A few weeks ago we announced support for signed URLs on embedded devices and the initial release of signy. This week we released v0.2.0 of signy, which expands support beyond Zephyr RTOS to Espressif’s ESP-IDF. In addition to bringing signed URLs to more embedded devices, ESP-IDF support is particularly useful due to the framework’s built-in OTA firmware update capabilities.

Signed URLs Recap

To briefly recap, signed URLs are time-limited credentials that grant access to a remote private resource. While they are typically used on the web when a server issues a signed URL to a client that then uses it to download an asset from a Content Delivery Network (CDN), they can also be useful in the context of embedded devices. For example, devices with multiple microcontollers (MCUs) can store private keys in the secure processing environment (SPE) of one MCU, then issue signed URLs to the other. This is especially useful if one of the processors is not equipped with the same level of security features as the other. The less secure processor is only ever issued a narrowly scoped, ephemeral credential.

Bringing Signed URLs to the ESP32

signy leverages Arm’s Platform Security Architecture (PSA) Crypto API, which offers a consistent interface for common cryptographic operations across embedded hardware and software platforms. This made adding support for ESP-IDF relatively painless, as the vast majority of the functionality in signy involves invoking PSA APIs, such as psa_hash_compute() and psa_sign_hash().

In addition to ensuring that signy only used standardized APIs, we also packaged the library as an ESP-IDF component, meaning that it can now be included in any project by adding the following to the projects’s idf_component.yml.

dependencies:
signy:
version: v0.2.0
git: https://github.com/golioth/signy.git

Leveraging ESP-IDF’s OTA Firmware Update Capabilities

The Golioth Firmware SDK offers support for downloading assets, including firmware images, over-the-air (OTA). It also includes a reference implementation for firmware update, which provides an abstraction layer over the functionality offered by the various supported platforms (see the example of its use with ESP-IDF). However, ESP-IDF also offers its own high-level interface for firmware update in its esp_https_ota component. As the name suggests, it leverages HTTP instead of CoAP, which can be desirable when transferring large amounts of data, especially for products that are communicating over higher bandwidth mediums, such as Wi-Fi or Ethernet.

Using esp_https_ota alongside the Golioth Firmware SDK has been possible in the past, but doing so was non-trivial. With signy, performing an OTA update over HTTP is much simpler: sign a URL for the asset, then pass it in the HTTP client configuration.

signy_sign_url(CONFIG_SIGNY_EXAMPLE_BASE_URL,
strlen(CONFIG_SIGNY_EXAMPLE_BASE_URL),
signed_url,
sizeof(signed_url),
&signed_url_len);

esp_http_client_config_t config = {
.url = signed_url,
.cert_pem = (char *) server_cert_pem_start,
.event_handler = _http_event_handler,
.keep_alive_enable = true,
.buffer_size_tx = 10240,
};

esp_https_ota_config_t ota_config = {
.http_config = &config,
};

esp_https_ota(&ota_config);

The signy repository now includes a full OTA firmware update example with ESP-IDF, which demonstrates how a new firmware image can be downloaded from Golioth, then used to replace the existing firmware on the device.

What’s Next?

ESP32 devices are used in many different products and projects. While OTA firmware updates are one use case for signed URLs, we are excited how else they can be leveraged. Let us know how you are using signed URLs on the Golioth forum!

Dan Mangum

Dan is an experienced engineering leader, having built products and teams at both large companies and small startups. He has a history of leadership in open source communities, and has worked across many layers of the technical stack, giving him unique insight into the constraints faced by Golioth’s customers and the requirements of a platform that enables their success.