Let’s say you’re working on an ESP32 project to send off to your grandma; something she can just plug in and it will start automatically monitoring her plant’s water levels. But you discover a critical flaw in the firmware and need to update it. Does she send it back? Do you walk her through dropping the update via the Arduino IDE OTA? The easiest way would be to plan and use something like esp_ghota, an OTA framework by [Justin Hammond].
OTA (Over-The-Air) updates are a fantastic feature of the ESP32, and we’ve covered libraries that make it easy. But compared to those earlier projects, esp_ghota takes a different approach. Rather than hosting a web server where someone can drop a binary, it looks at GitHub releases. [Justin] had to include a streaming JSON parser, as GitHub API responses tend to be beefy. The workflow is straightforward, push a new commit to your main branch on GitHub, and the action will trigger, building a few different versions. Your little plant watering reminder at your grandma’s will check every so often to see if a new version has been pushed and can update with rollback on littlefs, fatfs, and spiffs filesystems.
It’s an incredible project that we suspect will be very useful for many folks to update their projects. [Justin] even includes an example GitHub action and a sample ESP32 project.
Yes, the esp is so small – a bricked device is not even good as a paperwight
How would you brick it? It’s has a serial port
The esp bootloader can store multiple firmware images on flash and roll back to a “known” working image in case of failure (using a combination of watchdogs and flagging the currently running image as ok).
You can even install a “factory” firmware image that is booted if all your “application” images fail.
So with some careful thought you can get close to unbrickable.
Not sure how to use that for my micropython esp32 though
Inspired me to create one for micropython called ugit from user turfptax on github. https://github.com/turfptax/ugit
https://github.com/RangerDigital/senko is a great Micropython updater. Got it to work with GitLab as well.
This is very neat
It looks like the only correctness checking is the SSL certificate used for the HTTPS connection? Which, assuming I’ve understood a very brief scan of the code, is a standard certificate bundle? I think this is good enough to ensure that you’re always going to get whatever image github is providing, but I’d kinda be happier with some additional safeguards against making sure that image isn’t something malicious…
Agreed- I was looking through the code and unless espressif provides some sort of authentication under the hood, that currently isn’t implemented. I think it’s a somewhat reasonable approach as a man-in-the-middle isn’t impossible but the SSL makes it harder. Though I’m not sure what you need to do server validation. Based on the docs (https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/protocols/esp_http_client.html) you can turn on the secure element but I see in the code that the ESP x509 Certificate Bundle as referenced in the docs
Author here: you have two options for this. The ESP can do “secure boot” type signing of firmware images and validate them when booting. This would happen outside of my library using the standard SDK/Bootloader.
I’m also considering adding a SHASUM type file to each release, with a SHA of the firmware image. But this would only really be a defense against corrupted downloads. If someone hijacked GitHub it’s not going to help you.
I will look forward to adding this to my skills portfolio. This is why hackaday is such an awesome website that I love to read everyday. Keep it coming folks.
Adding “Embedded CI/CD” to my CV :D
I believe the project name is misspelled in the article. esp_ghota not esp_ghosta. Nothing to do with ghosts, simply GitHubOTA.
Otherwise, pretty nifty idea, gonna see if I can’t utilize it at some point.
Very spooky, fixed.
For a streaming JSON parser, here’s one I’ve written that’s very very small and powerful: https://github.com/X-Ryl669/JSON
Also check out this Micro-python over the air updater. It works a great! Even got it to play nice with GitLab.
https://github.com/RangerDigital/senko
Wait, what did I miss? There are quite some mature libraries doing just that already. Most recently I played around with this one: https://github.com/chrisjoyce911/esp32FOTA
This one uses GitHub releases as Web server so you don’t need to spin up and maintain your own web server.
I wanna see such a framework for the arduino framework :(
You can check out my library here: https://github.com/axcap/Esp-GitHub-OTA
It has support for both ESP8266 and ESP32
I’m trying the mr. Hammond library, however I’m struggling with: HTTP_CLIENT: This request requires authentication, but does not provide header information for that.