OTA -- How to Compute SHA256 of the running firmware?

User avatar
hassan789
Posts: 156
Joined: Thu Jun 29, 2017 2:15 am

OTA -- How to Compute SHA256 of the running firmware?

Postby hassan789 » Tue Jan 16, 2018 3:16 pm

After completing an OTA, my code would like to compute the SHA256 of itself (the running firmware). This is useful, because I can compare against the SHA256 of the latest firmware in the cloud, and see if I need to do an OTA.

What APIs can I use to read an entire partition? Or is there another way to read/compute the SHA256 of the running app, from the running app?

Note:
Attempting to read the memory directly is causing a LoadProhibited error.

Thanks :D

User avatar
hassan789
Posts: 156
Joined: Thu Jun 29, 2017 2:15 am

Re: OTA -- How to Compute SHA256 of the running firmware?

Postby hassan789 » Tue Jan 16, 2018 9:00 pm

looks like I can use "esp_partition_read()". Ok, easy enough...just have to strip the header.

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: OTA -- How to Compute SHA256 of the running firmware?

Postby ESP_Angus » Wed Jan 17, 2018 5:30 am

Yes, either esp_partition_read() or esp_partition_mmap() will allow you to do this.

As it happens, in recent versions of IDF (v3.0 prereleases) a SHA-256 of most of the .bin file is appended to it and verified by the bootloader to detect corruption. I've added a feature request to add a function to read this SHA-256, as this will allow easy identification of the running image.

However, there's no harm in computing your own in the way you are doing.

markwj
Posts: 90
Joined: Tue Mar 08, 2016 5:03 am

Re: OTA -- How to Compute SHA256 of the running firmware?

Postby markwj » Wed Jan 17, 2018 5:49 am

ESP_Angus wrote:I've added a feature request to add a function to read this SHA-256, as this will allow easy identification of the running image.
That would be very useful. Is there any timeline for this? Or reference to the feature request (GitHub issue?)

SteveOfTheStow
Posts: 3
Joined: Fri Jun 16, 2017 1:07 pm

Re: OTA -- How to Compute SHA256 of the running firmware?

Postby SteveOfTheStow » Fri Feb 02, 2018 9:59 am

I've been looking to do something similar, and tried the esp_partition_read() idea suggested by hassan789. Unfortunately my SHA256 was muddied by the fact that when you do esp_partition_read, you only really have the partition size to go on, meaning you end up reading past the data on the partition and read blank data (which is rendered as '0xFF'). This isn't a sentinel value as data inside the known 'good' area could also be 0xFF. Thus I had to abandon the idea, sadly.
Instead I've gone with calculating an SHA256 of a downloaded firmware on the fly.

Who is online

Users browsing this forum: Majestic-12 [Bot] and 122 guests