Potentially, one of the great things about having a device connected to the network is that you can update it remotely. However, how do you make that happen? If you use the Arduino setup for the ESP8266 or ESP32, you might try [scottchiefbaker’s] library which promises to make the process easy.
Adding it looks to be simple. You’ll need an include, of course. If you don’t mind using port 8080 and the path /webota, you only need to call handle_webota() from your main loop. If you want to change the defaults, you’ll need to add an extra call in your setup. You also need to set up a few global variables to specify your network parameters.
The only caveat is that long delay statements in your loop can block things from working and aren’t a great idea anyway. If you have them, you can replace all your delay calls with webota_delay which will stop the system from ignoring update requests.
The code started from a different online tutorial but packaged the code up nicely for reuse. To do an update, simply navigate to the device with a web browser and use the correct port number and path. From there you can upload a new binary image taken from the Arduino IDE with the export compiled binary command.
The only concern we saw was the code didn’t appear to authenticate you at all. That means anyone could load code into your ESP. That might be ok on a private network, but on the public Internet it is surely asking for trouble. The original tutorial code did have a hardcoded user and password, but it didn’t look very useful as the password was in the clear and didn’t stop you from uploading if you knew the right URL. Dropping it from the library probably makes sense, but we would want to build some kind of meaningful security into anything we deployed.
If you have a network connection, we’ve seen the same trick done with a normal Arduino with a wireless chip. You can even do it over WiFi but using an ESP8266 which you’ll then want to be able to update, too.
i think the biggest issue i had with ota is that it took up so much flash that it was unusable for most projects.
That shouldn’t be a problem anymore, because modules and boards with bigger Flash and external RAM are available now. (They also help with running Micropython).
Micropython … *blows snotbubble*
I just recently made a web server for ESP32 and ESP8266 OTA. I think implementing OTA on the boards is already so easy that wrapping it has little advantages. http://kstobbe.dk/2019/03/20/web-server-for-esp32-and-esp8266-software-update-over-the-air/
Nice one. But without authentication that sounds a little risky. InternetOfShit for everyone?
OTA sketches (atleast with original Arduino, you know this is NOT the first Arduino-ESP8266 OTA library, right?) needs to fit into flash along with current sketch. So effectively, you should use only half of the available flash and leave rest half for next sketch. As an alternate, you can also do chain flashing: Current firmware (Large) -(OTA)-> OTA only firmware (very small) -(Flash)-> Updated firmware (Large again)
I usually implement OTA via a button for safety reasons – pressing it enables OTA and disables everything else (OTA doesn’t play well with interrupts).
And yeah, it bloats the code, but then how many of us have ever fully filled an ESP purely with compiled code?
Well, if you use the BLE Stack, you are a bit over 90% without anything added by yourself…
This approach presumes the user has easy physical access to the device and/or a button attached to it.
ESP8266 has had this capability for quite a while now, both through the ESP SDK and Arduino IDE, along with code examples for web-based updates. Examples showing how this is done have been shipping with both environments for ages, I’m not sure what new work is being presented here, except that it’s missing features (like password auth) that are already available out-of-the-box.
You are not the only one who is surprised by this “new feature” that isn’t really new. Perhaps I’m missing something? If so, can someone let me know what it is?
Hey Hey Hey, we are three who are surprised by !new feature.
+1
:-)
+1 – OTA examples have been built in the basic arduino editor (at least with nodeMCU board support, probably base esp8x?) for a while? Unless I’m missing the intent of this also…
The “password auth” in the provided examples is a wet paper bag with either the user/pass in the Javascript sent to the client or simply no 403 protection on the actual end point. No security is better than worthless security as the later gives you a false sense of security.
This library fulfils a certain functionality, fine with me. I will not use it, since there is already a solution available since quite some time for ESP8266 and ESP32.
There is some security built in, because it uses a hard coded place to fetch the new code. Therefore you would need to hack that webserver and then trigger an OTA Update to hack the ESP. Not perfect, but pragmatic.
I use a different approach. Since my devices are connected with MQTT anyway, I use this communication channel also for OTA.
I did something similar with esp32 and lwm2m, the firmware was about 1mb just for ota, with encryption and certificate validation. I’m not sure how useful it is with all the overhead…
If the OTA part stays in a “Bootloader” then it should be easy with space. It could flash esp memory by reading and writing byte by byte.
Maybe espressif make device with bootloader space.
Take a look at this package, it might be of some help to you. The ESP32 flutter_ota package supports various Flutter SDK versions, ensuring compatibility with a wide range of projects.
https://sparkleotech.medium.com/a-guide-to-achieving-seamless-ota-updates-for-esp32-with-the-flutter-ota-package-eb48f4a66870