• You mean for Bluetooth devices? There isn't, no.

    It was actually a conscious decision not to have it.

    OTA works fine as long as you have a signed firmware and a private key, so you can be sure that nobody is uploading malicious firmwares behind your back. However in Espruino's case I share the private key since it's all open source, so anyone can make a firmware.

    By requiring physical access to the device to update firmware I at least stop people uploading malicious/backdoored firmwares behind your back. Sure, you can upload JS if it hasn't been secured, but reset(1) should sort that out.

    The Chrome team considered it serious enough to actually block the Web Bluetooth implementation from using the older non-signed version of the Nordic DFU tools, so I didn't want to give them an excuse to block Espruino as well.

About

Avatar for Gordon @Gordon started