ESP32: bump encrypted ota component and fix the build errors

- Upgrade esp_encrypted_img dependency to version 2.3.0 - Update OTA documentation with new encrypted image generation method - Add cmake function create_esp_enc_img() to lighting-app example
project-chip · mergify · Mar 11, 2025 · Mar 10, 2025 · Mar 10, 2025 · Mar 10, 2025
commit 17e11961d3d7a1e177b86e06a70c5273161ab0e1
@@ -444,6 +444,10 @@ if (CONFIG_SEC_CERT_DAC_PROVIDER)
     list(APPEND matter_requires espressif__esp_secure_cert_mgr)
 endif()
 
+if (CONFIG_ENABLE_ENCRYPTED_OTA)
+    list(APPEND matter_requires espressif__esp_encrypted_img)
+endif()
+
 add_prebuilt_library(matterlib "${CMAKE_CURRENT_BINARY_DIR}/lib/libCHIP.a"
                      REQUIRES ${matter_requires})
 

@@ -11,7 +11,7 @@ dependencies:
             - if: "idf_version >=4.3"
 
     espressif/esp_encrypted_img:
-        version: "2.1.0"
+        version: "2.3.0"
         require: public
         rules:
             - if: "idf_version >=4.4"

@@ -115,12 +115,21 @@ Please follow the steps below to generate an application image for OTA upgrades:
         python3 esp_enc_img_gen.py encrypt lighting-app.bin esp_image_encryption_public_key.pem lighting-app-encrypted.bin
         ```
 
-    - Append the Matter OTA header:
+    Optionally, you can use the cmake function `create_esp_enc_img()` to encrypt the OTA image during the build process. Please find the usage below. This is also demonstrated in the `examples/lighting-app/esp32/main/CMakeLists.txt` file.
+
         ```
-        src/app/ota_image_tool.py create --vendor-id 0xFFF1 --product-id 0x8000 --version 2 --version-str "v2.0" -da sha256 lighting-app-encrypted.bin lighting-app-encrypted-ota.bin
+            create_esp_enc_img(${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}.bin
+                                ${project_dir}/esp_image_encryption_public_key.pem
+                                ${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}-encrypted.bin
+                                app)
         ```
 
-3. Use the `lighting-app-encrypted-ota.bin` file with the OTA Provider app.
+3. Append the Matter OTA header
+    ```
+    src/app/ota_image_tool.py create --vendor-id 0xFFF1 --product-id 0x8000 --version 2 --version-str "v2.0" -da sha256 lighting-app-encrypted.bin lighting-app-encrypted-ota.bin
+    ```
+
+4. Use the `lighting-app-encrypted-ota.bin` file with the OTA Provider app.
 
 ## Delta OTA
 

@@ -82,6 +82,11 @@ target_compile_options(${COMPONENT_LIB} PUBLIC
            "-DCHIP_ADDRESS_RESOLVE_IMPL_INCLUDE_HEADER=<lib/address_resolve/AddressResolve_DefaultImpl.h>"
 )
 
+create_esp_enc_img(${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}.bin
+                   ${project_dir}/esp_image_encryption_public_key.pem
+                   ${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}-encrypted.bin
+                   app)
+
 if (CONFIG_ENABLE_PW_RPC)
 
 get_filename_component(CHIP_ROOT ${CMAKE_SOURCE_DIR}/third_party/connectedhomeip REALPATH)