Week 4 — Secure OTA Architecture
OTA is the highest-risk feature in any IoT device.
1. Minimum OTA Security Requirements
- Firmware authenticity verification
- Version control
- Rollback protection
- Atomic update
2. Secure OTA Flow
- Device authenticates server
- Firmware metadata verified
- Image downloaded
- Signature verified
- Version checked
- Swap performed safely
3. Common OTA Failures
- No rollback protection
- Power loss during update
- Weak versioning logic
Final Assignment
Design a secure OTA flow for:
- ESP32 / STM32 / Nordic Include:
- Crypto choice
- Key placement
- Failure handling