Secure boot and over-the-air (OTA) updates
Basically, secure boot is the way we make sure our devices run only our firmware and prevent third parties from tampering with our devices. Before delving into secure boot, let's talk about the boot process of ESP32.
The boot process has three stages:
- First-stage bootloader: This happens upon reset. ESP32 has two processors, named PRO CPU (cpu0) and APP CPU (cpu1). PRO CPU runs and does all hardware initialization. We don't have any control at this stage. After initialization, control is passed to the second stage bootloader.
- Second-stage bootloader: The main responsibility of the second-stage bootloader is to find and load the application. It reads the partition table, checks factory and OTA partitions, and based on the OTA info, it loads the correct partition as the application. It also controls flash encryption, secure boot, and OTA updates. The source code is provided along with ESP-IDF, so we can modify this bootloader...