ESP HTTPS OTA

Overview

esp_https_ota provides simplified APIs to perform firmware upgrades over HTTPS. It’s an abstraction layer over existing OTA APIs.

Application Example

esp_err_t do_firmware_upgrade()
{
    esp_http_client_config_t config = {
        .url = CONFIG_FIRMWARE_UPGRADE_URL,
        .cert_pem = (char *)server_cert_pem_start,
    };
    esp_err_t ret = esp_https_ota(&config);
    if (ret == ESP_OK) {
        esp_restart();
    } else {
        return ESP_FAIL;
    }
    return ESP_OK;
}

Signature Verification

For additional security, signature of OTA firmware images can be verified. For that, refer Secure OTA Updates Without Secure boot

API Reference

Header File

• esp_https_ota/include/esp_https_ota.h

Functions

esp_err_t esp_https_ota(const esp_http_client_config_t *config)

HTTPS OTA Firmware upgrade.

This function performs HTTPS OTA Firmware upgrade

Note

For secure HTTPS updates, the cert_pem member of config structure must be set to the server certificate.

Return

• ESP_OK: OTA data updated, next reboot will use specified partition.
• ESP_FAIL: For generic failure.
• ESP_ERR_OTA_VALIDATE_FAILED: Invalid app image
• ESP_ERR_NO_MEM: Cannot allocate memory for OTA operation.
• ESP_ERR_FLASH_OP_TIMEOUT or ESP_ERR_FLASH_OP_FAIL: Flash write failed.
• For other return codes, refer OTA documentation in esp-idf’s app_update component.

Parameters

• config: pointer to esp_http_client_config_t structure.