I’ve received both this suggestion, as well as one to offer two different versions of the module (one with flash encryption enabled and one without).

I am going to experiment with this, to see if we can run signed firmware on devices with no flash encryption enabled. If that is the case, we could probably reasonably easily provide the modules encryption-ready, with just a simple utility to actually enable it. Then, OTA updates wouldn’t care which version of device they would be run on.

Regards, Mark.

On 4 Aug 2017, at 1:08 AM, Michael Balzer <dexter@expeedo.de> wrote:


Am 03.08.2017 um 05:53 schrieb Mark Webb-Johnson:
  • A public key is stored in a write-once eFuse.
  • A matching private key is used to sign programs to be downloaded to the system.

    • How about shipping unprotected and adding a simple utility to create and burn an individual key pair?

    Users who want to protect the module would then just do their own code signing.

    Regards,
    Michael

    -- 
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26
    _______________________________________________
    OvmsDev mailing list
    OvmsDev@lists.teslaclub.hk
    http://lists.teslaclub.hk/mailman/listinfo/ovmsdev