esp8266_abc wrote:First, very often, bosses don't expect to release image outside, even though esp8266 does not protect flash image.
Secondly, some parameters specific to this hardware have to be flashed online of whole module such as RF calibration, serial number if any etc. -- sure, it is feasible to burn most of the flash image and only burn those data specific to module one by one.
That is the thing - the ESP8266 doesn't protect the flash so anybody can reverse engineer your code if they truly want to. The thing is most bulk manufacturers couldn't care less about it.
I just use the various chip IDs as the serial number - you have the MAC address as well as the flash ID that can be used, unless you want to completely write your own. You should also supply the initial RF calibration data with your flash and burn that at manufacturing time, but you still need to run an RF cal once the module is installed at its final site. I do that on first startup and on any factory reset command.
If you're really concerned about your code and your device specific parameters then give them a multi step flash
- build your main program as a flash image and then encrypt it and keep the key private
- build a loader flash that connects to an AP and gets the key and any device specific parameters, and decrypts and writes the main program from a payload into a second flash area and then reboots
- give the manufacturer that as a flash image
Then when your modules come back from the manufacturer, they start up and connect to a server to get the key and any device specific data, then write the production image from the encrypted payload, reboot to the main image and then you're good to go. You can also include any unit testing code in that initial loader as well.
Then your code can't be installed outside of your company, and you are only transferring a few bytes. Any OTA updates just write over the initial loader area like a normal OTA once the first image has been installed and run