Differences
This shows you the differences between two versions of the page.
|
iothings:laboratoare:2025:lab10 [2025/12/06 21:25] dan.tudose [Architecture] |
iothings:laboratoare:2025:lab10 [2026/05/21 11:04] (current) cosmin.chenaru [Platformio Setup] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Lab 10. Secure OTA ====== | ====== Lab 10. Secure OTA ====== | ||
| - | This lab shows how to implement **real remote firmware updates from a browser** for an ESP32-C6 board using **PlatformIO + pioarduino** and an **Async Web OTA** page powered by **ElegantOTA**. | + | Over-the-air (OTA) updates are a core capability of modern IoT devices, enabling firmware improvements, bug fixes, and security patches without physical access to the hardware. In real deployments, devices may be installed in hard-to-reach locations or embedded in larger systems, so requiring a USB connection for every update becomes impractical. OTA solves this by allowing a device to receive new firmware over a network, reducing maintenance costs and shortening the time between discovering an issue and delivering a fix. |
| + | |||
| + | Designing OTA for embedded systems also introduces engineering trade-offs that are less visible in traditional software. Devices must update safely despite limited flash, intermittent connectivity, and the risk of power loss mid-installation. A robust OTA approach typically uses separate firmware slots so a known-good image remains available if an update fails. Just as importantly, OTA is part of a security boundary: update mechanisms must ensure that only authentic, intact firmware can be installed, or they can become a high-impact attack path in an IoT fleet. | ||
| + | |||
| + | {{ :iothings:laboratoare:2025:ota1.jpg?800 |}} | ||
| + | |||
| + | ====== Simple OTA ====== | ||
| + | |||
| + | This first example shows you how to implement **real remote firmware updates from a browser** for an ESP32-C6 board using **PlatformIO + pioarduino**. | ||
| You will: | You will: | ||
| Line 9: | Line 17: | ||
| * verify success with a visible NeoPixel behavior change, | * verify success with a visible NeoPixel behavior change, | ||
| * document basic threat-model thinking. | * document basic threat-model thinking. | ||
| - | |||
| ===== Learning outcomes ===== | ===== Learning outcomes ===== | ||
| Line 21: | Line 28: | ||
| - Identify key security risks for OTA and apply simple mitigations. | - Identify key security risks for OTA and apply simple mitigations. | ||
| - | |||
| - | ====== Simple OTA ====== | ||
| **What you are building:** | **What you are building:** | ||
| Line 42: | Line 47: | ||
| <code ini platformio.ini> | <code ini platformio.ini> | ||
| [env:sparrow_c6] | [env:sparrow_c6] | ||
| - | platform = https://github.com/pioarduino/platform-espressif32/releases/download/stable/platform-espressif32.zip | + | platform = https://github.com/pioarduino/platform-espressif32/releases/download/54.03.20/platform-espressif32.zip |
| board = esp32-c6-devkitm-1 | board = esp32-c6-devkitm-1 | ||
| framework = arduino | framework = arduino | ||
| Line 129: | Line 134: | ||
| * exposes a **/status** JSON endpoint. | * exposes a **/status** JSON endpoint. | ||
| + | {{ :iothings:laboratoare:2025:ota2.jpg?800 |}} | ||
| ===== Learning outcomes ===== | ===== Learning outcomes ===== | ||
| Line 166: | Line 172: | ||
| <code ini platformio.ini> | <code ini platformio.ini> | ||
| [env:sparrow_c6] | [env:sparrow_c6] | ||
| - | platform = https://github.com/pioarduino/platform-espressif32/releases/download/stable/platform-espressif32.zip | + | platform = https://github.com/pioarduino/platform-espressif32/releases/download/54.03.20/platform-espressif32.zip |
| board = esp32-c6-devkitm-1 | board = esp32-c6-devkitm-1 | ||
| framework = arduino | framework = arduino | ||
