Skip to content

feat(ota): trust three release signing keys#93

Open
ODevStudio wants to merge 2 commits into
mainfrom
odev/ota-three-key-ring
Open

feat(ota): trust three release signing keys#93
ODevStudio wants to merge 2 commits into
mainfrom
odev/ota-three-key-ring

Conversation

@ODevStudio

Copy link
Copy Markdown
Collaborator

Summary

  • trust three repository-tracked OTA manifest public keys in firmware
  • accept a manifest signature from any one of the three keys
  • verify release manifests against the same three-key ring while keeping the existing HDS_OTA_SIGNING_KEY_PEM repository secret unchanged

Validation

  • python tools/test_ota_public_key_header.py
  • python tools/test_pull_ota_contract.py
  • python tools/test_release_workflow_contract.py
  • python tools/test_generate_release_manifest.py
  • python tools/test_ota_rollback_contract.py
  • pio run -e esp32s3
  • ESP32-S3 on COM5: production pullOtaVerifyManifestSignature() accepted probe signatures from Keys 2 and 3 and rejected both signatures after tampering with the signed payload
  • normal three-key firmware restored and booted successfully after the disposable device test

This validates the on-device signature acceptance path. It does not claim an end-to-end WiFi OTA installation signed by Keys 2 or 3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant