000, 0x5000
otadata, data, ota, 0xe000, 0x2000
app0, app, ota_0, 0x10000, 0x140000
app1, app, ota_1, 0x150000, 0x140000
spiffs, data, spiffs, 0x290000, 0x170000

References
[ESP32] Turn on the LED light:
https://blog.csdn.net/weixin_52636248/article/details/125350613

Use VScode to develop ESP32, PlatformIO to develop ESP32:
https://blog.csdn.net/qlexcel/article/details/121527415

esp32 learning – build idf development environment by hand:
https://blog.csdn.net/zppsky_123/article/details/122605515

ESP32-Flash partition, based on PlatfromIO-Arduino:
https://blog.csdn.net/liahfdsaf/article/details/119010732

ESP-IDF teaching of ESP32 (thirteen) – Partition table:
https://blog.csdn.net/m0_50064262/article/details/122279800

Brief analysis of esp32 Flash partition and OTA function:
https://blog.csdn.net/abc517789065/article/details/79891568

Firmware updater:
https://github.com/espressif/arduino-esp32/tree/master/libraries/Update/examples/HTTPS_OTA_Update
Returned error code:
https://www.cnblogs.com/shengxiaoose/p/16499012.html